LLTI: Low-Latency Threshold Implementations

With the enormous increase in portable cryptographic devices, physical attacks are becoming similarly popular. One of most common is Side-Channel Analysis (SCA), extremely dangerous due to its non-invasive nature. Threshold Implementations (TI) was proposed as first countermeasure provide provable security masked hardware implementations. While works on masking focused optimizing area requirements, with newer and smaller technologies taking a backseat, low-latency gaining importance. In this work, we revisit scheme by Arribas et al. TCHES 2018 secure unrolled We formalize expand methodology, devise scheme, derived from TI, designed implementations optimized for latency named Low-Latency (LLTI). By applying distributive property leveraging divide-and-conquer strategy, split non-linear operation layers which separately. The result more efficient than former TI any algebraic degree greater two, achieving great optimizations both terms speed area. compare performance first-order LLTI securing cubic gate degree-7 AND without using registers between. achieve 137% maximum frequency 60% reduction gate, 3131 times case compared TI. To further illustrate power our take PRINCE implementation literature and, simply changing S-box version, 46% max. improvement 38% reduction. Moreover, apply AES it 6.9 freq. 47.2%