Enforcing Fine-grained Constant-time Policies
Basavesh Ammanaghatta Shivakumar, Gilles Barthe, Benjamin Grégoire, Vincent Laporte, Swarn Priya
2022Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security12 citationsDOIOpen Access PDF
Abstract
Cryptographic constant-time (CT) is a popular programming discipline used by cryptographic libraries to protect themselves against timing attacks. The CT discipline aims to enforce that program execution does not leak secrets, where leakage is defined by a formal leakage model. In practice, different leakage models coexist, sometimes even within a single library, both to reflect different architectures and to accommodate different security-efficiency trade-offs.
Topics & Concepts
CryptographyComputer scienceLeakage (economics)Constant (computer programming)Information leakageComputer securityCryptographic protocolEmbedded systemDistributed computingProgramming languageEconomicsMacroeconomicsSecurity and Verification in ComputingCryptographic Implementations and SecurityCryptography and Data Security