The decision to consider side-channel attacks was already made by the
official NISTPQC evaluation criteria, which state "Schemes that can be
made resistant to side-channel attack at minimal cost are more desirable
than those whose performance is severely hampered by any attempt to
resist side-channel attacks."
There's an ambiguity here that should be officially resolved. Suppose
scheme X costs 100000 without protection and 101000 with protection,
while scheme Y costs 10 without protection and 3000 with protection.
Does X qualify as "minimal cost" because of the small difference between
101000 and 100000, so the evaluation criteria prefer X over Y, unless
someone decides to punish X by speeding up the 100000? (The bizarre
features of a "yes" answer have been pointed out before.) Or does Y
qualify as "minimal cost" because 3000 is the minimum of {3000,101000}?
Either way, it's important to keep in mind here that _evaluating_ the
cost of building side-channel-resistant implementations is challenging:
* For the relatively simple case of timing attacks, there's a clear
strategy to verifiably eliminate all data flow from secrets to the
side channel, but this takes engineering effort that's often
skipped---and cutting any corner can have disastrous consequences;
see, e.g., the
https://eprint.iacr.org/2021/1485 HQC+BIKE attacks.
* For the much more complicated case of the attacker being able to
place (or access) physical sensors close to secrets, it isn't
plausible that the data flow can be eliminated. Trying to mask
secrets so that they're expensive to recover from the side-channel
data is bleeding-edge research, as illustrated by the masked SABER
implementation broken in
https://eprint.iacr.org/2021/079.
Decisions based on claims regarding the cost of side-channel resistance
have to be accompanied by a risk analysis. How likely are the claims to
hold up after further investigation? If the claims turn out to be wrong,
what's the impact on the decision?
Many people also seem to implicitly assume that comparing costs of
_attacks_ against _unprotected_ implementations is a useful predictor of
the costs for _users_ of _protected_ implementations. But the available
evidence is that, no, it's not a useful predictor. For example, we've
previously seen people comparing Classic McEliece to Frodo, so let's try
that comparison on these axes:
(1) What are the relative costs of Classic McEliece and Frodo in
various applications? This is already a complicated comparison
purely from a network-traffic perspective, giving mixed results
depending on how many ciphertexts are transmitted per public key,
and then considering CPU time and side-channel protection adds
further complications.
(2) What are the relative costs of reported power/EM attacks against
non-masked implementations of Classic McEliece and Frodo? As far
as I know, the only direct comparison available is in
https://eprint.iacr.org/2021/849.pdf, which breaks non-masked
Frodo in 86016 traces and doesn't succeed in breaking non-masked
Classic McEliece.
Even if the answer to #2 is stable (I'm skeptical, and certainly
wouldn't recommend making any decisions on that basis), clearly #2 is
not capturing most aspects of #1. #1 is directly addressing NISTPQC
evaluation criteria, whereas the connection of #2 to the evaluation
criteria is tenuous at best.
---D. J. Bernstein