pith. sign in

arxiv: 2606.13000 · v1 · pith:NDDXWVCLnew · submitted 2026-06-11 · 💻 cs.CR

SoK: The Constant Time Model

Billy Bob Brumley This is my paper

Pith reviewed 2026-06-27 06:25 UTC · model grok-4.3

classification 💻 cs.CR
keywords constant timetiming attackscryptographyOpenSSLBoringSSLprivate key loadingspecification gapside channels
0
0 comments X

The pith

Constant time models leave gaps with specifications that allow timing leaks during private key loading in OpenSSL and BoringSSL.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper reviews how constant time models have evolved in research and practice as the main way to stop timing attacks on crypto code. It shows these models often fail to cover the full assumptions in cryptographic specifications, creating openings for leaks from code outside the core primitive. The authors outline a method to hunt for such leaks and use it on private key loading. They find the vulnerability exists in both OpenSSL and BoringSSL, with BoringSSL producing a much stronger timing signal per observation even under a stricter model. A sympathetic reader would care because it means current defenses may not be sufficient if the models and specs stay misaligned.

Core claim

Constant time programming patterns are the primary defense against timing attacks on cryptographic implementations, yet definitions vary across academia and industry. This work systematizes constant time models and their evolution, identifies a recurring gap between what models protect and what specifications assume, and distills an offensive methodology for discovering timing vulnerabilities that originate outside the cryptographic primitive boundary. Applying this methodology locates a specification-level vulnerability related to private key loading and confirms the leak in both OpenSSL and BoringSSL, with BoringSSL's per-observation signal several orders of magnitude stronger despite an e

What carries the argument

The offensive methodology for discovering timing vulnerabilities that originate outside the cryptographic primitive boundary.

If this is right

  • Private key loading code can leak secret information through timing even when the core primitive follows constant time rules.
  • The same vulnerability exists in both OpenSSL and BoringSSL.
  • BoringSSL produces a per-observation timing signal several orders of magnitude stronger than OpenSSL.
  • Constant time models must be extended to cover the assumptions made in cryptographic specifications.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar specification gaps may exist in key handling routines of other libraries not examined in the paper.
  • Cryptographic standards could be updated to explicitly require constant time behavior for operations like key loading.
  • The methodology could be tested on additional operations such as key generation to check for comparable issues.

Load-bearing premise

The methodology correctly isolates timing signals that come from outside the cryptographic primitive rather than from measurement noise or unrelated code.

What would settle it

Running the timing measurement on private key loading in OpenSSL or BoringSSL and observing no correlation between the timing signal and secret key material would show the reported leak does not exist.

Figures

Figures reproduced from arXiv: 2606.13000 by Billy Bob Brumley.

Figure 1
Figure 1. Figure 1: Empirical CDFs of EC private key loading time (P-384) grouped by effective byte length. OpenSSL (left): distributions [PITH_FULL_IMAGE:figures/full_fig_p011_1.png] view at source ↗
read the original abstract

Constant time programming patterns is the primary defense against timing attacks on cryptographic implementations, yet what "constant time" means varies across academia and industry. This work systematizes constant time models and their evolution, identifies a recurring gap between what models protect and what specifications assume, and distills an offensive methodology for discovering timing vulnerabilities that originate outside the cryptographic primitive boundary. Applying this methodology, we locate a specification-level vulnerability related to private key loading, and confirm the leak in both OpenSSL and BoringSSL. Counterintuitively, BoringSSL's per-observation signal is several orders of magnitude stronger than OpenSSL's, despite an explicitly stricter threat model.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper is an SoK on constant time models for defending against timing attacks. It traces the evolution of these models across academia and industry, identifies recurring gaps between model protections and specification assumptions, distills an offensive methodology for discovering timing vulnerabilities outside the cryptographic primitive boundary, and applies the methodology to locate a specification-level vulnerability in private key loading. The leak is empirically confirmed in both OpenSSL and BoringSSL, with the counter-intuitive observation that BoringSSL produces a per-observation signal several orders of magnitude stronger despite its stricter threat model.

