Constant-time violations for div[u][w] and rem[u][w]

Hi,

we have discovered that several instructions in OpenC910 (commit e0c4ad8e) have data-dependent execution times, which could break the security assumptions of constant-time crypto code. The vulnerable instructions are as follows:
```

- div
- divu
- divw
- divuw
- rem
- remu
- remw
- remuw

```
The following depicts the traces for the `div` instruction for two different sets of inputs, resulting in different execution times.
Since the remaining instructions rely on the same execution unit, they are equally affected by this behaviour.

![Image](https://github.com/user-attachments/assets/d1927eb6-b2fc-49dc-9d52-a82ec2e811e9)
![Image](https://github.com/user-attachments/assets/6a6d9478-e413-4aee-a33e-6c64b6a83613)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Constant-time violations for div[u][w] and rem[u][w] #47

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Constant-time violations for div[u][w] and rem[u][w] #47

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions