What is Side-Channel Attack?
An attack that exploits indirect information leakage from a system — such as timing, power consumption, or electromagnetic emissions — rather than breaking the cryptography directly.
Side-channel attacks bypass cryptographic security by observing the physical characteristics of the system performing the encryption.
Types
- Timing attacks: Measuring how long operations take reveals information about the key
- Power analysis: Monitoring power consumption during cryptographic operations
- Electromagnetic emissions: Capturing EM radiation from processors
- Acoustic cryptanalysis: Listening to sounds made by computer hardware
- Cache timing: Exploiting CPU cache behavior to extract keys
Famous Examples
- Spectre/Meltdown (2018): CPU speculative execution leaks data across security boundaries
- TEMPEST: NSA program for capturing EM emissions from equipment
- Hertzbleed (2022): CPU frequency scaling leaks cryptographic keys
Defense
- Constant-time implementations (algorithms that take the same time regardless of input)
- Hardware countermeasures (noise generation, power regulation)
- Algorithms designed for side-channel resistance (Curve25519, ChaCha20)
Related Terms
Cryptanalysis
The study of analyzing and breaking cryptographic systems. Cryptanalysts seek to find weaknesses in encryption algorithms, protocols, or implementations that would allow recovering plaintext or keys without authorization.
Encryption
The process of converting information into a code to prevent unauthorized access. Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a cryptographic algorithm and key. Only those with the correct key can decrypt and read the original data.
Have more questions?
Use our guided flow to get the right next privacy step for Side-Channel Attack.
Open Guided Flow