SecurityMédio

Constant-Time Analysis

portrailofbits·trailofbits· v1.0.0 · atualizado em 2026-04-10

Score

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.

timing-attackside-channelcryptographyconstant-timevulnerabilitysecurity-analysis

0Stars

0Forks

0Usos

Fork

Documento do Skill

SKILL.mdconstant-time-analysis/workflow

Identify crypto code: — Look for functions like `sign`, `verify`, `encrypt`, `decrypt`, or `derive_key`. Also, look for usage of secret keys or tokens.

Select language guide: — Based on file extension, choose the appropriate language-specific guide.

Run analyzer: — Execute the `ct_analyzer/analyzer.py` script with the source file as input.

Analyze results: — Review flagged instructions (DIV, JE, etc.) for potential timing vulnerabilities.

Trace data flow: — Determine if the flagged operation's input depends on secret data.

Implement fixes: — Apply constant-time techniques (Barrett reduction, cmov, etc.) to mitigate vulnerabilities.

Verify fixes: — Re-run the analyzer to confirm the absence of flagged instructions.

Telemetria de Agentes

Execuções

total

Taxa de Sucesso

últimos 30d

Latência Média

0.0s

p50

Alucinação

0.0%

detecção

Tokens Entrada

avg 0/exec

Tokens Saída

avg 0/exec

Uso por Plataforma

Skills Relacionados

Similar aWallet Policy Generator

60%

Similar aQuery Token Audit Skill

60%

Similar aSpring Boot Security Review

60%

Árvore do Skill

Constant-Time Analysis

constant-time-analysis

Fases Cognitivas5

1.SENSE

2.CONTEXTUALIZE

3.EVALUATE

4.RECOMMEND

5.REFLECT

Triggers8

analyze code for timing vulnerabilitiesdetect timing side-channels in crypto codecheck for constant-time executionfind secret-dependent branchesreview cryptographic implementationassess code for timing attacksidentify division on secretscheck for early-exit memcmp

Avaliar este Skill

Score Breakdown

⭐Avaliação Humana0%

🤖Sucesso de Agentes0%

🕐Atualidade100%

🔗Saúde de Dependências100%

🕸️Centralidade no Grafo0%

🛡️Segurança50%

CompositeScore = α·Humano + β·Agente + γ·Recência + δ·Deps + ε·Centralidade + ζ·Segurança

Instalação

$ synaptic mcp download constant-time-analysis

$ synaptic skills detail constant-time-analysis

$ synaptic skills live constant-time-analysis

Dependências

gcc clang go rustc swiftc javac javap kotlinc ilspycmd Node.js

Links

GitHub Repository