Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?Is AES-256 weaker than 192 and 128 bit versions?Difference between Rijndael 128 / 256 blocksize implementations? (and impact of block size in general)What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Does AES-128 have the same strength as AES-256 with a padded key?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES key and block sizeIs there any compelling or logical reason to use AES-192 over AES-128 but not use AES-256?Are tags longer than 128 bit possible for AES-256-CCM and AES-256-GCM?AES key expansion for 192-bit

Confused about Cramer-Rao lower bound and CLT

Is it allowed to activate the ability of multiple planeswalkers in a single turn?

Shouldn’t conservatives embrace universal basic income?

What does Apple's new App Store requirement mean

In a multiple cat home, how many litter boxes should you have?

Can I say "fingers" when referring to toes?

Which Article Helped Get Rid of Technobabble in RPGs?

How does electrical safety system work on ISS?

Why should universal income be universal?

Why Shazam when there is already Superman?

How do you make your own symbol when Detexify fails?

Is this toilet slogan correct usage of the English language?

What is Cash Advance APR?

How could a planet have erratic days?

Biological Blimps: Propulsion

Did the UK lift the requirement for registering SIM cards?

Is it necessary to use pronouns with the verb "essere"?

Does the reader need to like the PoV character?

Pre-mixing cryogenic fuels and using only one fuel tank

How to explain what's wrong with this application of the chain rule?

Will number of steps recorded on FitBit/any fitness tracker add up distance in PokemonGo?

How do I fix the group tension caused by my character stealing and possibly killing without provocation?

Is there a RAID 0 Equivalent for RAM?

Does "he squandered his car on drink" sound natural?



Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?


Is AES-256 weaker than 192 and 128 bit versions?Difference between Rijndael 128 / 256 blocksize implementations? (and impact of block size in general)What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Does AES-128 have the same strength as AES-256 with a padded key?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES key and block sizeIs there any compelling or logical reason to use AES-192 over AES-128 but not use AES-256?Are tags longer than 128 bit possible for AES-256-CCM and AES-256-GCM?AES key expansion for 192-bit













7












$begingroup$


I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



*128-bit key size -> 10 rounds
*192-bit key size -> 12 rounds
*256-bit key size -> 14 rounds



Why these specific numbers of rounds only?









share









New contributor




kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$
















    7












    $begingroup$


    I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



    *128-bit key size -> 10 rounds
    *192-bit key size -> 12 rounds
    *256-bit key size -> 14 rounds



    Why these specific numbers of rounds only?









    share









    New contributor




    kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.







    $endgroup$














      7












      7








      7





      $begingroup$


      I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



      *128-bit key size -> 10 rounds
      *192-bit key size -> 12 rounds
      *256-bit key size -> 14 rounds



      Why these specific numbers of rounds only?









      share









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.







      $endgroup$




      I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



      *128-bit key size -> 10 rounds
      *192-bit key size -> 12 rounds
      *256-bit key size -> 14 rounds



      Why these specific numbers of rounds only?







      aes





      share









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share



      share








      edited 1 hour ago









      forest

      4,44511641




      4,44511641






      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 3 hours ago









      kapilkapil

      382




      382




      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          1 Answer
          1






          active

          oldest

          votes


















          7












          $begingroup$

          Why these specific number of rounds only?



          Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



          The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



          Why not more or less?



          The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



          Less might be insecure, and more might be slower with no benefit.



          To quote the above book (from Section 3.5 The Number of Rounds):




          For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



          1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


          2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







          share|improve this answer











          $endgroup$












            Your Answer





            StackExchange.ifUsing("editor", function ()
            return StackExchange.using("mathjaxEditing", function ()
            StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
            StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
            );
            );
            , "mathjax-editing");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "281"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            kapil is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            7












            $begingroup$

            Why these specific number of rounds only?



            Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



            The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



            Why not more or less?



            The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



            Less might be insecure, and more might be slower with no benefit.



