Evidence: 1. A curiously consistent refusal to claim any instructions are constant-time (enough for use as security primitives) by CPU vendors. 2. ARMs weird claim they were adding a constant-time opt-in mode to future ARMv8 CPUs, which they then removed recently.
-
-
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Plz wait until after Sunday so that I don't have to rewrite my talk on preventing side channel attacks
- 1 more reply
New conversation -
-
-
Presumably the assumption is not "these are constant time", but "the timing is independent of the input values"
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
even mov can stall because of nearby instructions due to things like renamed register limits, setting rare add flags like “overflow” might slow it too… keep some old Atoms around?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.