Secure and Efficient AES Software Implementation for Smart Cards

  • Elena Trichina
  • Lesya Korkishko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3325)


In implementing cryptographic algorithms on limited devices such as smart cards, speed and memory requirements had always presented a challenge. With the advent of side channel attacks, this task became even more difficult because a programmer must take into account countermeasures against such attacks, which often increases computational time, or memory requirements, or both.

In this paper we describe a new method for secure implementation of the Advanced Encryption Standard algorithm. The method is based on a data masking technique, which is the most widely used countermeasure against power analysis and timing attacks at a software level. The change of element representation allows us to achieve an efficient solution that combines low memory requirements with high speed and resistance to attacks.


Smart Card Side Channel Attack Advance Encryption Standard Algorithm Cryptographic Hardware Secure Implementation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akkar, M., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Chari, S., Jutla, C., Rao, J., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Coron, J.-S., Goubin, L.: On boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael, AES submission (1998), Available at
  5. 5.
    Daemen, J., Rijmen, V.: The design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  6. 6.
    Golić, J., Tymen, C.: Multiplicative masking and power analysis of for AES. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Goubin, L.: A sound method for swirching between boolean and arithmetic masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 3–15. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Goubin, L., Patarin, J.: DES and differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  9. 9.
    Huang, C., Xu, L.: Fast software implementation of finite field operations. Technical Report, Washington University in St. Louis (December 2003), Available at
  10. 10.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellmann, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Kocher, P., Jaffe, J., Jun, B.: Using unpredictable information to minimize leakage from smartcards and other cryptosystems, USA patent, International Publication number WO 99/63696, December 9 (1999)Google Scholar
  13. 13.
    Lu, C.C., Tseng, S.-Y.: Integrated design of AES (Advanced Encryption Srandard) encryptor and decryptor. In: Proceedings IEEE conf. on Application-Specific Systems, Architectures, and Processors (ASAP 2002). IEEE, Los Alamitos (2002)Google Scholar
  14. 14.
    Messerges, T.S.: Securing the AES finalists against power analysis attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the thread of power analysis. IEEE Trans. Computers 51(5), 522–541 (2002)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Ouyang, J.Z.: Efficient method for multiplication over Galois fields, U.S. patent pub. number US2003/0128841 A1, July 10 (2003)Google Scholar
  17. 17.
    Quisquater, J.J., Samide, D.: Electromagnetic analysis (ema): measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Rijmen, V.: Efficient implementation of Rijndael SBox,
  19. 19.
    Trichina, E., De Seta, D., Germani, L.: Simplified Adaptive Multiplicative Masking for AES and its secure implementation. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 187–197. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    De Win, E., Bosselaers, A., Vandenberghe, S., De Gersem, P., Vandewalle, J.: A fast software imlementation for arithmetic operations in GF(2n). In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 65–76. Springer, Heidelberg (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Elena Trichina
    • 1
  • Lesya Korkishko
    • 2
  1. 1.Department of Computer ScienceUniversity of KuopioKuopioFinland
  2. 2.Institute of Computer Information TechnologiesTernopol Academy of National EconomyUkraine

Personalised recommendations