Score:0

AES Key vs RSA Key

in flag

I am compeletely new to cryptography and recently tried to understand it a bit more thoroughly. My question is: How does the Generation of keys differ in the case of AES and RSA. I understood, that the public and private key of RSA can be derive straight-forwardly with some modulo-magic.

What I did understand (at least i hope) is the following:

The key-pair (private and public) is tightly connected to the RSA-algorithm aka how things are encrypted/deciffered.

What I didnt understand is this:

In case of AES I do not understand. The websites I consulted for studying only explained the algorithm, but not really how the keys are generated and what condition the have to obey in order to be fit for AES.

So my question is:

Are keys/key-pairs inherently (how they are created) coupled to the algorithm, or is this only the case for RSA. If so, what 'form' does the key has to have in case of AES?

Thanks already!

kelalaka avatar
in flag
Welcome to Cryptography.SE. It is better to provide your source of confusion. AES and RSA are different things. see [RSA key generation](https://crypto.stackexchange.com/search?q=RSA+key+generation) and AES keys are chosen uniformly randomly as in all blocks ciphers.
Score:4
gb flag

AES is a symmetric key algorithm, which means there is just one key, used both to encrypt and decrypt. This is different from RSA, where you have two keys - a private one and a public one, related in a specific way.

AES keys are simply random bytes. For example, AES-128 uses 128-bit (16 byte) keys. So any random 128 bits can be used as an AES-128 key. There doesn't need to be any other form.

An AES key like this is then turned into multiple round keys using a key schedule, as part of the algorithm.

Score:1
cn flag

Cryptographic algorithms are divided into two major groups: symmetric and asymmetric. Algorithms from the first group use one key, that must be kept secret. Algorithms from the second group use two different keys^ one of them must be kept secret too, but the second one is public.

AES is a symmetric cipher, i.e. it uses one single key for encryption and decryption (everyone, who knows a key, can decrypt a message). Generally in symmetric cryptography (in modern cryptography) the only restriction for the key is its size. AES, for instance, supports 128, 192 and 256-bit keys. Usually keys are required to be chosen uniformly from a set of its all possible values*.
NB: set of all possible values of key actually defined by the algorithm. For AES-128 it is a set of all 128-bit vectors $\mathbb{F}_2^{128}$, and for Caesar cipher it is just a number from 0 to 26 - $\mathbb{F}_{27}$.
A concrete symmetric algorithm defines a set of possible key values. For modern ciphers it is usually a binary vectors of a certain size**.

RSA is an asymmetric cipher, i.e. it uses a key pair, that consists of public and private keys. These keys are related to each other in a certain way to allow encryption with public key and decryption with private one (everyone, who knows a private key, can decrypt a message). Here the situation becomes a bit more difficult, because an algorithm defines not only a set of possible key values. It also defines an algorithm of key generation to make a guarantee of special relation between public and private keys.


* - potentially algorithms may require additional restrictions on key generation algorithm to provide a required level of security (for example, there are some algorithms, that use two different and independent keys), but in general keys are required to be chosen uniformly from all possible values.

** - there are some restrictions on keys set for certain algorithms, because of existence of weak keys. These keys produces the same round key for each round. But not all algorithms have them.

Score:0
si flag

This answer is specifically about your statement "….the RSA-algorithm aka how things are encrypted/deciffered." RSA usually isn't used for encryption, and when it is it's never just the RSA algorithm. AES isn't used alone for encryption either!

AES is a symmetric key algorithm, specifically a block cipher. It takes a key and an input block, and produces an output block. Using the same key on the output block produces the original input block. With AES, blocks are 128 bits (16 bytes). Keys are 128, 192, or 256 bits. They must be chosen uniformly at random, but other than that don't have any restrictions.

AES can be used to build an encryption scheme, but by itself isn't used for encryption, since it can only encrypt a single 16-byte block securely! It must be used in a "mode of operation" to usefully encrypt anything bigger or smaller than 16 bytes. AES can also be used to build cryptographic hash functions (no common hash does this, but AES-Hash was proposed), message authentication codes (AES-CMAC), key derivation functions (NIST SP 800-108 describes how), and more. It's therefore wrong to consider AES (or any other block cipher) as only an encryption function, despite the "encryption" in the name.

RSA is an asymmetric key algorithm. It has two keys, a "public" key and a "private" key. The public key is assumed to be publicly available, the private key is assumed to never be shared with anyone. The RSA operation uses one of the keys, and can be reversed using the other key. RSA keys have specific mathematical structure to make this possible; private keys are chosen first and the public key is derived from the private key. This Wikipedia article describes RSA key generation well, but the specifics aren't important for this answer.

Like AES, RSA is not used on its own for encryption. It must be used with a "padding scheme" for encryption. Even with that, it's quite slow and limited to encrypting a few hundred bytes at a time for practical key sizes. RSA is more commonly used to build a signature scheme (again with a padding scheme), though it's sometimes used to build a key exchange mechanism to exchange symmetric keys (eg for use with AES in the Galois Counter Mode of operation).

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.