AES

What Is AES?

Advanced Encryption Standard (AESAESCryptographyNIST symmetric block cipher for smart card encryption.Click to view →) is a symmetric block cipher standardized by NIST as FIPS 197, operating on 128-bit data blocks with key lengths of 128, 192, or 256 bits. AES is the dominant symmetric encryption algorithm in modern smart card systems, used for secure channel communication, data encryption at rest, session key derivation, and message authentication codes across payment, identity, and telecom applications.

AES replaced 3DES as the preferred symmetric cipher in smart card specifications starting in the mid-2000s, driven by its superior security margins, faster software performance, and efficient hardware implementation on constrained crypto coprocessors.

AES in Smart Card Protocols

AES is foundational to several core smart card protocols:

Hardware Implementation

Modern smart card chips include dedicated AES hardware accelerators as part of the crypto coprocessor. A hardware AES engine on a typical 32-bit smart card CPU can encrypt a 128-bit block in 10-50 clock cycles, compared to thousands of cycles for a software-only implementation. This is critical for maintaining acceptable transaction times, especially on contactless cards where the entire session (including authentication, data exchange, and MAC verification) must complete within 500 ms.

AES Modes Used in Smart Cards

Key Length Selection

Smart card deployments choose AES key lengths based on the security certification target:

• AES-128 -- sufficient for most commercial applications. Common Criteria certified cards widely use AES-128 for SCP03SCP03SoftwareAES-based secure channel protocol.Click to view →.
• AES-256 -- required for government applications targeting FIPS 140 Level 3 and high-assurance EAL 5+ certified products. Also recommended for long- lived credentials (10+ year card lifetime).