1618:
25:
176:
has a key schedule in which the 56-bit key is divided into two 28-bit halves; each half is thereafter treated separately. In successive rounds, both halves are rotated left by one or two bits (specified for each round), and then 48 round key bits are selected by
122:
181:(PC-2) – 24 bits from the left half and 24 from the right. The rotations have the effect that a different set of bits is used in each round key; each bit is used in approximately 14 out of the 16 round keys.
1598:
1428:
1281:
1216:
297:
1043:
399:
1033:
527:
934:
196:, many modern ciphers use more elaborate key schedules to generate an "expanded key" from which round keys are drawn. Some ciphers, such as
1196:
1170:
1038:
204:, use the same operations as those used in the data path of the cipher algorithm for their key expansion, sometimes initialized with some "
1011:
224:
and
Mathiassen (2004) give some experimental evidence that indicate that the key schedule plays a part in providing strength against
1646:
1274:
236:, it was observed that those with complex and well-designed key schedules can reach a uniform distribution for the probabilities of
108:
1180:
290:
1059:
1477:
1237:
46:
89:
42:
61:
1267:
327:
125:
The key schedule of DES ("<<<" denotes a left rotation), showing the calculation of each round key ("Subkey").
1593:
1548:
1361:
1123:
283:
205:
68:
1472:
1140:
1050:
1028:
341:
237:
229:
178:
35:
1588:
1145:
1001:
954:
429:
167:
1578:
1568:
1423:
1211:
1093:
968:
337:
173:
75:
1573:
1563:
1366:
1326:
1319:
1309:
1304:
1150:
939:
310:
1314:
1242:
1118:
1113:
1065:
184:
To avoid simple relationships between the cipher key and the round keys, in order to resist such forms of
914:
57:
1621:
1467:
1413:
1232:
1055:
492:
197:
1583:
1507:
1135:
1018:
944:
627:
607:
241:
225:
212:, expand keys with functions that are somewhat or completely different from the encryption functions.
137:
are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of
1346:
1098:
1075:
394:
141:. The setup for each round is generally the same, except for round-specific fixed values called a
1452:
1436:
1383:
1083:
991:
703:
632:
602:
547:
189:
146:
254:
1512:
1502:
1373:
803:
502:
462:
457:
424:
384:
332:
201:
170:
splits the 128-bit key into four 32-bit pieces and uses them repeatedly in successive rounds.
1447:
1175:
1070:
949:
808:
688:
657:
351:
1022:
1006:
995:
929:
888:
853:
783:
763:
637:
517:
512:
467:
82:
1522:
1442:
1403:
1351:
1336:
1160:
1108:
919:
904:
843:
838:
723:
472:
233:
142:
134:
1640:
1603:
1558:
1517:
1497:
1393:
1356:
1331:
1155:
1103:
982:
964:
753:
728:
718:
542:
532:
379:
185:
1553:
1388:
1378:
1341:
1290:
1088:
873:
738:
617:
572:
404:
356:
306:
261:
221:
193:
130:
1532:
698:
693:
577:
24:
121:
1492:
1462:
1457:
1418:
1130:
848:
788:
672:
667:
612:
482:
345:
1482:
863:
858:
748:
662:
557:
537:
1527:
1487:
1201:
1165:
959:
622:
497:
477:
389:
868:
818:
778:
768:
713:
708:
552:
361:
166:
Some ciphers have simple key schedules. For example, the block cipher
1408:
1206:
828:
823:
758:
743:
733:
678:
652:
647:
642:
522:
507:
924:
883:
833:
813:
798:
587:
567:
487:
452:
157:
is an algorithm that calculates all the round keys from the key.
773:
682:
597:
592:
582:
562:
434:
419:
1263:
279:
878:
793:
414:
409:
209:
18:
255:
On the Role of Key
Schedules in Attacks on Iterated Ciphers
16:
Algorithm that calculates all the round keys from the key
1429:
Cryptographically secure pseudorandom number generator
244:
faster than those with poorly designed key schedules.
