Side-channel leakage verification using statistical approach

Side-channel attacks are a common threat to cryptographic implementations. Unfortunately, most available tooling to combat this problem has limited usability, especially in black-box testing scenarios. In this talk I will talk about how by performing the testing using statistical best practices we were able to find multiple leaking implementations of cryptographic algorithms in OpenSSL. I'll also talk about how we're applying the lessons learned from testing RSA and ECDSA to testing post-quantum cryptography like ML-KEM.