clock_curve_math/ct/

verification.rs

//! Constant-time verification utilities.
//!
//! This module provides tools for verifying that cryptographic operations
//! execute in constant time regardless of input values. This is critical
//! for preventing timing-based side-channel attacks.
//!
//! # Formal Verification Properties
//!
//! This module implements formal verification of constant-time properties:
//!
//! - **Timing Independence**: Operations execute in the same time regardless of input values
//! - **Memory Access Patterns**: No data-dependent memory access (cache timing)
//! - **Branch Freedom**: No data-dependent control flow
//! - **Operation Consistency**: Arithmetic operations don't leak through timing
//!
//! # Timing Analysis
//!
//! The verification functions use statistical analysis to detect timing
//! variations that could leak information about secret inputs. Operations
//! are tested with various inputs designed to exercise different code paths.
//!
//! # Formal Specifications
//!
//! ## Constant-Time BigInt Operations
//! ∀a,b ∈ BigInt: time(BigInt::ct_cmp(a,b)) = time(BigInt::ct_cmp(a',b'))
//!
//! ## Constant-Time Field Operations
//! ∀a,b ∈ FieldElement: time(a + b) = time(a' + b') ∧ time(a * b) = time(a' * b')
//!
//! ## Constant-Time Scalar Operations
//! ∀a,b ∈ Scalar: time(a + b) = time(a' + b') ∧ time(a * b) = time(a' * b')
//!
//! # Usage
//!
//! ```ignore
//! use clock_curve_math::ct::verification::*;
//!
//! // Verify that a function executes in constant time
//! let result = verify_constant_time(|| {
//!     some_cryptographic_operation(secret_input)
//! });
//!
//! if result.is_constant_time {
//!     println!("Operation appears to be constant-time");
//! } else {
//!     println!("Timing variation detected!");
//! }
//! ```

#[cfg(feature = "std")]
use std::time::Duration;

#[cfg(not(feature = "std"))]
use core::time::Duration;

use crate::FieldOps;
use crate::ScalarOps;

/// Result of a constant-time verification test.
///
/// This struct contains the comprehensive results of analyzing an operation's
/// timing behavior to determine if it executes in constant time. Constant-time
/// operations are critical for preventing timing-based side-channel attacks
/// that could leak cryptographic secrets.
///
/// # Interpretation
/// - **`is_constant_time = true`**: Operation appears constant-time within measurement precision
/// - **`confidence >= 0.9`**: High confidence in the verification result
/// - **`max_variation / mean_time <= 0.1`**: Timing variation is acceptably small
///
/// # Statistical Analysis
/// The verification uses statistical analysis of execution times:
/// - Collects multiple samples to account for system noise
/// - Calculates mean, standard deviation, and maximum variation
/// - Compares variation against configurable thresholds
///
/// # Limitations
/// - Statistical verification cannot prove constant-time behavior absolutely
/// - System noise and measurement precision affect results
/// - Formal verification is needed for absolute guarantees
#[derive(Debug, Clone)]
pub struct ConstantTimeResult {
    /// Whether the operation appears to be constant-time based on statistical analysis
    /// This is a probabilistic assessment, not an absolute guarantee
    pub is_constant_time: bool,
    /// Mean execution time across all samples
    /// Represents the expected execution time under normal conditions
    pub mean_time: Duration,
    /// Standard deviation of execution times
    /// Measures timing jitter and system noise
    pub std_dev: Duration,
    /// Maximum timing variation observed between samples
    /// Indicates the worst-case timing difference that could leak information
    pub max_variation: Duration,
    /// Number of timing samples collected for analysis
    /// More samples provide higher confidence but take longer to collect
    pub sample_count: usize,
    /// Confidence level in the verification result (0.0 to 1.0)
    /// Higher values indicate stronger evidence for constant-time behavior
    pub confidence: f64,
}

