Abstract: During the last 15 years, constant-time cryptographic software has transitioned from an academic construct to a concrete security requirement for real-world libraries. From the engineering perspective, we have quality sets of programming guidelines to avoid these pitfalls leading to security advisories and immense downstream effort to patch fielded systems. We even have automated tools to assist in the development and testing processes. Yet SCA-related security advisories persist — why? This talk covers over a decade of SCA attacks and mitigations against OpenSSL, one of the most security-critical FOSS libraries. The focus is on SCA mitigation engineering challenges across a large, necessarily stable monolithic codebase over time, looking at why the cryptographer’s mantra “just make it constant-time” is often harder than it seems for established software projects.
The slide is available here