Documentation
¶
Overview ¶
Package security provides constant-time operations for cryptographic security
IMPORTANT: This implementation provides defense-in-depth against timing attacks. For maximum security in production: 1. Use hardware that supports constant-time instructions (e.g., ARM64 crypto extensions) 2. Consider using assembly-optimized libraries for critical paths 3. Run on dedicated hardware without SMT/hyperthreading for high-value operations 4. Use blinding/masking for all secret-dependent operations
Package security provides security utilities for protecting sensitive data
Index ¶
- Variables
- func ConstantTimeArrayAccess(array []*big.Int, index int) *big.Int
- func ConstantTimeBigIntEqual(a, b *big.Int) int
- func ConstantTimeByteEq(a, b uint8) int
- func ConstantTimeBytesCopy(dst, src []byte)
- func ConstantTimeCompare(a, b []byte) bool
- func ConstantTimeCondSwap(swap int, a, b *big.Int) (*big.Int, *big.Int)
- func ConstantTimeEq(x, y int32) int
- func ConstantTimeGreater(a, b int) int
- func ConstantTimeIsNonZero(x *big.Int) int
- func ConstantTimeIsOdd(x *big.Int) int
- func ConstantTimeIsZero(x *big.Int) int
- func ConstantTimeLeadingZeros(x *big.Int) int
- func ConstantTimeLessOrEq(x, y int) int
- func ConstantTimeLimbsEqual(a, b *big.Int) bool
- func ConstantTimeModAdd(a, b, m *big.Int) *big.Int
- func ConstantTimeModExp(base, exp, m *big.Int) *big.Int
- func ConstantTimeModInv(a, m *big.Int) *big.Int
- func ConstantTimeModMul(a, b, m *big.Int) *big.Int
- func ConstantTimeModNeg(x, m *big.Int) *big.Int
- func ConstantTimeModSqr(x, m *big.Int) *big.Int
- func ConstantTimeModSub(a, b, m *big.Int) *big.Int
- func ConstantTimeMontgomeryLadder(k *big.Int, scalarMult func(*big.Int) *big.Int) *big.Int
- func ConstantTimeSelect(v int, x, y *big.Int) *big.Int
- func ConstantTimeSelectBytes(v int, x, y []byte) []byte
- func GenerateRandomScalar(max *big.Int) (*big.Int, error)
- func MaskBigInt(x, m *big.Int) (masked, mask *big.Int, err error)
- func SanitizeInput(input string, maxLength int) error
- func SecureCompareScalars(a, b *big.Int) bool
- func SecureZero(data []byte)
- func SecureZeroBigInt(b *big.Int)
- func SecureZeroWords(words []big.Word)
- func TimingSafeDiv(a, b, m *big.Int) *big.Int
- func UnmaskBigInt(masked, mask, m *big.Int) *big.Int
- func ValidateNonZeroScalar(value *big.Int) error
- func ValidatePartyID(partyID, parties int) error
- func ValidateScalarInRange(value, max *big.Int) error
- func ValidateThreshold(threshold, parties int) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidThreshold is returned when threshold parameters are invalid ErrInvalidThreshold = errors.New("invalid threshold: must satisfy 1 <= t <= n") // ErrInvalidPartyID is returned when party ID is out of range ErrInvalidPartyID = errors.New("invalid party ID: must be in range [0, n)") // ErrInvalidPartyCount is returned when party count is too small ErrInvalidPartyCount = errors.New("invalid party count: must be >= 2") // ErrInvalidRange is returned when a value is outside expected range ErrInvalidRange = errors.New("value out of valid range") )
Functions ¶
func ConstantTimeArrayAccess ¶
ConstantTimeArrayAccess accesses an array element in constant time This prevents cache-timing attacks based on array access patterns Returns array[index] if index is valid, zero otherwise
func ConstantTimeBigIntEqual ¶
ConstantTimeBigIntEqual compares two big.Ints in constant time Returns 1 if equal, 0 otherwise
func ConstantTimeByteEq ¶
ConstantTimeByteEq returns 1 if a == b and 0 otherwise
func ConstantTimeBytesCopy ¶
func ConstantTimeBytesCopy(dst, src []byte)
ConstantTimeBytesCopy copies bytes in constant time
func ConstantTimeCompare ¶
ConstantTimeCompare compares two byte slices in constant time Returns true if they are equal, false otherwise
func ConstantTimeCondSwap ¶
ConstantTimeCondSwap conditionally swaps two big.Ints based on condition bit If swap == 1, swaps a and b; if swap == 0, leaves unchanged Uses XOR-based swap to prevent branch prediction leaks
func ConstantTimeEq ¶
ConstantTimeEq returns 1 if x == y and 0 otherwise
func ConstantTimeGreater ¶
ConstantTimeGreater returns 1 if a > b, 0 otherwise (constant-time) Both a and b must be in range [0, 2^31)
func ConstantTimeIsNonZero ¶
