0

All the knowledge I have learned about encryption algorithms tells me that the AES encryption algorithm uses three key bit lengths of 128, 192, and 256 to encrypt data, and these three key bit lengths correspond to 10, 12, and 14 rounds of encryption, respectively.

But the question is, why?

Why not 11, 13, 15? Why not 14, 16, 18? Why not...
And it must be 10, 12, 14?

I have studied the C source code of the AES encryption algorithm, but I have not felt anything.

I did not find any explanation on this point in the knowledge I could obtain, so I am also curious to know whether the current three encryption rounds (10, 12, 14) of the AES encryption algorithm are due to the design of the round key?

So if we reasonably change its round key structure and reduce the number of encryption rounds based on the current AES encryption algorithm, will it necessarily lead to a decrease in security?

S-N
  • 127
  • 3

2 Answers2

4

Studying C code is unlikely to give you insight beyond mechanics of how AES is implemented.

There are questions already on this site addressing these issues. If you haven't read up on these, please do. One that stands out is

How were the number of rounds for different key sizes of AES selected?

where the first answer addresses your question to some extent. It requires two rounds for full diffusion of the additional key material when one goes from 128 to 192 bits, for example.

Your last question has a straightforward answer. The randomly selected symmetric key is used to obtain round keys with some of the entropy of the symmetric key by a sequential procedure. It directly follows that increasing rounds will increase security and decreasing them will decrease security. The difficult part of the design is to determine how many rounds are enough see one of the answers to the above linked question.

The book The Design of Rijndael by the designers of AES is the generic reference in this general area.

kodlu
  • 22,423
  • 2
  • 27
  • 57
2

In the AES proposal: Rijndael, section 7.6 is about the number of rounds and what's behind the decision.

Later, in section 12.1 there is a formula:

$$N_r=max(N_k, N_b)+6$$

The number of rounds is set to be the biggest number of columns between the block and the key states. Somehow a number based on the most efficient attacks (known at the publication time), with an extra margin that doesn't blow up the performance.

The number of rounds is crucial to make Rijndael a secure PRF. Two rounds provide "half-diffusion" so every state bit depends on all the other bits from 2 rounds ago.

srgblnch
  • 737
  • 5
  • 13