Skip to content

CONCEPT Cited by 1 source

Timing side-channel

Definition

A timing side-channel is a class of side-channel attack where an attacker infers secret information by measuring how long cryptographic operations take. Execution time that varies with the secret key or message content can leak enough information — over many observations — to reconstruct the private key.

Why it matters for PQ migration

Post-quantum signature algorithms introduce new timing hazards that did not exist with classical schemes:

  • Floating-point arithmetic (FN-DSA): Hardware FPUs have data-dependent latencies. A constant-time FPU implementation on Intel may be variable-time on ARM. The FN-DSA specification's natural implementation is FPU-accelerated, creating a new class of platform-specific timing risk.
  • Complex algebraic operations (SQIsign): Isogeny computations involve variable-length chains that are difficult to pad to constant time without massive performance penalties.
  • Rejection sampling (ML-DSA): The signing loop repeats until output meets a norm bound. Constant-time implementations must mask the number of attempts.

(Source: sources/2026-07-09-cloudflare-post-quantum-signature-algorithms)

Mitigation approaches

Approach Trade-off
Constant-time software Performance penalty; must be validated per-platform
Fixed-point emulation (FN-DSA) ~20× slower than FPU; safer
Randomised signing (FN-DSA) Prevents deterministic-signature key-leak attacks; complicates testing
Blinding Adds random noise to intermediate values; modest perf cost

Seen in

Last updated · 575 distilled / 1,757 read