Skip to main content

Evaluator that detects timing side channels using fixed-vs-random test

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_evaluator_constanttime


Swarmauri Evaluator Constanttime

Evaluator that detects timing side channels using a fixed-vs-random strategy. It times a callable with repeated fixed inputs and compares those timings against randomly generated inputs. Welch's t-test and Cliff's delta are used to decide whether the observed runtime differences are statistically significant. The evaluator reports a score of 1.0 for constant-time behaviour and 0.0 otherwise, together with rich metadata about the underlying measurements.

Installation

pip

pip install swarmauri_evaluator_constanttime

Poetry

poetry add swarmauri_evaluator_constanttime

uv

uv venv
source .venv/bin/activate
uv pip install swarmauri_evaluator_constanttime

Usage

The example below evaluates a deliberately leaky string comparison that sleeps for every matching byte. Fixed inputs run all the way through the comparison and take measurably longer than random guesses that fail fast, so the evaluator flags the function as not constant time.

import secrets
import time

from swarmauri_core.programs.IProgram import IProgram
from swarmauri_evaluator_constanttime import ConstantTimeEvaluator


class DummyProgram(IProgram):
    def diff(self, other: "IProgram"):
        return ()

    def apply_diff(self, diff):
        return self

    def validate(self) -> bool:
        return True

    def clone(self) -> "IProgram":
        return DummyProgram()


def insecure_compare(secret: bytes, guess: bytes) -> bool:
    for secret_byte, guess_byte in zip(secret, guess):
        if secret_byte != guess_byte:
            return False
        time.sleep(0.0001)
    return len(secret) == len(guess)


def make_input_pair() -> tuple[bytes, bytes]:
    return secrets.token_bytes(16), secrets.token_bytes(16)


def main() -> None:
    evaluator = ConstantTimeEvaluator()
    score, metadata = evaluator._compute_score(
        program=DummyProgram(),
        fn=insecure_compare,
        make_input_pair=make_input_pair,
        fixed_pair=(b"A" * 16, b"A" * 16),
        n_samples=20,
        iters_per=5,
    )

    print(f"Score: {score:.1f}")
    print(f"Constant time? {metadata['constant_time']}")
    print(f"t-statistic: {metadata['t_stat']:.2f}")
    print(f"Cliff's delta: {metadata['cliff_delta']:.3f}")

    assert metadata["constant_time"] is False


if __name__ == "__main__":
    main()

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_evaluator_constanttime-0.3.0.dev48.tar.gz.

File metadata

  • Download URL: swarmauri_evaluator_constanttime-0.3.0.dev48.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_evaluator_constanttime-0.3.0.dev48.tar.gz
Algorithm Hash digest
SHA256 3e708509fe819e1542f04fb64969a329f6f46ea7afe342bd46dc61c0291ccdf9
MD5 42494e9683a87c9c4e01b754a0046524
BLAKE2b-256 86a6ee88828bc38ee4c763eaa5f1c1062b03cd87bff38cba0c33e307ad0c3af1

See more details on using hashes here.

File details

Details for the file swarmauri_evaluator_constanttime-0.3.0.dev48-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_evaluator_constanttime-0.3.0.dev48-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.12 {"installer":{"name":"uv","version":"0.10.12","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_evaluator_constanttime-0.3.0.dev48-py3-none-any.whl
Algorithm Hash digest
SHA256 b0fc3f75947508ed1cc0d3121d230368a7bc37167642cce2b082eaaec0e7a5d4
MD5 4903f3874db4e55959477162b1bacc08
BLAKE2b-256 10c8803d8712c46b037a89b8d615ba61df8ac61dd4ec7676ddec965925abdb5f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page