Skip to content

Latest commit

 

History

History
66 lines (52 loc) · 3.77 KB

index.md

File metadata and controls

66 lines (52 loc) · 3.77 KB
Raw

Constant-timeness verification tools

This page lists tools for testing and verification of constant-timeness of programs. The table is based mostly on the work in “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks and “These results must be false”: A usability evaluation of constant-time analysis tools with addition of more tools. Each tool has its own page with more information and resources, sometimes even a tutorial on using the tool.

There are currently {{ site.tools.size }} tools in the table.

Tools

{% assign tools = site.tools | sort_natural: "title" %} {% for tool in tools %} {% assign tutorials = site.tutorials | where: "title", tool.title %} {% endfor %}
Name Year Target Technique Guarantees Tutorial
{{ tool.title }} {{ tool.year }} {{ tool.target }} {{ tool.technique }} {{ tool.guarantees }} {% if tutorials and tutorials.size > 0 %}yes{% endif %}

Examples

The following list constains short snippets of C code that exhibit constant-time (or not) behavior and can be useful for testing constant-timeness verification tools, or learning how to use them.

{% assign examples = site.examples | sort_natural: "title" %}

    {% for example in examples %}
  • {{ example.title }}.c ({% if example.ct == "depends" %}depends{% elsif example.ct %}CT{% else %}non-CT{% endif %})
    • {% endfor %}

Resources

Miscellaneous

Oprah giving everyone a tool