Cryptology ePrint Archive: Report 2019/1492

Too Much Crypto

Jean-Philippe Aumasson

Abstract: We show that many symmetric cryptography primitives would not be less safe with significantly fewer rounds. To support this claim, we review the cryptanalysis progress in the last 20 years, examine the reasons behind the current number of rounds, and analyze the risk of doing fewer rounds. Advocating a rational and scientific approach to round numbers selection, we propose revised number of rounds for AES, BLAKE2, ChaCha, and SHA-3, which offer more consistent security margins across primitives and make them much faster, without increasing the security risk.

Category / Keywords: secret-key cryptography / cryptanalysis, AES, BLAKE2, ChaCha, SHA-3

Date: received 29 Dec 2019, last revised 24 May 2021

Contact author: jeanphilippe aumasson at gmail com

Available format(s): PDF | BibTeX Citation

Note: Presented at Real-World Crypto 2020

May 24, 2021: New version fixed a calculus error (see and adds a few lines to the conclusion.

Version: 20210524:070834 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]