Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?Is AES-256 weaker than 192 and 128 bit versions?Difference between Rijndael 128 / 256 blocksize implementations? (and impact of block size in general)What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Does AES-128 have the same strength as AES-256 with a padded key?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES key and block sizeIs there any compelling or logical reason to use AES-192 over AES-128 but not use AES-256?Are tags longer than 128 bit possible for AES-256-CCM and AES-256-GCM?AES key expansion for 192-bit

Taxes on Dividends in a Roth IRA

Circuit Analysis: Obtaining Close Loop OP - AMP Transfer function

What is Cash Advance APR?

Does Doodling or Improvising on the Piano Have Any Benefits?

How much of a Devil Fruit must be consumed to gain the power?

Shouldn’t conservatives embrace universal basic income?

Will the Sticky MAC access policy prevent unauthorized hubs from connecting to a network?

Multiplicative persistence

Doesn't the system of the Supreme Court oppose justice?

Why do ¬, ∀ and ∃ have the same precedence?

Why should universal income be universal?

Is it allowed to activate the ability of multiple planeswalkers in a single turn?

A Trivial Diagnosis

C++ copy constructor called at return

Permission on Database

PTIJ: Why is Haman obsessed with Bose?

Microchip documentation does not label CAN buss pins on micro controller pinout diagram

What do you call a word that can be spelled forward or backward forming two different words

Non-trope happy ending?

Does the reader need to like the PoV character?

How would you translate "more" for use as an interface button?

In a multiple cat home, how many litter boxes should you have?

15% tax on $7.5k earnings. Is that right?

Is this part of the description of the Archfey warlock's Misty Escape feature redundant?



Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?


Is AES-256 weaker than 192 and 128 bit versions?Difference between Rijndael 128 / 256 blocksize implementations? (and impact of block size in general)What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Does AES-128 have the same strength as AES-256 with a padded key?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES key and block sizeIs there any compelling or logical reason to use AES-192 over AES-128 but not use AES-256?Are tags longer than 128 bit possible for AES-256-CCM and AES-256-GCM?AES key expansion for 192-bit













5












$begingroup$


I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



*128-bit key size -> 10 rounds
*192-bit key size -> 12 rounds
*256-bit key size -> 14 rounds



Why these specific numbers of rounds only?






aes







share|improve this question









New contributor




kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







$endgroup$
















    5












    $begingroup$


    I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



    *128-bit key size -> 10 rounds
    *192-bit key size -> 12 rounds
    *256-bit key size -> 14 rounds



    Why these specific numbers of rounds only?






    aes







    share|improve this question









    New contributor




    kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.







    $endgroup$














      5












      5








      5





      $begingroup$


      I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



      *128-bit key size -> 10 rounds
      *192-bit key size -> 12 rounds
      *256-bit key size -> 14 rounds



      Why these specific numbers of rounds only?






      aes







      share|improve this question









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.







      $endgroup$




      I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:



      *128-bit key size -> 10 rounds
      *192-bit key size -> 12 rounds
      *256-bit key size -> 14 rounds



      Why these specific numbers of rounds only?






      aes




      aes






      share|improve this question









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 26 mins ago









      forest

      4,44511641




      4,44511641






      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 2 hours ago









      kapilkapil

      282




      282




      New contributor




      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          1 Answer
          1






          active

          oldest

          votes


















          5












          $begingroup$

          Why these specific number of rounds only?



          Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



          The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



          Why not more or less?



          The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



          Less might be insecure, and more might be slower with no benefit.



          To quote the above book (from Section 3.5 The Number of Rounds):




          For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



          1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


          2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







          share|improve this answer











          $endgroup$












            Your Answer





            StackExchange.ifUsing("editor", function ()
            return StackExchange.using("mathjaxEditing", function ()
            StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
            StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
            );
            );
            , "mathjax-editing");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "281"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );






            kapil is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            5












            $begingroup$

            Why these specific number of rounds only?



            Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



            The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



            Why not more or less?



            The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



            Less might be insecure, and more might be slower with no benefit.



            To quote the above book (from Section 3.5 The Number of Rounds):




            For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



            1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


            2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







            share|improve this answer











            $endgroup$

















              5












              $begingroup$

              Why these specific number of rounds only?



              Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



              The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



              Why not more or less?



              The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



              Less might be insecure, and more might be slower with no benefit.



              To quote the above book (from Section 3.5 The Number of Rounds):




              For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



              1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


              2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







              share|improve this answer











              $endgroup$















                5












                5








                5





                $begingroup$

                Why these specific number of rounds only?



                Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



                The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



                Why not more or less?



                The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



                Less might be insecure, and more might be slower with no benefit.



                To quote the above book (from Section 3.5 The Number of Rounds):




                For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



                1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


                2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.







                share|improve this answer











                $endgroup$



                Why these specific number of rounds only?



                Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".



                The standard specifies these specific number of rounds to ensure that different implementations are interoperable.



