Side-Channel Attack

A side-channel attack recovers secret information by observing the physical behavior of a device as it performs a cryptographic operation, instead of attacking the algorithm mathematically. Even a perfectly designed cipher leaks unintended signals during execution, how long an operation takes, how much current the chip draws, the electromagnetic field it radiates, even the sound it makes, and these signals are correlated with the secret data being processed. By measuring them carefully, an attacker can reconstruct a private key bit by bit.

Common Side Channels

Power analysis monitors current consumption: a logical AND draws a different amount of power than an XOR, and because those operations depend on key bits, a power trace reveals key material. Differential power analysis statistically averages many traces to pull out signal buried in noise. Timing analysis exploits the fact that operations on a '1' bit may take fractionally longer than on a '0' bit. Electromagnetic and acoustic channels capture leakage radiated or emitted by the running circuit. Crucially, the cipher itself is never "broken", the implementation leaks.

Why It Matters for Hardware Wallets

Side-channel attacks are a direct threat to any device that holds keys and can be physically accessed, including Bitcoin signing devices. A well-designed secure element employs countermeasures: constant-time code, power-flattening circuits, randomized masking, and noise injection to decouple physical behavior from secret values. When evaluating self-custody hardware, side-channel resistance, often reflected in independent certification, is a meaningful quality signal, not a marketing footnote.

These attacks frequently require physical possession, so they pair with threats like the evil maid attack. Mitigations live in the secure element at the heart of a hardware wallet.