Paper 2021/868

Low-Latency Hardware Masking of PRINCE

Nicolai Müller, Thorben Moos, and Amir Moradi


Efficient implementation of Boolean masking in terms of low latency has evolved into a hot topic due to the necessity of embedding a physically secure and at-the-same-time fast implementation of cryptographic primitives in e.g., the memory encryption of pervasive devices. Instead of fully minimizing the circuit's area and randomness requirements at the cost of latency, the focus has changed into finding optimal tradeoffs between the circuit area and the execution time. The main latency bottleneck in hardware masking lies in the need for registers to stop the propagation of glitches and maintain non-completeness. Usually, an exponentially growing number of shares (hence an extremely large circuit), as well as a high demand for fresh randomness, are the result of avoiding registers in a securely masked hardware implementation of a block cipher. In this paper, we present several first-order secure and low-latency implementations of PRINCE. In particular, we show how to realize the masked variant of round-based PRINCE with only a single register stage per cipher round. We compare the resulting architectures, based on the popular TI and GLM masking scheme based on the area, latency, and randomness requirements and point out that both designs are suited for specific use cases.

Available format(s)
Publication info
Published elsewhere. 12th In­ter­na­tio­nal Work­shop on Con­struc­tive Si­de-Chan­nel Ana­ly­sis and Se­cu­re De­sign, CO­SA­DE 2021, Luga­no, Swit­z­er­land, Oc­to­ber 25-27, 2021
Side-Channel AnalysisMaskingHardwarelow-latencyPRINCE
Contact author(s)
nicolai mueller @ rub de
thorben moos @ rub de
amir moradi @ rub de
2021-06-24: received
Short URL
Creative Commons Attribution


      author = {Nicolai Müller and Thorben Moos and Amir Moradi},
      title = {Low-Latency Hardware Masking of PRINCE},
      howpublished = {Cryptology ePrint Archive, Paper 2021/868},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.