From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 4982D7EF0D for ; Mon, 22 Feb 2016 21:16:36 +0100 (CET) IronPort-PHdr: 9a23:V3r/4BPKeLTfL3cyNokl6mtUPXoX/o7sNwtQ0KIMzox0KPv8rarrMEGX3/hxlliBBdydsKIbzbeK+Pm7BSQp2tWojjMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3DwdpPOO9QteU1JTokb3usMSIP01hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYPlc3mhyJFiezF7W78a0+4N/oWwL46pyv+YJa6jxfrw5QLpEF3xmdjltvIy4/SXEGC6O4nIaZV4KmxxPAQXb7RqyCpLwtiL8rfZV1yyTPMmwRrcxD2eM9aBuHTTogSFPETE+uDXcisV2yqRUp0j7/0dXzIvdYYXTP/17KPCONegGTHZMC54CHxdKBZmxOs5WV7IM Authentication-Results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=chan.ngo2203@gmail.com; spf=Pass smtp.mailfrom=chan.ngo2203@gmail.com; spf=None smtp.helo=postmaster@mail-qg0-f53.google.com Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of chan.ngo2203@gmail.com) identity=pra; client-ip=209.85.192.53; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="chan.ngo2203@gmail.com"; x-sender="chan.ngo2203@gmail.com"; x-conformance=sidf_compatible Received-SPF: Pass (mail2-smtp-roc.national.inria.fr: domain of chan.ngo2203@gmail.com designates 209.85.192.53 as permitted sender) identity=mailfrom; client-ip=209.85.192.53; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="chan.ngo2203@gmail.com"; x-sender="chan.ngo2203@gmail.com"; x-conformance=sidf_compatible; x-record-type="v=spf1" Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@mail-qg0-f53.google.com) identity=helo; client-ip=209.85.192.53; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="chan.ngo2203@gmail.com"; x-sender="postmaster@mail-qg0-f53.google.com"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AxAABba8tWmDXAVdFegm6CC7pUAQ2BZoYNAoFEOBQBAQEBAQEBARABAQEBAQYLCwkhL4ItghQBAQEDARIRHQEbHQEDAQsGBQQHDSoCAiECEQEFARwGEyKHYwEDCgidSIExPjGLNIFpgleFAgoZJw1Rg3kBAQEBAQEBAQEBAQEBAQEBAQEBAQEPAQUKBIdwCIJGgjqEeyuBDwWOHohhCItrgXMHiQyFYIcFhgYvgQ8eAQGCOAwSCIFmTIg5AQEB X-IPAS-Result: A0AxAABba8tWmDXAVdFegm6CC7pUAQ2BZoYNAoFEOBQBAQEBAQEBARABAQEBAQYLCwkhL4ItghQBAQEDARIRHQEbHQEDAQsGBQQHDSoCAiECEQEFARwGEyKHYwEDCgidSIExPjGLNIFpgleFAgoZJw1Rg3kBAQEBAQEBAQEBAQEBAQEBAQEBAQEPAQUKBIdwCIJGgjqEeyuBDwWOHohhCItrgXMHiQyFYIcFhgYvgQ8eAQGCOAwSCIFmTIg5AQEB X-IronPort-AV: E=Sophos;i="5.22,486,1449529200"; d="scan'208,217";a="204185314" Received: from mail-qg0-f53.google.com ([209.85.192.53]) by mail2-smtp-roc.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 22 Feb 2016 21:16:35 +0100 Received: by mail-qg0-f53.google.com with SMTP id y89so120507403qge.2 for ; Mon, 22 Feb 2016 12:16:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=FNmmZHDx1HrvFbBHbpPLvPl+cIAiQ/m/BbJ7LJuWBic=; b=R288TRkexmTo8jTGbB1JYlkMYN0TxsNMhZmFGySgxiC2XFIMnGA4ghp6mY6/a79lcZ ZvXzzEoB7gvx1dlPPdIeIm47Tbv/+mzAqJ4DWVLEs9ns+Tj5089q84/SH3TghiKInYAM wvjDmIUpO2XSsZxGCa0Fv4jeSE5m/SuwYU5F40T8ebTlk+ZtzN/BlabjMx326cYULcqN gSbP1UmNQ2kDEkd69F4f/cXu2kRZXTiDVi7HN3nG0f/OKgyzj99EizE1GY2Q+9/WuNuZ fxDpF/UgBOkWN17Ba8VH+S7GwJ7Q1NJu8ItrWZP3zOIoVy5HfMF/MK2bUKIIaThmmH8q /aNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=FNmmZHDx1HrvFbBHbpPLvPl+cIAiQ/m/BbJ7LJuWBic=; b=ThSPsVOPxM5evfxPU3jirX1cZAeXFrkfdjoykMdSa3wzPhJfEBsvIaDvZXqsbRI2n3 5ZfVADOIpyVFkFR0tLTA7ibWLqsnOdHyQguoHbyCVw9ETjanpdmwO207d9GkmbSKiwIU 3jcdcr3Y6iNIJ5Jk+i+IDF0qBrrr/AZcPu1v5uxPm2wqB3Irl8MtMa20NJMkvdGqffI9 1HO21oP/3SsYdTQAklnaDTCbGR3sAE4YVnq76UVON5gWGhjBasESnrjOsjgXjBlTiWFo jj9A22RRrreMg+eTHmwKX04WCCCpUKGBNMCpu4VYLvPKHuH1inzpEAE5+R1Sw2PAAnQD +GWQ== X-Gm-Message-State: AG10YOSUIazVpCE2ij+/3UaFlNgzATcQM4Rtyd5hVNhdacGaM4XhaojwTXKsJUzKmiIYCg== X-Received: by 10.140.222.18 with SMTP id s18mr38566915qhb.21.1456172194332; Mon, 22 Feb 2016 12:16:34 -0800 (PST) Received: from chans-mbp.wv.cc.cmu.edu (Chans-MBP.wv.cc.cmu.edu. [128.237.202.31]) by smtp.gmail.com with ESMTPSA id w140sm10879302qhb.37.2016.02.22.12.16.32 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Feb 2016 12:16:33 -0800 (PST) Content-Type: multipart/alternative; boundary="Apple-Mail=_A4B53C9C-F609-4395-8241-5449846FF1EA" Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\)) From: Chan Ngo In-Reply-To: Date: Mon, 22 Feb 2016 15:16:32 -0500 Cc: Anton Bachin , Caml List Message-Id: References: <20160222094853.GH1544@nunchakus.loria.fr> <46EAD496-8667-47FE-B39A-74DA94BC0C25@gmail.com> <4BDBBF0B-1783-4F91-9EFA-D3E9FF9EF1EF@gmail.com> <3DA136DD-0A26-4247-852E-DA596EBFE031@gmail.com> To: =?utf-8?Q?Milan_Stanojevi=C4=87?= X-Mailer: Apple Mail (2.3112) Subject: Re: [Caml-list] Constant-time function --Apple-Mail=_A4B53C9C-F609-4395-8241-5449846FF1EA Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Milan, thanks, I see what you mentioned with the =E2=80=9C&&=E2=80=9D operator. In= fact, one case the behavior as I wanted is in crypto primitive (we need co= nstant-time function to avoid time side-channel attack, for example, give a= ny input for comparing with the secret hash value with fixed size, the time= execution of comparing is constant. Best, Chan > On Feb 22, 2016, at 3:12 PM, Milan Stanojevi=C4=87 wr= ote: >=20 > Compiler short circuits && operator so your loop runs only til the first = element that differs. If you swap the arguments to && you should get the be= havior of visiting all elements (which is of course undesirable in practice) >=20 >=20 --Apple-Mail=_A4B53C9C-F609-4395-8241-5449846FF1EA Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi Milan,

thanks, I see what you mentione= d with the =E2=80=9C&&=E2=80=9D operator. In fact, one case the beh= avior as I wanted is in crypto primitive (we need constant-time function to= avoid time side-channel attack, for example, give any input for comparing = with the secret hash value with fixed size, the time execution of comparing= is constant.

Bes= t,
Chan

On Feb 22, 2016, at 3:12 PM= , Milan Stanojevi=C4=87 <milanst@gmail.com> wrote:

Compiler short circuits &&a= mp; operator so your loop runs only til the first element that differs. If = you swap the arguments to && you should get the behavior of visitin= g all elements (which is of course undesirable in practice)



<= /body>= --Apple-Mail=_A4B53C9C-F609-4395-8241-5449846FF1EA--