|
|
|
|
|
|
by oakwhiz
4374 days ago
|
|
|
In my opinion, timing attacks are a major issue with cryptographic schemes written in Haskell. Perhaps there is some way to leverage the type system to create provably constant run times for particular chunks of code. I'm not sure how far this idea could be extended - perhaps it could even be implemented as a GHC extension, so that regions of compiled code contain cache timing attack mitigation. Essentially, the problem here is that any decision based on secret information must act exactly the same regardless of the result, e.g. a secure string comparison should examine the entire string before concluding that the strings are different. Additionally, any decision based on another decision involving secret information must also follow the same rule - secret information contaminates regular information. So perhaps the solution is to give secret information its own type, incompatible with regular information, unless explicitly interacted with using a special interface. |
|
|