Significance. If the empirical isolation holds, the work is significant for highlighting specification-implementation mismatches in widely deployed libraries and for providing a reusable offensive methodology. The explicit confirmation in two major libraries and the BoringSSL vs. OpenSSL comparison are concrete contributions that could guide future spec revisions and implementation audits. The systematization itself serves as a useful reference.

major comments (2)
  1. [methodology application / experimental confirmation] The section describing the application of the offensive methodology: the isolation of timing leaks to the private-key-loading path (outside the primitive boundary) is load-bearing for the central empirical claim, yet the description provides no explicit exclusion criteria, measurement protocol details, or controls for unrelated code paths and noise; without these the confirmation in OpenSSL and BoringSSL cannot be fully assessed.
  2. [results on BoringSSL vs OpenSSL] The results paragraph reporting signal strength: the claim that BoringSSL's per-observation signal is 'several orders of magnitude stronger' is central to the counter-intuitive finding, but lacks reported measurement units, normalization procedure, number of observations, or statistical comparison method, leaving the magnitude claim only partially supported.
minor comments (2)
  1. [abstract] Abstract states the leak was 'confirmed' without reference to the specific measurement details or error analysis that appear later in the paper; a brief qualifier would improve clarity.
  2. [systematization section] Notation for 'constant time' models could be introduced with a small summary table early in the systematization section to aid readers tracking the evolution.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments, which correctly identify areas where the experimental presentation can be strengthened. We will revise the manuscript to incorporate additional details on the methodology application and results reporting, improving transparency and reproducibility without altering the core claims.

read point-by-point responses

  1. Referee: The section describing the application of the offensive methodology: the isolation of timing leaks to the private-key-loading path (outside the primitive boundary) is load-bearing for the central empirical claim, yet the description provides no explicit exclusion criteria, measurement protocol details, or controls for unrelated code paths and noise; without these the confirmation in OpenSSL and BoringSSL cannot be fully assessed.

    Authors: We agree that the experimental section would benefit from greater detail. In the revised manuscript we will add explicit exclusion criteria for unrelated code paths, a step-by-step measurement protocol, and controls for noise and confounding factors. These additions will make the isolation of the leak to the private-key-loading path fully assessable while preserving the existing empirical confirmation in both libraries. revision: yes

  2. Referee: The results paragraph reporting signal strength: the claim that BoringSSL's per-observation signal is 'several orders of magnitude stronger' is central to the counter-intuitive finding, but lacks reported measurement units, normalization procedure, number of observations, or statistical comparison method, leaving the magnitude claim only partially supported.

    Authors: We acknowledge the need for quantitative transparency. The revised version will specify the measurement units, describe the normalization procedure, report the number of observations, and detail the statistical comparison method used to establish the signal-strength difference. These additions will fully support the reported magnitude while leaving the counter-intuitive observation intact. revision: yes

Circularity Check

0 steps flagged

No significant circularity identified

full rationale

This is an SoK paper that surveys constant-time models, identifies a specification gap, and presents an empirical methodology whose application yields an observed timing leak in key-loading code. No mathematical derivation chain, fitted parameters renamed as predictions, or self-citation load-bearing steps appear in the abstract or described claims; the central result is an external confirmation against OpenSSL and BoringSSL rather than a closed loop reducing to the paper's own inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

Abstract-only review; no explicit free parameters, mathematical axioms, or invented entities are visible.

axioms (1)
  • domain assumption Constant time programming patterns constitute the primary defense against timing attacks
    Stated as given in the opening sentence of the abstract.

pith-pipeline@v0.9.1-grok · 5620 in / 1177 out tokens · 21919 ms · 2026-06-27T06:25:47.713140+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

74 extracted references · 28 canonical work pages

  1. [1]

    SEC 1, Stan- dards for Efficient Cryptography Group, Sep 2000

    SEC 1: Elliptic Curve Cryptography. SEC 1, Stan- dards for Efficient Cryptography Group, Sep 2000. URL https://www.secg.org/SEC1-Ver-1.0.pdf

    2000

  2. [2]

