https://stackoverflow.com/questions/21181172
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIn symmetric key cryptography, one does generally use the same key in both directions (encryption and decryption). It is symmetric because the decryption is performed by inverting the internal order of operations of the encryption. Different parts of the key you provide may be generated and used internally by the algorithm (as is the case in AES) - but obviously this won't be completely random in nature, as the encryption and decryption process will have to reverse the effect of the other, as this is still symmetric key cryptography. As you might know, many cryptographic methods have multiple rounds internally - and often for each such round a subkey or round key is generated from the key that you provide. The process of generating the round/sub keys is called a key scheduling algorithm in cryptography and standard AES uses the Rijndael key scheduling algorithm.
So it is the transformations described there that would happen to the key you provide to the encryption and decryption routines. However, the key that you provide will still be the same (that's the point) and the operations will all be "the same" but reversed.
There's a question on crypto.stackoverflow.com asking how AES-128 (AES with 128 bit key), AES-196 (196 bit key) and AES-256 (256 bit key) differ. You will find Paŭlo Ebermann's answer there useful in further understanding how the original key is transformed into the round/sub keys. Quoting from his answer from there:
k_0 k_1 k_2 k_3 ─→┃f_1┃─╮
│ │ │ │ ┗━━━┛ │
╭──│──────│──────│──────│──────────╯
│ ↓ ↓ ↓ ↓
╰─→⊕ ╭─→⊕ ╭─→⊕ ╭─→⊕
│ │ │ │ │ │ │
↓ │ ↓ │ ↓ │ ↓ ┏━━━┓
k_4 ─╯ k_5 ─╯ k_6 ─╯ k_7 ─→┃f_2┃─╮
│ │ │ │ ┗━━━┛ │
╭──│──────│──────│──────│──────────╯
│ ↓ ↓ ↓ ↓
╰─→⊕ ╭─→⊕ ╭─→⊕ ╭─→⊕
│ │ │ │ │ │ │
↓ │ ↓ │ ↓ │ ↓ ┏━━━┓
k_8 ─╯ k_9 ─╯ k_10 ╯ k_11 ─→┃f_3┃─╮
│ │ │ │ ┗━━━┛ │
╭──│──────│──────│──────│───────────╯
│ ↓ ↓ ↓ ↓
.......................................
│ ↓ ↓ ↓ ↓
╰─→⊕ ╭─→⊕ ╭─→⊕ ╭─→⊕
│ │ │ │ │ │ │
↓ │ ↓ │ ↓ │ ↓
k_40 ╯ k_41 ╯ k_42 ╯ k_43
The key expansion works in a way that ki only depends directly on ki−1 and ki−Nk (where Nk is the number of columns in the key, i.e. 4 for AES-128). In most cases it is a simple ⊕, but after each Nk key columns, a non-linear function fi is applied....The functions fi are nonlinear functions build from the AES S-box (applied on each byte separately), a rotation by one byte, and an XOR with a round constant depending on i (this is the element of GF(28) corresponding to xi−1, but there also is a table in the standard). Then the key selection algorithm simply takes k0…k3 as the first round key, k4…k7 as the second one, until k40…k43 as the last one.
