|
|
|
|
|
|
by mratsim
710 days ago
|
|
|
Great question, first of all I did extensive research https://github.com/mratsim/constantine/wiki/Constant-time-ar.... Then the library defines its own types SecretBool and SecretWord throughough library that cannot be mixed with regular Nim types and are based on uint32/uint64 so the compiler cannot assume 0/1 and do boolean logic. Assembly is used to avoid compilers getting too smart and reintroducing branches but the no-assembly fallback should still compile without branches. By convention, all variable-time cryptographic functions are suffixed _vartime. There is a plan to add automated constant-time checks as well https://github.com/mratsim/constantine/issues/7. |
|
|