search for: jbkspe

...ering whether operations on i128/i256 and more generally on integer types in LLVM are guaranteed to be constant time or not. For instance, for now, the x86 & aarch64 backend generate constant time code for additions on i256 integers (see https://godbolt.org/z/xMfkqz & https://godbolt.org/z/jbkSpe), but is there some guarantee that this will always be the case? For instance one could add an early exit if the carry is zero at some point. One use case is cryptography code on elliptic curves, where you need this constant-time property to avoid side channel leakages. Such constant-time property...