Cache-timing Attack Detection and Prevention Application to Crypto Libs and PQC

International audienceWith the publication of Spectre & Meltdown attacks, cache-timing exploitation techniques have received a wealth of attention recently. On the one hand, it is now well understood which some patterns in the C source code create observable unbalances in terms of timing. On the other hand, some practical cache-timing attacks (or Common Vulnerabilities and Exposures) have also been reported. However the exact relationship between vulnerabilities and exploitations is not enough studied as of today. In this article, we put forward a methodology to characterize the leakage induced by a "non-constant-time" construct in the source code. This methodology allows us to recover known attacks and to warn about possible new ones, possibly devastating