{"id":"57c62465-6ef1-44ff-aaf7-942a5293e5dc","shortId":"LbER5z","kind":"skill","title":"constant-time-analysis","tagline":"Analyze cryptographic code to detect operations that leak secret data through execution timing variations.","description":"# Constant-Time Analysis\n\nAnalyze cryptographic code to detect operations that leak secret data through execution timing variations.\n\n## When to Use\n```text\nUser writing crypto code? ──yes──> Use this skill\n │\n no\n │\n v\nUser asking about timing attacks? ──yes──> Use this skill\n │\n no\n │\n v\nCode handles secret keys/tokens? ──yes──> Use this skill\n │\n no\n │\n v\nSkip this skill\n```\n\n**Concrete triggers:**\n\n- User implements signature, encryption, or key derivation\n- Code contains `/` or `%` operators on secret-derived values\n- User mentions \"constant-time\", \"timing attack\", \"side-channel\", \"KyberSlash\"\n- Reviewing functions named `sign`, `verify`, `encrypt`, `decrypt`, `derive_key`\n\n## When NOT to Use\n\n- Non-cryptographic code (business logic, UI, etc.)\n- Public data processing where timing leaks don't matter\n- Code that doesn't handle secrets, keys, or authentication tokens\n- High-level API usage where timing is handled by the library\n\n## Language Selection\n\nBased on the file extension or language context, refer to the appropriate guide:\n\n| Language | File Extensions | Guide |\n| ---------- | --------------------------------- | -------------------------------------------------------- |\n| C, C++ | `.c`, `.h`, `.cpp`, `.cc`, `.hpp` | references/compiled.md |\n| Go | `.go` | references/compiled.md |\n| Rust | `.rs` | references/compiled.md |\n| Swift | `.swift` | references/swift.md |\n| Java | `.java` | references/vm-compiled.md |\n| Kotlin | `.kt`, `.kts` | references/kotlin.md |\n| C# | `.cs` | references/vm-compiled.md |\n| PHP | `.php` | references/php.md |\n| JavaScript | `.js`, `.mjs`, `.cjs` | references/javascript.md |\n| TypeScript | `.ts`, `.tsx` | references/javascript.md |\n| Python | `.py` | references/python.md |\n| Ruby | `.rb` | references/ruby.md |\n\n## Quick Start\n\n```bash\n# Analyze any supported file type\nuv run {baseDir}/ct_analyzer/analyzer.py \n\n# Include conditional branch warnings\nuv run {baseDir}/ct_analyzer/analyzer.py --warnings \n\n# Filter to specific functions\nuv run {baseDir}/ct_analyzer/analyzer.py --func 'sign|verify' \n\n# JSON output for CI\nuv run {baseDir}/ct_analyzer/analyzer.py --json \n```\n\n### Native Compiled Languages Only (C, C++, Go, Rust)\n\n```bash\n# Cross-architecture testing (RECOMMENDED)\nuv run {baseDir}/ct_analyzer/analyzer.py --arch x86_64 crypto.c\nuv run {baseDir}/ct_analyzer/analyzer.py --arch arm64 crypto.c\n\n# Multiple optimization levels\nuv run {baseDir}/ct_analyzer/analyzer.py --opt-level O0 crypto.c\nuv run {baseDir}/ct_analyzer/analyzer.py --opt-level O3 crypto.c\n```\n\n### VM-Compiled Languages (Java, Kotlin, C#)\n\n```bash\n# Analyze Java bytecode\nuv run {baseDir}/ct_analyzer/analyzer.py CryptoUtils.java\n\n# Analyze Kotlin bytecode (Android/JVM)\nuv run {baseDir}/ct_analyzer/analyzer.py CryptoUtils.kt\n\n# Analyze C# IL\nuv run {baseDir}/ct_analyzer/analyzer.py CryptoUtils.cs\n```\n\nNote: Java, Kotlin, and C# compile to bytecode (JVM/CIL) that runs on a virtual machine with JIT compilation. The analyzer examines the bytecode directly, not the JIT-compiled native code. The `--arch` and `--opt-level` flags do not apply to these languages.