CONCEPT Cited by 1 source
Timing side-channel¶
Definition¶
A timing side-channel is a class of side-channel attack where an attacker infers secret information by measuring how long cryptographic operations take. Execution time that varies with the secret key or message content can leak enough information — over many observations — to reconstruct the private key.
Why it matters for PQ migration¶
Post-quantum signature algorithms introduce new timing hazards that did not exist with classical schemes:
- Floating-point arithmetic (FN-DSA): Hardware FPUs have data-dependent latencies. A constant-time FPU implementation on Intel may be variable-time on ARM. The FN-DSA specification's natural implementation is FPU-accelerated, creating a new class of platform-specific timing risk.
- Complex algebraic operations (SQIsign): Isogeny computations involve variable-length chains that are difficult to pad to constant time without massive performance penalties.
- Rejection sampling (ML-DSA): The signing loop repeats until output meets a norm bound. Constant-time implementations must mask the number of attempts.
(Source: sources/2026-07-09-cloudflare-post-quantum-signature-algorithms)
Mitigation approaches¶
| Approach | Trade-off |
|---|---|
| Constant-time software | Performance penalty; must be validated per-platform |
| Fixed-point emulation (FN-DSA) | ~20× slower than FPU; safer |
| Randomised signing (FN-DSA) | Prevents deterministic-signature key-leak attacks; complicates testing |
| Blinding | Adds random noise to intermediate values; modest perf cost |
Seen in¶
- sources/2026-07-09-cloudflare-post-quantum-signature-algorithms — FN-DSA implementation hazards and the tension between testability and security