Timing Attack

Timing attacks exploit input-dependent execution time in cryptographic and authentication code. Classic targets are non-constant-time string comparisons (each early-mismatch byte short-circuits and reveals progress), modular exponentiation (square-and-multiply leaking key bits), AES table lookups, and database lookups whose duration depends on row existence. Even small differences — nanoseconds across a network, or microseconds locally — can be amplified by averaging many measurements. Defences require constant-time implementations (HMAC-style comparisons, branch-free conditional moves), library primitives like crypto_constant_time_eq, careful audit of cryptographic libraries, and rate-limiting or jitter at the boundary where attackers can measure.