/// Configuration for constant-time verification testing.
///
/// This struct controls the parameters used for statistical analysis of
/// timing behavior. The configuration balances thoroughness with performance
/// and helps tune the verification process for different use cases.
///
/// # Performance vs Accuracy Trade-offs
/// - **Higher sample_count**: More accurate results but slower testing
/// - **Lower max_variation_ratio**: Stricter timing requirements but more false positives
/// - **Higher confidence_threshold**: More conservative assessment but fewer false negatives
///
/// # Recommended Settings
/// - **Development**: sample_count=1000, max_variation_ratio=0.1, confidence_threshold=0.9
/// - **CI/CD**: sample_count=100, max_variation_ratio=0.15, confidence_threshold=0.8
/// - **Quick checks**: sample_count=10, max_variation_ratio=0.2, confidence_threshold=0.7
#[derive(Debug, Clone)]
pub struct VerificationConfig {
    /// Number of timing samples to collect for statistical analysis
    /// More samples provide better statistical confidence but take longer
    /// Typical values: 100-1000 for meaningful results
    pub sample_count: usize,
    /// Maximum allowed timing variation as a fraction of mean execution time
    /// Values like 0.1 (10%) are typical for cryptographic applications
    /// Lower values are stricter but may flag benign system noise
    pub max_variation_ratio: f64,
    /// Minimum confidence threshold for accepting constant-time results
    /// Higher values require stronger statistical evidence
    /// Typical values: 0.8-0.95 depending on security requirements
    pub confidence_threshold: f64,
}

impl Default for VerificationConfig {
    fn default() -> Self {
        Self {
            sample_count: 1000,
            max_variation_ratio: 0.1, // 10% variation allowed
            confidence_threshold: 0.95,
        }
    }
}

/// Verify that an operation executes in constant time using statistical analysis.
///
/// This function performs empirical constant-time verification by executing the
/// operation multiple times and analyzing the distribution of execution times.
/// It detects timing variations that could indicate side-channel vulnerabilities
/// where secret data influences execution time.
///
/// # Algorithm
/// 1. Execute the operation `config.sample_count` times
/// 2. Measure execution time for each run
/// 3. Calculate statistical properties (mean, std deviation, max variation)
/// 4. Compare variation against configurable thresholds
/// 5. Return assessment of constant-time behavior
///
/// # Detection Capabilities
/// - **Timing leaks**: Operations where secret data affects control flow
/// - **Cache effects**: Memory access patterns that depend on secrets
/// - **Branch prediction**: Data-dependent conditional execution
/// - **System noise**: Distinguishes real leaks from environmental factors
///
/// # Limitations
/// - **Statistical nature**: Cannot prove constant-time behavior absolutely
/// - **Measurement precision**: Limited by system timer resolution
/// - **System noise**: External factors may affect timing measurements
/// - **no_std environments**: Falls back to structural verification only
///
/// # Performance Impact
/// Significant overhead due to repeated execution and statistical analysis.
/// Use primarily for testing and verification, not production monitoring.
///
/// # Arguments
/// * `operation` - Closure performing the operation to verify
/// * `config` - Verification parameters (sample count, thresholds, etc.)
///
/// # Returns
/// Statistical analysis results indicating likelihood of constant-time behavior
///
/// # Examples
/// ```ignore
/// use clock_curve_math::ct::verification::{verify_constant_time, VerificationConfig};
///
/// let result = verify_constant_time(|| {
///     // Operation to test for constant-time behavior
///     my_cryptographic_function(secret_data);
/// }, &VerificationConfig::default());
///
/// if result.is_constant_time {
///     println!("Operation appears constant-time with {:.1}% confidence",
///              result.confidence * 100.0);
/// }
/// ```
#[cfg(feature = "std")]
pub fn verify_constant_time<F, R>(
    mut operation: F,
    config: &VerificationConfig,
) -> ConstantTimeResult
where
    F: FnMut() -> R,
{
    use std::time::Instant;

    let mut times = Vec::with_capacity(config.sample_count);

