密码学中,constant-time函数可从软件层面预防side-channel攻击,对于constant-time函数的测试验证,可通过dudect_bencher来实现。
dudect_bencher的论文依据为《Dude, is my code constant time?》,基于统计学的角度来分析函数是否为constant-time。
以https://github.com/brycx/orion-dudect/tree/subtle-short-circuit/ct-bencher
中对subtle
中ct-eq
函数的constant-time一致性测试的结果,表现为:
git clone https://github.com/brycx/orion-dudect.git
cd orin-dudect
git checkout subtle-short-circuit
bash run_benches_stable.sh
其中输出信息的含义为:
- max_t:为
t-value
的最大值。 - n:计算
t-value
所用到的样本数量。 - max_tau:计算方式为
max_tau=max_t/sqrt(n)
- (5/tau)^2:为t>5时,区分不同分布需要的计算次数。
通常地,认为max_t>5
时,该函数的为not constant-time。但是,当max_t<5
时,也不意味着该函数就肯定是constant-time。
t-values greater than 5 are generally considered a good indication that the function is not constant time. t-values less than 5 does not necessarily imply that the function is constant-time, since there may be other input distributions under which the function behaves significantly differently.
参考资料:
[1] https://github.com/rozbb/dudect-bencher
[2] Dude, is my code constant time?