krypteia-silentops 0.1.0

Side-channel countermeasure toolkit: constant-time primitives, dudect-style timing leakage verifier, and shared SCA helpers for the krypteia workspace.
Documentation
  • Coverage
  • 100%
    17 out of 17 items documented1 out of 6 items with examples
  • Size
  • Source code size: 70.85 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 234.31 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 2s Average build duration of successful builds.
  • all releases: 2s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • Repository
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • cslashm

krypteia-silentops — side-channel countermeasure toolkit

Crates.io Docs.rs License: Apache-2.0

Side-channel countermeasure primitives shared by the krypteia cryptographic workspace (post-quantum quantica and classical arcana).

silentops packages three families of primitives that any cryptographic crate concerned with timing, cache, or fault side-channels needs to write once and trust everywhere:

  • ct — constant-time core ops (ct_eq, ct_select, ct_zeroize, conditional buffer copy) with architecture-specific inline-assembly backends so the compiler cannot rewrite the bit-twiddle into a secret-dependent CMOV (the Kocher cache-timing pattern). Five backends ship today: x86_64, aarch64, thumbv7 (M3/M4/M33), thumbv6m (M0/M0+), riscv32 (RV32I + ESP32-class chips), plus a portable pure-Rust fallback. no_std.
  • ct_grind — Valgrind memcheck client-request helpers (poison / unpoison) used to verify constant-time code under valgrind --error-exitcode=1 on x86_64-linux / aarch64-linux. Compiles to zero-cost no-ops on every other target so call sites stay unconditional. no_std.
  • verify — dudect-style timing leakage detector built on Welch's t-test. Drives randomised secret/public input pairs through a candidate function and surfaces statistically significant timing distinguishers. std-only (test tooling).

Cargo features

Feature Default Effect
std no Pulls in std to enable the verify module (host-side timing tests).
ct-grind no Emit Valgrind memcheck client-request instrumentation in ct_grind::{poison, unpoison}. Inert on non-Linux x86_64/aarch64.
asm-x86_64 no Route ct primitives through the inline-asm x86_64 backend.
asm-aarch64 no Same, AArch64 (csel, csinv).
asm-thumbv7 no Same, ARMv7-M Thumb2 (IT blocks). Cortex-M3 / M4 / M33.
asm-thumbv6m no Same, ARMv6-M Thumb (AND/OR/XOR, no IT). Cortex-M0 / M0+.
asm-riscv32 no Same, RV32I (AND/OR/XOR, no cmov). ESP32-C3 / C6 / H2.

Each asm feature is gated on target_arch + target_feature inside the crate, so enabling several simultaneously is harmless — only the matching backend's module is compiled.

Verification status

The constant-time claims are exercised on every PR through three independent paths on the workspace CI:

  • Host x86_64: ctgrind (Valgrind memcheck) on every ct::* primitive — tools/ctgrind.sh returns non-zero on any secret-dependent branch.
  • Cross-arch host: same ctgrind run under cross on aarch64 (qemu-user), exercising the asm-aarch64 backend.
  • On-target bare-metal: tests-embedded workspace member smoke-tests the active asm backend under qemu-system on riscv32imc, riscv32imac, thumbv6m and thumbv7em — each run boots silentops + ct_eq end-to-end on the real ISA.

See doc/sca/ in the workspace repository for the full threat model and per-algorithm SCA evidence.

License

Apache-2.0