Radio-frequency identification tokens, such as contactless smartcards, are vulnerable to relay attacks if they are used for proximity authentication. Attackers can circumvent the limited range of the radio channel using transponders that forward exchanged signals over larger distances. Cryptographic distance-bounding protocols that measure accurately the round-trip delay of the radio signal provide a possible countermeasure. They infer an upper bound for the distance between the reader and the token from the fact that no information can propagate faster than at the speed of light. We propose a new distance-bounding protocol based on ultra-wideband pulse communication. Aimed at being implementable using only simple, asynchronous, low-power hardware in the token, it is particularly well suited for use in passive low-cost tokens, noisy environments and high-speed applications.