RFC: Secret types in Rust


Cryptographic engineers use constant-time code to prevent cryptographic implementations from leaking secret values through side-channel attacks. However, LLVM's optimisations often undo these protections, and make our binaries insecure.

Using empty asm!() directives and empty functions, I will show how we can circumvent LLVM's optimizations, and make our binaries secure again. However, these tricks are ugly and unsupported on the stable channel. We need something bigger to solve this issue in the long run. We need secret types.

Presented by

  • Diane Hosfelt Diane Hosfelt
  • Daan Sprenkels Daan Sprenkels

    I am a PhD student at the Radboud University in Nijmegen, mainly working on implementations of (post-quantum) crypto-schemes. I currently see myself as an aspiring cryptographic engineer.