DPA contests home


AES-256 RSM (v4)

AES-128 RSM (v4.2)



Frequently Asked Questions


v4.2 Documentation


This second implementation available in the DPA contest v4 is an improved version of the first implementation (AES RSM) implemented in software on an Atmel ATMega-163 smart card. This new implementation corrects several leaks identified in the previous one. In addition, in response to several comments we received, we revert to a 128-bit key.

The main changes between v4.1 and this v4.2 are:

The formal description of this implementation is available in this paper (PDF) (Analysis and Improvements of the DPA Contest v4 Implementation, SPACE '14, LNCS 8804, Springer, Pune, India, October 18-22, 2014).

Update July 20, 2015: Contrary to what is written in the above description on page 4, the mask set used in the corrected implementation below is [0x03, 0x0c, 0x35, 0x3a, 0x50, 0x5f, 0x66, 0x69, 0x96, 0x99, 0xa0, 0xaf, 0xc5, 0xca, 0xf3, 0xfc]

Important update (August 27, 2015): An error has been detected (thanks to Zdeněk Martinásek et Liran Lerman) in the implementation used to perform the acquisitions for the DPA contest v4.2 (AES-128 Improved RSM). Due to a bug, the permutation function Shuffle10 is used before the first round instead of Shuffle0. We sincerely want to apologize for the inconvenience.


This archive contains all the details of the implementation of the DPA contest v4.2 on the Atmel ATMega-163 smart card (this archive has been updated on July 20, 2015).

The important files in this archive are:


Some documents about the microcontroller ATmega163 that runs the v4.2 implementation:


The implementation uses some portions of code from external projects and developers:


To be added soon...