IODINE: Verifying Constant-Time Execution of Hardware

Klaus von Gleissenthal, Rami Gökhan Klcl, Deian Stefan, Ranjit Jhala

Research output: Chapter in Book / Report / Conference proceedingChapterAcademicpeer-review


To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise – and verify – conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present IODINE: a clock-precise, constant-time approach to eliminating timing side channels in hardware. IODINE succeeds in verifying various open source hardware designs in seconds and with little developer effort. IODINE also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.
Original languageEnglish
Title of host publication28th USENIX Security Symposium 2019
Publication statusPublished - 2019


Dive into the research topics of 'IODINE: Verifying Constant-Time Execution of Hardware'. Together they form a unique fingerprint.

Cite this