[Cryptography] Compiler optimization side channel
iang
iang at iang.org
Tue Aug 27 07:31:00 EDT 2024
On 23/08/2024 21:06, Phillip Hallam-Baker wrote:
> Which looked all well and good. But then I thought to myself, what if
> the compiler gets hold of that data and decides to optimize the
> arithmetic creating temporary variables that it leaves hanging about?
My own technique for clearing arrays is to xor each element with a rand,
then sum the new elements, and print a diagnostic of the sum. While this
"guarantees" that the code doesn't get optimised out, it doesn't
guarantee that the elements of the array are actually written to.
Sadly, with BigInts, it's even harder. In Java you used to be able to
poke inside the class and write to the array (useful for passwords too).
But now you can't, that's too naughty...
It was so frustrating that I actually had my guy write his own BigInt
class, which worked, but was way too slow... (To spice up the project I
told him to write it with chatGPT, and it worked, but it wasn't an
encouraging experience.)
iang
More information about the cryptography
mailing list