Abstract: "We show that many symmetric cryptography primitives would not be less
safe with significantly fewer rounds. To support this claim, we review the cryptanalysis
progress in the last 20 years, examine the reasons behind the current number of rounds,
and analyze the risk of doing fewer rounds. Advocating a rational and scientific
approach to round numbers selection, we propose revised number of rounds for AES,
BLAKE2, ChaCha, and SHA-3, which offer more consistent security margins across
primitives and make them much faster, without increasing the security risk."
by Jean-Philippe Aumasson