Constant-time support lands in LLVM: Protecting cryptographic code at the compiler level
Page contentTrail of Bits has developed constant-time coding support for LLVM 21, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time code. This post will walk you through what we built, how it works, and what it supports. We’ll also discuss some of our future plans for extending this work.The compiler optimization problemModern compilers excel at making code run faster. They eliminate redundant operations, vectorize loops, and cleverly restructure…
