|
|
|
|
|
|
by infinity0
2559 days ago
|
|
|
> Constant time does not mean that running time cannot vary, in either complexity theory or cryptography. Again, overloading of the term "constant time" causes pointless misunderstanding and arguments. Your statement here is wrong. In complexity theory the term "constant time" does indeed mean the running time is bounded even with unbounded input (e.g. goes to infinity), although it could vary within this bound. In cryptography the term "constant time" is sometimes used to mean a different concept, that the operation actually takes constant non-varying time, so that an attacker can't exploit this as a side channel to figure out the input values. The paper seems to be using the latter meaning. |
|
|
Note that I cited Thomas Pornin for my definition of constant time cryptography, who is a cryptographer in theory and implementation. It is emphatically not necessary for software to run with unvarying execution time in order for it to be "constant time" according to the cryptographic sense of the term. This will be a poor hill for you to die on, but I invite you to provide literature supporting your alternative definition.