Abstract
The ever-increasing demand for wireless communication, ranging from e-commerce to personal use, raises the need for secure applications to achieve data confidentiality, integrity, availability and authenticity. Consequently, there is a demand for cryptographic primitives to secure sensitive information, such as symmetric block ciphers, commonly used primitives to achieve data confidentiality. The adoption of the American Encryption Standard (AES) made it the most prevalent symmetric block cipher in use today. It introduced the need to implement the cipher for a wide range of application platforms from those tailored to meeting the high demand throughput for high-end processors to embedded systems with resource-constrained environments. Implementation efficiency of the AES algorithm is essential with respect to any metric, including speed, code size, memory usage, and power consumption. In addition, the algorithm must withstand cryptanalysis that utilizes side-channel attacks to analyze execution time. This work presents a bit-sliced software implementation of AES encryption/decryption algorithm with 128-bit key in constant time for embedded devices with 32-bit processors. The implementation of the S-box is based on Canright's analysis and implementation of the S-box. The bit slicing design arranges the AES 16 byte data block into four 32-bit registers. Here three key expansion approaches are explored. With the first method, the key is expanded and stored in memory prior to when the encryption and/or decryption begins. Using the second approach, the expanded key is computed "on the fly" with each round of transformation. The last approach expands the key in advance and only stores the computationally expensive key element in memory and calculates the others "on the fly".