Score:0

How does AES-256 works if AES is only a 128-bit block cipher?

ly flag

I'm currently studying AES encryption and I'm quite confused on how do we use a 256-bit key in AES?

Becuase in my understanding, AES no matter what the key size is, it still operates and encrypt a 128-bit block of message only in the whole cycle/rounds until it reaches the end.

well for AES-128 we use a 128-bit key that is total of 16 byte char, and that can be represented by a 4x4 matrix, and most AES operations and steps works on 4x4 matrix right?

Then how do we use a 256 bit key?, that is a 32 byte char and that is not even a perfect square right?

Will that 256-bit key result into the same size of 128-bit key version of AES when expanded by key expansion? and just use 16 bytes each when encrypting to match the 4x4 state array?

kelalaka avatar
in flag
Related [Security importance of Key Schedule in Block Cipher](https://crypto.stackexchange.com/q/45133/18298)
Score:3
in flag

Even for AES128 we don't use the key directly. Each round gets its own key in the process called key expansion. Those round keys are used to transmute a matrix. The original key is never applied directly.

AES256 adds more rounds. Each round stays the same, only the key derivation for them changes slightly. This allows for less dependant round keys, which hopefully adds to the cipher strength. However, there is some deficiency in the key expansion algorithm which makes the 192 and 256-bit variants more susceptible to related key attacks.

fgrieu avatar
ng flag
Yes. The process of turning the 256-bit key of AES-256 into fifteen 128-bit round (sub)keys is the [AES key expansion](https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf#page=23), also known as [AES key schedule](https://en.wikipedia.org/wiki/AES_key_schedule).
kabibe sadagat avatar
ly flag
@fgrieu thanks now I think I got the idea
Myria avatar
in flag
Minor nitpick: the first round key of AES-128 is, in fact, the original key, so it is "applied directly". But the round keys after that are computed with key expansion. (For AES-192, the first round key is the first 128 bits of the key, and the second round key's first 64 bits are the remainder. Similarly, the first two round keys are halves of the original key in AES-256.)
Score:1
us flag

If you're wondering why a 256-bit key offers any greater security, you need to realize that a 128-bit block cipher is essentially a way of mapping $2^{128}$ input values to $2^{128}$ output values. That means the set of all possible 128-bit block ciphers has a size of $2^{128}!$, which is about $10^{10^{40}}$.

A 128-bit key allows you to choose one of $2^{128}$ possible mappings. Although this is a huge number, it's a vanishingly small fraction of the set of all ciphers. The same could be said for any practical key size, but with a 256-bit key, you get to choose from a far larger set of possible input-output mappings, making the encryption that much harder to crack.

kelalaka avatar
in flag
Key size doesn't mean it is harder to crack! The design makes it harder to crack. It is necessary but not sufficient!
Nikita Kipriyanov avatar
in flag
This consideration is completely true only for truly random permutations, while AES is a pseudorandom permutatuion.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.