Paper 2021/1378

Cryptanalysis of Efficient Masked Ciphers: Applications to Low Latency

Tim Beyne, Siemen Dhooghe, Amir Moradi, and Aein Rezaei Shahmirzadi


This work introduces second-order masked implementations of LED, Midori, SKINNY, and PRINCE ciphers which do not require fresh masks to be updated at every clock cycle. The main idea lies on a combination of the constructions given by Shahmirzadi and Moradi at CHES~2021, and the theory presented by Beyne et al. at Asiacrypt~2020. The presented masked designs only use a minimal number of shares, i.e., three to achieve second-order security, and we make use of a trick to pair a couple of S-boxes to reduce their latency. The theoretical security analyses of our constructions are based on the linear-cryptanalytic properties of the underlying masked primitive as well as SILVER, the leakage verification tool presented at Asiacrypt~2020. To improve this cryptanalytic analysis, we use the \emph{noisy probing model} which allows for the inclusion of noise in the framework of Beyne et al. We further provide FPGA-based experimental security analysis confirming second-order protection of our masked implementations.

Available format(s)
Publication info
Published by the IACR in Tches 2022
Hardware SecurityLinear CryptanalysisMaskingProbing SecuritySide-Channel AnalysisThreshold Implementations
Contact author(s)
tim beyne @ esat kuleuven be
siemen dhooghe @ esat kuleuven be
aein rezaeishahmirzadi @ rub de
amir moradi @ rub de
2021-10-15: received
Short URL
Creative Commons Attribution


      author = {Tim Beyne and Siemen Dhooghe and Amir Moradi and Aein Rezaei Shahmirzadi},
      title = {Cryptanalysis of Efficient Masked Ciphers: Applications to Low Latency},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1378},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.