Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"constant-time" isn't a literally technically correct descriptor, it's a short-hand

What matters is that the variance of execution time, which memory addresses are accessed, etc. is independent of any secret inputs.



so theoretically using timers and adding sleeps could solve the problem but practically there are better ways to achieve the goal of no timing information leakage?


Yes. I wrote this a few years ago as an introduction to how to write constant-time algorithms

https://soatok.blog/2020/08/27/soatoks-guide-to-side-channel...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: