[Cryptography] Defeating timing attacks

[Henry Baker]

[Follow-up on attackers always win.]

Consider the following theoretical exercise:

Suppose that a computer's instruction set was *purposely designed* to leak as much secret information through a timing side-channel as possible.  E.g., *asynchronous logic* from the 1960's/1970's might qualify, as the timing of essentially every operation is data-dependent!

Is there any way for a *compiler* to generate code to generate enough deliberate jitter to mask the leaked information?

What if the compiler had additional "instructions" which simply generated randomly selected delays?  What kinds of probability distribution functions could be useful to perform such masking?

Is there any way for an *operating system* to generate enough timing jitter to mask the leaked information?

BTW, "spread spectrum clocking" is the deliberate introduction of jitter into clock signals to minimize narrow-band radio interference from digital devices; without such measures, we wouldn't be allowed to take our digital devices on airplanes due to interference with the airplane's own electronic equipment.

Traditional spread spectrum clocking uses relatively simple pseudo-random sequences; defeating intelligent timing attackers would require crypto-quality pseudo-random sequences, at the very least.