Detect timing side channels in cryptographic code with statistically rigorous methods.
Install
Section titled “Install”cargo add tacet --devbun add tacetSee build instructions.
go get github.com/agucova/tacet/bindings/goQuick example
Section titled “Quick example”use tacet::{TimingOracle, AttackerModel, Outcome, helpers::InputPair};
let inputs = InputPair::new( || [0u8; 32], // Baseline: all zeros || rand::random::<[u8; 32]>() // Sample: random data);
let outcome = TimingOracle::for_attacker(AttackerModel::AdjacentNetwork) .test(inputs, |data| { my_crypto_function(&data); });
assert!(outcome.passed(), "Timing leak detected: {:?}", outcome);Why Tacet?
Section titled “Why Tacet?”Existing tools like DudeCT output t-statistics and p-values. Tacet gives you what you actually want: the probability your code has a timing leak, plus how exploitable it would be.
| DudeCT | Tacet | |
|---|---|---|
| Output | t-statistic + p-value | Probability of leak (0–100%) |
| False positives | Unbounded | Converges to correct answer |
| Effect size | Not provided | Estimated in nanoseconds |
| Exploitability | Manual interpretation | Automatic classification |
| CI-friendly | Flaky without tuning | Works out of the box |
Real-world validation
Section titled “Real-world validation”While testing the library, I incidentally rediscovered CVE-2023-49092 (Marvin Attack) in the RustCrypto rsa crate—a ~500ns timing leak in RSA decryption. I wasn’t looking for it; the library just flagged it. See the full investigation.
Next steps
Section titled “Next steps” Installation Add Tacet to your project
Quick Start Write your first timing test
Two-Class Pattern Learn how to choose input classes
Attacker Models Choose the right threshold