Constant-time operations on x86 and ARM #1138

issue real-or-random opened this issue on August 29, 2022
  1. real-or-random commented at 5:26 PM on August 29, 2022: contributor

    "Intel and ARM recently published documentation that says that no instructions are guaranteed to be constant-time with respect to their data operands, unless a "data independent timing" flag in the IA32_UARCH_MISC_CTL register (Intel) or DIT register (arm64) is set.

    (quote from https://lkml.org/lkml/2022/8/25/1372)

    I haven't had a deep look so far. We probably report this also to Core.

  3. TheBlueMatt commented at 4:28 PM on January 26, 2023: contributor

    Looks like on Intel, assuming that MSR is userspace-reachable, we can just set that and move on. If not, we need a kernel API which doesn't exist yet.

Contributors
real-or-randomTheBlueMatt
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-01 14:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me