Paper 2012/260

Transposition of AES Key Schedule

Jialin Huang and Xuejia Lai

Abstract

In this paper, we point out a new weakness of the AES key schedule by revisiting an old observation exploited by many known attacks. We also discover a major cause for this weakness is that the column-by-column word-wise property in the key schedule matches nicely with the MixColumns operation in the cipher's diffusion layer. Then we propose a new key schedule by minor modification to increase the security level for AES. First, it reduces the number of rounds that some attacks are effective, such as SQUARE attacks and meet-in-the-middle attacks; Second, it is interesting that our new key schedule also protects AES from the most devastating related-key differential type attacks, which work against AES-192 and AES-256 with the full number of rounds. Compared with the original key schedule, ours just does a transposition on the output matrix of the subkeys. Compared with other proposed modifications of AES key schedule, our modification adds no non-linear operations, no need to complicate the diffusion method, or complicate the iteration process of generating subkeys. Finally, our results suggest that the route of diffusion propagation should get more attention in the design of key schedules.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
AESkey schedulemeet-in-the-middlerelated-keyMixColumns
Contact author(s)
jlhuang cn @ gmail com
History
2012-05-09: received
Short URL
https://ia.cr/2012/260
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/260,
      author = {Jialin Huang and Xuejia Lai},
      title = {Transposition of {AES} Key Schedule},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/260},
      year = {2012},
      url = {https://eprint.iacr.org/2012/260}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.