Mdtryhht

Quoting Keynes in a lecture

What fields between the rationals and the reals allow a good notion of 2D distance?

Is it allowed to activate the ability of multiple planeswalkers in a single turn?

C++ check if statement can be evaluated constexpr

C++ copy constructor called at return

Does Doodling or Improvising on the Piano Have Any Benefits?

When were female captains banned from Starfleet?

Is it necessary to use pronouns with the verb "essere"?

Taxes on Dividends in a Roth IRA

How to preserve electronics (computers, iPads and phones) for hundreds of years

Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?

How much theory knowledge is actually used while playing?

PTIJ: Why is Haman obsessed with Bose?

How to explain what's wrong with this application of the chain rule?

Why do ¬, ∀ and ∃ have the same precedence?

How could a planet have erratic days?

Does grappling negate Mirror Image?

A variation to the phrase "hanging over my shoulders"

Why is it that I can sometimes guess the next note?

Circuit Analysis: Obtaining Close Loop OP - AMP Transfer function

Creating two special characters

Why is the Sun approximated as a black body at ~ 5800 K?

Can I turn my anal-retentiveness into a career?

Which was the first story featuring espers?

Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?

Increase number of rounds for SPN and Feistel ciphersIs AES-256 weaker than 192 and 128 bit versions?What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Can Poly1305-AES be used with AES-256?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES function with 128 bit key and 128 bit input size - does it have perfect secrecy?Replacing a block cipher's key schedule with a stream cipherA Lightweight Matrix Suggestion for MixColumns State of AESOCB-AES: Ambiguous definition of “Encipher” in RFC document

8

1

$begingroup$

I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:

$$
beginarrayc
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$

Why these specific numbers of rounds only?

aes

share|improve this question

edited 48 mins ago

Nat

2081411

asked 5 hours ago

kapilkapil

432

New contributor

kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

8

1

$begingroup$

I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:

$$
beginarrayc
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$

Why these specific numbers of rounds only?

aes

share|improve this question

edited 48 mins ago

Nat

2081411

asked 5 hours ago

kapilkapil

432

New contributor

kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

add a comment | 

$begingroup$

I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:

$$
beginarrayc
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$

Why these specific numbers of rounds only?

aes

share|improve this question

edited 48 mins ago

Nat

2081411

asked 5 hours ago

kapilkapil

432

New contributor

kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

$endgroup$

share|improve this question

edited 48 mins ago

Nat

2081411

asked 5 hours ago

kapilkapil

432

New contributor

kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 48 mins ago

Nat

2081411

asked 5 hours ago

kapilkapil

432

New contributor

kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 48 mins ago

Nat

2081411

edited 48 mins ago

Nat

2081411

asked 5 hours ago

kapilkapil

432

New contributor

kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 5 hours ago

kapilkapil

432

1 Answer
1

active

oldest

votes

10

$begingroup$

Why these specific number of rounds only?

Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".

The standard specifies these specific number of rounds to ensure that different implementations are interoperable.

Why not more or less?

The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.

Less might be insecure, and more might be slower with no benefit.

To quote the above book (from Section 3.5 The Number of Rounds):

For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:

1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.




2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.

share|improve this answer

edited 3 hours ago

puzzlepalace

2,8701133

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382

$endgroup$

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

kapil is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

10

$begingroup$

Why these specific number of rounds only?

Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".

The standard specifies these specific number of rounds to ensure that different implementations are interoperable.

Why not more or less?

The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.

Less might be insecure, and more might be slower with no benefit.

To quote the above book (from Section 3.5 The Number of Rounds):

For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:

1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.




2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.

share|improve this answer

edited 3 hours ago

puzzlepalace

2,8701133

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382

$endgroup$

add a comment | 

10

$begingroup$

Why these specific number of rounds only?

Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".

The standard specifies these specific number of rounds to ensure that different implementations are interoperable.

Why not more or less?

The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.

Less might be insecure, and more might be slower with no benefit.

To quote the above book (from Section 3.5 The Number of Rounds):

For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:

1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.




2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.

share|improve this answer

edited 3 hours ago

puzzlepalace

2,8701133

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382

$endgroup$

add a comment | 

$begingroup$

Why these specific number of rounds only?

Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".

The standard specifies these specific number of rounds to ensure that different implementations are interoperable.

Why not more or less?

The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.

Less might be insecure, and more might be slower with no benefit.

To quote the above book (from Section 3.5 The Number of Rounds):

For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:

1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.




2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.

share|improve this answer

edited 3 hours ago

puzzlepalace

2,8701133

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382

$endgroup$

share|improve this answer

edited 3 hours ago

puzzlepalace

2,8701133

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382

edited 3 hours ago

puzzlepalace

2,8701133

edited 3 hours ago

puzzlepalace

2,8701133

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382

answered 4 hours ago

Ella Rose♦Ella Rose

16.5k44382