ConstantTimeIsNonZero returns 1 if x is non-zero, 0 otherwise (constant-time)
func ConstantTimeIsOdd ¶
ConstantTimeIsOdd returns 1 if x is odd, 0 if even (constant-time)
func ConstantTimeIsZero ¶
ConstantTimeIsZero returns 1 if x is zero, 0 otherwise (constant-time)
func ConstantTimeLeadingZeros ¶
ConstantTimeLeadingZeros counts leading zeros in constant time This prevents timing leaks from bit length checks
func ConstantTimeLessOrEq ¶
ConstantTimeLessOrEq returns 1 if x <= y and 0 otherwise Both x and y must be non-negative and less than 2^31
func ConstantTimeLimbsEqual ¶
ConstantTimeLimbsEqual compares big.Int at the limb level More resistant to compiler optimization than byte comparison
func ConstantTimeModAdd ¶
ConstantTimeModAdd performs constant-time modular addition result = (a + b) mod m Uses constant-time reduction to prevent timing leaks
func ConstantTimeModExp ¶
ConstantTimeModExp performs constant-time modular exponentiation result = base^exp mod m Uses Montgomery ladder or fixed-window exponentiation
func ConstantTimeModInv ¶
ConstantTimeModInv performs constant-time modular inversion result = a^(-1) mod m using Extended Euclidean Algorithm Returns nil if inverse doesn't exist
Note: Go 1.20+ uses constant-time ModInverse for prime moduli For composite moduli, timing leaks may exist
func ConstantTimeModMul ¶
ConstantTimeModMul performs constant-time modular multiplication result = (a * b) mod m
func ConstantTimeModNeg ¶
ConstantTimeModNeg performs constant-time modular negation result = -x mod m = m - x
func ConstantTimeModSqr ¶
ConstantTimeModSqr performs constant-time modular squaring result = x^2 mod m Squaring can be faster than multiplication
func ConstantTimeModSub ¶
ConstantTimeModSub performs constant-time modular subtraction result = (a - b) mod m
func ConstantTimeMontgomeryLadder ¶
ConstantTimeMontgomeryLadder performs constant-time scalar multiplication This is used for ECC operations: result = k * P The Montgomery ladder always performs the same operations regardless of k
func ConstantTimeSelect ¶
ConstantTimeSelect returns x if v == 1 and y if v == 0 v must be 0 or 1, operation is constant-time This is critical for preventing branch-based timing attacks
func ConstantTimeSelectBytes ¶
ConstantTimeSelectBytes returns x if v == 1 and y if v == 0 The value v must be 0 or 1. This function is constant-time.
func GenerateRandomScalar ¶
GenerateRandomScalar generates a cryptographically secure random scalar in range [1, max). This is a wrapper around pkg/crypto/rand for convenience
func MaskBigInt ¶
MaskBigInt masks a big.Int with random blinding factor This provides defense against differential power analysis (DPA) Returns: (masked value, mask, error)
func SanitizeInput ¶
SanitizeInput validates and sanitizes string input Returns error if input contains null bytes or exceeds max length
func SecureCompareScalars ¶
SecureCompareScalars compares two scalars in constant time Returns true if equal, false otherwise
func SecureZero ¶
func SecureZero(data []byte)
SecureZero securely zeros out a byte slice to prevent secrets from remaining in memory This uses a method that prevents the compiler from optimizing away the zeroing
func SecureZeroBigInt ¶
SecureZeroBigInt securely zeros a big.Int by clearing its internal buffer Note: Go's big.Int doesn't expose internal bytes directly Best practice: Set to zero and rely on garbage collector
func SecureZeroWords ¶
SecureZeroWords zeros out a Word slice in constant time This is used for clearing intermediate values in big.Int operations
func TimingSafeDiv ¶
TimingSafeDiv performs timing-safe division using multiplicative inverse Returns a / b mod m = a * b^(-1) mod m
func UnmaskBigInt ¶
UnmaskBigInt removes blinding mask from a big.Int x = (masked - mask) mod m
func ValidateNonZeroScalar ¶
ValidateNonZeroScalar checks if scalar is non-zero
func ValidatePartyID ¶
ValidatePartyID checks if party ID is valid for given party count
func ValidateScalarInRange ¶
ValidateScalarInRange checks if scalar is in valid range [1, max)
func ValidateThreshold ¶
ValidateThreshold checks if threshold parameters are valid Returns error if: - threshold < 1 - threshold > parties - parties < 2
Types ¶
This section is empty.
Source Files