\n\n### Swift (iOS/macOS)\n\n```bash\n# Analyze Swift for native architecture\nuv run {baseDir}/ct_analyzer/analyzer.py crypto.swift\n\n# Analyze for specific architecture (iOS devices)\nuv run {baseDir}/ct_analyzer/analyzer.py --arch arm64 crypto.swift\n\n# Analyze with different optimization levels\nuv run {baseDir}/ct_analyzer/analyzer.py --opt-level O0 crypto.swift\n```\n\nNote: Swift compiles to native code like C/C++/Go/Rust, so it uses assembly-level analysis and supports `--arch` and `--opt-level` flags.\n\n### Prerequisites\n\n| Language | Requirements |\n| ---------------------- | --------------------------------------------------------- |\n| C, C++, Go, Rust | Compiler in PATH (`gcc`/`clang`, `go`, `rustc`) |\n| Swift | Xcode or Swift toolchain (`swiftc` in PATH) |\n| Java | JDK with `javac` and `javap` in PATH |\n| Kotlin | Kotlin compiler (`kotlinc`) + JDK (`javap`) in PATH |\n| C# | .NET SDK + `ilspycmd` (`dotnet tool install -g ilspycmd`) |\n| PHP | PHP with VLD extension or OPcache |\n| JavaScript/TypeScript | Node.js in PATH |\n| Python | Python 3.x in PATH |\n| Ruby | Ruby with `--dump=insns` support |\n\n**macOS users**: Homebrew installs Java and .NET as \"keg-only\". You must add them to your PATH:\n\n```bash\n# For Java (add to ~/.zshrc)\nexport PATH=\"/opt/homebrew/opt/openjdk@21/bin:$PATH\"\n\n# For .NET tools (add to ~/.zshrc)\nexport PATH=\"$HOME/.dotnet/tools:$PATH\"\n```\n\nSee references/vm-compiled.md for detailed setup instructions and troubleshooting.\n\n## Quick Reference\n\n| Problem | Detection | Fix |\n| ---------------------- | ------------------------------- | -------------------------------------------- |\n| Division on secrets | DIV, IDIV, SDIV, UDIV | Barrett reduction or multiply-by-inverse |\n| Branch on secrets | JE, JNE, BEQ, BNE | Constant-time selection (cmov, bit masking) |\n| Secret comparison | Early-exit memcmp | Use `crypto/subtle` or constant-time compare |\n| Weak RNG | rand(), mt_rand, Math.random | Use crypto-secure RNG |\n| Table lookup by secret | Array subscript on secret index | Bit-sliced lookups |\n\n## Interpreting Results\n\n**PASSED** - No variable-time operations detected.\n\n**FAILED** - Dangerous instructions found. Example:\n\n```text\n[ERROR] SDIV\n Function: decompose_vulnerable\n Reason: SDIV has early termination optimization; execution time depends on operand values\n```\n\n## Verifying Results (Avoiding False Positives)\n\n**CRITICAL**: Not every flagged operation is a vulnerability. The tool has no data flow analysis - it flags ALL potentially dangerous operations regardless of whether they involve secrets.\n\nFor each flagged violation, ask: **Does this operation's input depend on secret data?**\n\n1. **Identify the secret inputs** to the function (private keys, plaintext, signatures, tokens)\n\n2. **Trace data flow** from the flagged instruction back to inputs\n\n3. **Common false positive patterns**:\n\n ```c\n // FALSE POSITIVE: Division uses public constant, not secret\n int num_blocks = data_len / 16; // data_len is length, not content\n\n // TRUE POSITIVE: Division involves secret-derived value\n int32_t q = secret_coef / GAMMA2; // secret_coef from private key\n ```\n\n4. **Document your analysis** for each flagged item\n\n### Quick Triage Questions\n\n| Question | If Yes | If No |\n| ------------------------------------------------- | --------------------- | --------------------- |\n| Is the operand a compile-time constant? | Likely false positive | Continue |\n| Is the operand a public parameter (length, count)?| Likely false positive | Continue |\n| Is the operand derived from key/plaintext/secret? | **TRUE POSITIVE** | Likely false positive |\n| Can an attacker influence the operand value? | **TRUE POSITIVE** | Likely false positive |\n\n## Limitations\n\n1. **Static Analysis Only**: Analyzes assembly/bytecode, not runtime behavior. Cannot detect cache timing or microarchitectural side-channels.\n\n2. **No Data Flow Analysis**: Flags all dangerous operations regardless of whether they process secrets. Manual review required.\n\n3. **Compiler/Runtime Variations**: Different compilers, optimization levels, and runtime versions may produce different output.\n\n## Real-World Impact\n\n- **KyberSlash (2023)**: Division instructions in post-quantum ML-KEM implementations allowed key recovery\n- **Lucky Thirteen (2013)**: Timing differences in CBC padding validation enabled plaintext recovery\n- **RSA Timing Attacks**: Early implementations leaked private key bits through division timing\n\n## References\n\n- [Cryptocoding Guidelines](https://github.com/veorq/cryptocoding) - Defensive coding for crypto\n- [KyberSlash](https://kyberslash.cr.yp.to/) - Division timing in post-quantum crypto\n- [BearSSL Constant-Time](https://www.bearssl.org/constanttime.html) - Practical constant-time techniques","tags":["constant","time","analysis","antigravity","awesome","skills","sickn33","agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding"],"capabilities":["skill","source-sickn33","skill-constant-time-analysis","topic-agent-skills","topic-agentic-skills","topic-ai-agent-skills","topic-ai-agents","topic-ai-coding","topic-ai-workflows","topic-antigravity","topic-antigravity-skills","topic-claude-code","topic-claude-code-skills","topic-codex-cli","topic-codex-skills"],"categories":["antigravity-awesome-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/sickn33/antigravity-awesome-skills/constant-time-analysis","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add sickn33/antigravity-awesome-skills","source_repo":"https://github.com/sickn33/antigravity-awesome-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 34831 github stars · SKILL.md body (9,217 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-24T06:50:56.652Z","embedding":null,"createdAt":"2026-04-18T21:35:00.938Z","updatedAt":"2026-04-24T06:50:56.652Z","lastSeenAt":"2026-04-24T06:50:56.652Z","tsv":"'/)':956 '/.zshrc':545,556 '/constanttime.html)':970 '/ct_analyzer/analyzer.py':231,239,248,259,278,286,296,305,325,334,342,399,410,422 '/go/rust':436 '/opt/homebrew/opt/openjdk':548 '/veorq/cryptocoding)':948 '1':717,850 '16':760 '2':730,868 '2013':921 '2023':905 '21/bin':549 '3':512,741,886 '4':786 '64':281 'add':535,543,554 'allow':916 'analysi':4,22,443,690,789,852,872 'analyz':5,23,223,319,327,336,363,391,401,414,854 'android/jvm':330 'api':147 'appli':384 'appropri':169 'arch':279,287,376,411,446 'architectur':272,395,404 'arm64':288,412 'array':630 'ask':52,707 'assembl':441 'assembly-level':440 'assembly/bytecode':855 'attack':55,99,839,933 'authent':142 'avoid':673 'back':738 'barrett':581 'base':158 'basedir':230,238,247,258,277,285,295,304,324,333,341,398,409,421 'bash':222,269,318,390,540 'bearssl':964 'behavior':858 'beq':593 'bit':600,636,939 'bit-slic':635 'block':757 'bne':594 'branch':234,588 'busi':121 'bytecod':321,329,351,366 'c':175,176,177,199,265,266,317,337,348,455,456,490,746 'c/c':435 'cach':861 'cannot':859 'cbc':925 'cc':180 'channel':102,867 'ci':255 'cjs':208 'clang':463 'cmov':599 'code':7,25,44,62,84,120,134,374,433,950 'coef':779,782 'common':742 'compar':614 'comparison':603 'compil':262,313,349,361,372,430,459,484,807,890 'compile-tim':806 'compiler/runtime':887 'concret':75 'condit':233 'constant':2,20,96,596,612,752,809,966,973 'constant-tim':19,95,595,611,965,972 'constant-time-analysi':1 'contain':85 'content':766 'context':165 'continu':813,825 'count':821 'cpp':179 'critic':676 'cross':271 'cross-architectur':270 'crypto':43,623,952,963 'crypto-secur':622 'crypto.c':282,289,301,310 'crypto.swift':400,413,427 