267:
1541:
1297:
1225:
1189:
978:
897:
443:
370:
318:
49:. Unsourced material may be challenged and removed.
1275:
291:
8:
145:, and round-specific data derived from the
1282:
1268:
1260:
298:
284:
276:
272:
268:
262:A Better Key Schedule for DES-like Ciphers
253:Lars R. Knudsen and John Erik Mathiassen,
109:Learn how and when to remove this message
120:
260:Uri Blumenthal and Steven M. Bellovin,
7:
47:adding citations to reliable sources
14:
1617:
1616:
264:, Proceedings of PRAGOCRYPT '96.
257:, ESORICS 2004, pp322–334.
23:
34:needs additional citations for
1478:Information-theoretic security
1:
206:nothing-up-my-sleeve numbers
1594:Message authentication code
1549:Cryptographic hash function
1362:Cryptographic hash function
161:Some types of key schedules
1663:
1473:Harvest now, decrypt later
230:differential cryptanalysis
208:". Other ciphers, such as
1612:
1589:Post-quantum cryptography
1259:
1181:Time/memory/data tradeoff
275:
271:
1647:Cryptographic algorithms
1579:Quantum key distribution
1569:Authenticated encryption
1424:Random number generation
969:Whitening transformation
1574:Public-key cryptography
1564:Symmetric-key algorithm
1367:Key derivation function
1327:Cryptographic primitive
1320:Authentication protocol
1310:Outline of cryptography
1305:History of cryptography
940:Confusion and diffusion
1315:Cryptographic protocol
126:
1468:End-to-end encryption
1414:Cryptojacking malware
1233:Initialization vector
124:
1584:Quantum cryptography
1508:Trusted timestamping
1012:3-subset MITM attack
628:Intel Cascade Cipher
608:Hasty Pudding cipher
43:improve this article
1347:Cryptographic nonce
1051:Differential-linear
190:related-key attacks
1453:Subliminal channel
1437:Pseudorandom noise
1384:Key (cryptography)
1124:Differential-fault
342:internal mechanics
127:
1634:
1633:
1630:
1629:
1513:Key-based routing
1503:Trapdoor function
1374:Digital signature
1255:
1254:
1251:
1250:
1238:Mode of operation
915:Lai–Massey scheme
179:Permuted Choice 2
119:
118:
111:
93:
1654:
1620:
1619:
1448:Insecure channel
1284:
1277:
1270:
1261:
1109:Power-monitoring
950:Avalanche effect
658:Khufu and Khafre
311:security summary
300:
293:
286:
277:
273:
269:
133:, the so-called
114:
107:
103:
100:
94:
92:
51:
27:
19:
1662:
1661:
1657:
1656:
1655:
1653:
1652:
1651:
1637:
1636:
1635:
1626:
1608:
1537:
1293:
1288:
1247:
1221:
1190:Standardization
1185:
1114:Electromagnetic
1066:Integral/Square
1023:Piling-up lemma
1007:Biclique attack
996:EFF DES cracker
980:
974:
905:Feistel network
893:
518:CIPHERUNICORN-E
513:CIPHERUNICORN-A
445:
439:
372:
366:
320:
314:
304:
250:
234:Feistel ciphers
219:
163:
135:product ciphers
115:
104:
98:
95:
52:
50:
40:
28:
17:
12:
11:
5:
1660:
1658:
