English
Related papers

Related papers: Decompiling for Constant-Time Analysis

200 papers

The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance. These techniques are usually specified as guidelines to developers on specific code patterns to use or avoid.…

Cryptography and Security · Computer Science 2025-09-03 Moritz Schneider , Daniele Lain , Ivan Puddu , Nicolas Dutly , Srdjan Capkun

Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective…

Cryptography and Security · Computer Science 2024-02-22 Luwei Cai , Fu Song , Taolue Chen

Constant-time (CT) verification tools are commonly used for detecting potential side-channel vulnerabilities in cryptographic libraries. Recently, a new class of tools, called speculative constant-time (SCT) tools, has also been used for…

Programming Languages · Computer Science 2026-03-02 Santiago Arranz-Olmos , Gilles Barthe , Lionel Blatter , Xingyu Xie , Zhiyuan Zhang

Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as…

Cryptography and Security · Computer Science 2026-04-21 Nges Brian Njungle , Edwin P. Kayang , Mishel J. Paul , Michel A. Kinsy

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such…

Cryptography and Security · Computer Science 2023-10-13 Antoine Geimer , Mathéo Vergnolle , Frédéric Recoules , Lesly-Ann Daniel , Sébastien Bardin , Clémentine Maurice

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

The constant-time discipline is a software-based countermeasure used for protecting high assurance cryptographic implementations against timing side-channel attacks. Constant-time is effective (it protects against many known attacks),…

Cryptography and Security · Computer Science 2020-05-12 Sunjay Cauligi , Craig Disselkoen , Klaus v. Gleissenthall , Dean Tullsen , Deian Stefan , Tamara Rezk , Gilles Barthe

Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered…

Cryptography and Security · Computer Science 2023-10-31 Ferhat Erata , Ruzica Piskac , Victor Mateu , Jakub Szefer

The constant-time programming discipline (CT) is an efficient countermeasure against timing side-channel attacks, requiring the control flow and the memory accesses to be independent from the secrets. Yet, writing CT code is challenging as…

Cryptography and Security · Computer Science 2020-07-14 Lesly-Ann Daniel , Sébastien Bardin , Tamara Rezk

There is increasing interest in applying verification tools to programs that have bitvector operations (eg., binaries). SMT solvers, which serve as a foundation for these tools, have thus increased support for bitvector reasoning through…

Programming Languages · Computer Science 2021-08-31 Yuandong Cyrus Liu , Chengbin Pang , Daniel Dietsch , Eric Koskinen , Ton-Chanh Le , Georgios Portokalidis , Jun Xu

We propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of…

Cryptography and Security · Computer Science 2018-07-24 Meng Wu , Shengjian Guo , Patrick Schaumont , Chao Wang

The constant-time property is considered the security standard for cryptographic code. Code following the constant-time discipline is free from secret-dependent branches and memory accesses, and thus avoids leaking secrets through cache and…

Cryptography and Security · Computer Science 2023-11-13 Matthew Kolosick , Basavesh Ammanaghatta Shivakumar , Sunjay Cauligi , Marco Patrignani , Marco Vassena , Ranjit Jhala , Deian Stefan

This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage.…

Cryptography and Security · Computer Science 2017-09-07 Gorka Irazoqui , Kai Cong , Xiaofei Guo , Hareesh Khattri , Arun Kanuparthi , Thomas Eisenbarth , Berk Sunar

We claim that existing techniques and tools for generating and verifying constant-time code are incomplete, since they rely on assumptions that compiler optimization passes do not break constant-timeness or that certain operations execute…

Cryptography and Security · Computer Science 2023-11-27 Garrett Gu , Hovav Shacham

For high-assurance software, source-level reasoning is insufficient: we need binary-level guarantees. Despite constrained Horn clause (CHC) solving being one of the most popular forms of automated verification, prior work has not evaluated…

Programming Languages · Computer Science 2026-03-31 Aaron Bembenek , Toby Murray

In his 1984 Turing Award lecture, Ken Thompson showed that a compiler could be maliciously altered to insert backdoors into programs it compiles and perpetuate this behavior by modifying any compiler it subsequently builds. Thompson's hack…

Programming Languages · Computer Science 2025-08-19 Guilherme de Oliveira Silva , Fernando Magno Quintão Pereira

Side channel attacks have emerged as a serious threat to the security of both networked and embedded systems -- in particular through the implementations of cryptographic operations. Side channels can be difficult to model formally, but…

Cryptography and Security · Computer Science 2009-12-16 Josef Svenningsson , David Sands

How can we find patterns and anomalies in a tensor, or multi-dimensional array, in an efficient and directly interpretable way? How can we do this in an online environment, where a new tensor arrives each time step? Finding patterns and…

Numerical Analysis · Computer Science 2018-09-05 Jungwoo Lee , Dongjin Choi , Lee Sael

Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown [42], Spectre [37], and…

Cryptography and Security · Computer Science 2025-04-29 Martin Dunsche , Patrick Bastian , Marcel Maehren , Nurullah Erinola , Robert Merget , Nicolai Bissantz , Holger Dette , Jörg Schwenk

Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of…

Cryptography and Security · Computer Science 2017-08-08 Saba Eskandarian , Eran Messeri , Joseph Bonneau , Dan Boneh
‹ Prev 1 2 3 10 Next ›