Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How does ConstantTimeByteEq work?

Tags:

bit-manipulation

go

In Go's crytography library, I found this function ConstantTimeByteEq. What does it do, how does it work?

// ConstantTimeByteEq returns 1 if x == y and 0 otherwise.
func ConstantTimeByteEq(x, y uint8) int {
    z := ^(x ^ y)
    z &= z >> 4
    z &= z >> 2
    z &= z >> 1

    return int(z)
}
like image 433
Colonel Panic Avatar asked Jul 11 '13 21:07

Colonel Panic

2 Answers

x ^ y is x XOR y, where the result is 1 when the arguments are different and 0 when the arguments are the same:

x            = 01010011
y            = 00010011
x ^ y        = 01000000

^(x ^ y) negates this, i.e., you get 0 when the arguments are different and 1 otherwise:

^(x ^ y)     = 10111111 => z

Then we start shifting z to the right for masking its bits by itself. A shift pads the left side of the number with zero bits:

z >> 4       = 00001011

With the goal of propagating any zeros in z to the result, start ANDing:

z            = 10111111
z >> 4       = 00001011
z & (z >> 4) = 00001011

also fold the new value to move any zero to the right:

z            = 00001011
z >> 2       = 00000010
z & (z >> 2) = 00000010

further fold to the last bit:

z            = 00000010
z >> 1       = 00000001
z & (z >> 1) = 00000000

On the other hand, if you have x == y initially, it goes like this:

z            = 11111111
z (& z >> 4) = 00001111
z (& z >> 2) = 00000011
z (& z >> 1) = 00000001

So it really returns 1 when x == y, 0 otherwise.

Generally, if both x and y are zero the comparison can take less time than other cases. This function tries to make it so that all calls take the same time regardless of the values of its inputs. This way, an attacker can't use timing based attacks.

like image 88
perreal Avatar answered Oct 22 '22 23:10

perreal

It does exactly what the documentation says: It checks if x and y are equal. From a functional point it is just x == y, dead simple.

Doing x == y in this cryptic bit-fiddling-way prevent timing side attacks to algorithms: A x == y may get compiled to code which performs faster if x = y and slower if x != y (or the other way around) due to branch prediction in CPUs. This can be used by an attacker to learn something about the data handled by the cryptographic routines and thus compromise security.

like image 6
Volker Avatar answered Oct 22 '22 23:10

Volker
Sign in to Comment

Related questions

GO lang syntax error: unexpected name, expecting )
golang :how do I handle index out of range error?
Use Go lang with MSYS2
Naming convention for similar Golang variables
How to return html on Gin?
Structuring local imports without GitHub in Golang
Why does Go have a "bit clear (AND NOT)" operator?
AssertCalled always fails with testify library
How to check if []byte is all zeros in go
Why does my code work correctly when I run wg.Wait() inside a goroutine?
Split string and convert the substrings to integers in Go
How to parse string into url.Values in golang?
Does Go have an "infinite call stack" equivalent?
How do go modules work with installable commands?
How to use proxies with authentication in my HTTP requests?
remove null character from string
How do I package golang test helper code?
Golang. MongoDB bulkWrite() to update slice of documents
What does it mean by a 'systems language'?
Is Go's buffered channel lockless?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!