How to calculate active s-boxes from branch number?

Question

If MDS in AES has branch number 5 (so 5 active s-boxes in 2 rounds), wouldn't that mean 4 rounds of AES has $5*2=10$ active s-boxes?

AES paper says it has 25 ($5^2$?) active s-boxes in 4 rounds.

How to calculate minimal active s-boxes from branch number for any given number of rounds?

Edit: J.D. noted that you can't calculate the minimum number of active s-boxes from the branch number of MixColumns, because MixColumns isn't the only operation. So let's assume cipher has full state MDS like SHARK and Khazad.

Answer 1

Khazad has an $8\times 8$ MDS matrix $A$ used as the diffusion layer. The augmented matrix $[I|A]$ generates a $[n,k,d]=[16,8,9]$ MDS code over $GF(2^8).$ The implications are:

1. The minimum number of active Sboxes, i.e., the minimum branch number across 2 rounds is $9,$ the minimum weight of the MDS code.

2. MDS codes have a fully known weight distribution, so the full branch number distribution is also known, assuming a uniform input distribution into the Sboxes.

See here for the weight distribution. Briefly, $A_i$ denotes number of codewords of weight $i$, thus also the number of occurrences of branch number $i.$ In this case $A_0=1,$ and $A_i=0,$ for $1\leq i \leq d-1.$ The other nonzero weights are $$ A_i= \binom{n}{i} \sum_{j=0}^{i-d} (-1)^{j}\binom{i}{j} \left( q^{i+1-d-j}-1\right), $$ for $d\leq i \leq n.$

Here $q=2^8, d=9.$