Pure-Rust traits and utilities for constant-time cryptographic implementations.
This crate represents a "best-effort" attempt, since side-channels are ultimately a property of a deployed cryptographic system including the hardware it runs on, not just of software.
It consists of a Choice type, a wrapper around a u8 that holds a
0 or 1, and a collection of traits using Choice instead of
bool. Implementations of these traits are provided for primitive
types.
toml
[dependencies.subtle]
version = "^0.6"
features = ["nightly"]
The nightly feature enables u128/i128 support and the use of
the test::black_box optimization barrier to protect the Choice
type.
The generic-impls feature (enabled by default) provides generic
impls of some traits. It can be disabled to allow specialized impls
without impl conflicts.
Documentation is available here.
Significant portions of this code were based upon Golang's "crypto/subtle" module, and this library aims to be that library's Rust equivalent.
This code has not yet received sufficient peer review by other qualified cryptographers to be considered in any way, shape, or form, safe. Further, this library does not provide much in the way of assurance against deliberate misuse. Instead, it is a low-level library, mostly of bit-flipping tricks, intended for other cryptographers who would like to implement their own constant-time libraries. (For an example usage of this library, please see curve25519-dalek and ed25519-dalek.)
USE AT YOUR OWN RISK