Skip to main content

Evaluator that detects timing side channels using fixed-vs-random test

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_evaluator_constanttime


Swarmauri Evaluator Constanttime

Evaluator that detects timing side channels using a fixed-vs-random strategy. It times a callable with repeated fixed inputs and compares those timings against randomly generated inputs. Welch's t-test and Cliff's delta are used to decide whether the observed runtime differences are statistically significant. The evaluator reports a score of 1.0 for constant-time behaviour and 0.0 otherwise, together with rich metadata about the underlying measurements.

Installation

pip

pip install swarmauri_evaluator_constanttime

Poetry

poetry add swarmauri_evaluator_constanttime

uv

uv venv
source .venv/bin/activate
uv pip install swarmauri_evaluator_constanttime

Usage

The example below evaluates a deliberately leaky string comparison that sleeps for every matching byte. Fixed inputs run all the way through the comparison and take measurably longer than random guesses that fail fast, so the evaluator flags the function as not constant time.

import secrets
import time

from swarmauri_core.programs.IProgram import IProgram
from swarmauri_evaluator_constanttime import ConstantTimeEvaluator


class DummyProgram(IProgram):
    def diff(self, other: "IProgram"):
        return ()

    def apply_diff(self, diff):
        return self

    def validate(self) -> bool:
        return True

    def clone(self) -> "IProgram":
        return DummyProgram()


def insecure_compare(secret: bytes, guess: bytes) -> bool:
    for secret_byte, guess_byte in zip(secret, guess):
        if secret_byte != guess_byte:
            return False
        time.sleep(0.0001)
    return len(secret) == len(guess)


def make_input_pair() -> tuple[bytes, bytes]:
    return secrets.token_bytes(16), secrets.token_bytes(16)


def main() -> None:
    evaluator = ConstantTimeEvaluator()
    score, metadata = evaluator._compute_score(
        program=DummyProgram(),
        fn=insecure_compare,
        make_input_pair=make_input_pair,
        fixed_pair=(b"A" * 16, b"A" * 16),
        n_samples=20,
        iters_per=5,
    )

    print(f"Score: {score:.1f}")
    print(f"Constant time? {metadata['constant_time']}")
    print(f"t-statistic: {metadata['t_stat']:.2f}")
    print(f"Cliff's delta: {metadata['cliff_delta']:.3f}")

    assert metadata["constant_time"] is False


if __name__ == "__main__":
    main()

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_evaluator_constanttime-0.3.0.dev47.tar.gz.

File metadata

  • Download URL: swarmauri_evaluator_constanttime-0.3.0.dev47.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_evaluator_constanttime-0.3.0.dev47.tar.gz
Algorithm Hash digest
SHA256 c47548155df031dd449626eae4edb24feea5558265fd9ae6af40a5d48cba9a65
MD5 72dc837352aa3e9882c134fb52a3e7ce
BLAKE2b-256 8536d73264946b0cee8311dcd8642e15853bdea7c91eea6ee47445f47e874f2e

See more details on using hashes here.

File details

Details for the file swarmauri_evaluator_constanttime-0.3.0.dev47-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_evaluator_constanttime-0.3.0.dev47-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_evaluator_constanttime-0.3.0.dev47-py3-none-any.whl
Algorithm Hash digest
SHA256 b2be357697ca7e064fed8cfccb9475d772adb1c18c3382313120f208124588c9
MD5 b9073bff4e71ca38acfda584eba63f1c
BLAKE2b-256 9e3d06ef1b84b5c170bc0df1733860b0b2adaeefed4ed24be4bf545f8f84db4c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page