Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
No setup needed. Let our cloud agents run this skill for you.
Select Provider
Select Model
Claude Sonnet 4.5
$0.20/task
Best for coding tasks
Environment setup included
Constant-Time Analysis
Analyze cryptographic code to detect operations that leak secret data through execution timing variations.
When to Use
User writing crypto code? ──yes──> Use this skill │ no │ vUser asking about timing attacks? ──yes──> Use this skill │ no │ vCode handles secret keys/tokens? ──yes──> Use this skill │ no │ vSkip this skill
Concrete triggers:
User implements signature, encryption, or key derivation
Code contains / or % operators on secret-derived values
User mentions "constant-time", "timing attack", "side-channel", "KyberSlash"
Reviewing functions named sign, verify, encrypt, decrypt, derive_key
When NOT to Use
Non-cryptographic code (business logic, UI, etc.)
Public data processing where timing leaks don't matter
Code that doesn't handle secrets, keys, or authentication tokens
High-level API usage where timing is handled by the library
Language Selection
Based on the file extension or language context, refer to the appropriate guide:
# Analyze any supported file typeuv run {baseDir}/ct_analyzer/analyzer.py <source_file># Include conditional branch warningsuv run {baseDir}/ct_analyzer/analyzer.py --warnings <source_file># Filter to specific functionsuv run {baseDir}/ct_analyzer/analyzer.py --func 'sign|verify' <source_file># JSON output for CIuv
Native Compiled Languages Only (C, C++, Go, Rust)
# Cross-architecture testing (RECOMMENDED)uv run {baseDir}/ct_analyzer/analyzer.py --arch x86_64 crypto.cuv run {baseDir}/ct_analyzer/analyzer.py --arch arm64 crypto.c# Multiple optimization levelsuv run {baseDir}/ct_analyzer/analyzer.py --opt-level O0 crypto.cuv run {baseDir}/ct_analyzer/analyzer.py --opt-level O3 crypto.c
VM-Compiled Languages (Java, Kotlin, C#)
# Analyze Java bytecodeuv run {baseDir}/ct_analyzer/analyzer.py CryptoUtils.java# Analyze Kotlin bytecode (Android/JVM)uv run {baseDir}/ct_analyzer/analyzer.py CryptoUtils.kt# Analyze C# ILuv run {baseDir}/ct_analyzer/analyzer.py CryptoUtils.cs
Note: Java, Kotlin, and C# compile to bytecode (JVM/CIL) that runs on a virtual machine with JIT compilation. The analyzer examines the bytecode directly, not the JIT-compiled native code. The --arch and --opt-level flags do not apply to these languages.
Swift (iOS/macOS)
# Analyze Swift for native architectureuv run {baseDir}/ct_analyzer/analyzer.py crypto.swift# Analyze for specific architecture (iOS devices)uv run {baseDir}/ct_analyzer/analyzer.py --arch arm64 crypto.swift# Analyze with different optimization levelsuv run {baseDir}/ct_analyzer/analyzer.py --opt-level O0 crypto.swift
Note: Swift compiles to native code like C/C++/Go/Rust, so it uses assembly-level analysis and supports --arch and --opt-level flags.
Prerequisites
Language
Requirements
C, C++, Go, Rust
Compiler in PATH (gcc/clang, go, rustc)
Swift
Xcode or Swift toolchain (swiftc in PATH)
Java
JDK with javac and javap in PATH
Kotlin
Kotlin compiler (kotlinc) + JDK (javap) in PATH
C#
macOS users: Homebrew installs Java and .NET as "keg-only". You must add them to your PATH:
# For Java (add to ~/.zshrc)export PATH="/opt/homebrew/opt/openjdk@21/bin:$PATH"# For .NET tools (add to ~/.zshrc)export PATH="$HOME/.dotnet/tools:$PATH"
[ERROR] SDIV Function: decompose_vulnerable Reason: SDIV has early termination optimization; execution time depends on operand values
Verifying Results (Avoiding False Positives)
CRITICAL: Not every flagged operation is a vulnerability. The tool has no data flow analysis - it flags ALL potentially dangerous operations regardless of whether they involve secrets.
For each flagged violation, ask: Does this operation's input depend on secret data?
Identify the secret inputs to the function (private keys, plaintext, signatures, tokens)
Trace data flow from the flagged instruction back to inputs
Common false positive patterns:
// FALSE POSITIVE: Division uses public constant, not secretint num_blocks = data_len / 16; // data_len is length, not content// TRUE POSITIVE: Division involves secret-derived valueint32_t q = secret_coef / GAMMA2; // secret_coef from private key
Document your analysis for each flagged item
Quick Triage Questions
Question
If Yes
If No
Is the operand a compile-time constant?
Likely false positive
Continue
Is the operand a public parameter (length, count)?
Likely false positive
Continue
Is the operand derived from key/plaintext/secret?
TRUE POSITIVE
Likely false positive
Can an attacker influence the operand value?
TRUE POSITIVE
Likely false positive
Limitations
Static Analysis Only: Analyzes assembly/bytecode, not runtime behavior. Cannot detect cache timing or microarchitectural side-channels.
No Data Flow Analysis: Flags all dangerous operations regardless of whether they process secrets. Manual review required.
Compiler/Runtime Variations: Different compilers, optimization levels, and runtime versions may produce different output.
Claude Sonnet 4.5