Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?Increase number of rounds for SPN and Feistel ciphersIs AES-256 weaker than 192 and 128 bit versions?What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Can Poly1305-AES be used with AES-256?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES function with 128 bit key and 128 bit input size - does it have perfect secrecy?Replacing a block cipher's key schedule with a stream cipherA Lightweight Matrix Suggestion for MixColumns State of AESOCB-AES: Ambiguous definition of “Encipher” in RFC document

Can I say "fingers" when referring to toes?

Review your own paper in Mathematics

Can you use Vicious Mockery to win an argument or gain favours?

Change the color of a single dot in `ddot` symbol

What's the name of the logical fallacy where a debater extends a statement far beyond the original statement to make it true?

"It doesn't matter" or "it won't matter"?

Is it necessary to use pronouns with the verb "essere"?

Find the next value of this number series

Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?

How much of a Devil Fruit must be consumed to gain the power?

Circuit Analysis: Obtaining Close Loop OP - AMP Transfer function

Make a Bowl of Alphabet Soup

A variation to the phrase "hanging over my shoulders"

When were female captains banned from Starfleet?

What fields between the rationals and the reals allow a good notion of 2D distance?

Is there any evidence that Cleopatra and Caesarion considered fleeing to India to escape the Romans?

Why Shazam when there is already Superman?

Giving feedback to someone without sounding prejudiced

Why can't the Brexit deadlock in the UK parliament be solved with a plurality vote?

Is this part of the description of the Archfey warlock's Misty Escape feature redundant?

awk assign to multiple variables at once

Do we have to expect a queue for the shuttle from Watford Junction to Harry Potter Studio?

Does the reader need to like the PoV character?

Why does Carol not get rid of the Kree symbol on her suit when she changes its colours?



Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?


Increase number of rounds for SPN and Feistel ciphersIs AES-256 weaker than 192 and 128 bit versions?What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Can Poly1305-AES be used with AES-256?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES function with 128 bit key and 128 bit input size - does it have perfect secrecy?Replacing a block cipher's key schedule with a stream cipherA Lightweight Matrix Suggestion for MixColumns State of AESOCB-AES: Ambiguous definition of “Encipher” in RFC document













8












$begingroup$


I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



$$
beginarray
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$



Why these specific numbers of rounds only?






aes







share|improve this question









New contributor




kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$
















    8












    $begingroup$


    I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



    $$
    beginarray
    hline
    beginarrayc textbfKey Size \ left(textbitsright) endarray
    &beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
    128 & 10 \ hline
    192 & 12 \ hline
    256 & 14 \ hline
    endarray
    $$



    Why these specific numbers of rounds only?






    aes







    share|improve this question









    New contributor




    kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.







    $endgroup$














      8












      8








      8


      1



      $begingroup$


      I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



      $$
      beginarray
      hline
      beginarrayc textbfKey Size \ left(textbitsright) endarray
      &beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
      128 & 10 \ hline
      192 & 12 \ hline
      256 & 14 \ hline
      endarray
      $$



      Why these specific numbers of rounds only?






      aes







      share|improve this question









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.







      $endgroup$




      I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



      $$
      beginarray
      hline
      beginarrayc textbfKey Size \ left(textbitsright) endarray
      &beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
      128 & 10 \ hline
      192 & 12 \ hline
      256 & 14 \ hline
      endarray
      $$



      Why these specific numbers of rounds only?






      aes




      aes






      share|improve this question









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 34 mins ago









      Nat

      2081411




      2081411






      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 4 hours ago









      kapilkapil

      432




      432




      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          1 Answer
          1






          active

          oldest

          votes


















          10












          $begingroup$

          Why these specific number of rounds only?



          Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



          The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



          Why not more or less?



          The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



          Less might be insecure, and more might be slower with no benefit.



          To quote the above book (from Section 3.5 The Number of Rounds):




          For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



          1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


          2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







          share|improve this answer











          $endgroup$












            Your Answer





            StackExchange.ifUsing("editor", function ()
            return StackExchange.using("mathjaxEditing", function ()
            StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
            StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
            );
            );
            , "mathjax-editing");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "281"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            kapil is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            10












            $begingroup$

            Why these specific number of rounds only?



            Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



            The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



            Why not more or less?



            The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



            Less might be insecure, and more might be slower with no benefit.



            To quote the above book (from Section 3.5 The Number of Rounds):




            For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



            1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


            2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







            share|improve this answer











            $endgroup$

















              10












              $begingroup$

              Why these specific number of rounds only?



              Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



              The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



              Why not more or less?



              The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



              Less might be insecure, and more might be slower with no benefit.



              To quote the above book (from Section 3.5 The Number of Rounds):




              For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



              1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


              2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







              share|improve this answer











              $endgroup$















                10












                10








                10





                $begingroup$

                Why these specific number of rounds only?



                Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



                The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



                Why not more or less?



                The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



                Less might be insecure, and more might be slower with no benefit.



                To quote the above book (from Section 3.5 The Number of Rounds):




                For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



                1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


                2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







                share|improve this answer











                $endgroup$



                Why these specific number of rounds only?



                Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



                The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



                Why not more or less?



                The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



                Less might be insecure, and more might be slower with no benefit.



                To quote the above book (from Section 3.5 The Number of Rounds):




                For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



                1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


                2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.