'crypto/subtle':609 'cryptocod':944 'cryptograph':6,24,119 'cryptoutils.cs':343 'cryptoutils.java':326 'cryptoutils.kt':335 'cs':200 'danger':649,695,875 'data':14,32,126,688,716,732,758,761,870 'decompos':657 'decrypt':110 'defens':949 'depend':667,713 'deriv':83,91,111,773,829 'detail':564 'detect':9,27,572,647,860 'devic':406 'differ':416,889,898,923 'direct':367 'div':577 'divis':574,749,769,906,941,957 'document':787 'doesn':136 'dotnet':494 'dump':519 'earli':605,662,934 'early-exit':604 'enabl':928 'encrypt':80,109 'error':654 'etc':124 'everi':678 'examin':364 'exampl':652 'execut':16,34,665 'exit':606 'export':546,557 'extens':162,173,503 'fail':648 'fals':674,743,747,811,823,835,847 'file':161,172,226 'filter':241 'fix':573 'flag':381,451,679,692,705,736,792,873 'flow':689,733,871 'found':651 'func':249 'function':105,244,656,724 'g':497 'gamma2':780 'gcc':462 'github.com':947 'github.com/veorq/cryptocoding)':946 'go':183,184,267,457,464 'guid':170,174 'guidelin':945 'h':178 'handl':63,138,152 'high':145 'high-level':144 'home/.dotnet/tools':559 'homebrew':524 'hpp':181 'identifi':718 'idiv':578 'il':338 'ilspycmd':493,498 'impact':903 'implement':78,915,935 'includ':232 'index':634 'influenc':840 'input':712,721,740 'insn':520 'instal':496,525 'instruct':566,650,737,907 'int':755 'int32':775 'interpret':639 'invers':587 'involv':701,770 'io':405 'ios/macos':389 'item':793 'java':192,193,315,320,345,474,526,542 'javac':477 'javap':479,487 'javascript':205 'javascript/typescript':506 'jdk':475,486 'je':591 'jit':360,371 'jit-compil':370 'jne':592 'js':206 'json':252,260 'jvm/cil':352 'keg':531 'keg-on':530 'kem':914 'key':82,112,140,726,785,917,938 'key/plaintext/secret':831 'keys/tokens':65 'kotlin':195,316,328,346,482,483 'kotlinc':485 'kt':196 'kts':197 'kyberslash':103,904,953 'kyberslash.cr.yp.to':955 'kyberslash.cr.yp.to/)':954 'languag':156,164,171,263,314,387,453 'leak':12,30,130,936 'len':759,762 'length':764,820 'level':146,292,299,308,380,418,425,442,450,892 'librari':155 'like':434,810,822,834,846 'limit':849 'logic':122 'lookup':627,638 'lucki':919 'machin':358 'maco':522 'manual':883 'mask':601 'math.random':620 'matter':133 'may':896 'memcmp':607 'mention':94 'microarchitectur':864 'mjs':207 'ml':913 'ml-kem':912 'mt':618 'multipl':290 'multipli':585 'multiply-by-invers':584 'must':534 'name':106 'nativ':261,373,394,432 'net':491,528,552 'node.js':507 'non':118 'non-cryptograph':117 'note':344,428 'num':756 'o0':300,426 'o3':309 'opcach':505 'oper':10,28,87,646,680,696,710,876 'operand':669,804,816,828,842 'opt':298,307,379,424,449 'opt-level':297,306,378,423,448 'optim':291,417,664,891 'output':253,899 'pad':926 'paramet':819 'pass':641 'path':461,473,481,489,509,515,539,547,550,558,560 'pattern':745 'php':202,203,499,500 'plaintext':727,929 'posit':675,744,748,768,812,824,833,836,845,848 'post':910,961 'post-quantum':909,960 'potenti':694 'practic':971 'prerequisit':452 'privat':725,784,937 'problem':571 'process':127,881 'produc':897 'public':125,751,818 'py':215 'python':214,510,511 'q':777 'quantum':911,962 'question':796,797 'quick':220,569,794 'rand':617,619 'rb':218 'real':901 'real-world':900 'reason':659 'recommend':274 'recoveri':918,930 'reduct':582 'refer':166,570,943 'references/compiled.md':182,185,188 'references/javascript.md':209,213 'references/kotlin.md':198 'references/php.md':204 'references/python.md':216 'references/ruby.md':219 'references/swift.md':191 'references/vm-compiled.md':194,201,562 'regardless':697,877 'requir':454,885 'result':640,672 'review':104,884 'rng':616,625 'rs':187 'rsa':931 'rubi':217,516,517 'run':229,237,246,257,276,284,294,303,323,332,340,354,397,408,420 