Lib.rs

Detect side channels in Rust code with statistically rigorous methods.

$ cargo test --test aes_timing -- --nocapture

[aes128_block_encrypt_constant_time]
tacet
──────────────────────────────────────────────────────────────

  Samples: 6000 per class
  Quality: Good

  ✓ No timing leak detected

    Probability of leak: 0.0%
    95% CI: 0.0–12.5 ns

──────────────────────────────────────────────────────────────

Installation

cargo add tacet --dev

Quick Start

use tacet::{timing_test_checked, TimingOracle, AttackerModel, Outcome};

#[test]
fn constant_time_compare() {
    let secret = [0u8; 32];

    let outcome = timing_test_checked! {
        oracle: TimingOracle::for_attacker(AttackerModel::AdjacentNetwork),
        baseline: || [0u8; 32],
        sample: || rand::random::<[u8; 32]>(),
        measure: |input| {
            constant_time_eq(&secret, &input);
        },
    };

    match outcome {
        Outcome::Pass { .. } => { /* No leak */ }
        Outcome::Fail { exploitability, .. } => panic!("Timing leak: {:?}", exploitability),
        Outcome::Inconclusive { .. } => { /* Could not determine */ }
        Outcome::Unmeasurable { .. } => { /* Operation too fast */ }
    }
}

Why Another Tool?

Existing tools like DudeCT output t-statistics and p-values that are hard to interpret. tacet gives you what you actually want: the probability your code has a timing leak, plus how exploitable it would be.

Attacker Model Presets

Choose your threat model to define what timing differences matter. Cycle-based thresholds use a 5 GHz reference frequency (conservative).

Beyond Timing

Experimental support for power and EM side-channel analysis is available via the power feature. See the documentation for details.

Documentation

• API Documentation
• GitHub Repository

License

MPL-2.0