What question did this study set out to answer?

The aim is to explore how decompilation can aid in maintaining constant-time properties in cryptographic code.

April 12, 2026Open Access

Decompiling for Constant-Time Analysis

Puntos clave

The aim is to explore how decompilation can aid in maintaining constant-time properties in cryptographic code.
Analyzed the Decompile-then-Analyze approach for static analysis.
Defined CT transparency and developed methods to prove it.
Built a CT-transparent decompiler based on LLVM.
Evaluated the new tool, CT-RetDec, against benchmarks of vulnerabilities.
Demonstrated that current decompilers may mask constant-time violations.
Identified program transformations that can inadvertently introduce vulnerabilities.
Showed substantial performance improvements with the CT-RetDec tool on vulnerability benchmarks.

Resumen

The constant-time programming discipline is commonly used to protect cryptographic libraries against side-channel attacks. However, it is hard to write constant-time code; moreover, compilers can introduce constant-time violations. Therefore, it is important to ensure that assembly code is constant-time. One approach is to show that source programs are constant-time, and that constant-timeness is preserved by compilation. In this paper, we explore the methodological soundness and scalability of the Decompile-then-Analyze approach, a less conventional alternative that has been suggested in the broader setting of static analysis. Informally, the Decompile-then-Analyze approach uses decompilers a front-end for static analysis tools. As a motivation for our study, we show that current decompilers eliminate CT vulnerabilities before CT analysis, leading to non-CT programs being accepted as constant-time. Independently, we provide constructed examples of non-CT, exploitable, programs that are accepted by two popular CT analysis tools; in both cases the culprit are program transformations that are used internally prior to CT analysis and eliminate CT violations. While our examples do not invalidate the general approach of these tools, they emphasize the need for studying the Decompile-then-Analyze approach. On the methodological side, we define the notion of CT transparency. Informally, a program transformation is CT transparent if does not eliminate nor introduce CT violations. We also provide general methods for proving that a transformation is CT transparent, and show that several transformations of interest are transparent. We also sketch an extension of CT transparency to speculative constant-time, which is used by cryptographic software as a protection against Spectre attacks. On the practical side, we build a CT-transparent version of the popular LLVM-based decompiler RetDec, and combine it with CT-LLVM, an existing CT verification tool for LLVM. We evaluate the resulting tool, called CT-RetDec on a benchmark set of real-world vulnerabilities in binaries, and show that the modifications had significant impact on how well CT-RetDec performs.

Leer artículo completoexternamente

Me gusta

Guardar

Ver artículo completo