Dude, is my code constant time?

@article{Reparaz2017DudeIM,
  title={Dude, is my code constant time?},
  author={Oscar Reparaz and Josep Balasch and Ingrid M. R. Verbauwhede},
  journal={Design, Automation \& Test in Europe Conference \& Exhibition (DATE), 2017},
  year={2017},
  pages={1697-1702}
}
This paper introduces dudect: a tool to assess whether a piece of code runs in constant time or not on a given platform. We base our approach on leakage detection techniques, resulting in a very compact, easy to use and easy to maintain tool. Our methodology fits in around 300 lines of C and runs on the target platform. The approach is substantially different from previous solutions. Contrary to others, our solution requires no modeling of hardware behavior. Our solution can be used in black… 
FaCT: a DSL for timing-sensitive computation
TLDR
This work develops the language and type system, formalizes the constant-time transformation, and presents an empirical evaluation that uses FaCT to implement core crypto routines from several open-source projects including OpenSSL, libsodium, and curve25519-donna.
Verifying Constant-Time Execution of Hardware
TLDR
IODINE is presented: a clock-precise, constant-time approach to eliminating timing side channels in hardware that succeeds in verifying various open source hardware designs in seconds and with little developer effort.
IODINE: Verifying Constant-Time Execution of Hardware
TLDR
Iodine is presented: a clock precise, constant-time approach to eliminating timing side channels in hardware that succeeds in verifying various open source hardware designs in seconds and with little developer effort.
HASTE: Software Security Analysis for Timing Attacks on Clear Hardware Assumption
TLDR
This letter proposes a timing side-channel analysis framework that takes into consideration both the software and the underlying hardware microarchitecture to detect vulnerabilities with high precision and proposes a set of metrics to quantify the severity of the vulnerabilities.
Automated Detection of Instruction Cache Leaks in Modular Exponentiation Software
TLDR
This work proposes a simple and effective leakage test that captures problematic properties of vulnerable exponentiation algorithms using a dynamic binary instrumentation framework and reliably detects leaking code in vulnerable implementations and identifies leaks in a protected implementation that are non-trivial to spot in a code review.
Verifying Constant-Time Implementations by Abstract Interpretation
TLDR
An advanced static analysis is proposed, based on state-of-the-art techniques from abstract interpretation, to report time leakage during programming, to analyze source C programs and use full context-sensitive and arithmetic-aware alias analyses to track the tainted flows.
A Study on the Preservation of Cryptographic Constant-Time Security in the CompCert Compiler
  • Computer Science, Mathematics
  • 2018
TLDR
This paper presents a natural framework to prove preservation of cryptographic constant-time security from simulation based proofs of compiler correctness and gives insights on how this could be adapted to CompCert.
Solver-Aided Constant-Time Circuit Verification
TLDR
Xenon scales to realistic hardware designs by drastically reducing the effort needed to localize the root cause of verification failures via a new notion of constant-time counterexamples, which Xenon uses to automatically synthesize a minimal set of secrecy assumptions.
Usuba: high-throughput and constant-time ciphers, by construction
TLDR
Usuba is an opinionated dataflow programming language in which block ciphers become so simple as to be “obviously correct” and whose types document and enforce valid parallelization strategies at the granularity of individual bits.
Evaluation and Mitigation of Timing Side-Channel Leakages on Multiple-Target Dynamic Binary Translators
TLDR
This paper investigates the impact of dynamic binary translators in the constant-time property of known cryptographic implementations, using different Region Formation Techniques (RFTs) and implements a solution in the QEMU dynamic binary translator, mitigating the inserted timing side-channels.
...
...

References

SHOWING 1-10 OF 27 REFERENCES
Towards Sound Approaches to Counteract Power-Analysis Attacks
TLDR
An abstract model which approximates power consumption in most devices and in particular small single-chip devices is proposed, and a lower bound on the number of experiments required to mount statistical attacks on devices whose physical characteristics satisfy reasonable properties is proved.
"Make Sure DSA Signing Exponentiations Really are Constant-Time"
TLDR
This work discloses a vulnerability in OpenSSL, affecting all versions and forks since roughly October 2005, which renders the implementation of the DSA signature scheme vulnerable to cache-based side-channel attacks and demonstrates the first published cache- based key-recovery attack on these protocols.
Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications
TLDR
This paper shows that early-terminating integer multipliers found in various embedded processors (e.g., ARM7TDMI) represent an instance of this problem, and describes several case studies, including both secret-key and public-key algorithms, to demonstrate the threat posed by embedded processors with early- terminating multipliers.
Faster and Timing-Attack Resistant AES-GCM
TLDR
A bitsliced implementation of AES encryption in counter mode for 64-bit Intel processors, up to 25% faster than previous implementations, while simultaneously offering protection against timing attacks, and is the only cache-timing-attack resistant implementation offering competitive speeds for stream as well as for packet encryption.
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
  • P. Kocher
  • Computer Science, Mathematics
    CRYPTO
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Cache-timing attacks on AES
TLDR
This paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer and discusses several of the obstacles to constant-time high-speed AES software for common general-purpose computers.
Remote timing attacks are practical
Leakage assessment methodology
TLDR
This work deeply study the theoretical background of the Welch's t test's different flavors and presents a roadmap which can be followed by the evaluation labs to efficiently and correctly conduct the tests, and expresses a stable, robust and efficient way to perform the tests at higher orders.
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
TLDR
This paper presents distinguishing and plaintext recovery attacks against TLS and DTLS, based on a delicate timing analysis of decryption processing in the two protocols.
Accelerating AES with Vector Permute Instructions
TLDR
This is the first constant-time software implementation of AES which is efficient for sequential modes of operation and can be adapted to several other primitives using the AES S-box such as the stream cipher LEX, the block cipher Camellia and the hash function Fugue.
...
...