all InfoSec news
Robust Constant-Time Cryptography. (arXiv:2311.05831v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
The constant-time property is considered the security standard for
cryptographic code. Code following the constant-time discipline is free from
secret-dependent branches and memory accesses, and thus avoids leaking secrets
through cache and timing side-channels. The constant-time property makes a
number of implicit assumptions that are fundamentally at odds with the reality
of cryptographic code. Constant-time is not robust. The first issue with
constant-time is that it is a whole-program property: It relies on the entirety
of the code base being …
cache code cryptographic cryptography discipline free memory property reality secret secrets security security standard standard