On constant-time crypto

Sun, 04 Jan 2026 00:00:00 +0000

Some notes on learning/using constant-time cryptography.

Constant-Time Arithmetic for Safer Cryptography
- constant-time arbitrary-precision arithmetic operations
- constant-time programs - operations vary in time based only on public values
- examples
  - replacing branches with bitwise operations
  - avoiding array accesses with secret indices
  - making sure that loops have a fixed number of iterations
- modern crypto
  - finite fields with fixed parameters (eg. ECC)
- traditional crypto
  - not fixed parameter (eg. RSA)
- saferith as a constant-time alternative to Go’s big.Int
- problem: traditional libraries store numbers without zero padding
- solution: pad numbers to different public sizes
  - leaks public sizes, while still keeping values hidden

Example of constant-time string comparison

1 correctMac = self.Sign(msg)
2 if len(correctMac) != len(sig_bytes):
3 return False
4 result = 0
5 for x, y in zip(correctMac, sig_bytes):
6 result |= ord(x) ^ ord(y)
7 return result == 0

Guidelines for low-level cryptography software | Cryptocoding | Jean-Philippe Aumasson
- Go’s crypto/subtle library: implements functions that are often useful in cryptographic code but require careful thought to use correctly
- Select between a and b without using if-else.
```
 1/* Conditionally return a or b depending on whether bit is set */
 2/* Equivalent to: return bit ? a : b */
 3unsigned select (unsigned a, unsigned b, unsigned bit)
 4{
 5 unsigned isnonzero = (bit | -bit) >> (sizeof(unsigned) * CHAR_BIT - 1);
 6 /* -0 = 0, -1 = 0xff....ff */
 7 unsigned mask = -isnonzero;
 8 unsigned ret = mask & (b^a);
 9 ret = ret ^ b;
10 return ret;
11}
```
  - Only if bit is 0, the (bit | -bit) will result in MSB (isnonzero) equal to 0. In all other cases, MSB (isnonzero) is equal to 1.
  - If mask is 0 we return b, else if mask is 1 we return a.
- Avoid secret-dependent loop bounds
  - https://heartbleed.com/
- Clean memory of secret data
  - Unfortunately, there’s virtually no way to reliably clean secret data in garbage-collected languages (such as Go), nor in language with immutable strings.
https://github.com/cronokirby/saferith

Claude Code usage notes

Fri, 03 Jan 2025 00:00:00 +0000

I had been meaning to looking into coding agents seriously for some time. Thanks to Claude Code gift pass from @npankaj365 and @karpathy’s post, I was finally able to do it.

general
- ask Claude to summarize a project, trace how events/requests are handled, code organization
editor
- use backward slash (\ + Enter) for multiline inputs
- use @ to tag files or folders
modes
- shift + tab to enter “Plan Mode”
- Thinking spectrum (from shallow to deep): "Think", "Think more", "Think a lot", "Think longer", "Ultrathink"
context & memory

Notes on Aashutosh Poudel

On benchmarking crimes

On post-quantum crypto

On constant-time crypto

Claude Code usage notes