4. The Key Expansion

We've got all of the functions we need to implement the key scheduler!

Your task is to create a KeyExpansion() function outputing an ExpandedKey value. The ExpandedKey value is a series of columns. These columns are all called words and are essentially 4 bytes. The first 4 columns correspond to the original 16-byte key (which will be the first round key), the next 4 columns correspond to the next round key, and on and on... until enough round keys can be created.

key schedule

In the following picture, imagine that the key provided to AES was 2b7e151628aed2a6abf7158809cf4f3c (in hexadecimal). This fills exactly four columns and will be the first round key. To obtain the first column of the next round key, here are the steps:

first column

To obtain the other (3) columns of a round key, just XOR the previous column with the previous round key's column of the same index.

other columns

You should now have enough functions to create the final KeyExpansion() function. Go ahead and do that.

After you're done, feed it the following hexadecimal key:

2b7e151628aed2a6abf7158809cf4f3c

and make sure you get the following subkeys back:

2b7e151628aed2a6abf7158809cf4f3c
a0fafe1788542cb123a339392a6c7605
f2c295f27a96b9435935807a7359f67f
3d80477d4716fe3e1e237e446d7a883b
ef44a541a8525b7fb671253bdb0bad00
d4d1c6f87c839d87caf2b8bc11f915bc
6d88a37a110b3efddbf98641ca0093fd
4e54f70e5f5fc9f384a64fb24ea6dc4f
ead27321b58dbad2312bf5607f8d292f
ac7766f319fadc2128d12941575c006e
d014f9a8c9ee2589e13f0cc8b6630ca6

If you can't figure out why your function doesn't work, you can use the more detailed test vectors from the appendix A.1 of the AES standard. we also gave some other good resources to understand and test your implementation in the main page of this set.

Next