[1] Prince is a block cipher targeting low latency, unrolled hardware implementations.
[2] Its most notable feature is the alpha reflection: the decryption is the encryption with a related key which is very cheap to compute.
Unlike most other "lightweight" ciphers, it has a small number of rounds and the layers constituting a round have low logic depth.
As a result, fully unrolled implementation are able to reach much higher frequencies than AES or PRESENT.
The output of the core function is xored by
xored with a constant denoted alpha.
The linear layer consists of multiplication by a 64x64 matrix
and a shift row similar to the one in AES but operating on 4-bit nibbles rather than bytes.
The paper "Security analysis of PRINCE"[1] presents several attacks on full and round reduced variants, in particular, an attack of complexity 2125.1 and a related key attack requiring 233 data.
A generic time–memory–data tradeoff for FX constructions has been published, with an application to Prince.
[5] The paper argues that the FX construction is a fine solution to improve the security of a widely deployed cipher (like DES-X did for DES) but that it is a questionable choice for new designs.
It presents a tweak to the Prince cipher to strengthen it against this particular kind of attack.
A biclique cryptanalysis attack has been published on the full cipher.
It is somewhat inline with the estimation of the designers since it reduces the key search space by 21.28 (the original paper mentions a factor 2).
[6] The paper "Reflection Cryptanalysis of PRINCE-Like Ciphers" focuses on the alpha reflection and establishes choice criteria for the alpha constant.
It shows that a poorly chosen alpha would lead to efficient attacks on the full cipher; but the value randomly chosen by the designers is not among the weak ones.
[7] Several meet-in-the-middle attacks have been published on round reduced versions.
[11] An attack on 10 rounds with overall complexity of 118.56 bits has been published.
[12] An attack on 7 rounds with time complexity of 257 operations has been published.
[13] A differential fault attack has been published using 7 faulty cipher texts under random 4 bit nibble fault model.
[14] The paper "New approaches for round-reduced PRINCE cipher cryptanalysis"[15] presents boomerang attack and known-plaintext attack on reduced round versions up to 6 rounds.