The AES algorithm approved in 2001 has become the most popular symmetric-key encryption algorithm because of its high security, high performance, and low complexity. The AES algorithm is widely adopted in numerous applications such as wireless communications, storage devices, smart cards, or banking systems. Several implementations have been published but few of them considered the hardware cost and the throughput as a whole. In this dissertation, we first investigate architectures for high throughput and low cost applications. At last a cost efficient AES architecture, which is capable of both encryption and decryption with three different key lengths, is presented for high speed mobile applications. The overall hardware cost is optimized by a very compact on-the-fly key expansion unit and a highly integrated encryption/decryption data-path. The compact on-the-fly key expansion unit is achieved by sharing key scheduling processes of different key lengths. The integrated data-path shares hardware resources used in encryption and decryption. After manufactured in 90nm CMOS technology, the area of the chip is 15,577 equivalent gates with throughput up to 1.69 Gb/s operating at 131.8 MHz. However, the hardware implementation of the AES algorithm is still vulnerable to side-channel attacks. The differential power analysis (DPA) attack is an efficient and low cost method to disclose the secret key of the AES chip. In this dissertation, a low cost AES crypto core with resistance to the DPA attack is presented by exploiting a DPA countermeasure circuit based on digital ring oscillators and an on-chip random number generator (RNG). Two architectures with pseudo random and digital random number generator are presented. Compared with previous works that counteract the DPA attack by using data masking circuits or equalizing the power consumption, our proposed DPA countermeasure circuit can significantly reduce the area overhead without throughput degradation. The DPA resistant AES engines are fabricated in UMC 90 nm CMOS technology. For the pseudo random based architecture, the AES chip can achieve 2.76 Gb/s throughput at operating frequency of 237 MHz. The area overhead is minimized to 10.2%. For the digital random based architecture, the AES chip can achieve 2.97 Gb/s throughput at operating frequency of 255 MHz. The area overhead is slightly improved from 10.2% to 6.2% by resource sharing between the DPA countermeasure circuit and the random number generator. The digital random based architecture further resolves the “reset” problem, which may induce a security issue for the PRNG based architecture. The measurement to disclosure (MTD) of both AES engines is increased from several thousands to more than 107 measurements, indicating the security level is enhanced by at least three orders of magnitude.