Splitting a large algorithmic function into rounds simplifies both implementation and cryptanalysis.
[3] The idea of an iterative cipher using repeated application of simple non-commutating operations producing diffusion and confusion goes as far back as 1945, to the then-secret version of C. E. Shannon's work "Communication Theory of Secrecy Systems";[4] Shannon was inspired by mixing transformations used in the field of dynamical systems theory (cf.
Most of the modern ciphers use iterative design with number of rounds usually chosen between 8 and 32 (with 64 and even 80 used in cryptographic hashes).
[5] For some Feistel-like cipher descriptions, notably that of the RC5, a term "half-round" is used to define the transformation of part of the data (a distinguishing feature of the Feistel design).
This operation corresponds to a full round in traditional descriptions of Feistel ciphers (like DES).
[6] Inserting round-dependent constants into the encryption process breaks the symmetry between rounds and thus thwarts the most obvious slide attacks.
There are two approaches to address this goal:[2] Cryptanalysis techniques include the use of versions of ciphers with fewer rounds than specified by their designers.
The result of such attack provides valuable information about the strength of the algorithm,[9] a typical break of the full cipher starts out as a success against a reduced-round one.