I have a code for polynomial multiplication and it is written in C. I heard that whether a particular instruction is "constant time" can vary by architecture and by processor model and there isn't any official documentation for this behavior. How can I understand if my code is constant time or not?
Note: By "Constant time" I mean a software or code piece that are resistant to timing attacks. I am using UBUNTU on an intel i7 10th generation PC.
This is only a little example, but on one security summer school I have been shown an example of timing attack scenario. It can easily happen when the code performs cryptographic operations only after certain conditions are satisfied. Consider such a snippet:
Therefore, the attacker can observe the execution time of the program in both scenarios and deduce when the encryption might have happened. By making sure this is not the case in your code, you can protect your program from this particular timing attack vulnerability.