    Aris Adamantiadis, Simon Josefsson, and Mark D. Baushke. Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448. RFC 8731, RFC Editor, February 2020. URL https://datatracker. ietf.org/doc/rfc8731/

    2020

  3. [3]

    Albrecht, Kenneth G

    Martin R. Albrecht, Kenneth G. Paterson, and Gaven J. Watson. Plaintext recovery attacks against SSH. In30th IEEE Symposium on Security and Privacy (SP 2009), 17-20 May 2009, Oakland, California, USA, pages 16–

    2009

  4. [4]

    URL https://doi

    IEEE Computer Society, 2009. URL https://doi. org/10.1109/SP.2009.5

    work page doi:10.1109/sp.2009.5 2009

  5. [5]

    HyperDegrade: From GHz to MHz effective CPU frequencies

    Alejandro Cabrera Aldaya and Billy Bob Brum- ley. HyperDegrade: From GHz to MHz effective CPU frequencies. In Kevin R. B. Butler and Kurt Thomas, editors,31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10- 12, 2022, pages 2801–2818. USENIX Association,

    2022

  6. [6]

    URL https://www.usenix.org/conference/ usenixsecurity22/presentation/aldaya

  7. [7]

    Port contention for fun and profit

    Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, and Nicola Tuveri. Port contention for fun and profit. In2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019, pages 870–887. IEEE, 2019. URLhttps://doi.org/10.1109/SP.2019.00066

    work page doi:10.1109/sp.2019.00066 2019

  8. [8]

    AlFardan and Kenneth G

    Nadhem J. AlFardan and Kenneth G. Paterson. Lucky Thirteen: Breaking the TLS and DTLS record protocols. In2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013, pages 526–

    2013

  9. [9]

    URL https:// doi.org/10.1109/SP.2013.42

    IEEE Computer Society, 2013. URL https:// doi.org/10.1109/SP.2013.42

    work page doi:10.1109/sp.2013.42 2013

  10. [10]

    Lucky 13 strikes back

    Gorka Irazoqui Apecechea, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. Lucky 13 strikes back. In Feng Bao, Steven Miller, Jianying Zhou, and Gail- Joon Ahn, editors,Proceedings of the 10th ACM Sympo- sium on Information, Computer and Communications 7https://gitlab.com/platsec/boringssl-keyload-vuln Security, AsiaCCS 2015, Singapore, April 14-17, ...

    work page doi:10.1145/2714576.2714625 2015

  11. [11]

    Aranha, Felipe Rodrigues Novaes, Akira Taka- hashi, Mehdi Tibouchi, and Yuval Yarom

    Diego F. Aranha, Felipe Rodrigues Novaes, Akira Taka- hashi, Mehdi Tibouchi, and Yuval Yarom. LadderLeak: Breaking ECDSA with less than one bit of nonce leak- age. In Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna, editors,CCS ’20: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, November 9-13, 2020, pages 225–

    2020

  12. [12]

    URL https://doi.org/10.1145/ 3372297.3417268

    ACM, 2020. URL https://doi.org/10.1145/ 3372297.3417268

    arXiv 2020

  13. [13]

    Decompiling for constant-time analysis.Proceedings of the ACM on Programming Languages, 10(OOPSLA1): 29–58, April 2026

    Santiago Arranz-Olmos, Gilles Barthe, Lionel Blatter, Youcef Bouzid, Sören van der Wall, and Zhiyuan Zhang. Decompiling for constant-time analysis.Proceedings of the ACM on Programming Languages, 10(OOPSLA1): 29–58, April 2026. URL https://doi.org/10.1145/ 3798201

    2026

  14. [14]

    Efficient padding oracle attacks on cryptographic hard- ware

    Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, and Joe-Kai Tsay. Efficient padding oracle attacks on cryptographic hard- ware. In Reihaneh Safavi-Naini and Ran Canetti, editors, Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, Au- gust 19-23, 2012. Proceedings, volume 741...