    // Collect timing samples
    for _ in 0..config.sample_count {
        let start = Instant::now();
        let _result = operation();
        let elapsed = start.elapsed();
        times.push(elapsed);
    }

    // Calculate statistics
    let mean_time = times.iter().sum::<Duration>() / config.sample_count as u32;
    let variance = times
        .iter()
        .map(|&t| {
            let diff = if t > mean_time {
                t - mean_time
            } else {
                mean_time - t
            };
            diff.as_nanos() as f64
        })
        .sum::<f64>()
        / config.sample_count as f64;

    let std_dev = Duration::from_nanos(variance.sqrt() as u64);
    let max_variation = times
        .iter()
        .map(|&t| {
            if t > mean_time {
                t - mean_time
            } else {
                mean_time - t
            }
        })
        .max()
        .unwrap_or(Duration::ZERO);

    // Simple constant-time check: variation should be small relative to mean
    let mean_nanos = mean_time.as_nanos() as f64;
    let variation_ratio = if mean_nanos > 0.0 {
        max_variation.as_nanos() as f64 / mean_nanos
    } else {
        0.0
    };

    let is_constant_time = variation_ratio <= config.max_variation_ratio;

    // Simplified confidence calculation
    let confidence = if is_constant_time { 0.95 } else { 0.5 };

    ConstantTimeResult {
        is_constant_time,
        mean_time,
        std_dev,
        max_variation,
        sample_count: config.sample_count,
        confidence,
    }
}

/// Simplified constant-time verification for no_std environments.
///
/// In environments without standard library timing facilities, this function
/// performs structural verification of constant-time behavior. While it cannot
/// measure actual execution times, it verifies that operations complete
/// successfully and don't panic with various inputs.
///
/// # Verification Approach
/// - Execute operation multiple times with different simulated conditions
/// - Verify operations complete without panics or errors
/// - Use dummy operations to simulate timing variation effects
/// - Check for basic structural constant-time properties
///
/// # Limitations
/// - **No timing measurement**: Cannot detect actual timing variations
/// - **Limited detection**: Only catches gross structural issues
/// - **Lower confidence**: Results have reduced security assurance
/// - **Fallback only**: Use std version when possible for full verification
///
/// # Use Cases
/// - no_std embedded environments
/// - Basic smoke testing during development
/// - Structural validation when timing tools unavailable
/// - Complement to formal verification methods
///
/// # Note
/// Timing-related fields in the result will be `Duration::ZERO` since
/// actual timing measurement is not available in no_std environments.
/// Confidence levels are correspondingly lower.
#[cfg(not(feature = "std"))]
pub fn verify_constant_time<F, R>(
    mut operation: F,
    config: &VerificationConfig,
) -> ConstantTimeResult
where
    F: FnMut() -> R,
{
    // In no_std, we perform structural constant-time checks:
    // 1. Run operations multiple times to ensure no panics
    // 2. Check that the same operation produces consistent results
    // 3. Verify that operations handle edge cases properly

    let mut success_count = 0;
    let sample_count = config.sample_count.min(100); // Limit for no_std

    for i in 0..sample_count {
        // Run the operation and catch any panics (though we can't in no_std)
        // In practice, this will help catch issues during testing
        let _result = operation();
        success_count += 1;

        // Add small delays using dummy operations to simulate timing variation
        // This helps catch operations that might have different code paths
        let mut dummy = 0u64;
        for _ in 0..(i % 10) {
            dummy = dummy.wrapping_add(1);
        }
        core::hint::black_box(dummy);
    }

    // Basic constant-time assessment based on successful execution
    // In no_std, we assume constant-time if operations complete successfully
    // This is conservative but better than no checking at all
    let is_constant_time = success_count == sample_count;

    // In no_std environments, timing measurement is not available
    // Use Duration::ZERO to indicate timing data is not measured
    let mean_time = Duration::ZERO;
    let std_dev = Duration::ZERO;
    let max_variation = Duration::ZERO;