'runtim':857,894 'rust':186,268,458 'rustc':465 'sdiv':579,655,660 'sdk':492 'secret':13,31,64,90,139,576,590,602,629,633,702,715,720,754,772,778,781,882 'secret-deriv':89,771 'secur':624 'see':561 'select':157,598 'setup':565 'side':101,866 'side-channel':100,865 'sign':107,250 'signatur':79,728 'skill':48,59,69,74 'skill-constant-time-analysis' 'skip':72 'slice':637 'source-sickn33' 'specif':243,403 'start':221 'static':851 'subscript':631 'support':225,445,521 'swift':189,190,388,392,429,466,469 'swiftc':471 'tabl':626 'techniqu':975 'termin':663 'test':273 'text':40,653 'thirteen':920 'time':3,17,21,35,54,97,98,129,150,597,613,645,666,808,862,922,932,942,958,967,974 'token':143,729 'tool':495,553,685 'toolchain':470 'topic-agent-skills' 'topic-agentic-skills' 'topic-ai-agent-skills' 'topic-ai-agents' 'topic-ai-coding' 'topic-ai-workflows' 'topic-antigravity' 'topic-antigravity-skills' 'topic-claude-code' 'topic-claude-code-skills' 'topic-codex-cli' 'topic-codex-skills' 'trace':731 'triag':795 'trigger':76 'troubleshoot':568 'true':767,832,844 'ts':211 'tsx':212 'type':227 'typescript':210 'udiv':580 'ui':123 'usag':148 'use':39,46,57,67,116,439,608,621,750 'user':41,51,77,93,523 'uv':228,236,245,256,275,283,293,302,322,331,339,396,407,419 'v':50,61,71 'valid':927 'valu':92,670,774,843 'variabl':644 'variable-tim':643 'variat':18,36,888 'verifi':108,251,671 'version':895 'violat':706 'virtual':357 'vld':502 'vm':312 'vm-compil':311 'vulner':658,683 'warn':235,240 'weak':615 'whether':699,879 'world':902 'write':42 'www.bearssl.org':969 'www.bearssl.org/constanttime.html)':968 'x':513 'x86':280 'xcode':467 'yes':45,56,66,799","prices":[{"id":"8b32288d-cf33-4f26-9aa1-19db107cf9cb","listingId":"57c62465-6ef1-44ff-aaf7-942a5293e5dc","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"sickn33","category":"antigravity-awesome-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:35:00.938Z"}],"sources":[{"listingId":"57c62465-6ef1-44ff-aaf7-942a5293e5dc","source":"github","sourceId":"sickn33/antigravity-awesome-skills/constant-time-analysis","sourceUrl":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/constant-time-analysis","isPrimary":false,"firstSeenAt":"2026-04-18T21:35:00.938Z","lastSeenAt":"2026-04-24T06:50:56.652Z"}],"details":{"listingId":"57c62465-6ef1-44ff-aaf7-942a5293e5dc","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"sickn33","slug":"constant-time-analysis","github":{"repo":"sickn33/antigravity-awesome-skills","stars":34831,"topics":["agent-skills","agentic-skills","ai-agent-skills","ai-agents","ai-coding","ai-workflows","antigravity","antigravity-skills","claude-code","claude-code-skills","codex-cli","codex-skills","cursor","cursor-skills","developer-tools","gemini-cli","gemini-skills","kiro","mcp","skill-library"],"license":"mit","html_url":"https://github.com/sickn33/antigravity-awesome-skills","pushed_at":"2026-04-24T06:41:17Z","description":"Installable GitHub library of 1,400+ agentic skills for Claude Code, Cursor, Codex CLI, Gemini CLI, Antigravity, and more. Includes installer CLI, bundles, workflows, and official/community skill collections.","skill_md_sha":"099f9964ab76e5de0e2c0516ae3730bab7912c0d","skill_md_path":"skills/constant-time-analysis/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/constant-time-analysis"},"layout":"multi","source":"github","category":"antigravity-awesome-skills","frontmatter":{"name":"constant-time-analysis","description":"Analyze cryptographic code to detect operations that leak secret data through execution timing variations."},"skills_sh_url":"https://skills.sh/sickn33/antigravity-awesome-skills/constant-time-analysis"},"updatedAt":"2026-04-24T06:50:56.652Z"}}