This invention relates to the Advanced Encryption Standard (AES) outlined in the Federal Information Processing Standards (FIPS) Publication 197. The AES standard defines the FIPS-approved algorithm that is used to encrypt and decrypt 128 bits of data using a 128, 192, or 256 bit key. When data is encrypted (enciphered) the output data is called ciphertext and when data is decrypted (deciphered) the output data is called plaintext.
Referring to FIG. 1, the AES algorithm executes a number of rounds that are dependent on the key size. For 128 bit key 11 rounds are executed, for 192 bit key 13 rounds are executed, and for a 256 bit key 15 rounds are executed. The AES algorithm for encryption consists of four transformations: 100 AddRoundKey; 101 SubBytes; 102 ShiftRows; and 103 MixColumns.
Referring to FIG. 2, the AES algorithm for decryption consists of four transformations: 100 AddRoundKey; 201 InvShiftRows; 202 InvSubBytes; 203 InvMixColumns. The AES algorithm also defines a method of key expansion that creates a round key for each round execution of the algorithm. These round keys are utilized in the 100 AddRoundKey transformation.
Referring to FIG. 3, the 100 AddRoundKey transformation is specified as a simple bitwise exclusive or operation executed on the plaintext (encryption)/ciphertext (decryption) and round key. Each data bit 300 and each round key bit 301 are combined in exclusive OR operation 302 and stored in flip flop 303, for all 128 data bits. Round 1 of the AES algorithm only executes the AddRoundKey transformation, while all remaining rounds execute multiple transformations. This leaves round 1 vulnerable to side channel power attacks.