AES Key Schedule Algorithm

A quick description of the AES key schedule algorithm is provided. AES key schedule expands the given cipher key into 11 round keys. It uses round constants, S-box lookups and byte rotations.

The first step of the AES encryption algorithm is to call the KeyExpansion() procedure to generate 11 round keys based on a given cipher key. The KeyExpansion() procedure is also called key schedule generation.

Here is the algorithm of the KeyExpansion() procedure should follow for 128-bit cipher keys:

```Procedure Name:
KeyExpansion(K,k[])

Input:
K: 128 bits cipher key
Rcon[]: Round constant array
SubWord(): Word substitution procedure
RotWord(): Word rotation procedure

Output:
k[11]: 11 round keys as 4x4 byte arrays

Algorithm:
w[4*11]              # a word array holding 11 round keys
w[0..3] = K          # setting cipher key as the first round key

for i = 4 to 43      # computing words of other round keys
temp = w[i-1]     # copying previous word to a temp variable
if (i mod 4 = 0)
temp = SubWord(RotWord(temp))
temp = temp XOR Rcon[i/4]
end if
w[i] = w[i-4] XOR temp
end for

for i = 0 to 10      # building 11 round keys as 4x4 byte arrays
k[i] = w[4*i..4*i+3]
end for
```

Some notes on KeyExpansion() algorithm:

• The KeyExpansion() algorithm is mainly operate on unit of word, which is 4 bytes or 32 bits long.
• The RotWord() procedure performs a rotate (cyclic shift) operation of 1 byte to the left on the given word.
• The SubWord() procedure performs a byte substitution operation with the same S-box as the encryption algorithm on the given word.
• The round constant array, Rcon[], holds 11 constants: 0x8d000000, 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1b000000, 0x36000000.

Last update: 2015.