tacet 0.2.0

Detect timing side channels in cryptographic code
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

# tacet

**Detect timing side channels in Rust code with statistically rigorous methods.**

```
$ cargo test --test aes_timing -- --nocapture

[aes128_block_encrypt_constant_time]
tacet
──────────────────────────────────────────────────────────────

  Samples: 6000 per class
  Quality: Good

  ✓ No timing leak detected

    Probability of leak: 0.0%
    95% CI: 0.0–12.5 ns

──────────────────────────────────────────────────────────────
```

## Installation

```sh
cargo add tacet --dev
```

## Quick Start

```rust
use tacet::{timing_test_checked, TimingOracle, AttackerModel, Outcome};

#[test]
fn constant_time_compare() {
    let secret = [0u8; 32];

    let outcome = timing_test_checked! {
        oracle: TimingOracle::for_attacker(AttackerModel::AdjacentNetwork),
        baseline: || [0u8; 32],
        sample: || rand::random::<[u8; 32]>(),
        measure: |input| {
            constant_time_eq(&secret, &input);
        },
    };

    match outcome {
        Outcome::Pass { .. } => { /* No leak */ }
        Outcome::Fail { exploitability, .. } => panic!("Timing leak: {:?}", exploitability),
        Outcome::Inconclusive { .. } => { /* Could not determine */ }
        Outcome::Unmeasurable { .. } => { /* Operation too fast */ }
    }
}
```

## Why Another Tool?

Existing tools like DudeCT output t-statistics and p-values that are hard to interpret. `tacet` gives you what you actually want: **the probability your code has a timing leak**, plus how exploitable it would be.

| | DudeCT | tacet |
|---|--------|---------------|
| **Output** | t-statistic + p-value | Probability of leak (0-100%) |
| **False positives** | Unbounded (more samples = more FPs) | Converges to correct answer |
| **Effect size** | Not provided | Estimated in nanoseconds |
| **Exploitability** | Manual interpretation | Automatic classification |
| **CI-friendly** | Flaky without tuning | Works out of the box |

## Attacker Model Presets

Choose your threat model to define what timing differences matter:

| Preset | Threshold | Use case |
|--------|-----------|----------|
| `SharedHardware` | 0.6 ns (~2 cycles) | SGX, cross-VM, containers |
| `AdjacentNetwork` | 100 ns | LAN, HTTP/2 APIs |
| `RemoteNetwork` | 50 μs | Public internet APIs |
| `Research` | 0 | Detect any difference |

## Documentation

- [API Documentation](https://docs.rs/tacet)
- [GitHub Repository](https://github.com/agucova/tacet)

## License

MPL-2.0