    2012

  15. [16]

    Bernstein

    Daniel J. Bernstein. Cache-timing attacks on AES, 2005. URL http://cr.yp.to/papers.html# cachetiming

    2005

  16. [17]

    Bernstein

    Daniel J. Bernstein. Curve25519: New Diffie-Hellman speed records. In Moti Yung, Yevgeniy Dodis, Agge- los Kiayias, and Tal Malkin, editors,Public Key Cryp- tography - PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, NY, USA, April 24-26, 2006, Proceedings, volume 3958 ofLecture Notes in Computer Science,...

    work page doi:10.1007/11745853_14 2006

  17. [18]

    Bernstein and Peter Schwabe

    Daniel J. Bernstein and Peter Schwabe. A word of warning. CHES 2013 Rump Session, August

    2013

  18. [19]

    URL https://cryptojedi.org/peter/data/ chesrump-20130822.pdf

  19. [20]

    Bernstein, Tanja Lange, and Peter Schwabe

    Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. The security impact of a new cryptographic library. In Alejandro Hevia and Gregory Neven, editors,Progress in Cryptology - LATINCRYPT 2012 - 2nd International Conference on Cryptology and Information Security in Latin America, Santiago, Chile, October 7-10, 2012. Proceedings, volume 7533 ofLecture Notes...

    work page doi:10.1007/978-3-642-33481-8_9 2012

  20. [21]

    Bernstein, Karthikeyan Bhargavan, Shivam Bhasin, Anupam Chattopadhyay, Tee Kiah Chia, Matthias J

    Daniel J. Bernstein, Karthikeyan Bhargavan, Shivam Bhasin, Anupam Chattopadhyay, Tee Kiah Chia, Matthias J. Kannwischer, Franziskus Kiefer, Thales B. Paiva, Prasanna Ravi, and Goutam Tamvada. Kyber- Slash: Exploiting secret-dependent division timings in Kyber implementations.IACR Trans. Cryptogr . Hardw. Embed. Syst., 2025(2):209–234, 2025. URL https: //d...

    work page doi:10.46586/tches.v2025.i2.209-234 2025

  21. [22]

    Differential fault analysis of secret key cryptosystems

    Eli Biham and Adi Shamir. Differential fault analysis of secret key cryptosystems. In Burton S. Kaliski Jr., editor,Advances in Cryptology - CRYPTO ’97, 17th An- nual International Cryptology Conference, Santa Bar- bara, California, USA, August 17-21, 1997, Proceed- ings, volume 1294 ofLecture Notes in Computer Sci- ence, pages 513–525. Springer, 1997. UR...

    work page doi:10.1007/bfb0052259 1997

  22. [23]

    Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1

    Daniel Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In Hugo Krawczyk, editor,Advances in Cryp- tology - CRYPTO ’98, 18th Annual International Cryp- tology Conference, Santa Barbara, California, USA, Au- gust 23-27, 1998, Proceedings, volume 1462 ofLecture Notes in Computer Science, pages 1–12. S...

    work page doi:10.1007/bfb0055716 1998

  23. [24]

    Return of Bleichenbacher’s oracle threat (ROBOT)

    Hanno Böck, Juraj Somorovsky, and Craig Young. Return of Bleichenbacher’s oracle threat (ROBOT). In William Enck and Adrienne Porter Felt, editors, 27th USENIX Security Symposium, USENIX Se- curity 2018, Baltimore, MD, USA, August 15-17, 2018, pages 817–849. USENIX Association, 2018. URL https://www.usenix.org/conference/ usenixsecurity18/presentation/bock

    2018

  24. [25]

    SLasH-DSA: Breaking SLH- DSA using an extensible end-to-end Rowhammer frame- work.Proc

    Jeremy Boy, Antoon Purnal, Anna Pätschke, Luca Wilke, and Thomas Eisenbarth. SLasH-DSA: Breaking SLH- DSA using an extensible end-to-end Rowhammer frame- work.Proc. Microarchitecture Secur . Conf., 2026, 2026. URLhttps://doi.org/10.46586/uasc.2026.009

    work page doi:10.46586/uasc.2026.009 2026

  25. [26]

    Technologies to improve platform secu- rity

    Ernie Brickell. Technologies to improve platform secu- rity. CHES 2011 Invited Talk, September 2011. URL https://iacr.org/workshops/ches/ches2011/ presentations/Invited%201/CHES2011_Invited_ 1.pdf

    2011

  26. [27]

    Daniel R. L. Brown and Sean Turner. Elliptic Curve Private Key Structure. RFC 5915, RFC Editor, June

  27. [28]

    URL https://datatracker.ietf.org/doc/ rfc5915/

  28. [29]

    Side-channel analysis of crypto- graphic software via early-terminating multiplications

    Johann Großschädl, Elisabeth Oswald, Dan Page, and Michael Tunstall. Side-channel analysis of crypto- graphic software via early-terminating multiplications. In Dong Hoon Lee and Seokhie Hong, editors,Infor- mation, Security and Cryptology - ICISC 2009, 12th International Conference, Seoul, Korea, December 2-4, 2009, Revised Selected Papers, volume 5984 o...

    2009

  29. [30]

    URL https://doi.org/10.1007/978-3-642- 14423-3_13

    work page doi:10.1007/978-3-642-

  30. [31]

    Efficient software implementations of modular exponentiation.J

    Shay Gueron. Efficient software implementations of modular exponentiation.J. Cryptographic Engineering, 2(1):31–43, 2012. URL https://doi.org/10.1007/ s13389-012-0031-5

    2012

  31. [32]

    Alex Halderman, Seth D

    J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Lest we remember: Cold boot attacks on encryption keys. In Paul C. van Oorschot, editor, Proceedings of the 17th USENIX Security Sympo- sium, July 28-August 1, 2008, San Jose, CA, USA, pages 45–6...

    2008

  32. [33]

    How to break XML encryption

    Tibor Jager and Juraj Somorovsky. How to break XML encryption. In Yan Chen, George Danezis, and Vi- taly Shmatikov, editors,Proceedings of the 18th ACM Conference on Computer and Communications Secu- rity, CCS 2011, Chicago, Illinois, USA, October 17- 21, 2011, pages 413–422. ACM, 2011. URL https: //doi.org/10.1145/2046707.2046756

    work page doi:10.1145/2046707.2046756 2011

  33. [34]

    Bleichenbacher’s attack strikes again: Breaking PKCS#1 v1.5 in XML encryption

    Tibor Jager, Sebastian Schinzel, and Juraj Somorovsky. Bleichenbacher’s attack strikes again: Breaking PKCS#1 v1.5 in XML encryption. In Sara Foresti, Moti Yung, and Fabio Martinelli, editors,Computer Security - ES- ORICS 2012 - 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10-12, 2012. Proceedings, volume 7459 ofLecture...

    work page doi:10.1007/978-3-642-33167-1_43 2012

  34. [35]

    PKCS #1: RSA Encryption Version 1.5

    Burt Kaliski. PKCS #1: RSA Encryption Version 1.5. RFC 2313, March 1998. URL https://www.rfc- editor.org/info/rfc2313

    1998

  35. [36]

    PKCS #1: RSA Cryptography Specifications Version 2.0

    Burt Kaliski and Jessica Staddon. PKCS #1: RSA Cryptography Specifications Version 2.0. RFC 2437, October 1998. URL https://www.rfc-editor.org/ info/rfc2437

    1998

  36. [37]

    When constant-time source yields variable-time binary: Exploiting Curve25519-donna built with MSVC 2015

    Thierry Kaufmann, Hervé Pelletier, Serge Vaudenay, and Karine Villegas. When constant-time source yields variable-time binary: Exploiting Curve25519-donna built with MSVC 2015. In Sara Foresti and Giuseppe Persiano, editors,Cryptology and Network Security - 15th International Conference, CANS 2016, Milan, Italy, November 14-16, 2016, Proceedings, volume 1...

