This work demonstrates that the security of ECDSA critically depends on the secrecy of signature nonces, and reveals a previously unexplored side channel: even implementations employing constant-time techniques and masking remain vulnerable to power leakage induced by sleep-triggered context switches. Such sleep-induced power fluctuations constitute a cross-platform side channel capable of bypassing conventional countermeasures. By combining power analysis with lattice-based cryptanalysis, the authors successfully recover up to 20 bits of the nonce from widely used cryptographic libraries—including RustCrypto, BearSSL, and GoCrypto—on both ARM and RISC-V platforms. The experiments confirm the practical feasibility and real-world threat posed by this side channel in realistic deployment environments.

Security of Elliptic Curve Digital Signature Algorithm (ECDSA) depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability that exploits sleep-induced power spikes to extract ECDSA nonces. Unlike conventional power-based side-channel attacks, this vulnerability leverages power fluctuations generated during processor context switches invoked by sleep functions. These fluctuations correlate with nonce-dependent operations in scalar multiplication, enabling nonce recovery even under constant-time and masked implementations. We evaluate the attack across multiple cryptographic libraries, RustCrypto, BearSSL, and GoCrypto, and processor architectures, including ARM and RISC-V. Our experiments show that subtle variations in the power envelope during sleep-induced context switches provide sufficient leakage for practical ECDSA nonce extraction, recovering 20 bits of the nonce. These results establish sleep-induced power spikes as a practical cross-platform side-channel threat and highlight the need to reconsider design choices in cryptographic systems.