Setup & Installation
npx skills add https://github.com/trailofbits/constant-time-analysis --skill constant-time-analysis
https://github.com/trailofbits/constant-time-analysis
View on GitHubWhat This Skill Does
Detects timing side-channel vulnerabilities in cryptographic code across 12 languages. It analyzes assembly and bytecode for variable-time operations like secret-dependent branches, divisions, and table lookups that can leak private key material through execution timing. Developed by Trail of Bits. Manual code review misses timing vulnerabilities because the dangerous patterns look like normal arithmetic — this tool flags the exact instructions (DIV, IDIV, conditional jumps) that create exploitable timing differences, across languages from C to Python.
When to use it
- Working with constant time analysis functionality
- Implementing constant time analysis features
- Debugging constant time analysis related issues