1650:
1649:
1639:
1638:
1632:
1631:
1628:
1627:
1625:
1624:
1613:
1610:
1609:
1607:
1606:
1601:
1599:Random numbers
1596:
1591:
1586:
1581:
1576:
1571:
1566:
1561:
1556:
1551:
1545:
1543:
1539:
1538:
1536:
1535:
1530:
1525:
1523:Garlic routing
1520:
1515:
1510:
1505:
1500:
1495:
1490:
1485:
1480:
1475:
1470:
1465:
1460:
1455:
1450:
1445:
1443:Secure channel
1440:
1434:
1433:
1432:
1421:
1416:
1411:
1406:
1404:Key stretching
1401:
1396:
1391:
1386:
1381:
1376:
1371:
1370:
1369:
1364:
1354:
1352:Cryptovirology
1349:
1344:
1339:
1337:Cryptocurrency
1334:
1329:
1324:
1323:
1322:
1312:
1307:
1301:
1299:
1295:
1294:
1289:
1287:
1286:
1279:
1272:
1264:
1257:
1256:
1253:
1252:
1249:
1248:
1246:
1245:
1240:
1235:
1229:
1227:
1223:
1222:
1220:
1219:
1214:
1209:
1204:
1199:
1193:
1191:
1187:
1186:
1184:
1183:
1178:
1173:
1168:
1163:
1158:
1153:
1148:
1143:
1138:
1133:
1128:
1127:
1126:
1121:
1116:
1111:
1106:
1096:
1091:
1086:
1081:
1073:
1068:
1063:
1056:Distinguishing
1053:
1048:
1047:
1046:
1041:
1036:
1026:
1016:
1015:
1014:
1009:
999:
988:
986:
976:
975:
973:
972:
962:
957:
952:
947:
942:
937:
932:
927:
922:
920:Product cipher
917:
912:
907:
901:
899:
895:
894:
892:
891:
886:
881:
876:
871:
866:
861:
856:
851:
846:
841:
836:
831:
826:
821:
816:
811:
806:
801:
796:
791:
786:
781:
776:
771:
766:
761:
756:
751:
746:
741:
736:
731:
726:
721:
716:
711:
706:
701:
696:
691:
686:
675:
670:
665:
660:
655:
650:
645:
640:
635:
630:
625:
620:
615:
610:
605:
600:
595:
590:
585:
580:
575:
570:
565:
560:
555:
550:
548:Cryptomeria/C2
545:
540:
535:
530:
525:
520:
515:
510:
505:
500:
495:
490:
485:
480:
475:
470:
465:
460:
455:
449:
447:
441:
440:
438:
437:
432:
427:
422:
417:
412:
407:
402:
397:
392:
387:
382:
376:
374:
368:
367:
365:
364:
359:
354:
349:
335:
330:
324:
322:
316:
315:
305:
303:
302:
295:
288:
280:
266:
265:
258:
249:
246:
218:
215:
214:
213:
198:Rijndael (AES)
182:
171:
162:
159:
143:round constant
117:
116:
58:"Key schedule"
31:
29:
22:
15:
13:
10:
9:
6:
4:
3:
2:
1659:
1648:
1645:
1644:
1642:
1623:
1615:
1614:
1611:
1605:
1604:Steganography
1602:
1600:
1597:
1595:
1592:
1590:
1587:
1585:
1582:
1580:
1577:
1575:
1572:
1570:
1567:
1565:
1562:
1560:
1559:Stream cipher
1557:
1555:
1552:
1550:
1547:
1546:
1544:
1540:
1534:
1531:
1529:
1526:
1524:
1521:
1519:
1518:Onion routing
1516:
1514:
1511:
1509:
1506:
1504:
1501:
1499:
1498:Shared secret
1496:
1494:
1491:
1489:
1486:
1484:
1481:
1479:
1476:
1474:
1471:
1469:
1466:
1464:
1461:
1459:
1456:
1454:
1451:
1449:
1446:
1444:
1441:
1438:
1435:
1430:
1427:
1426:
1425:
1422:
1420:
1417:
1415:
1412:
1410:
1407:
1405:
1402:
1400:
1397:
1395:
1394:Key generator
1392:
1390:
1387:
1385:
1382:
1380:
1377:
1375:
1372:
1368:
1365:
