• Introducing constant-time support for LLVM to protect cryptographic code Trail of Bits has developed constant-time coding support for LLVM, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. • These changes are being reviewed and will be added in an upcoming release, LLVM 22. • This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time code. • This post will walk you through what we built, how it works, and what it supports. • We’ll also discuss some of our future plans for extending this work. • The compiler optimization problem Modern compilers excel at making code run faster.
Article Summaries:
- Trail of Bits has added constant‑time support to LLVM, slated for inclusion in LLVM 22. The update introduces a family of intrinsics, __builtin_ct_select, that signal to the compiler that a selection operation must remain constant‑time regardless of optimization level. By embedding these intrinsics, developers can write cryptographic code that the LLVM optimizer treats as security‑critical, preventing inadvertent branching or other timing‑dependent transformations that could leak secrets. The change responds to research showing that many production libraries lose constant‑time guarantees during compilation. Trail of Bits plans to extend this infrastructure in future releases.
Sources: