Home/ Questions/Q 3974624
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T04:35:22+00:00

I’ve managed successfully to write my own AES implementation using a 128bit key. However

  • 0

I’ve managed successfully to write my own AES implementation using a 128bit key. However I’m still dangled how to interpret the AddRoundKey function using 192bit and 256bit keys.

Some facts:

  • Block is 128 bits (State)
  • Rounds 128bit = 10, 192bit = 12, 256bit = 14
  • Nk 128bit = 4 (equal to Block size), 192bit = 6, 256bit = 8 (units are words)

If Nk = 8 and i-4 is a multiple of Nk,
then SubWord() is applied to w[i-1]
prior to the XOR.

Does anyone know how 192bit and 256bit keys are applied? Any replies are appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you’ve got things slightly confused. From FIPS-197:

    In the AddRoundKey() transformation, a Round Key is added to the State by a simple bitwise
    XOR operation. Each Round Key consists of Nb words from the key schedule

    So the AddRoundKey() function xor’s the state with the appropriate word from the key schedule. Now again from FIPS-197:

    KeyExpansion(byte key[4*Nk], word w[Nb*(Nr+1)], Nk)
begin
word temp
i = 0
while (i < Nk) # copy key to first Nk bytes of key sched. w is the key sched.
    w[i] = word(key[4*i], key[4*i+1], key[4*i+2], key[4*i+3])
    i = i+1
end while
i = Nk
while (i < Nb * (Nr+1)] # for remaining key schedule size
    temp = w[i-1]       # get previous word
    if (i mod Nk = 0)   # if i is a multiple of Nk a.k.a. every key length
        temp = SubWord(RotWord(temp)) xor Rcon[i/Nk]
    else if (Nk > 6 and i mod Nk = 4) # this for 256-bit keys only
        temp = SubWord(temp)
    end if
    w[i] = w[i-Nk] xor temp  # the xor operation
    i = i + 1                # if you've used a for loop, ignore this.
end while

    This is actually fairly straightforward. The first NK words of the key schedule are the key. From then on, you create each word by xor with the previous word unless this particular word is an exact multiple of Nk, in which case you apply the Subword function as described in FIPS-197 on the output of the rotated word xor’d by the round constant number for that particular round (i/Nk will be a whole number since i%Nk==0).

    Then, the bit you’re confused with: If Nk > 6, so if we’re using 256-bit keys, and i mod Nk == 4 i.e. (q*Nk)+4 is i for some q, then you do your pre-xor Subword.

    Finally, whatever happens, prior, the contents of the previous word are still xor’d with temp.

    The difference in the key schedule is with 256-bit keys.

    If it helps, the way to know you’ve done this right is to use the test vectors available in FIPS-197 or the NIST AES package. There are test vectors for key schedules at all bit levels; give them a go, they’ll tell you when you’ve got things wrong.

    1. FIPS-197
    2. Useful explanation of AES. You’ve probably got past most of this, but it’s a good guide. Shamelessly stolen from wikipedia,
    • 0