Paper 2020/051

Low-Latency Hardware Masking with Application to AES

Pascal Sasdrich, Begül Bilgin, Michael Hutter, and Mark Marson


During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the LUT-based Masked Dual-Rail with Pre-charge Logic (LMDPL) technique presented at CHES 2014. First, we show 1-glitch extended strong noninterference of a nonlinear LMDPL gadget under the 1-glitch extended probing model. We then use this knowledge to design an AES implementation which computes a full AES-128 operation in 10 cycles and a full AES-256 operation in 14 cycles. We perform practical side-channel analysis of our implementation using the Test Vector Leakage Assessment (TVLA) methodology and analyze univariate as well as bivariate t-statistics to demonstrate its DPA resistance level

Available format(s)
Publication info
Published by the IACR in TCHES 2020
AESLow-Latency HardwareLMDPLMaskingSecure Logic StylesDifferential Power AnalysisTVLAEmbedded Security
Contact author(s)
pascal sasdrich @ rub de
bbilgin @ rambus com
michael hutter @ cryptography com
mark @ cryptography com
2020-01-17: received
Short URL
Creative Commons Attribution


      author = {Pascal Sasdrich and Begül Bilgin and Michael Hutter and Mark Marson},
      title = {Low-Latency Hardware Masking with Application to AES},
      howpublished = {Cryptology ePrint Archive, Paper 2020/051},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.