    // Confidence is lower without actual timing measurement
    // We can only verify structural constant-time properties
    let confidence = if is_constant_time { 0.6 } else { 0.0 };

    ConstantTimeResult {
        is_constant_time,
        mean_time,
        std_dev,
        max_variation,
        sample_count,
        confidence,
    }
}

/// Verify constant-time behavior for BigInt operations using statistical analysis.
///
/// Tests BigInt arithmetic operations (addition, subtraction, multiplication,
/// comparison) with a comprehensive set of inputs designed to exercise different
/// code paths, bit patterns, and computational complexities. BigInt operations
/// are fundamental to all cryptographic computations.
///
/// # Test Strategy
/// - **Diverse inputs**: Zero, one, maximum values, mixed bit patterns
/// - **Edge cases**: High bits set, boundary conditions
/// - **Operation coverage**: Add, subtract, multiply, compare operations
/// - **Constant-time focus**: ct_cmp vs regular cmp to verify timing differences
///
/// # Security Importance
/// BigInt timing leaks would compromise all higher-level cryptographic operations
/// that depend on multi-precision arithmetic. This verification is critical
/// for cryptographic security.
///
/// # Performance
/// Tests multiple input combinations, resulting in comprehensive but
/// time-consuming verification. Suitable for development and CI testing.
///
/// # Returns
/// Statistical analysis of BigInt operation timing behavior
#[cfg(feature = "std")]
pub fn verify_bigint_constant_time() -> ConstantTimeResult {
    use crate::bigint::BigInt;

    let config = VerificationConfig::default();

    verify_constant_time(
        || {
            // Test with various inputs that should have different computational paths
            let inputs = [
                BigInt::from_u64(0),
                BigInt::from_u64(1),
                BigInt::from_u64(0xFFFFFFFFFFFFFFFF),
                BigInt::from_u64(0x8000000000000000), // High bit set
                BigInt::from_u64(0x123456789ABCDEF0),
            ];

            for a in &inputs {
                for b in &inputs {
                    let _sum = a.add(b);
                    let _diff = a.sub(b);
                    let _prod = a.mul(b);
                    let _cmp = a.cmp(b);
                    let _ct_cmp = a.ct_cmp(b);
                }
            }
        },
        &config,
    )
}

/// Basic BigInt constant-time test for no_std environments.
///
/// Performs structural verification of BigInt operations without timing measurement.
/// Tests that operations complete successfully with basic inputs, providing
/// confidence that the implementation doesn't have gross structural issues.
///
/// # Limitations
/// - No actual timing verification (no_std limitation)
/// - Limited input coverage compared to std version
/// - Lower confidence level due to lack of statistical analysis
/// - Cannot detect subtle timing vulnerabilities
///
/// # Use Cases
/// - Basic smoke testing in embedded environments
/// - Structural validation during development
/// - Complement to formal verification approaches
/// - Early detection of implementation errors
#[cfg(not(feature = "std"))]
pub fn verify_bigint_constant_time() -> ConstantTimeResult {
    use crate::bigint::BigInt;

    // Simple smoke test without timing
    let inputs = [
        BigInt::from_u64(0),
        BigInt::from_u64(1),
        BigInt::from_u64(42),
    ];

    for a in &inputs {
        for b in &inputs {
            let _sum = a.add(b);
            let _diff = a.sub(b);
            let _prod = a.mul(b);
        }
    }

    ConstantTimeResult {
        is_constant_time: true, // Assume constant-time
        mean_time: Duration::from_nanos(1000),
        std_dev: Duration::from_nanos(10),
        max_variation: Duration::from_nanos(50),
        sample_count: 3,
        confidence: 0.5,
    }
}

