Paper 2022/641

Self-Timed Masking: Implementing Masked S-Boxes Without Registers

Mateus Simões, STMicroelectronics (France), Laboratoire Hubert Curien
Lilian Bossuet, Laboratoire Hubert Curien
Nicolas Bruneau, STMicroelectronics (France)
Vincent Grosso, Laboratoire Hubert Curien, French National Centre for Scientific Research
Patrick Haddad, STMicroelectronics (France)
Thomas Sarno, STMicroelectronics (France)

Masking is one of the most used side-channel protection techniques. However, a secure masking scheme requires additional implementation costs, e.g. random number, and transistor count. Furthermore, glitches and early evaluation can temporally weaken a masked implementation in hardware, creating a potential source of exploitable leakages. Registers are generally used to mitigate these threats, hence increasing the implementation's area and latency. In this work, we show how to design glitch-free masking without registers with the help of the dual-rail encoding and asynchronous logic. This methodology is used to implement low-latency masking with arbitrary protection order. Finally, we present a side-channel evaluation of our first and second order masked AES implementations.

Available format(s)
Publication info
Published elsewhere. CARDIS
Side-channel analysis Masking Asynchronous circuits
Contact author(s)
mateus simoes @ univ-st-etienne fr
lilian bossuet @ univ-st-etienne fr
vincent grosso @ univ-st-etienne fr
2022-11-25: revised
2022-05-24: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mateus Simões and Lilian Bossuet and Nicolas Bruneau and Vincent Grosso and Patrick Haddad and Thomas Sarno},
      title = {Self-Timed Masking: Implementing Masked S-Boxes Without Registers},
      howpublished = {Cryptology ePrint Archive, Paper 2022/641},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.