A conclusion which might be reached is that smartcards should in future contain contain a timer which is started at the beginnin of every cryptographic operation and a delay loop introduced to ensure that the time taken is always the same. The alternative of attempting to ensure that equal processing is spent on each cycle threatens an infinite regress into second and third order effects, eg frequency of page faults. Covert channel analysis is bad enough as it is.
I remember the first computer I built had a neat wireless "sound card" built in. The radio waves generated by the processor could be modified by choosing the instructions executed. So you could get sound for your computer games by putting a radion next to the machine! The delay loops for the games contained multiple paths for different sounds. It was actually pretty good for the time. This leads me to believe that a delay loop might not be good enough. The leakage from the smart card could be enough to identify when the card entered the delay loop. The difference between the signal could be significant. Just a thought. -Peter