A cryptographic device performs modular addition between a first integer value x and a second integer value y in a processor by: obtaining a first masked input {circumflex over (x)}, a second masked input ŷ, a first mask rx and a second mask ry, the first masked input {circumflex over (x)} resulting from the first integer value x masked by the first mask rx and the second masked input ŷ resulting from the second integer value y masked by the second mask ry; computing a first iteration masked carry value ĉ1, using the first masked input {circumflex over (x)}, the second masked input ŷ, the first mask rx, the second mask ry and a carry mask value λ; recursively updating the masked carry value ĉi to obtain a final masked carry value ĉk−1, wherein the masked carry value is updated using the first masked input {circumflex over (x)}, the second masked input ŷ, the first mask rx, the second mask ry, and the carry mask value λ; combining the first masked input {circumflex over (x)} and the second masked input ŷ and the final masked value ĉk−1 to obtain an intermediate value; combining the intermediate value with the carry mask value to obtain a masked result; and outputting the masked result and a combination of the first mask rx and the second mask ry. It is preferred that the combinations use XOR.