Cyclicity of AES

It is known that AES is extremely secure, with its highest standard(AES-256) being able to protect the national secrets of most governments. Due to the nature of its steps, there's the question about its cyclicality, or how many full encryptions with the same key would it need to yield the plaintext back, supposing that the variation is AES-ECB-128 NoPadding, with only one full block of plaintext.

It is widely believed that AES in the iterative mode you describe behaves like a random mapping $f:\{0,1\}^n \rightarrow \{0,1\}^n$ with $n=128$. Such a mapping would have expected (average) rho-length equal to $$ \sqrt{\pi 2^n/2}, $$ and expected maximal rho-length (this happens if your starting point $x_0$ ended up in the longest rho pattern of the iterative graph of $f$) $$ 2.4149 \sqrt{2^n}, $$ which is just a constant factor larger than the expected quantity.

The rho-length is the minimum number of iterations $N$ starting from a random plaintext $x_0$ with $x_1=E_K(x_0),$ $x_2=E_K(x_1),$ etc. until $x_{N-1}=E_K(x_{N-2})=x_j$ for some $j\in \{0,1,\ldots,N-2\}$ where $f(x)=E_K(x)$.

See the paper by Flajolet and Odlyzko which appeared in Eurocrypt in the late 1980s here.

Remark: The term rho-length is used because of the generic $\rho$ shape the iteration takes before hitting a point that was already seen.