On the primitivity of the AES-128 key-schedule

Abstract

The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group [Formula: see text] generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing [Formula: see text] and all the translations of the message space is primitive. As a consequence, we obtain that no linear partition of the message space can be invariant under its action.