Diversity Within the Rijndael Design Principles for Resistance to Differential Power Analysis

  • Merrielle Spain
  • Mayank Varia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10052)


The winner of the Advanced Encryption Standard (AES) competition, Rijndael, strongly resists mathematical cryptanalysis. However, side channel attacks such as differential power analysis and template attacks break many AES implementations.

We propose a cheap and effective countermeasure that exploits the diversity of algorithms consistent with Rijndael’s general design philosophy. The secrecy of the algorithm settings acts as a second key that the adversary must learn to mount popular side channel attacks. Furthermore, because they satisfy Rijndael’s security arguments, these algorithms resist cryptanalytic attacks.

Concretely, we design a 72-bit space of SubBytes variants and a 36-bit space of ShiftRows variants. We investigate the mathematical strength provided by these variants, generate them in SageMath, and study their impact on differential power analysis and template attacks against field-programmable gate arrays (FPGAs) by analyzing power traces from the DPA Contest v2 public dataset.


Side channel attack Side channel countermeasure Guessing entropy Differential power analysis Template attack Hamming weight Advanced Encryption Standard Rijndael FPGA 



We gratefully acknowledge the support of Sukarno Mertoguno in the Office of Naval Research. The second author also acknowledges NSF grant 1414119. Additionally, we thank our colleagues Rob Cunningham and Ben Fuller for their valuable guidance and support.


  1. 1.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 CrossRefGoogle Scholar
  2. 2.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi: 10.1007/3-540-36400-5_3 CrossRefGoogle Scholar
  3. 3.
    DPA Contest v2. Accessed 12 September 2014
  4. 4.
    Weingart, S.H.: Physical security devices for computer subsystems: a survey of attacks and defenses. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000). doi: 10.1007/3-540-44499-8_24 CrossRefGoogle Scholar
  5. 5.
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001). doi: 10.1007/3-540-44709-1_26 CrossRefGoogle Scholar
  6. 6.
    National Institute of Standards and Technology: Federal Information Processing Standards Publication 197: Announcing the Advanced Encryption Standard, November 2001Google Scholar
  7. 7.
    Clavier, C., Isorez, Q., Wurcker, A.: Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 116–135. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-03515-4_8 CrossRefGoogle Scholar
  8. 8.
    Barkan, E., Biham, E.: In how many ways can you write Rijndael? In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 160–175. Springer, Heidelberg (2002). doi: 10.1007/3-540-36178-2_10 CrossRefGoogle Scholar
  9. 9.
    Rostovtsev, A., Shemyakina, O.: AES side channel attack protection using random isomorphisms. Cryptology ePrint Archive, Report 2005/087 (2005)Google Scholar
  10. 10.
    Wu, S.-Y., Lu, S.-C., Laih, C.S.: Design of AES based on dual cipher and composite field. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 25–38. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24660-2_3 CrossRefGoogle Scholar
  11. 11.
    Ghellar, F., Lubaszewski, M.S.: A novel AES cryptographic core highly resistant to differential power analysis attacks. In: Symposium on Integrated Circuits and System Design (2008)Google Scholar
  12. 12.
    Moradi, A., Mischke, O.: Comprehensive evaluation of AES dual ciphers as a side-channel countermeasure. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 245–258. Springer, Heidelberg (2013). doi: 10.1007/978-3-319-02726-5_18 CrossRefGoogle Scholar
  13. 13.
    Rijmen, V., Oswald, E.: Representations and Rijndael descriptions. In: Advanced Encryption Standard (2004)Google Scholar
  14. 14.
    Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-24209-0_19 CrossRefGoogle Scholar
  15. 15.
    Jing, M.H., Hsu, C., Truong, T.K., Chen, Y.H., Chang, Y.: The diversity study of AES on FPGA application. In: Field-Programmable Technology (2002)Google Scholar
  16. 16.
    Jing, M.H., Chen, Z.H., Chen, J.H., Chen, Y.H.: Reconfigurable system for high-speed and diversified AES using FPGA. Microprocess. Microsyst. 31, 94–102 (2007)CrossRefGoogle Scholar
  17. 17.
    Grosek, O., Siska, J.: Semigroup of matrices over GF2\({}^{\text{s}}\) and its relation to AES. Comput. Artif. Intell. 22, 417–426 (2003)Google Scholar
  18. 18.
    Grosek, O., Zajac, P.: Searching for a different AES-class MixColumns operation. In: WSEAS International Conference on Applied Computer Science (2006)Google Scholar
  19. 19.
    Manteena, R.: A VHDL Implemetation of the Advanced Encryption Standard-Rijndael Algorithm. Ph.D. thesis, University of South Florida (2004)Google Scholar
  20. 20.
    Dziembowski, S., Kazana, T., Wichs, D.: Key-evolution schemes resilient to space-bounded leakage. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 335–353. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22792-9_19 CrossRefGoogle Scholar
  21. 21.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, New York (2002)Google Scholar
  23. 23.
    Murphy, S., Robshaw, M.J.B.: Essential algebraic structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002). doi: 10.1007/3-540-45708-9_1 CrossRefGoogle Scholar
  24. 24.
    Paar, C., Rosner, M.: Comparison of arithmetic architectures for Reed-Solomon decoders in reconfigurable hardware. In: Field-Programmable Custom Computing Machines (FCCM) (1997)Google Scholar
  25. 25.
    OpenSSL: Optimised ANSI C code for the Rijndael cipher (now AES). Accessed 3 April 2016
  26. 26.
    Rouvroy, G., Standaert, F., Quisquater, J., Legat, J.: Compact and efficient encryption/decryption module for FPGA implementation of the AES Rijndael very well suited for small embedded applications. In: International Conference on Information Technology: Coding and Computing (2004)Google Scholar
  27. 27.
    Cusick, T.W., Stanica, P.: Cryptographic Boolean Functions and Applications. Academic Press, San Diego (2009)zbMATHGoogle Scholar
  28. 28.
    Stein, W., et al.: Sage Mathematics Software (Version 6.2). The Sage Development Team (2015).
  29. 29.
    Biham, E., Keller, N.: Cryptanalysis of reduced variants of Rijndael. In: 3rd AES Conference (2000)Google Scholar
  30. 30.
    Piret, G., Quisquater, J.J.: Impossible differential and square attacks: cryptanalytic link and application to Skipjack (2001)Google Scholar
  31. 31.
    Choudary, O., Kuhn, M.G.: Efficient template attacks. IACR Cryptology ePrint Archive (2013)Google Scholar
  32. 32.
    Dichtl, M.: A new method of black box power analysis and a fast algorithm for optimal key search. J. Cryptographic Eng. 1, 255–264 (2011)CrossRefGoogle Scholar
  33. 33.
    Rivain, M., Roche, T.: SCARE of secret ciphers with SPN structures. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 526–544. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42033-7_27 CrossRefGoogle Scholar
  34. 34.
    Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-35999-6_25 CrossRefGoogle Scholar
  35. 35.
    Novak, R.: Side-channel attack on substitution blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45203-4_24 CrossRefGoogle Scholar
  36. 36.
    Hanley, N., Tunstall, M., Marnane, W.P.: Unknown plaintext template attacks. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 148–162. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-10838-9_12 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.MIT Lincoln LaboratoryLexingtonUSA
  2. 2.Boston UniversityBostonUSA

Personalised recommendations