    2015

  37. [38]

    URL https://doi.org/10.1007/978-3-319- 48965-0_36

    work page doi:10.1007/978-3-319-

  38. [39]

    Wagner, and Chris Hall

    John Kelsey, Bruce Schneier, David A. Wagner, and Chris Hall. Side channel cryptanalysis of product ci- phers. In Jean-Jacques Quisquater, Yves Deswarte, Catherine Meadows, and Dieter Gollmann, editors,Com- puter Security - ESORICS 98, 5th European Sympo- sium on Research in Computer Security, Louvain-la- Neuve, Belgium, September 16-18, 1998, Proceedings...

    work page doi:10.1007/bfb0055858 1998

  39. [40]

    Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu

    Yoongu Kim, Ross Daly, Jeremie S. Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. Flipping bits in memory with- out accessing them: An experimental study of DRAM disturbance errors. InACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Min- neapolis, MN, USA, June 14-18, 2014, pages 361–372....

    work page doi:10.1109/isca.2014.6853210 2014

  40. [41]

    Spectre attacks: Exploit- ing speculative execution

    Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre attacks: Exploit- ing speculative execution. In2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019, pages 1–19. IEEE, 2019. URL https:...

    work page doi:10.1109/sp.2019.00002 2019

  41. [42]

    Paul C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Neal Koblitz, editor,Advances in Cryptology - CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18-22, 1996, Proceedings, volume 1109 ofLecture Notes in Computer Science, pages 104–113. Springer, 1996. URL ...

    work page doi:10.1007/3-540-68697-5_9 1996

  42. [43]

    Kocher, Joshua Jaffe, and Benjamin Jun

    Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Dif- ferential power analysis. In Michael J. Wiener, edi- tor,Advances in Cryptology - CRYPTO ’99, 19th An- nual International Cryptology Conference, Santa Bar- bara, California, USA, August 15-19, 1999, Proceed- ings, volume 1666 ofLecture Notes in Computer Sci- ence, pages 388–397. Springer, 1999. URL http...

    work page doi:10.1007/3-540-48405-1_25 1999

  43. [44]

    How to break XML encryption— automatically

    Dennis Kupser, Christian Mainka, Jörg Schwenk, and Juraj Somorovsky. How to break XML encryption— automatically. In Aurélien Francillon and Thomas Ptacek, editors,9th USENIX Workshop on Offensive Technologies, WOOT ’15, Washington, DC, USA, August 10-11, 2015. USENIX Association, 2015. URL https://www.usenix.org/conference/woot15/ workshop-program/present...

    2015

  44. [45]

    Meltdown: Reading kernel mem- ory from user space

    Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown: Reading kernel mem- ory from user space. In William Enck and Adri- enne Porter Felt, editors,27th USENIX Security Sympo- sium, USENIX Security 2018, Baltimore, MD, USA, Au- g...

    2018

  45. [46]

    URL https://www.usenix.org/conference/ usenixsecurity18/presentation/lipp

  46. [47]

    Lonvick and Tatu Ylonen

    Chris M. Lonvick and Tatu Ylonen. The Secure Shell (SSH) Protocol Architecture. RFC 4251, RFC Edi- tor, January 2006. URL https://datatracker.ietf. org/doc/rfc4251/

    2006

  47. [48]

    Lonvick and Tatu Ylonen

    Chris M. Lonvick and Tatu Ylonen. The Secure Shell (SSH) Transport Layer Protocol. RFC 4253, RFC Edi- tor, January 2006. URL https://datatracker.ietf. org/doc/rfc4253/

    2006

  48. [49]

    A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0

    James Manger. A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1 v2.0. In Joe Kilian, edi- tor,Advances in Cryptology - CRYPTO 2001, 21st An- nual International Cryptology Conference, Santa Bar- bara, California, USA, August 19-23, 2001, Proceed- ings, volume 2139 ofLecture Notes in Computer Sci- ence...

    work page doi:10.1007/3-540-44647-8_14 2001

  49. [50]

    Raccoon attack: Finding and exploiting most-significant- bit-oracles in TLS-DH(E)

    Robert Merget, Marcus Brinkmann, Nimrod Aviram, Ju- raj Somorovsky, Johannes Mittmann, and Jörg Schwenk. Raccoon attack: Finding and exploiting most-significant- bit-oracles in TLS-DH(E). In Michael Bailey and Rachel Greenstadt, editors,30th USENIX Se- curity Symposium, USENIX Security 2021, August 11-13, 2021, pages 213–230. USENIX Association,

    2021

  50. [51]

    URL https://www.usenix.org/conference/ usenixsecurity21/presentation/merget

  51. [52]

    David Molnar, Matt Piotrowski, David Schultz, and David A. Wagner. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Dongho Won and Seungjoo Kim, edi- tors,Information Security and Cryptology - ICISC 2005, 8th International Conference, Seoul, Korea, December 1-2, 2005, Revised Selected Papers, vol...

