How does the LED lightweight encryption algorithm work?


I would like to better understand how the LED algorithm works step-by-step, especially the process of substitution and permutation of blocks and especially the use of keys in each round.

Are the keys in each round expansions of a single key or are they different keys?

I've already consulted the sources


But I couldn't find out if each round are expansions or if they are different keys.


I'm also researching on the subject and reading on [crypto.SO] I found this answer interesting, so I'll adjust it here, I hope it suits us.

On page 3 of the Proposal for the LED Algorithm it says:

"Note that for a 64-bit key K , all subkeys are equal to K , while for a 128-bit key K , the subkeys are alternatively equal to the left part K^1 and to the right part K^2 of K . "


Note that for a 64-bit key k , all subkeys are equal to $k$, while for a 128-bit key k , the subkeys are alternately equal to the left part of k^1 and the part right k^2 of de k .

Basically the main key input is split into ordered list of nibbles , and when the algorithm needs stuff for subkeys it uses exactly the nibbles directly from the ordered list — moving each nibble to the end of the line so that all the nibbles are used in succession. Since the algorithm handles 64 bits of subkeys at a time (16 nibbles ), for a 64-bit main key each subkey will simply be the main key, and for 128-bit keys the algorithm will use the first 16 nibbles of the master key, and then the second part, the remaining 16 nibbles , and then the first 16 again, and so on. At the top of page 4 shows the diagram of how this works for an 80-bit main switch.

Considering the original question to which this answer was applied, the answer author highlights that the subkeys not used in ' round ' as highlighted in the question, but that between each step , while each step is composed of 4 rounds. Each round consists of 4 operations, very similar to the one used in the AES algorithm — first you do an xor in a round, then you replace each nibble using a non-linear replacement operation (the cipher s-box), you transpose the nibbles then passing through the highest linear diffuse permutation, with a high branching factor (similar to MixColumns in AES, but optimized for nibbles ).

Based on the answer:

Scroll to Top