CONCEPT Cited by 1 source
Side-channel attack¶
Definition¶
A side-channel attack exploits information leaked by the physical implementation of a cryptographic system rather than a weakness in the algorithm itself. Observable side channels include execution time (timing), power consumption, electromagnetic emanation, cache access patterns, and acoustic signals.
In the context of post-quantum signature deployment, timing side-channel attacks are the primary concern: if signing time varies based on the secret key or message, an attacker who can observe many signing operations can reconstruct the private key.
Relevance to PQ signatures¶
- FN-DSA: Uses floating-point arithmetic for efficient signing. Hardware FPU behavior is processor-specific and poorly understood from a constant-time perspective. A side-channel-safe implementation for one CPU may leak on another. Fixed-point emulation is safe but ~20× slower.
- SQIsign: Signing is inherently difficult to implement in constant time due to the isogeny computation structure. Performance penalties for safe implementations are severe.
- ML-DSA: Designed with constant-time implementation in mind; lattice operations are relatively straightforward to implement without timing leaks.
(Source: sources/2026-07-09-cloudflare-post-quantum-signature-algorithms)
Design principle¶
Cryptographic implementations should run in constant time regardless of input — same code paths, same memory access patterns, same number of operations. Any data-dependent branching or memory access is a potential leak.
Seen in¶
- sources/2026-07-09-cloudflare-post-quantum-signature-algorithms — FN-DSA floating-point side-channel challenges