Cryptology ePrint Archive: Report 2021/868

Low-Latency Hardware Masking of PRINCE

Nicolai Müller and Thorben Moos and Amir Moradi

Abstract: Efficient implementation of Boolean masking in terms of low latency has evolved into a hot topic due to the necessity of embedding a physically secure and at-the-same-time fast implementation of cryptographic primitives in e.g., the memory encryption of pervasive devices. Instead of fully minimizing the circuit's area and randomness requirements at the cost of latency, the focus has changed into finding optimal tradeoffs between the circuit area and the execution time. The main latency bottleneck in hardware masking lies in the need for registers to stop the propagation of glitches and maintain non-completeness. Usually, an exponentially growing number of shares (hence an extremely large circuit), as well as a high demand for fresh randomness, are the result of avoiding registers in a securely masked hardware implementation of a block cipher. In this paper, we present several first-order secure and low-latency implementations of PRINCE. In particular, we show how to realize the masked variant of round-based PRINCE with only a single register stage per cipher round. We compare the resulting architectures, based on the popular TI and GLM masking scheme based on the area, latency, and randomness requirements and point out that both designs are suited for specific use cases.

Category / Keywords: implementation / Side-Channel Analysis, Masking, Hardware, low-latency, PRINCE

Original Publication (in the same form): 12th In­ter­na­tio­nal Work­shop on Con­struc­tive Si­de-Chan­nel Ana­ly­sis and Se­cu­re De­sign, CO­SA­DE 2021, Luga­no, Swit­z­er­land, Oc­to­ber 25-27, 2021

Date: received 24 Jun 2021

Contact author: nicolai mueller at rub de, thorben moos at rub de, amir moradi at rub de

Available format(s): PDF | BibTeX Citation

Version: 20210624:150911 (All versions of this report)

Short URL: ia.cr/2021/868


[ Cryptology ePrint archive ]