This repository contains the source code and results related to the article titled TSM+ and OTSM - Correct Application of Time Sharing Masking in Round-Based Designs published at CHES 2026.
This work focuses on the security evaluation of the CHES 2024 paper titled Time Sharing - A Novel Approach to Low-Latency Masking and introduces two new variants TSM+ and OTSM. The first one is more efficient than the original TSM scheme and is in conformity only with the PINI security notion while the second one is in conformity with the OPINI notion. The analysis presented here are based on PROLEAD tool. We analyzed different designs under the glitch- and transition-extended probing models. Our findings revealed critical leakage caused by employing TSM (only PINI, not OPINI) modules in round-based cipher architectures (like the AES and PRINCE) with only one register stage. To address this, we propose a few solutions including OTSM which allows being integrated in such round-based single-cycle-per-round design architectures.
This repository provides the implementation of the proposed designs, evaluation scripts, and PROLEAD's results supporting our conclusions.
There are four main folders in this repository:
This folder contains the first-order masked implementation of the PRINCE Sbox, AES Sbox as well as full ciphers in five sub-folders:
1.0 TSM_AND2_loop: The original implementation of TSM 2-input AND employed in a looped circuit, which exhibits leakage under glitch- and transition-extended probing model.
1.1 TSM_PRINCE_Sbox_loop: The original implementation of TSM PRINCE Sbox employed in a looped circuit, which exhibits leakage under glitch- and transition-extended probing model.
1.2 TSM_AES_Sbox_loop: The original implementation of TSM AES Sbox employed in a looped circuit, which exhibits leakage under glitch- and transition-extended probing model.
1.3 TSM_PRINCE_enc-dec: The original implementation of round-based TSM PRINCE encryption/decryption full cipher circuit with only one register stage, which exhibits leakage under glitch- and transition-extended probing model.
1.4 TSM_AES-128_enc: The original implementation of round-based TSM AES-128 encryption full cipher circuit with only one register stage, which exhibits leakage under glitch- and transition-extended robing model.
1.4 TSM_2Stage_AES-128_enc: The original implementation of round-based TSM AES-128 encryption full cipher circuit with two register stages (the design presented in Higher-Order Time Sharing Masking), which is secure under glitch- and transition-extended robing model.
This folder contains different implementations following the TSM+ approach in two sub-folders:
2.0 TSMp_PRINCE_Sbox: Our implementation of the TSM+ PRINCE Sbox.
2.1 TSMp_AES_Sbox: Our implementation of the TSM+ AES Sbox.
This folder contains different implementations following the OTSM approach in three sub-folders:
3.0 OTSM_PRINCE_Sbox: Our implementation of the OTSM PRINCE Sbox.
3.1 OTSM_AES_Sbox: Our implementation of the OTSM AES Sbox.
3.2 OTSM_PRINCE_enc-dec: Our implementation of the round-based PRINCE encryption/decryption full cipher circuit with only one register stage (using only OTSM PRINCE Sbox instances), which is secure under glitch- and transition-extended robing model.
This folder contains different implementations following a hybrid approach employing both TSMp and OTSM designs in two sub-folders:
4.0 TSMp-OTSM_PRINCE_enc-dec: Our implementation of the round-based PRINCE encryption/decryption full cipher circuit with only one register stage (using both TSMp and OTSM PRINCE Sbox instances), which is secure under robing but relaxed probing model (see Robust but Relaxed Probing Model).
4.1 OTSM_AES_Sbox: Our implementation of the round-based AES-128 encryption full cipher circuit with only one register stage (using both TSMp and OTSM PRINCE Sbox instances), which is secure under glitch- and transition-extended robing model.
For questions or comments, please contact Amir Moradi at amir.moradi[at]tu-darmstadt.de.
Hemin Rahimi, Amir Moradi: TSM+ and OTSM - Correct Application of Time Sharing Masking in Round-Based Designs. CHES 2026