
Iodine: Verifying constant-time execution of hardware [pdf] - godelmachine
https://www.usenix.org/system/files/sec19-gleissenthall.pdf
======
laurensr
Not to be confused with the IP-over-DNS utility bearing the same name:

[https://code.kryo.se/iodine/](https://code.kryo.se/iodine/)

~~~
knorker
Yeah if people could put more effort into naming things that'd be great.

------
ganzuul
> Abstract. To be secure, cryptographic algorithms crucially rely on the
> underlying hardware to avoid inadvertent leakage of secrets through timing
> side channels. Unfortunately, such timing channels are ubiquitous in modern
> hardware, due to its labyrinthine fast-paths and optimizations. A promising
> way to avoid timing vulnerabilities is to devise—and verify—conditions under
> which a hardware design is free of timing variability, i.e., executes in
> constant-time. In this paper, we present IODINE: a clock-precise, constant-
> time approach to eliminating timing side channels in hardware. IODINE
> succeeds in verifying various open source hardware designs in seconds and
> with little developer effort. IODINE also discovered two constant-time
> violations: one in a floating-point unit and another one in an RSA
> encryption module.

