constant-time-analysis

# Constant-Time Analysis Analyze cryptographic code to detect operations that leak secret data through execution timing variations. ## When to Use ```text User writing crypto code? ──yes──> Use this skill │ no │ v User asking about timing attacks? ──yes──> Use this skill │ no │ v Code handles secret keys/tokens? ──yes──> Use this skill │ no │ v Skip this skill ``` **Concrete triggers:** - User implements signature, encryption, or key derivation - Code contains `/` or `%` operators on secret-derived values - User mentions "constant-time", "timing attack", "side-channel", "KyberSlash" - Reviewing functions named `sign`, `verify`, `encrypt`, `decrypt`, `derive_key` ## When NOT to Use - Non-cryptographic code (business logic, UI, etc.) - Public data processing where timing leaks don't matter - Code that doesn't handle secrets, keys, or authentication tokens - High-level API usage where timing is handled by the library ## Language Selection Based on the file extension or language context, refer to the appropriate guide: | Language | File Extensions | Guide | | ---------- | --------------------------------- | -------------------------------------------------------- | | C, C++ | `.c`, `.h`, `.cpp`, `.cc`, `.hpp` | references/compiled.md | | Go | `.go` ...