AES Key expansion
34 views
Skip to first unread message
Anna Slobodova
Sep 7, 2021, 7:13:35 PM9/7/21
to RISC-V ISA Dev
Are there any notes on how the aes64ks1i and aesks2 should be combined to implement key expansion? It would help an intuition behind them. For instance, why do we create two exactly the same values in the lower and upper parts of result in aes64ks1i and what are the two values passed to aes64ks2?
Thanks,
Anna
Ben Marshall
Sep 8, 2021, 5:06:36 AM9/8/21
to RISC-V ISA Dev, Anna Slobodova
Hi Anna
There is an example of the code being used to generate an expanded set of AES round keys here: https://github.com/rvkrypto/rvkrypto-fips/blob/main/aes/aes_rvk64.c#L104
Hopefully seeing instructions used in-place makes it a bit clearer. Note the instruction sequence for AES128/192/256 is slightly different (i.e. each of the SAES_KEY*_STEP macros is different).
Barry's original proposal for the key schedule instructions on RV64 can be found here: https://lists.riscv.org/g/tech-crypto-ext/message/126.
Page 17 of the attached PDF onwards describes the "new key schedule proposal". This is a very old discussion, but the rationale for the keyschedule instructions I think remains exactly as described here.
I hope this helps? If not let me know and I'll try to fill in any more gaps.
Cheers,
Ben
Barry's original proposal for the key schedule instructions on RV64 can be found here: https://lists.riscv.org/g/tech-crypto-ext/message/126.
Page 17 of the attached PDF onwards describes the "new key schedule proposal". This is a very old discussion, but the rationale for the keyschedule instructions I think remains exactly as described here.
I hope this helps? If not let me know and I'll try to fill in any more gaps.
Cheers,
Ben
Reply all
Reply to author
Forward
0 new messages