Abstract
Real-world cryptographic code is often written in a subset
of C intended to execute in constant-time, thereby avoiding
timing side channel vulnerabilities. This C subset eschews
structured programming as we know it: if-statements, looping constructs, and procedural abstractions can leak timing
information when handling sensitive data. The resulting
obfuscation has led to subtle bug