2

So for each round in AES a different key is used, and as I saw the keys are created form a master key.

My question is how these round keys are generated.

Are they created via a Key Derivation Function as the session keys, or its something else ?

user67441
  • 47
  • 3

1 Answers1

1

No, it uses a specific type of algorithm called a key schedule. Unlike a KDF, it is not designed to be slow (in the case of a password-based KDF) or to be irreversible. The requirements of a key schedule are quite simple. Whereas a KDF might need to expand a key into a number of keys such that knowledge of any one key does not reveal knowledge of the master key or any other derived keys, that is not always true for a key schedule. If you have any round key for 128-bit AES, you can derive all other round keys.

forest
  • 15,253
  • 2
  • 48
  • 103
  • Note that only password based key derivation functions are slow. Normally a key based key derivation function would be used for key expansion and those are fast. So the speed argument is invalid if you ask me. – Maarten Bodewes Jun 13 '20 at 00:03