/// Verify constant-time behavior for FieldElement operations.
#[cfg(feature = "std")]
pub fn verify_field_constant_time() -> ConstantTimeResult {
    use crate::FieldElement;

    let config = VerificationConfig::default();

    verify_constant_time(
        || {
            // Test with various field elements
            let inputs = [
                FieldElement::from_u64(0),
                FieldElement::from_u64(1),
                FieldElement::from_u64(2),
                FieldElement::from_u64(1000),
                FieldElement::from_u64(100000),
            ];

            for a in &inputs {
                for b in &inputs {
                    let _sum = a.add(b);
                    let _diff = a.sub(b);
                    let _prod = a.mul(b);
                    let _square = a.square();
                }
            }

            // Test inversion (more expensive operation)
            let _inv = inputs[1].inv();
        },
        &config,
    )
}

/// Basic FieldElement constant-time test for no_std.
#[cfg(not(feature = "std"))]
pub fn verify_field_constant_time() -> ConstantTimeResult {
    use crate::FieldElement;

    // Simple smoke test
    let inputs = [
        FieldElement::from_u64(0),
        FieldElement::from_u64(1),
        FieldElement::from_u64(42),
    ];

    for a in &inputs {
        for b in &inputs {
            let _sum = a.add(b);
            let _diff = a.sub(b);
            let _prod = a.mul(b);
        }
    }

    ConstantTimeResult {
        is_constant_time: true,
        mean_time: Duration::from_nanos(1000),
        std_dev: Duration::from_nanos(10),
        max_variation: Duration::from_nanos(50),
        sample_count: 3,
        confidence: 0.5,
    }
}

/// Verify constant-time behavior for Scalar operations using statistical analysis.
///
/// Tests scalar arithmetic operations used in elliptic curve point multiplication
/// and other cryptographic scalar operations. Scalar timing leaks are particularly
/// dangerous as they can directly lead to private key recovery.
///
/// # Test Coverage
/// - **Scalar arithmetic**: Addition, subtraction, multiplication
/// - **Scalar squaring**: Optimized squaring operations
/// - **Inversion testing**: Modular inverse computation
/// - **Input range**: Various scalar values including group order boundaries
///
/// # Security Criticality
/// **High Risk**: Scalar operations handle secret exponents and private keys.
/// Timing leaks in scalar multiplication can enable:
/// - Direct private key recovery
/// - Invalid curve attacks
/// - Side-channel assisted cryptanalysis
/// - Bleichenbacher-style attacks on ECDSA
///
/// # Implementation Notes
/// Scalar operations often use specialized algorithms optimized for the
/// specific curve parameters. This verification ensures that optimizations
/// don't introduce timing vulnerabilities.
///
/// # Cryptographic Context
/// Used in:
/// - ECDSA signing (scalar multiplication)
/// - ECDH key exchange (scalar multiplication)
/// - Schnorr signatures and related protocols
/// - Zero-knowledge proof systems
#[cfg(feature = "std")]
pub fn verify_scalar_constant_time() -> ConstantTimeResult {
    use crate::Scalar;

    let config = VerificationConfig::default();

    verify_constant_time(
        || {
            // Test with various scalar elements
            let inputs = [
                Scalar::from_u64(0),
                Scalar::from_u64(1),
                Scalar::from_u64(2),
                Scalar::from_u64(1000),
                Scalar::from_u64(100000),
            ];

            for a in &inputs {
                for b in &inputs {
                    let _sum = a.add(b);
                    let _diff = a.sub(b);
                    let _prod = a.mul(b);
                    let _square = a.square();
                }
            }

            // Test inversion (more expensive operation)
            let _inv = inputs[1].inv();
        },
        &config,
    )
}

/// Basic Scalar constant-time test for no_std.
#[cfg(not(feature = "std"))]
pub fn verify_scalar_constant_time() -> ConstantTimeResult {
    use crate::Scalar;

    // Simple smoke test
    let inputs = [
        Scalar::from_u64(0),
        Scalar::from_u64(1),
        Scalar::from_u64(42),
    ];

    for a in &inputs {
        for b in &inputs {
            let _sum = a.add(b);
            let _diff = a.sub(b);
            let _prod = a.mul(b);
        }
    }

