A useful high language for cryptography would likely have to:
* Not compile to C because you'd be left with the same doubts that the generated machine code is constant time
* Not use gcc / clang internally to generate machine code for the same reason..
* ..but still optimize as well as either
* ..while also implementing SIMD for all the useful platforms
* ..and knowing which approach is most efficient for the target platform (SIMD vs scalar vs SIMD+scalar, instruction selection, instruction ordering, data alignment, etc)
otherwise it's easier to just use C, or if you're a masochist, qhasm.
There is also not a readability issue with constant time code as long as it's in properly named functions (which will get inlined away if necessary).
* Not compile to C because you'd be left with the same doubts that the generated machine code is constant time
* Not use gcc / clang internally to generate machine code for the same reason..
* ..but still optimize as well as either
* ..while also implementing SIMD for all the useful platforms
* ..and knowing which approach is most efficient for the target platform (SIMD vs scalar vs SIMD+scalar, instruction selection, instruction ordering, data alignment, etc)
otherwise it's easier to just use C, or if you're a masochist, qhasm.
There is also not a readability issue with constant time code as long as it's in properly named functions (which will get inlined away if necessary).