Saved in:
Bibliographic Details
Main Authors: Geimer, Antoine, Maurice, Clementine
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2507.06112
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915377805524992
author Geimer, Antoine
Maurice, Clementine
author_facet Geimer, Antoine
Maurice, Clementine
contents Developers rely on constant-time programming to prevent timing side-channel attacks. But these efforts can be undone by compilers, whose optimizations may silently reintroduce leaks. While recent works have measured the extent of such leakage, they leave developers without actionable insights: which optimization passes are responsible, and how to disable them without modifying the compiler remains unclear. In this paper, we conduct a qualitative analysis of how compiler optimizations break constant-time code. We construct a dataset of compiler-introduced constant-time violations and analyze the internals of two widely used compilers, GCC and LLVM, to identify the specific optimization passes responsible. Our key insight is that a small set of passes are at the root of most leaks. To the best of our knowledge, we are also the first to characterize how the interactions between these passes contribute to leakage. Based on this analysis, we propose an original and practical mitigation that requires no source code modification or custom compiler: disabling selected optimization passes via compiler flags. We show that this approach significantly reduces leakage with minimal performance overhead, offering an immediately deployable defense for developers.
format Preprint
id arxiv_https___arxiv_org_abs_2507_06112
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Fun with flags: How Compilers Break and Fix Constant-Time Code
Geimer, Antoine
Maurice, Clementine
Cryptography and Security
Developers rely on constant-time programming to prevent timing side-channel attacks. But these efforts can be undone by compilers, whose optimizations may silently reintroduce leaks. While recent works have measured the extent of such leakage, they leave developers without actionable insights: which optimization passes are responsible, and how to disable them without modifying the compiler remains unclear. In this paper, we conduct a qualitative analysis of how compiler optimizations break constant-time code. We construct a dataset of compiler-introduced constant-time violations and analyze the internals of two widely used compilers, GCC and LLVM, to identify the specific optimization passes responsible. Our key insight is that a small set of passes are at the root of most leaks. To the best of our knowledge, we are also the first to characterize how the interactions between these passes contribute to leakage. Based on this analysis, we propose an original and practical mitigation that requires no source code modification or custom compiler: disabling selected optimization passes via compiler flags. We show that this approach significantly reduces leakage with minimal performance overhead, offering an immediately deployable defense for developers.
title Fun with flags: How Compilers Break and Fix Constant-Time Code
topic Cryptography and Security
url https://arxiv.org/abs/2507.06112