Overview
This course aims to teach learners how to write constant-time cryptographic code using the FaCT domain-specific language. The learning outcomes include understanding the challenges of writing secure crypto code, learning how FaCT enables developers to use high-level language constructs to write constant-time code, and integrating FaCT into existing projects and languages. The course covers topics such as timing side channels, cryptographic padding, writing constant-time code, and verifying constant-time code. The teaching method involves a lecture-style presentation by the instructor. The intended audience for this course includes software developers, particularly those working with cryptography, who are interested in improving the security of their code by writing in a constant-time manner.
Syllabus
Intro
Timing side channels
Cryptographic padding
Constant-time coding example
Padding removal: 1st try
Writing constant-time code is hard
Error-prone in practice
What does Fact look like?
Labels ensure no leakage
Automatically transform code
Transformations are tricky
Verifying constant-time code
Interoperate with external code
Performance numbers
User study results
Future directions
Taught by
Strange Loop Conference