Paper 2025/435

Constant-Time Code: The Pessimist Case

Thomas Pornin, NCC Group
Abstract

This note discusses the problem of writing cryptographic implementations in software, free of timing-based side-channels, and many ways in which that endeavour can fail in practice. It is a pessimist view: it highlights why such failures are expected to become more common, and how constant-time coding is, or will soon become, infeasible in all generality.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
constant-timecompilerJIT
Contact author(s)
thomas pornin @ nccgroup com
History
2025-03-08: approved
2025-03-06: received
See all versions
Short URL
https://ia.cr/2025/435
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/435,
      author = {Thomas Pornin},
      title = {Constant-Time Code: The Pessimist Case},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/435},
      year = {2025},
      url = {https://eprint.iacr.org/2025/435}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.