2022.08.22 11:28:03 (1561646369814634497) from Daniel J. Bernstein:
The documentation actually suggests, but doesn't quite say, that, already on Skylake, vector multiplications (used in many crypto implementations) _aren't_ constant-time. Since then I've been doing various scans to try to find inputs triggering variations; nothing to report yet. https://twitter.com/agl__/status/1561374336014901249
2022.08.21 17:27:04 (1561374334714671104) from "Adam Langley (@agl__)":
It appears that Intel doesn't guarantee constant-time execution of _any_ instructions on Ice Lake or later unless a configuration bit is set: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/data-operand-independent-timing-isa-guidance.html
2022.08.21 17:27:05 (1561374336014901249) from "Adam Langley (@agl__)", replying to "Adam Langley (@agl__)" (1561374334714671104):
Ice Lake was released in 2019 but this information is only a few months old. So hopefully multiplication etc actually is always constant-time on existing chips and this is just preparing for the future?