    2005

  52. [53]

    Cache attacks and countermeasures: The case of AES

    Dag Arne Osvik, Adi Shamir, and Eran Tromer. Cache attacks and countermeasures: The case of AES. In David Pointcheval, editor,Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings, volume 3860 ofLecture Notes in Computer Science, pages 1–20. Springer, 2006. URL https:...

    work page doi:10.1007/11605805_1 2006

  53. [54]

    Theoretical use of cache memory as a crypt- analytic side-channel.IACR Cryptology ePrint Archive, 2002(169), 2002

    Dan Page. Theoretical use of cache memory as a crypt- analytic side-channel.IACR Cryptology ePrint Archive, 2002(169), 2002. URL http://eprint.iacr.org/ 2002/169

    2002

  54. [55]

    Cache missing for fun and profit

    Colin Percival. Cache missing for fun and profit. InBSD- Can 2005, Ottawa, Canada, May 13-14, 2005, Proceed- ings, 2005. URL http://www.daemonology.net/ papers/cachemissing.pdf

    2005

  55. [56]

    Constant-time callees with variable-time callers

    Cesar Pereida García and Billy Bob Brumley. Constant-time callees with variable-time callers. In Engin Kirda and Thomas Ristenpart, editors,26th USENIX Security Symposium, USENIX Security 2017, V ancouver , BC, Canada, August 16-18, 2017, pages 83–98. USENIX Association, 2017. ISBN 978-1-931971-40-9. URL https://www.usenix. org/conference/usenixsecurity17...

    2017

  56. [57]

    Certified side channels

    Cesar Pereida García, Sohaib ul Hassan, Nicola Tu- veri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Bob Brumley. Certified side channels. In Srdjan Capkun and Franziska Roesner, editors,29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pages 2021–2038. USENIX Association,

    2020

  57. [58]

    URL https://www.usenix.org/conference/ usenixsecurity20/presentation/garcia

  58. [59]

    Constant-time code: The pessimist case

    Thomas Pornin. Constant-time code: The pessimist case. IACR Cryptology ePrint Archive, 2025(435), 2025. URL https://eprint.iacr.org/2025/435

    2025

  59. [60]

    Elec- tromagnetic analysis (EMA): measures and counter- measures for smart cards

    Jean-Jacques Quisquater and David Samyde. Elec- tromagnetic analysis (EMA): measures and counter- measures for smart cards. In Isabelle Attali and Thomas P. Jensen, editors,Smart Card Programming and Security, International Conference on Research in Smart Cards, E-smart 2001, Cannes, France, September 19-21, 2001, Proceedings, volume 2140 ofLecture Notes ...

    work page doi:10.1007/3-540-45418-7_ 2001

  60. [61]

    Oscar Reparaz, Josep Balasch, and Ingrid Verbauwhede. Dude, is my code constant time? In David Atienza and Giorgio Di Natale, editors,Design, Automation & Test in Europe Conference & Exhibition, DATE 2017, Lausanne, Switzerland, March 27-31, 2017, pages 1697–1702. IEEE, 2017. URL https://doi.org/10. 23919/DATE.2017.7927267

    arXiv 2017

  61. [62]

    The 9 lives of Bleichenbacher’s CAT: new cache ATtacks on TLS implementations

    Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, and Yuval Yarom. The 9 lives of Bleichenbacher’s CAT: new cache ATtacks on TLS implementations. In2019 IEEE Symposium on Secu- rity and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019, pages 435–452. IEEE, 2019. URL https://doi.org/10.1109/SP.2019.00062

    work page doi:10.1109/sp.2019.00062 2019

  62. [63]