            To quote the above book (from Section 3.5 The Number of Rounds):




            For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



            1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


            2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







            share|improve this answer











            $endgroup$

















              7












              $begingroup$

              Why these specific number of rounds only?



              Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



              The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



              Why not more or less?



              The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



              Less might be insecure, and more might be slower with no benefit.



              To quote the above book (from Section 3.5 The Number of Rounds):




              For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



              1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


              2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







              share|improve this answer











              $endgroup$















                7












                7








                7





                $begingroup$

                Why these specific number of rounds only?



                Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



                The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



                Why not more or less?



                The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



                Less might be insecure, and more might be slower with no benefit.



                To quote the above book (from Section 3.5 The Number of Rounds):




                For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



                1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


                2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







                share|improve this answer











                $endgroup$



                Why these specific number of rounds only?



                Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



                The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



                Why not more or less?



                The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



                Less might be insecure, and more might be slower with no benefit.



                To quote the above book (from Section 3.5 The Number of Rounds):




                For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



                1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


                2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.








                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 1 hour ago









                puzzlepalace

                2,8701133




                2,8701133










                answered 3 hours ago









                Ella RoseElla Rose

                16.5k44281




                16.5k44281




















                    kapil is a new contributor. Be nice, and check out our Code of Conduct.









                    draft saved

                    draft discarded


















                    kapil is a new contributor. Be nice, and check out our Code of Conduct.












                    kapil is a new contributor. Be nice, and check out our Code of Conduct.











                    kapil is a new contributor. Be nice, and check out our Code of Conduct.














                    Thanks for contributing an answer to Cryptography Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    Use MathJax to format equations. MathJax reference.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    How should I use the fbox command correctly to avoid producing a Bad Box message?How to put a long piece of text in a box?How to specify height and width of fboxIs there an arrayrulecolor-like command to change the rule color of fbox?What is the command to highlight bad boxes in pdf?Why does fbox sometimes place the box *over* the graphic image?how to put the text in the boxHow to create command for a box where text inside the box can automatically adjust?how can I make an fbox like command with certain color, shape and width of border?how to use fbox in align modeFbox increase the spacing between the box and it content (inner margin)how to change the box height of an equationWhat is the use of the hbox in a newcommand command?

                    Doxepinum Nexus interni Notae | Tabula navigationis3158DB01142WHOa682390"Structural Analysis of the Histamine H1 Receptor""Transdermal and Topical Drug Administration in the Treatment of Pain""Antidepressants as antipruritic agents: A review"

                    inputenc: Unicode character … not set up for use with LaTeX The Next CEO of Stack OverflowEntering Unicode characters in LaTeXHow to solve the `Package inputenc Error: Unicode char not set up for use with LaTeX` problem?solve “Unicode char is not set up for use with LaTeX” without special handling of every new interesting UTF-8 characterPackage inputenc Error: Unicode character ² (U+B2)(inputenc) not set up for use with LaTeX. acroI2C[I²C]package inputenc error unicode char (u + 190) not set up for use with latexPackage inputenc Error: Unicode char u8:′ not set up for use with LaTeX. 3′inputenc Error: Unicode char u8: not set up for use with LaTeX with G-BriefPackage Inputenc Error: Unicode char u8: not set up for use with LaTeXPackage inputenc Error: Unicode char ́ (U+301)(inputenc) not set up for use with LaTeX. includePackage inputenc Error: Unicode char ̂ (U+302)(inputenc) not set up for use with LaTeX. … $widehatleft (OA,AA' right )$Package inputenc Error: Unicode char â„¡ (U+2121)(inputenc) not set up for use with LaTeX. printbibliography[heading=bibintoc]Package inputenc Error: Unicode char − (U+2212)(inputenc) not set up for use with LaTeXPackage inputenc Error: Unicode character α (U+3B1) not set up for use with LaTeXPackage inputenc Error: Unicode characterError: ! Package inputenc Error: Unicode char ⊘ (U+2298)(inputenc) not set up for use with LaTeX