DALC-CT: Dynamic Analysis of Low-Level Code Traces for Constant-Time Verification

Computer Science > Cryptography and Security [Submitted on 18 Apr 2026] DALC-CT: Dynamic Analysis of Low-Level Code Traces for Constant-Time Verification Nges Brian Njungle, Edwin P. Kayang, Mishel J. Paul, Michel A. Kinsy Timing side-channel attacks exploit variations in program execution time to recover sensitive information. Cryptographic implementations are especially vulnerable to these attacks, since even small timing differences in operations such as modular exponentiation or key comparisons can be exploited to extract highly sensitive information, such as secret keys. To mitigate this threat, implementations of programs that handle sensitive information are often expected to adhere to constant-time principles, ensuring that execution behavior does not depend on secret inputs. However, validating the constant-time property of programs remains a major challenge in cryptography development. Formal method approaches to verify constant-time implementations rely on abstractions that often fail to capture real execution behavior, while timing-based measurement techniques are highly sensitive to noise from other programs and even hardware environments. In this work, we propose a novel approach for verifying constant-time programs based on dynamic analysis of low-level execution traces. Our method measures instruction sequences across multiple input values for any given binary and targeted function. Any variations in the instruction mix distribution for any given pair of traces indicate a deviation from the constant-time principle and behavior. We developed an open-source tool called DALC-CT, for the constant-time verification of programs using this approach. We evaluated it on a set of well-known constant-time and non-constant-time examples, achieving a perfect detection of issues. Our results demonstrate that analyzing the logical execution of programs via instruction trace comparisons provides a lightweight and reliable way to verify the constant-time property of programs. Comments: 9 pages Subjects: Cryptography and Security (cs.CR); Programming Languages (cs.PL) ACM classes: I.2 Report number: STAM-Center-REP-010 Cite as: arXiv:2604.16832 [cs.CR]   (or arXiv:2604.16832v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.16832 Focus to learn more Submission history From: Michel Kinsy [view email] [v1] Sat, 18 Apr 2026 04:47:54 UTC (160 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs cs.PL References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)