Side Channel

A comprehensive guide for auditing cryptographic code for timing side-channel vulnerabilities. It covers constant-time testing theory, common vulnerability patterns like secret-dependent branches and cache-timing attacks, and provides practical workflows using tools like dudect for statistical analysis and timecop for dynamic tracing.

This skill helps identify timing side-channel vulnerabilities in cryptographic implementations by analyzing compiled assembly or bytecode for dangerous instructions like variable-time division, secret-dependent branches, and non-constant-time comparisons. It supports C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, and Ruby, and provides remediation guidance using patterns like Barrett reduction and constant-time selection.