Did NIST consider adding more rounds to Rijndael?
Prior to its evaluation of the five finalists, NIST’s AES selection team discussed the issue of whether it should change the number of rounds for one or more of the algorithms, since that issue had been raised by the public during the recent comment period. Some of those public comments offered specific reasons for changing the number of rounds, although many did not, and there seemed to be no agreement regarding which algorithm(s) should be altered (and if so, exactly how that should be done). NIST’s selection team recognized that changing the number of rounds would decrease the utility of the large amount of analysis that has taken place during the last two years. For some algorithms, it is not clear how the algorithm would be fully defined (e.g., the key schedule) with a different number of rounds, or how such a change would impact the security analysis. Another consideration was that none of the algorithms’ submitters proposed to change the number of rounds in their algorithms, whe
