Constant-time serde serializer/deserializer helpers for data that potentially contains secrets (e.g. cryptographic keys)
Serialization is a potential sidechannel for leaking sensitive secrets such as cryptographic keys.
This crate provides “best effort” constant-time helper methods for reducing the amount of timing variability involved in serializing/deserializing data when using serde
, Rust's standard serialization framework.
These helper methods conditionally serialize data as hexadecimal using the constant-time base16ct
crate when using human-readable formats such as JSON or TOML. When using a binary format, the data is serialized as-is into binary.
While this crate can‘t ensure that format implementations don’t perform other kinds of data-dependent branching on the contents of the serialized data, using a constant-time hex serialization with human-readable formats should help reduce the overall timing variability.
Rust 1.56 or newer.
In the future, we reserve the right to change MSRV (i.e. MSRV is out-of-scope for this crate's SemVer guarantees), however when we do it will be accompanied by a minor version bump.
Licensed under either of:
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.