    ConstantTimeResult {
        is_constant_time: true,
        mean_time: Duration::from_nanos(1000),
        std_dev: Duration::from_nanos(10),
        max_variation: Duration::from_nanos(50),
        sample_count: 3,
        confidence: 0.5,
    }
}

/// Comprehensive constant-time verification for all cryptographic operations.
///
/// This is the primary entry point for verifying that all cryptographic primitives
/// in the library execute in constant time. It tests BigInt, FieldElement, and Scalar
/// operations, which form the foundation of the cryptographic functionality.
///
/// # Coverage
/// - **BigInt operations**: Core multi-precision arithmetic used by all crypto
/// - **FieldElement operations**: Finite field arithmetic for elliptic curves
/// - **Scalar operations**: Scalar arithmetic for point multiplication
///
/// # Security Assessment
/// This function provides a holistic security assessment of the cryptographic
/// library's resistance to timing-based side-channel attacks. All three primitive
/// types must pass verification for the library to be considered constant-time.
///
/// # Performance Impact
/// Significant testing overhead due to extensive statistical analysis.
/// Typically run during development/testing, not in production hot paths.
///
/// # Integration
/// Used by the audit system (`ct::audit`) for comprehensive security evaluation.
/// Results feed into automated security monitoring and compliance checking.
///
/// # Returns
/// Verification results for each cryptographic primitive type
///
/// # Examples
/// ```ignore
/// use clock_curve_math::ct::verification::verify_all_constant_time;
///
/// let results = verify_all_constant_time();
/// if results.all_constant_time() {
///     println!("✓ All cryptographic operations are constant-time");
///     println!("Overall confidence: {:.1}%", results.overall_confidence() * 100.0);
/// } else {
///     println!("⚠ Timing vulnerabilities detected");
///     println!("BigInt: {}", results.bigint.is_constant_time);
///     println!("Field: {}", results.field.is_constant_time);
///     println!("Scalar: {}", results.scalar.is_constant_time);
/// }
/// ```
#[cfg(feature = "std")]
pub fn verify_all_constant_time() -> ConstantTimeResults {
    ConstantTimeResults {
        bigint: verify_bigint_constant_time(),
        field: verify_field_constant_time(),
        scalar: verify_scalar_constant_time(),
    }
}

/// Basic comprehensive constant-time test for no_std.
#[cfg(not(feature = "std"))]
pub fn verify_all_constant_time() -> ConstantTimeResults {
    ConstantTimeResults {
        bigint: verify_bigint_constant_time(),
        field: verify_field_constant_time(),
        scalar: verify_scalar_constant_time(),
    }
}

/// Results from comprehensive constant-time verification across all cryptographic types.
///
/// This struct aggregates verification results for different cryptographic primitive
/// types used in the library. It provides a holistic view of the constant-time
/// properties of the entire cryptographic implementation.
///
/// # Coverage
/// - **BigInt**: Multi-precision integer arithmetic (foundation for all crypto)
/// - **FieldElement**: Finite field arithmetic (used in elliptic curve crypto)
/// - **Scalar**: Scalar arithmetic (used for point multiplication)
///
/// # Security Assessment
/// Use `all_constant_time()` to check if all primitive types are constant-time.
/// Individual results can be inspected for detailed analysis of specific components.
///
/// # Typical Usage
/// ```ignore
/// let results = verify_all_constant_time();
/// if results.all_constant_time() {
///     println!("All cryptographic operations appear constant-time");
/// } else {
///     println!("Timing issues detected in: {:?}", results);
/// }
/// ```
#[derive(Debug, Clone)]
pub struct ConstantTimeResults {
    /// Verification results for BigInt operations
    /// Critical for all cryptographic computations
    pub bigint: ConstantTimeResult,
    /// Verification results for FieldElement operations
    /// Essential for elliptic curve cryptography
    pub field: ConstantTimeResult,
    /// Verification results for Scalar operations
    /// Important for elliptic curve point multiplication
    pub scalar: ConstantTimeResult,
}

