Paper 2025/1331

Constant-Cycle Hardware Private Circuits

Abstract

The efficient implementation of Boolean masking with minimal overhead in terms of latency has become a critical topic due to the increasing demand for physically secure yet high-performance cryptographic primitives. However, achieving low latency in masked circuits while ensuring that glitches and transitions do not compromise their security remains a significant challenge. State-of-the-art multiplication gadgets, such as the recently introduced HPC4 (CHES 2024), offer composable security against glitches and transitions, as proven under the robust d-probing model. However, these gadgets require at least one clock cycle per computation, resulting in a latency overhead that increases with the algebraic degree. In contrast, LMDPL gadgets (CHES 2014 & CHES 2020) can achieve fixed latency independent of the algebraic degree, effectively addressing this issue. However, they are limited to two shares, and extending them to guarantee composable security at order d with d+1 shares is considered an open challenge. In this work, we introduce CCHPC, a novel hardware masking scheme built on the concept of LMDPL. Specifically, CCHPC achieves a fixed latency of d clock cycles by masking a Boolean function of arbitrary algebraic degree with d+1 shares. CCHPC gadgets are secure and trivially composable, as formally proven under the RR d-probing model (CHES 2024). Using CCHPC gadgets, we design a masked AES encryption core which can be instantiated for an arbitrary number of d+1 shares with a total latency of 11 + d clock cycles.