Constant time functions


#1

Hi,

I have a question to Rust language developers. I was wondering if it was ever considered to implement possibility to declare a function to be constant time.
When declared as such, function would execute always in same amount of time (same number of instructions) no matter which branch has been taken.
I’m not even sure if it’s possible to implement such thing, but it would be very useful for all cryptography related algorithms, to mitigate timing attacks.

Anybody, any ideas/comments?

Kris


#2

But same amount of instructions does not mean same amount of time!


#3

Obviously not. Maybe I should say, same number of same instructions.


#4

There’s nadeko, which seems to do something comparable


#5

Unfortunately, even taking the same number of the same instructions is not enough. You also have to access the same memory locations (possibly in the same order).

In the end, it’s really contrary to optimizing.


#6

(Bogus, see below)

Yes, it was considered and discussed multiple times. Currently, there is an accepted RFC for it, awaiting implementation.

RFC: https://github.com/rust-lang/rfcs/blob/master/text/0911-const-fn.md
Tracking issue: https://github.com/rust-lang/rust/issues/24111
Original discussion: https://github.com/rust-lang/rfcs/pull/911


#7

@skade that’s a different thing. const-fn is just a function that is valid to run at compile time. This thread is talking about functions whose (real) running time isn’t affected by the inputs – a property important for crypto.


#8

Oops, sorry. I should follow my gut feeling that I hadn’t seen that discussion. The relevant links are:

Discussion: https://www.reddit.com/r/rust/comments/3696wt/checking_that_functions_are_constant_time_with/
RFC: https://github.com/rust-lang/rfcs/issues/847