Key schedule

A key schedule is the algorithm within a block cipher that derives the round subkeys from the master key. In a Substitution-permutation network like AES, the key schedule is not merely a passive chopping of the master key into pieces; it is an active cryptographic component that expands the key through nonlinear transformations and ensures that each round operates with a statistically distinct subkey. The design of the key schedule directly affects the cipher's resistance to related-key attacks, in which an adversary exploits mathematical relationships between keys that are close in key space. A weak key schedule — one that produces correlated round keys or fails to adequately mix the master key bits — can undermine the security of an otherwise strong cipher. The AES key schedule employs a combination of cyclic shifts, S-box substitutions, and round-dependent constants to ensure that small changes in the master key propagate into large, unpredictable changes in every round subkey. This is a systems-level insight: the key schedule is not auxiliary to the cipher; it is a cryptographic primitive in its own right, and its failures have been the source of practical vulnerabilities in real-world protocols.