constant-time-analysis

Solid

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.

Code & Development 5,501 stars 484 forks Updated 4 days ago CC-BY-SA-4.0

Install

View on GitHub

Quality Score: 90/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Constant-Time Analysis Analyze cryptographic code to detect operations that leak secret data through execution timing variations. ## When to Use ```text User writing crypto code? ──yes──> Use this skill │ no │ v User asking about timing attacks? ──yes──> Use this skill │ no │ v Code handles secret keys/tokens? ──yes──> Use this skill │ no │ v Skip this skill ``` **Concrete triggers:** - User implements signature, encryption, or key derivation - Code contains `/` or `%` operators on secret-derived values - User mentions "constant-time", "timing attack", "side-channel", "KyberSlash" - Reviewing functions named `sign`, `verify`, `encrypt`, `decrypt`, `derive_key` ## When NOT to Use - Non-cryptographic code (business logic, UI, etc.) - Public data processing where timing leaks don't matter - Code that doesn't handle secrets, keys, or authentication tokens - High-level API usage where timing is handled by the library ## Language Selection Based on the file extension or language context, refer to the appropriate guide: | Language | File Extensions | Guide | | ---------- | --------------------------------- | -------------------------------------------------------- | | C, C++ | `.c`, `.h`, `.cpp`, `.cc`, `.hpp` | [references/compiled.md](references/compiled.md) | | Go | `.go` ...