    Util: : Lookup: Exploiting key decoding in cryptographic libraries

    Florian Sieck, Sebastian Berndt, Jan Wichelmann, and Thomas Eisenbarth. Util: : Lookup: Exploiting key decoding in cryptographic libraries. In Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi, editors,CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Ko- rea, November 15 - 19, 2021, pages 2456–2473. ACM,

    2021

  63. [64]

    URL https://doi.org/10.1145/3460120. 3484783

    work page doi:10.1145/3460120

  64. [65]

    TeeJam: Sub-cache-line leakages strike back.IACR Trans

    Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom. TeeJam: Sub-cache-line leakages strike back.IACR Trans. Cryptogr . Hardw. Embed. Syst., 2024(1):457–500, 2024. URL https://doi.org/10. 46586/tches.v2024.i1.457-500

    2024

  65. [66]

    Cryptanalysis of DES implemented on computers with cache

    Yukiyasu Tsunoo, Teruo Saito, Tomoyasu Suzaki, Maki Shigeri, and Hiroshi Miyauchi. Cryptanalysis of DES implemented on computers with cache. In Colin D. Wal- ter, Çetin Kaya Koç, and Christof Paar, editors,Crypto- graphic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, Cologne, Germany, Septem- ber 8-10, 2003, Proceedings, volume 27...

    2003

  66. [67]

    URL https://doi.org/10.1007/978-3-540- 45238-6_6

    work page doi:10.1007/978-3-540-

  67. [68]

    Security flaws induced by CBC padding

    Serge Vaudenay. Security flaws induced by CBC padding. In Lars R. Knudsen, editor,Advances in Cryp- tology - EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Tech- niques, Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings, volume 2332 ofLecture Notes in Computer Science, pages 534–546. Springer, 2002. ...

    work page doi:10.1007/3-540-46035-7_35 2002

  68. [69]

    The impact of a major security event on an open source project: The case of OpenSSL

    James Walden. The impact of a major security event on an open source project: The case of OpenSSL. In Sunghun Kim, Georgios Gousios, Sarah Nadi, and Joseph Hejderup, editors,MSR ’20: 17th Interna- tional Conference on Mining Software Repositories, Seoul, Republic of Korea, 29-30 June, 2020, pages 409–

    2020

  69. [70]

    URL https://doi.org/10.1145/ 3379597.3387465

    ACM, 2020. URL https://doi.org/10.1145/ 3379597.3387465

    arXiv 2020

  70. [71]

    Big numbers - big trou- bles: Systematically analyzing nonce leakage in (EC)DSA implementations

    Samuel Weiser, David Schrammel, Lukas Bodner, and Raphael Spreitzer. Big numbers - big trou- bles: Systematically analyzing nonce leakage in (EC)DSA implementations. In Srdjan Capkun and Franziska Roesner, editors,29th USENIX Secu- rity Symposium, USENIX Security 2020, August 12- 14, 2020, pages 1767–1784. USENIX Association,

    2020

  71. [72]

    URL https://www.usenix.org/conference/ usenixsecurity20/presentation/weiser

  72. [73]

    Controlled-channel attacks: Deterministic side channels for untrusted operating systems

    Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In2015 IEEE Sympo- sium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 640–656. IEEE Computer Society, 2015. URL https://doi.org/10.1109/SP. 2015.45

    work page doi:10.1109/sp 2015

  73. [74]

    FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack

    Yuval Yarom and Katrina Falkner. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. InProceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014, pages 719–732. USENIX Association, 2014. ISBN 978-1-931971-15-7. URL https://www.usenix. org/conference/usenixsecurity14/technical- sessions/presentation/yarom

    2014

  74. [75]

    CacheBleed: A timing attack on OpenSSL constant time RSA

    Yuval Yarom, Daniel Genkin, and Nadia Heninger. CacheBleed: A timing attack on OpenSSL constant time RSA. In Benedikt Gierlichs and Axel Y . Poschmann, editors,Cryptographic Hardware and Embedded Sys- tems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceed- ings, volume 9813 ofLecture Notes in Computer Sci- en...

    work page doi:10.1007/978-3-662-53140-2_17 2016