Ordinary code is judged on whether it produces the right answer. Cryptographic code is held to a stranger standard: it must produce the right answer in exactly the same amount of time, no matter what the secret data is. Violate that rule and an attacker who can only measure how long your code runs can, given enough samples, recover the key it was protecting. This is why crypto libraries are full of code that looks needlessly convoluted — and why that convolution is the point. Imagine a function