Power Side-Channel Vulnerabilities Identified in CVA6 RISC‑V Core

Global: Power Side-Channel Vulnerabilities Identified in CVA6 RISC‑V Core

Researchers led by Behnam Farnaghinejad and colleagues submitted a study on December 23, 2025, that examines the susceptibility of the open‑source CVA6 RISC‑V processor to power‑based side‑channel attacks. Using the VeriSide framework at the register‑transfer level (RTL), the team evaluated software‑implemented AES encryption to determine whether cryptographic keys could be recovered through correlation power analysis (CPA).

Methodology Overview

The authors employed an RTL‑level power profiling approach, integrating VeriSide to capture fine‑grained power consumption data while the CVA6 core executed AES operations. By correlating measured power traces with hypothesized key‑dependent intermediate values, the study applied standard CPA techniques to assess leakage.

Key Findings

The analysis demonstrated that the CVA6 core exhibits measurable leakage sufficient for successful key recovery. The CPA results indicated statistically significant correlation peaks, confirming that an attacker with access to power traces could extract the secret key used in AES encryption.

Implications for RISC‑V Security

These results highlight a potential weakness in early‑stage hardware designs that may propagate to downstream implementations. The authors argue that side‑channel resilience must be evaluated during RTL development rather than being deferred to post‑silicon verification.

Recommendations for Designers

To mitigate similar vulnerabilities, the paper suggests incorporating countermeasures such as masking, hiding, and dynamic power management at the RTL stage. It also recommends systematic side‑channel testing as part of the standard verification flow for RISC‑V cores.

Publication Context

The work was presented at RESCUER, the inaugural workshop on Reliable and Secure RISC‑V architectures, co‑located with the IEEE European Test Symposium 2025. The study contributes to the broader discourse on hardware security within the cryptography and security research community.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.