Key whitening

From Wikipedia, the free encyclopedia

In cryptography, key whitening is a technique intended to increase the security of an iterated block cipher. It consists of steps that combine the data with portions of the key.


Key whitening using the xor-encrypt-xor technique: a (short) Key is made longer with Key1 and Key2 parts

The most common form of key whitening is xor-encrypt-xor -- using a simple XOR before the first round and after the last round of encryption.

The first block cipher to use a form of key whitening is DES-X, which simply uses two extra 64-bit keys for whitening, beyond the normal 56-bit key of DES. This is intended to increase the complexity of a brute force attack, increasing the effective size of the key without major changes in the algorithm. DES-X's inventor, Ron Rivest, named the technique whitening.

The cipher FEAL (followed by Khufu and Khafre) introduced the practice of key whitening using portions of the same key used in the rest of the cipher. This offers no additional protection from brute force attacks, but it can make other attacks more difficult. In a Feistel cipher or similar algorithm, key whitening can increase security by concealing the specific inputs to the first and last round functions. In particular, it is not susceptible to a meet-in-the-middle attack. This form of key whitening has been adopted as a feature of many later block ciphers, including AES, MARS, RC6, and Twofish.

See also[edit]


  • Schneier, Bruce (1996). Applied Cryptography (2nd ed.). John Wiley & Sons. pp. 366–367. ISBN 0-471-11709-9.