                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 3 hours ago









                puzzlepalace

                2,8701133




                2,8701133










                answered 4 hours ago









                Ella RoseElla Rose

                16.5k44382




                16.5k44382




















                    kapil is a new contributor. Be nice, and check out our Code of Conduct.









                    draft saved

                    draft discarded


















                    kapil is a new contributor. Be nice, and check out our Code of Conduct.












                    kapil is a new contributor. Be nice, and check out our Code of Conduct.











                    kapil is a new contributor. Be nice, and check out our Code of Conduct.














                    Thanks for contributing an answer to Cryptography Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    Use MathJax to format equations. MathJax reference.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Möglingen Índice Localización Historia Demografía Referencias Enlaces externos Menú de navegación48°53′18″N 9°07′45″E / 48.888333333333, 9.129166666666748°53′18″N 9°07′45″E / 48.888333333333, 9.1291666666667Sitio web oficial Mapa de Möglingen«Gemeinden in Deutschland nach Fläche, Bevölkerung und Postleitzahl am 30.09.2016»Möglingen

                    Image
                    Localidades de Baden-Wurtemberg municipioalemándistrito de LuisburgoBaden-WurtembergLuisburgoCasa de WurtembergGuerra de los Treinta AñosGuerra de los Nueve Años Möglingen Municipio Iglesia gótica de San Pancracio. Escudo Möglingen Localización de Möglingen en Alemania Ubicación de Möglingen Coordenadas 48°53′18″N 9°07′45″E  /  48.888333333333, 9.1291666666667 Coordenadas: 48°53′18″N 9°07′45″E  /  48.888333333333, 9.1291666666667 Entidad Municipio  • País   Alemania  • Estado Baden-Wurtemberg  • Distrito Luisburgo Superficie    • Total 9,93 km², 9,95 km² y 9,93 km² Altitud    • Media 297 m s. n. m. Población (2014)    • Total 10 983 hab.  • Densidad Expresión errónea: carácter de puntuación « » desconocido, hab/km² Huso horario UTC+01:00 y UTC+02:00 Código postal 71696 Prefijo telefónico 07141 Matrícula LB Número oficial de comunidad 08118051 Sitio web oficial [editar datos en Wikidata] Möglingen es un municipio alemán perteneciente al distrito de Luisburgo de Baden-Wurtember
                    Read more

                    Virtualbox - Configuration error: Querying “UUID” failed (VERR_CFGM_VALUE_NOT_FOUND)“VERR_SUPLIB_WORLD_WRITABLE” error when trying to installing OS in virtualboxVirtual Box Kernel errorFailed to open a seesion for the virtual machineFailed to open a session for the virtual machineUbuntu 14.04 LTS Virtualbox errorcan't use VM VirtualBoxusing virtualboxI can't run Linux-64 Bit on VirtualBoxUnable to insert the virtual optical disk (VBoxguestaddition) in virtual machine for ubuntu server in win 10VirtuaBox in Ubuntu 18.04 Issues with Win10.ISO Installation

                    Image
                    Fear of getting stuck on one programming language / technology that is not used in my country Do the primes contain an infinite almost arithmetic progression? Biological Blimps: Propulsion Are Captain Marvel's powers affected by Thanos' actions in Infinity War Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size? Can a College of Swords bard use a Blade Flourish option on an opportunity attack provoked by their own Dissonant Whispers spell? Can disgust be a key component of horror? Can I say "fingers" when referring to toes? What is Cash Advance APR? Why Shazam when there is already Superman? What does "Scientists rise up against statistical significance" mean? (Comment in Nature) What does chmod -u do? What should you do when eye contact makes your subordinate uncomfortable? Issue while creating Apex class using API How much character growth crosses the line into breaking the charac
                    Read more

                    Antonio De Lisio Carrera Referencias Menú de navegación«Caracas: evolución relacional multipleja»«Cuando los gobiernos subestiman a las localidades: L a Iniciativa para la Integración de la Infraestructura Regional Suramericana (IIRSA) en la frontera Colombo-Venezolana»«Maestría en Planificación Integral del Ambiente»«La Metrópoli Caraqueña: Expansión Simplificadora o Articulación Diversificante»«La Metrópoli Caraqueña: Expansión Simplificadora o Articulación Diversificante»«Conózcanos»«Caracas: evolución relacional multipleja»«La Metrópoli Caraqueña: Expansión Simplificadora o Articulación Diversificante»

                    Profesores de VenezuelaNacidos en 1956Geógrafos de Venezuela PlanificaciónEcologíaAmbientedesarrollo sustentableUniversidad Central de VenezuelaUniversidad Central de VenezuelaAsamblea Nacional de VenezuelaUniversidad Central de VenezuelaUniversidad de París VIIUniversidad Central de Venezuela Antonio De Lisio (nacido en 1956), es un geógrafo y profesor universitario italiano/venezolano. Se destaca como investigador en las áreas de Planificación,Ecología, Ambiente y desarrollo sustentable. [ 1 ] ​ Fue director del Centro de Estudios Integrales del Ambiente (CENAMB) de la Universidad Central de Venezuela (1992-2009). [ 2 ] ​ Carrera De Lisio es profesor titular de la Facultad de Arquitectura y Urbanismo y del CENAMB de la Universidad Central de Venezuela. Impartiendo las cátedras de “Teoría de la Arquitectura” en la Escuela Arquitectura Carlos Raúl Villanueva, y a nivel de postgrado “Perspectiva Ambiental del Desarrollo” en la maestría de Planificación Integral del Ambiente. [ 3 ] ​
                    Read more