Sleep Reveals the Nonce: Breaking ECDSA using Sleep-Based Power Side-Channel Vulnerability

TL;DR

This paper uncovers a novel power side-channel attack exploiting sleep-induced power spikes to recover ECDSA nonces, demonstrating practical vulnerabilities across multiple platforms and emphasizing the importance of secure implementation practices.

Contribution

It introduces a new sleep-based power side-channel vulnerability that allows nonce recovery in ECDSA, even with constant-time and masked implementations, across various architectures and libraries.

Findings

Recovered 20 bits of the nonce in experiments

Effective across ARM and RISC-V architectures

Applicable to multiple cryptographic libraries

Abstract

Security of Elliptic Curve Digital Signature Algorithm (ECDSA) depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability that exploits sleep-induced power spikes to extract ECDSA nonces. Unlike conventional power-based side-channel attacks, this vulnerability leverages power fluctuations generated during processor context switches invoked by sleep functions. These fluctuations correlate with nonce-dependent operations in scalar multiplication, enabling nonce recovery even under constant-time and masked implementations. We evaluate the attack across multiple cryptographic libraries, RustCrypto, BearSSL, and GoCrypto, and processor architectures, including ARM and RISC-V. Our experiments show that subtle variations in the power envelope during sleep-induced context switches provide sufficient leakage for practical ECDSA nonce extraction, recovering 20 bits of the nonce. These results establish sleep-induced power spikes as a practical cross-platform side-channel threat and highlight the need to reconsider design choices in cryptographic systems.