# How does the LED lightweight encryption algorithm work?

## Question:

I would like to better understand how the `LED` algorithm works step-by-step, especially the process of substitution and permutation of blocks and especially the use of keys in each round.

Are the keys in each round expansions of a single key or are they different keys?

But I couldn't find out if each round are expansions or if they are different keys.

I'm also researching on the subject and reading on [crypto.SO] I found this answer interesting, so I'll adjust it here, I hope it suits us.

On page 3 of the Proposal for the LED Algorithm it says:

"Note that for a 64-bit key `K` , all subkeys are equal to `K` , while for a 128-bit key `K` , the subkeys are alternatively equal to the left part `K^1` and to the right part `K^2` of `K` . "

Translating:

Note that for a 64-bit key `k` , all subkeys are equal to \$k\$, while for a 128-bit key `k` , the subkeys are alternately equal to the left part of `k^1` and the part right `k^2` of de `k` .

Basically the main key input is split into ordered list of nibbles , and when the algorithm needs stuff for subkeys it uses exactly the nibbles directly from the ordered list — moving each nibble to the end of the line so that all the nibbles are used in succession. Since the algorithm handles 64 bits of subkeys at a time (16 nibbles ), for a 64-bit main key each subkey will simply be the main key, and for 128-bit keys the algorithm will use the first 16 nibbles of the master key, and then the second part, the remaining 16 nibbles , and then the first 16 again, and so on. At the top of page 4 shows the diagram of how this works for an 80-bit main switch.

Considering the original question to which this answer was applied, the answer author highlights that the subkeys not used in ' round ' as highlighted in the question, but that between each step , while each step is composed of 4 rounds. Each round consists of 4 operations, very similar to the one used in the AES algorithm — first you do an xor in a round, then you replace each nibble using a non-linear replacement operation (the cipher s-box), you transpose the nibbles then passing through the highest linear diffuse permutation, with a high branching factor (similar to MixColumns in AES, but optimized for nibbles ).