"Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure."

Eyal Ronen, Kenneth G. Paterson, Adi Shamir (2018)
a service of Schloss Dagstuhl - Leibniz Center for Informatics