本文介绍了为什么我们需要一个恒定时间*单字节*比较函数?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

查看Go标准库,有一个函数,如下所示:

Looking at Go standard library, there's a ConstantTimeByteEq function that looks like this:

func ConstantTimeByteEq(x, y uint8) int {
    z := ^(x ^ y)
    z &= z >> 4
    z &= z >> 2
    z &= z >> 1

    return int(z)
}

我理解需要恒定时间字符串(数组等)比较,作为常规算法可能会在第一个不等长元素之后短路。但在这种情况下,不是常规比较两个固定大小的整数在CPU级别的恒定时间操作已经?

Now, I understand the need for constant time string (array, etc.) comparison, as a regular algorithm could short-circuit after the first unequal element. But in this case, isn't a regular comparison of two fixed-sized integers a constant time operation at the CPU level already?

推荐答案

不一定。很难知道编译器在做优化后会发出什么。你可能会得到不同的机器代码为高电平比较一个字节。泄漏只是一个微小的位在侧通道可能会将您的加密从基本上不可破坏改为希望不值得的裂痕所需的钱。

Not necessarily. And it is hard to tell what the compiler will emit after doing its optimizations. You could end up with different machine code for the highlevel "compare one byte". Leaking just a tiny bit in a side channel might change your encryption from "basically unbreakable" to "hopefully not worth the money needed for a crack".

这篇关于为什么我们需要一个恒定时间*单字节*比较函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-03 21:29
查看更多