I would like to better understand how the
LED algorithm works step-by-step, especially the process of substitution and permutation of blocks and especially the use of keys in each round.
Are the keys in each round expansions of a single key or are they different keys?
I've already consulted the sources
But I couldn't find out if each round are expansions or if they are different keys.
I'm also researching on the subject and reading on [crypto.SO] I found this answer interesting, so I'll adjust it here, I hope it suits us.
On page 3 of the Proposal for the LED Algorithm it says:
"Note that for a 64-bit key
K, all subkeys are equal to
K, while for a 128-bit key
K, the subkeys are alternatively equal to the left part
K^1and to the right part
Note that for a 64-bit key
k, all subkeys are equal to $k$, while for a 128-bit key
k, the subkeys are alternately equal to the left part of
k^1and the part right
Basically the main key input is split into ordered list of nibbles , and when the algorithm needs stuff for subkeys it uses exactly the nibbles directly from the ordered list — moving each nibble to the end of the line so that all the nibbles are used in succession. Since the algorithm handles 64 bits of subkeys at a time (16 nibbles ), for a 64-bit main key each subkey will simply be the main key, and for 128-bit keys the algorithm will use the first 16 nibbles of the master key, and then the second part, the remaining 16 nibbles , and then the first 16 again, and so on. At the top of page 4 shows the diagram of how this works for an 80-bit main switch.
Considering the original question to which this answer was applied, the answer author highlights that the subkeys not used in ' round ' as highlighted in the question, but that between each step , while each step is composed of 4 rounds. Each round consists of 4 operations, very similar to the one used in the AES algorithm — first you do an xor in a round, then you replace each nibble using a non-linear replacement operation (the cipher s-box), you transpose the nibbles then passing through the highest linear diffuse permutation, with a high branching factor (similar to MixColumns in AES, but optimized for nibbles ).
Based on the answer: https://crypto.stackexchange.com/a/26013