Skip to main content

Evaluator that detects timing side channels using fixed-vs-random test

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_evaluator_constanttime


Swarmauri Evaluator Constanttime

Evaluator that detects timing side channels using a fixed-vs-random strategy. It times a callable with repeated fixed inputs and compares those timings against randomly generated inputs. Welch's t-test and Cliff's delta are used to decide whether the observed runtime differences are statistically significant. The evaluator reports a score of 1.0 for constant-time behaviour and 0.0 otherwise, together with rich metadata about the underlying measurements.

Installation

pip

pip install swarmauri_evaluator_constanttime

Poetry

poetry add swarmauri_evaluator_constanttime

uv

uv venv
source .venv/bin/activate
uv pip install swarmauri_evaluator_constanttime

Usage

The example below evaluates a deliberately leaky string comparison that sleeps for every matching byte. Fixed inputs run all the way through the comparison and take measurably longer than random guesses that fail fast, so the evaluator flags the function as not constant time.

import secrets
import time

from swarmauri_core.programs.IProgram import IProgram
from swarmauri_evaluator_constanttime import ConstantTimeEvaluator


class DummyProgram(IProgram):
    def diff(self, other: "IProgram"):
        return ()

    def apply_diff(self, diff):
        return self

    def validate(self) -> bool:
        return True

    def clone(self) -> "IProgram":
        return DummyProgram()


def insecure_compare(secret: bytes, guess: bytes) -> bool:
    for secret_byte, guess_byte in zip(secret, guess):
        if secret_byte != guess_byte:
            return False
        time.sleep(0.0001)
    return len(secret) == len(guess)


def make_input_pair() -> tuple[bytes, bytes]:
    return secrets.token_bytes(16), secrets.token_bytes(16)


def main() -> None:
    evaluator = ConstantTimeEvaluator()
    score, metadata = evaluator._compute_score(
        program=DummyProgram(),
        fn=insecure_compare,
        make_input_pair=make_input_pair,
        fixed_pair=(b"A" * 16, b"A" * 16),
        n_samples=20,
        iters_per=5,
    )

    print(f"Score: {score:.1f}")
    print(f"Constant time? {metadata['constant_time']}")
    print(f"t-statistic: {metadata['t_stat']:.2f}")
    print(f"Cliff's delta: {metadata['cliff_delta']:.3f}")

    assert metadata["constant_time"] is False


if __name__ == "__main__":
    main()

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_evaluator_constanttime-0.3.0.dev38.tar.gz.

File metadata

  • Download URL: swarmauri_evaluator_constanttime-0.3.0.dev38.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_evaluator_constanttime-0.3.0.dev38.tar.gz
Algorithm Hash digest
SHA256 cfa66143115ae8982c91d747ff0aad068eede91ce382c2ca458791494db2c396
MD5 f347f102076ebc782e6e71b999086057
BLAKE2b-256 1e43bfb01e8317159ace196956e0f012a0614ba2994661d909de44ed6eb32a81

See more details on using hashes here.

File details

Details for the file swarmauri_evaluator_constanttime-0.3.0.dev38-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_evaluator_constanttime-0.3.0.dev38-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.4 {"installer":{"name":"uv","version":"0.10.4","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_evaluator_constanttime-0.3.0.dev38-py3-none-any.whl
Algorithm Hash digest
SHA256 70cd92511108a25d00c603516832b5322a338778c5ebd1f6e92db4596debc5c0
MD5 f3f676f05656c21197f33549d638a2cf
BLAKE2b-256 b03a70bd809a7175c9d4f01d92966c6658719a05936a791ff4e4b3b5ec326159

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page