Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?Increase number of rounds for SPN and Feistel ciphersIs AES-256 weaker than 192 and 128 bit versions?What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Can Poly1305-AES be used with AES-256?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES function with 128 bit key and 128 bit input size - does it have perfect secrecy?Replacing a block cipher's key schedule with a stream cipherA Lightweight Matrix Suggestion for MixColumns State of AESOCB-AES: Ambiguous definition of “Encipher” in RFC document
Why doesn't table tennis float on the surface? How do we calculate buoyancy here?
What is the difference between "behavior" and "behaviour"?
How to create a 32-bit integer from eight (8) 4-bit integers?
Would a high gravity rocky planet be guaranteed to have an atmosphere?
Trouble understanding the speech of overseas colleagues
How to safely derail a train during transit?
Why not increase contact surface when reentering the atmosphere?
Hostile work environment after whistle-blowing on coworker and our boss. What do I do?
Implement the Thanos sorting algorithm
Is there a korbon needed for conversion?
How does Loki do this?
Inappropriate reference requests from Journal reviewers
Is this apparent Class Action settlement a spam message?
What grammatical function is や performing here?
Flow chart document symbol
What happens if you roll doubles 3 times then land on "Go to jail?"
I'm in charge of equipment buying but no one's ever happy with what I choose. How to fix this?
Did Dumbledore lie to Harry about how long he had James Potter's invisibility cloak when he was examining it? If so, why?
Why are there no referendums in the US?
Opposite of a diet
What is the intuitive meaning of having a linear relationship between the logs of two variables?
How can I get through very long and very dry, but also very useful technical documents when learning a new tool?
Why escape if the_content isnt?
Where does the Z80 processor start executing from?
Why does AES have exactly 10 rounds for a 128-bit key, 12 for 192 bits and 14 for a 256-bit key size?
Increase number of rounds for SPN and Feistel ciphersIs AES-256 weaker than 192 and 128 bit versions?What is the security loss from reducing Rijndael to 128 bits block size from 256 bits?Can Poly1305-AES be used with AES-256?What are the constraints on using GCM with a tag size of 96 and 128 bits?AES - What is the advantage of a 256-bit key with a 128-bit block cipher?AES function with 128 bit key and 128 bit input size - does it have perfect secrecy?Replacing a block cipher's key schedule with a stream cipherA Lightweight Matrix Suggestion for MixColumns State of AESOCB-AES: Ambiguous definition of “Encipher” in RFC document
$begingroup$
I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:
$$
beginarray
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$
Why these specific numbers of rounds only?
aes
edited Mar 21 at 23:58
Nat
2081411
asked Mar 21 at 19:36
kapilkapil
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:
$$
beginarray
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$
Why these specific numbers of rounds only?
aes
edited Mar 21 at 23:58
Nat
2081411
asked Mar 21 at 19:36
kapilkapil
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
Note that AES is a subset of the Rijndael cipher. The same number of rounds are applicable for Rijndael, but there are more options available depending on key size and block size (AES has just one block size: 128 bits and 3 key sizes, Rijndael has 3 block sizes and 5 key sizes, and therefore 15 combinations of both, rather than just the 3 for AES).
$endgroup$
– Maarten Bodewes♦
Mar 24 at 13:32
add a comment |
$begingroup$
I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:
$$
beginarray
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$
Why these specific numbers of rounds only?
aes
edited Mar 21 at 23:58
Nat
2081411
asked Mar 21 at 19:36
kapilkapil
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
I was reading about the AES algorithm to be used in one of our projects and found that the exact number of rounds is fixed in AES for specific key sizes:
$$
beginarray
hline
beginarrayc textbfKey Size \ left(textbitsright) endarray
&beginarrayc textbfRounds \ left(textnumberright) endarray \ hline
128 & 10 \ hline
192 & 12 \ hline
256 & 14 \ hline
endarray
$$
Why these specific numbers of rounds only?
aes
aes
edited Mar 21 at 23:58
Nat
2081411
asked Mar 21 at 19:36
kapilkapil
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Mar 21 at 23:58
Nat
2081411
asked Mar 21 at 19:36
kapilkapil
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Mar 21 at 23:58
Nat
2081411
edited Mar 21 at 23:58
Nat
2081411
edited Mar 21 at 23:58
Nat
2081411
2081411
asked Mar 21 at 19:36
kapilkapil
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Mar 21 at 19:36
kapilkapil
11816
asked Mar 21 at 19:36
kapilkapil
11816
11816
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
kapil is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$begingroup$
Note that AES is a subset of the Rijndael cipher. The same number of rounds are applicable for Rijndael, but there are more options available depending on key size and block size (AES has just one block size: 128 bits and 3 key sizes, Rijndael has 3 block sizes and 5 key sizes, and therefore 15 combinations of both, rather than just the 3 for AES).
$endgroup$
– Maarten Bodewes♦
Mar 24 at 13:32
add a comment |
$begingroup$
Note that AES is a subset of the Rijndael cipher. The same number of rounds are applicable for Rijndael, but there are more options available depending on key size and block size (AES has just one block size: 128 bits and 3 key sizes, Rijndael has 3 block sizes and 5 key sizes, and therefore 15 combinations of both, rather than just the 3 for AES).
$endgroup$
– Maarten Bodewes♦
Mar 24 at 13:32
$begingroup$
Note that AES is a subset of the Rijndael cipher. The same number of rounds are applicable for Rijndael, but there are more options available depending on key size and block size (AES has just one block size: 128 bits and 3 key sizes, Rijndael has 3 block sizes and 5 key sizes, and therefore 15 combinations of both, rather than just the 3 for AES).
$endgroup$
– Maarten Bodewes♦
Mar 24 at 13:32
$begingroup$
Note that AES is a subset of the Rijndael cipher. The same number of rounds are applicable for Rijndael, but there are more options available depending on key size and block size (AES has just one block size: 128 bits and 3 key sizes, Rijndael has 3 block sizes and 5 key sizes, and therefore 15 combinations of both, rather than just the 3 for AES).
$endgroup$
– Maarten Bodewes♦
Mar 24 at 13:32
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
Why these specific number of rounds only?
Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".
The standard specifies these specific number of rounds to ensure that different implementations are interoperable.
Why not more or less?
The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.
Less might be insecure, and more might be slower with no benefit.
To quote the above book (from Section 3.5 The Number of Rounds):
For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:
One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.
(Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.
edited Mar 21 at 21:20
puzzlepalace
2,9101133
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
$endgroup$
1
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
1
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
);
);
, "mathjax-editing");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
kapil is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
Why these specific number of rounds only?
Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".
The standard specifies these specific number of rounds to ensure that different implementations are interoperable.
Why not more or less?
The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.
Less might be insecure, and more might be slower with no benefit.
To quote the above book (from Section 3.5 The Number of Rounds):
For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:
One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.
(Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.
edited Mar 21 at 21:20
puzzlepalace
2,9101133
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
$endgroup$
1
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
1
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
add a comment |
$begingroup$
Why these specific number of rounds only?
Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".
The standard specifies these specific number of rounds to ensure that different implementations are interoperable.
Why not more or less?
The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.
Less might be insecure, and more might be slower with no benefit.
To quote the above book (from Section 3.5 The Number of Rounds):
For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:
One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.
(Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.
edited Mar 21 at 21:20
puzzlepalace
2,9101133
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
$endgroup$
1
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
1
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
add a comment |
$begingroup$
Why these specific number of rounds only?
Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".
The standard specifies these specific number of rounds to ensure that different implementations are interoperable.
Why not more or less?
The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.
Less might be insecure, and more might be slower with no benefit.
To quote the above book (from Section 3.5 The Number of Rounds):
For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:
One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.
(Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.
edited Mar 21 at 21:20
puzzlepalace
2,9101133
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
$endgroup$
Why these specific number of rounds only?
Because AES is a standard; AES is an acronym for "Advanced Encryption Standard".
The standard specifies these specific number of rounds to ensure that different implementations are interoperable.
Why not more or less?
The reason these specific numbers of rounds were chosen was a choice of the designers. They did a lot of math to determine that these were the sweet spot between sufficient security and optimal performance.
Less might be insecure, and more might be slower with no benefit.
To quote the above book (from Section 3.5 The Number of Rounds):
For Rijndael versions with a longer key, the number of rounds was raised by one for every additional 32 bits in the cipher key. This was done for the following reasons:
One of the main objectives is the absence of shortcut attacks, i.e. attacks that are more efficient than an exhaustive key search. Since the workload of an exhaustive key search grows with the key length, shortcut attacks can afford to be less efficient for longer keys.
(Partially) known-key and related-key attacks exploit the knowledge of cipher key bits or the ability to apply different cipher keys. If the cipher key grows, the range of possibilities available to the cryptanalyst increases.
edited Mar 21 at 21:20
puzzlepalace
2,9101133
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
edited Mar 21 at 21:20
puzzlepalace
2,9101133
edited Mar 21 at 21:20
puzzlepalace
2,9101133
edited Mar 21 at 21:20
puzzlepalace
2,9101133
2,9101133
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
answered Mar 21 at 19:51
Ella Rose♦Ella Rose
16.7k44482
16.7k44482
1
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
1
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
add a comment |
1
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
1
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
1
1
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
That quote only explains why with longer keys the number of rounds is higher. It does not explain why exactly the 128 bit version uses 10 rounds. The reason for the 10 rounds (which I could misrebemmer since it has been almost 20 years) is as follows: The security against all known attacks was analyzed and 6 rounds was found to be enough against attacks known at the time. It takes 2 rounds to achieve a full avalanche effect in AES, so 10 rounds corresponds to enough rounds for a full avalanche effect before and after the 6 rounds needed for security against known attacks.
$endgroup$
– kasperd
Mar 22 at 10:58
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
$begingroup$
@kasperd I think it was 6 rounds at the time + 2 rounds because attacks only get better + 2 rounds for full avalanche.
$endgroup$
– Martin Bonner
Mar 22 at 12:14
1
1
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
$begingroup$
@MartinBonner The way the paper described it was "so it can be thought of as padding the vulnerable 6 rounds with two full diffusion steps" or something along those lines, as kasperd says.
$endgroup$
– forest
Mar 22 at 22:44
add a comment |
kapil is a new contributor. Be nice, and check out our Code of Conduct.
kapil is a new contributor. Be nice, and check out our Code of Conduct.
kapil is a new contributor. Be nice, and check out our Code of Conduct.
kapil is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f68199%2fwhy-does-aes-have-exactly-10-rounds-for-a-128-bit-key-12-for-192-bits-and-14-fo%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
Note that AES is a subset of the Rijndael cipher. The same number of rounds are applicable for Rijndael, but there are more options available depending on key size and block size (AES has just one block size: 128 bits and 3 key sizes, Rijndael has 3 block sizes and 5 key sizes, and therefore 15 combinations of both, rather than just the 3 for AES).
$endgroup$
– Maarten Bodewes♦
Mar 24 at 13:32