Floating-point computation exhibits significant runtime variation based on input param-

eters with some inputs executing over 100 times slower. The timing differences are so severe

that attacks have successfully broken privacy guarantees of real systems (e.g. browsers). My

thesis presents a defense against floating-point timing variability called CTFP – Constant-Time

Floating-Point. The CTFP approach avoids all known fast and slow paths by surrounding every

operation with special code that guarantees no dangerous inputs or outputs are observed. CTFP

provides five constant-time implementations that trade-off between performance and correct-

ness. Through these implementations, CTFP provides a principled method for defending against

floating-point timing attacks.