1363:
1360:
1359:
1358:
1357:Hash function
1355:
1353:
1350:
1348:
1345:
1343:
1340:
1338:
1335:
1333:
1332:Cryptanalysis
1330:
1328:
1325:
1321:
1318:
1317:
1316:
1313:
1311:
1308:
1306:
1303:
1302:
1300:
1296:
1292:
1285:
1280:
1278:
1273:
1271:
1266:
1265:
1262:
1258:
1244:
1241:
1239:
1236:
1234:
1231:
1230:
1228:
1224:
1218:
1215:
1213:
1210:
1208:
1205:
1203:
1200:
1198:
1195:
1194:
1192:
1188:
1182:
1179:
1177:
1174:
1172:
1169:
1167:
1164:
1162:
1159:
1157:
1154:
1152:
1149:
1147:
1144:
1142:
1139:
1137:
1136:Interpolation
1134:
1132:
1129:
1125:
1122:
1120:
1117:
1115:
1112:
1110:
1107:
1105:
1102:
1101:
1100:
1097:
1095:
1092:
1090:
1087:
1085:
1082:
1080:
1079:
1074:
1072:
1069:
1067:
1064:
1061:
1057:
1054:
1052:
1049:
1045:
1042:
1040:
1037:
1035:
1032:
1031:
1030:
1027:
1024:
1020:
1017:
1013:
1010:
1008:
1005:
1004:
1003:
1000:
997:
993:
990:
989:
987:
984:
983:cryptanalysis
977:
970:
966:
965:Key whitening
963:
961:
958:
956:
953:
951:
948:
946:
943:
941:
938:
936:
933:
931:
928:
926:
923:
921:
918:
916:
913:
911:
908:
906:
903:
902:
900:
896:
890:
887:
885:
882:
880:
877:
875:
872:
870:
867:
865:
862:
860:
857:
855:
852:
850:
847:
845:
842:
840:
837:
835:
832:
830:
827:
825:
822:
820:
817:
815:
812:
810:
807:
805:
802:
800:
797:
795:
792:
790:
787:
785:
782:
780:
777:
775:
772:
770:
767:
765:
762:
760:
757:
755:
754:New Data Seal
752:
750:
747:
745:
742:
740:
737:
735:
732:
730:
727:
725:
722:
720:
717:
715:
712:
710:
707:
705:
702:
700:
697:
695:
692:
690:
687:
684:
680:
676:
674:
671:
669:
666:
664:
661:
659:
656:
654:
651:
649:
646:
644:
641:
639:
636:
634:
631:
629:
626:
624:
621:
619:
616:
614:
611:
609:
606:
604:
601:
599:
596:
594:
591:
589:
586:
584:
581:
579:
576:
574:
571:
569:
566:
564:
561:
559:
556:
554:
551:
549:
546:
544:
541:
539:
536:
534:
531:
529:
526:
524:
521:
519:
516:
514:
511:
509:
506:
504:
501:
499:
496:
494:
493:BEAR and LION
491:
489:
486:
484:
481:
479:
476:
474:
471:
469:
466:
464:
461:
459:
456:
454:
451:
450:
448:
442:
436:
433:
431:
428:
426:
423:
421:
418:
416:
413:
411:
408:
406:
403:
401:
398:
396:
393:
391:
388:
386:
383:
381:
378:
377:
375:
369:
363:
360:
358:
355:
353:
350:
347:
343:
339:
336:
334:
331:
329:
326:
325:
323:
317:
312:
308:
307:Block ciphers
301:
296:
294:
289:
287:
282:
281:
278:
274:
270:
263:
259:
256:
252:
251:
247:
245:
243:
239:
238:differentials
235:
231:
227:
223:
216:
211:
207:
203:
199:
195:
194:slide attacks
191:
187:
186:cryptanalysis
183:
180:
175:
172:
169:
165:
164:
160:
158:
156:
152:
148:
144:
140:
136:
132:
123:
113:
110:
102:
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: –
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
1554:Block cipher
1399:Key schedule
1398:
