Towards Efficient Verification of Constant-Time Cryptographic Implementations

arXiv:2402.13506v1 Announce Type: new
Abstract: Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective software-based countermeasure against timing side-channel attacks, but developing constant-time implementations turns out to be challenging and error-prone. Current verification approaches/tools suffer from scalability and precision issues when applied to production software in practice. In this paper, we put forward practical verification approaches based on a novel …

arxiv attacks channel cryptographic cs.cr cs.se current discipline error exploit programming recover secret secrets security side-channel side-channel attacks software software security threat verification