Constant time cryptography

renich · April 3, 2026, 11:43pm

Question: is constant time in the roadmap, anywhere? Just asking. The question comes from the fact that LLVM has been at odds with constant-time since forever. Yet: Introducing constant-time support for LLVM to protect cryptographic code - The Trail of Bits Blog

HertzDevil · April 4, 2026, 12:20am

If the LLVM PR was merged (it isn’t), you could do this as long as Crystal uses the correct version of LLVM:

lib LibIntrinsics
  fun ct_select_i64 = "llvm.ct.select.i64"(Bool, Int64, Int64) : Int64
end

fun constant_time_lookup(secret_idx : Int32, table : Int64*) : Int64
  result = 0_i64

  i = 0
  while i < 8
    cond = i == secret_idx
    result |= LibIntrinsics.ct_select_i64(cond, table[i], 0_i64)
    i &+= 1
  end

  result
end

straight-shoota · April 7, 2026, 9:47am

I believe it makes sense for Crystal to wait until LLVM figures this out so that we can easily adopt it.

Topic		Replies	Views
Writing Crypto in Crystal Community	7	375	July 20, 2024
Crystal and LLVM Help & Support	5	456	September 6, 2019
Constants and Compiler Help & Support	8	767	December 31, 2020
LLVM provides no side-channel resistance Community	2	534	January 9, 2020
Very slow build speeds for hello world Help & Support	48	1920	December 25, 2025

Constant time cryptography

Related topics