                Why not more or less?



                The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.



                Less might be insecure, and more might be slower with no benefit.



                To quote the above book (from Section 3.5 The Number of Rounds):




                For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:



                1. One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.


                2. (Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.








                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited 1 hour ago









                puzzlepalace

                2,8701133




                2,8701133










                answered 2 hours ago









                Ella RoseElla Rose

                16.5k44281




                16.5k44281




















                    kapil is a new contributor. Be nice, and check out our Code of Conduct.









                    draft saved

                    draft discarded


















                    kapil is a new contributor. Be nice, and check out our Code of Conduct.












                    kapil is a new contributor. Be nice, and check out our Code of Conduct.











                    kapil is a new contributor. Be nice, and check out our Code of Conduct.














                    Thanks for contributing an answer to Cryptography Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    Use MathJax to format equations. MathJax reference.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Isabella Eugénie Boyer Biographie | Références | Menu de navigationmodifiermodifier le codeComparator to Compute the Relative Value of a U.S. Dollar Amount – 1774 to Present.

                    Image
                    Personnalité américaine du monde des affairesPersonnalité féminine françaiseNaissance en décembre 1841Naissance à ParisDécès en mai 1904Décès à 62 ansDécès à Paris 17 décembre1841Paris12 mai1904Isaac Merritt SingerSingerNew York1863guerre civile américaineParisAngleterreguerre de 1870DevonOldway Mansion (en) PaigntonWinnarettaEdmond de Polignacduchesse DecazesdollarsVictor ReubsaetParisHumbert I er d'Italieviolon de StradivariusStatue de la LibertéBartholdi Isabella Eugénie Boyer.mw-parser-output .entete.humainbackground-image:url("//upload.wikimedia.org/wikipedia/commons/8/82/Picto_infobox_manwoman.png") Isabella Eugénie Boyer. Titre de noblesse Duchesse Biographie Naissance 17 décembre 1841 Paris Décès 12 mai 1904 (à 62 ans) Paris Sépulture Cimetière de Passy Nationalité Française Domicile Oldway Mansion ( en ) Activité Mannequin Con...
                    Read more

                    Join wedge with single bond in chemfigHow to make only one part of double bond bold with chemfig?Crossing bonds in chemfigjoining atoms in chemfig. Two adjacent molculesHow do I selectively change bond length in chemfig?Ugly bond joints in chemfigchemfig: reaction above arrowUsing the mhchem and chemfig packages in conjunctionBonding to specific element letter using chemfigResonance hybrids in chemfigScale chemfig molecule in beamer with tikzWhy does this chemfig bond with a hook start in the middle of the atom?

                    Image
                    Where does SFDX store details about scratch orgs? Decimal to roman python Is it possible to create light that imparts a greater proportion of its energy as momentum rather than heat? What is the word for reserving something for yourself before others do? How could indestructible materials be used in power generation? Issue with type force PATH search How to copy / replace first letter in a column of attribute table in ArcMap with field calculator and Python? A plague kills all white people book, probably 1960's Is it inappropriate for a student to attend their mentor's dissertation defense? How to model explosives? Twin primes whose sum is a cube Alternative to sending password over mail? Do I have a twin with permutated remainders? Why do I get two different answers for this counting problem? How badly should I try to prevent a user from XSSing themselves? What is going on with Captain Marvel's blood colour? I'm going to France and my pa...
                    Read more

                    Are small insurances worth itIs insurance worth it if you can afford to replace the item? If not, when is it?Is accident insurance worth it for my kids who play sportsIs insuring property for more than it is worth allowed?At what point does it become worth it to file an insurance claim?Are wage loss insurance programs worth the cost compared to having an emergency fund?When is an event worth insuring against?Is insurance worth it if you can afford to replace the item? If not, when is it?FHA loan just commenced : Any way to get any of the up-front mortgage insurance back?Which types of insurances do I need to buy?Should I carry less renter's insurance if I can self-insure?Mortgage Adviser Signed Me Up For Multiple Home and Life Insurances (UK)Why many travel insurances don't cover country of nationality?

                    Image
                    Does restoring a database break external synonyms targeting objects in that database? In the world of The Matrix, what is "popping"? “I had a flat in the centre of town, but I didn’t like living there, so …” My cassette model name doesn't seem to fit the actual cassette description.. (CS-HG50-9 and CS-HG500-10) Does the US political system, in principle, allow for a no-party system? An Undercover Army Too soon for a plot twist? How does learning spells work when leveling a multiclass character? What is the purpose of a disclaimer like "this is not legal advice"? What do I miss if I buy Monster Hunter: World late? Was it really inappropriate to write a pull request for the company I interviewed with? How spaceships determine each other's mass in space? Replacing tantalum capacitor with ceramic capacitor for Op Amps Ultrafilters as a double dual Insult for someone who "doesn't know anything" How do you make a gun tha...
                    Read more