1389:Key exchange
1379:Kleptography
1342:Cryptosystem
1291:Cryptography
1141:Partitioning
1099:Side-channel
1077:
1044:Higher-order
1029:Differential
910:Key schedule
909:
242:linear hulls
220:
155:key schedule
154:
150:
138:
131:cryptography
128:
105:
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
1542:Mathematics
1533:Mix network
1226:Utilization
1212:NSA Suite B
1197:AES process
1146:Rubber-hose
1084:Related-key
992:Brute-force
371:Less common
1493:Ciphertext
1463:Decryption
1458:Encryption
1419:Ransomware
1176:Chi-square
1094:Rotational
1034:Impossible
955:Block size
849:Spectr-H64
673:Ladder-DES
668:Kuznyechik
613:Hierocrypt
483:BassOmatic
446:algorithms
373:algorithms
346:Triple DES
321:algorithms
248:References
232:. For toy
147:cipher key
69:newspapers
1483:Plaintext
1151:Black-bag
1071:Boomerang
1060:Known-key
1039:Truncated
864:Threefish
859:SXAL/MBAL
749:MultiSwap
704:MacGuffin
663:KN-Cipher
603:Grand Cru
558:CS-Cipher
538:COCONUT98
151:round key
149:called a
99:July 2008
1641:Category
1622:Category
1528:Kademlia
1488:Codetext
1431:(CSPRNG)
1202:CRYPTREC
1166:Weak key
1119:Acoustic
960:Key size
804:Red Pike
623:IDEA NXT
503:Chiasmus
498:CAST-256
478:BaseKing
463:Akelarre
458:Adiantum
425:Skipjack
390:CAST-128
385:Camellia
333:Blowfish
202:Blowfish
1298:General
1243:Padding
1161:Rebound
869:Treyfer
819:SAVILLE
779:PRESENT
769:NOEKEON
714:MAGENTA
709:Madryga
689:Lucifer
553:CRYPTON
362:Twofish
352:Serpent
222:Knudsen
83:scholar
1409:Keygen
1207:NESSIE
1156:Davies
1104:Timing
1019:Linear
979:Attack
898:Design
889:Zodiac
854:Square
829:SHACAL
824:SC2000
784:Prince
764:Nimbus
759:NewDES
744:MULTI2
734:MISTY1
677:LOKI (
653:KHAZAD
648:KeeLoq
643:KASUMI
638:Kalyna
523:CLEFIA
508:CIKS-1
468:Anubis
319:Common
226:linear
139:rounds
85:
78:
71:
64:
56:
1439:(PRN)
1089:Slide
945:Round
930:P-box
925:S-box
884:XXTEA
844:Speck
839:Simon
834:SHARK
814:SAFER
799:REDOC
724:Mercy
683:89/91
633:Iraqi
598:G-DES
588:FEA-M
568:DES-X
533:Cobra
488:BATON
473:Ascon
453:3-Way
444:Other
217:Notes
153:. A
90:JSTOR
76:books
1217:CNSA
1076:Mod
1002:MITM
774:NUSH
729:MESH
719:MARS
593:FROG
583:FEAL
563:DEAL
543:Crab
528:CMEA
435:XTEA
420:SEED
400:IDEA
395:GOST
380:ARIA
240:and
228:and
200:and
192:and
62:news
1171:Tau
1131:XSL
935:SPN
879:xmx
874:UES
809:S-1
794:RC2
739:MMB
618:ICE
573:DFC
430:TEA
415:RC6
410:RC5
405:LEA
357:SM4
338:DES
328:AES
210:RC5
188:as
174:DES
168:TEA
129:In
45:by
1643::
699:M8
694:M6
681:,
679:97
578:E2
344:,
1283:e
1276:t
1269:v
1078:n
1062:)
1058:(
1025:)
1021:(
998:)
994:(
985:)
981:(
971:)
967:(
789:Q
685:)
348:)
340:(
313:)
309:(
299:e
292:t
285:v
112:)
106:(
101:)
97:(
87:·
80:·
73:·
66:·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.