Should we prefer ChaCha20+Kyber over AES+Kyber for side-channel reasons?

ChaCha20 is more naturally constant-time on hardware without AES-NI. On modern x86 with AES-NI, AES-256 is constant-time and faster. Choose ChaCha20 for embedded / non-x86; AES-256 for server-side x86.

Are PQ algorithms more side-channel-prone than ECC?

Yes, in raw operations: more arithmetic, more conditional logic. In production: not meaningfully riskier when using mature libraries (OpenSSL 3.5, BoringSSL). The library quality dominates the algorithm choice for side-channel exposure.

Do we need to run side-channel testing on every release?

For production crypto code, yes — same hygiene as you'd apply to any cryptographic library. Most teams rely on the underlying library's testing (OpenSSL has extensive constant-time testing); custom integrations need their own.

What about timing leaks in network protocols using PQ?

Protocol-level timing channels (TLS handshake completion time, JWT verification response time) can also leak. Defence: rate-limit API endpoints; use deliberate-delay middleware for security-sensitive verifications.

Are there papers on quantum-side-channel attacks?

"Quantum-side-channel" usually means using quantum sensors (atomic clocks, single-photon detectors) for side-channel measurement — research-stage, not production-relevant for typical enterprise threat models.

Side-Channel Attacks on Post-Quantum Implementations — Kyber Timing Leaks and Constant-Time Defences

Read as

Post-quantum algorithms are mathematically resistant to quantum attacks but vulnerable to classical side-channel attacks if implemented carelessly — timing leaks, cache leaks, power analysis, fault injection. The 2022-2024 academic literature documented exploitable timing leaks in early Kyber and Dilithium implementations. This module covers the side-channel attack classes specific to PQ algorithms, what mitigations the reference implementations include, and what to verify when integrating PQ libraries.

PQ migration solves quantum-resistance and creates new side-channel exposure. The lattice-based algorithms (ML-KEM, ML-DSA) have many more arithmetic operations than RSA/ECDSA, more conditional branches, more polynomial-ring math — more opportunities for implementation flaws. Treat PQ libraries with the same suspicion you’d treat a new TLS implementation: ask for security audits, prefer reference implementations.

The side-channel attack landscape

Side-channel attacks recover secrets by measuring physical or computational artifacts of execution rather than breaking the algorithm directly. The classic categories:

Timing — observe execution time of cryptographic operations to infer secret-dependent branches. The most prevalent class.
Cache — measure CPU cache hits/misses to infer memory access patterns. Common in cloud / multi-tenant environments.
Power analysis (DPA, SPA) — measure power consumption variations during cryptographic operation. Requires physical access to the device.
Electromagnetic (EM) — capture EM emanations during operation. Similar to power analysis, less invasive.
Fault injection — induce errors (clock glitching, voltage dips, laser pulses) to skip security checks.

For PQ algorithms, timing and cache attacks are the most relevant for software deployments. Power and EM matter for embedded / smart-card implementations.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants

Side-Channel Attacks on Post-Quantum Implementations — Kyber Timing Leaks and Constant-Time Defences

The side-channel attack landscape

Custom team training + practitioner advisory

Other modules in this track

What is Quantum Computing — Qubits, Superposition, Entanglement (Beginner)

Why Quantum Matters for Cybersecurity — The Post-Quantum Threat in Plain English

Shor’s Algorithm Explained — Why RSA and ECC Will Break