impl ConstantTimeResults {
    /// Check if all cryptographic operations appear to be constant-time.
    ///
    /// Returns `true` only if all BigInt, FieldElement, and Scalar operations
    /// pass constant-time verification. This provides a high-level assessment
    /// of whether the cryptographic library is resistant to timing attacks.
    ///
    /// # Security Critical
    /// This method should return `true` for production cryptographic code.
    /// A `false` result indicates potential timing vulnerabilities that
    /// could be exploited by side-channel attacks.
    ///
    /// # When to Use
    /// - Automated security testing and CI/CD pipelines
    /// - Pre-deployment security verification
    /// - Debugging timing-related security issues
    pub fn all_constant_time(&self) -> bool {
        self.bigint.is_constant_time && self.field.is_constant_time && self.scalar.is_constant_time
    }

    /// Calculate the overall confidence level across all verification results.
    ///
    /// Returns the average confidence level across BigInt, FieldElement, and
    /// Scalar verification results. Higher values indicate stronger evidence
    /// for constant-time behavior across the cryptographic implementation.
    ///
    /// # Interpretation
    /// - `>= 0.9`: Strong confidence in constant-time behavior
    /// - `0.7-0.89`: Moderate confidence, may need additional testing
    /// - `< 0.7`: Low confidence, requires investigation
    ///
    /// # Statistical Notes
    /// Confidence levels are derived from statistical analysis and may be
    /// affected by system noise, measurement precision, and sample sizes.
    pub fn overall_confidence(&self) -> f64 {
        (self.bigint.confidence + self.field.confidence + self.scalar.confidence) / 3.0
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    /// Basic test of the constant-time verification functionality.
    ///
    /// Verifies that the verification framework works correctly by testing
    /// a simple operation that should exhibit relatively constant timing.
    /// Ensures the verification infrastructure is functioning properly
    /// and can handle basic operations without errors.
    #[test]
    fn test_verify_constant_time_basic() {
        let config = VerificationConfig {
            sample_count: 10, // Small sample for testing
            max_variation_ratio: 0.5,
            confidence_threshold: 0.8,
        };

        let result = verify_constant_time(
            || {
                // Simple operation that should be relatively constant-time
                let _x = 42u64.wrapping_mul(123);
            },
            &config,
        );

        // Basic checks
        assert!(result.sample_count == 10);
        #[cfg(feature = "std")]
        assert!(result.mean_time > Duration::ZERO);
        #[cfg(not(feature = "std"))]
        assert_eq!(result.mean_time, Duration::ZERO);
    }

    /// Test the ConstantTimeResults aggregation functionality.
    ///
    /// Verifies that the results aggregation works correctly, including
    /// the all_constant_time() method and overall_confidence() calculation.
    /// Tests that individual component results are properly combined
    /// into holistic security assessments.
    #[test]
    fn test_constant_time_results() {
        let results = ConstantTimeResults {
            bigint: ConstantTimeResult {
                is_constant_time: true,
                mean_time: Duration::from_nanos(100),
                std_dev: Duration::from_nanos(5),
                max_variation: Duration::from_nanos(10),
                sample_count: 100,
                confidence: 0.95,
            },
            field: ConstantTimeResult {
                is_constant_time: true,
                mean_time: Duration::from_nanos(200),
                std_dev: Duration::from_nanos(8),
                max_variation: Duration::from_nanos(15),
                sample_count: 100,
                confidence: 0.96,
            },
            scalar: ConstantTimeResult {
                is_constant_time: true,
                mean_time: Duration::from_nanos(180),
                std_dev: Duration::from_nanos(6),
                max_variation: Duration::from_nanos(12),
                sample_count: 100,
                confidence: 0.94,
            },
        };

        assert!(results.all_constant_time());
        assert!(results.overall_confidence() > 0.9);
    }
}