A Statistical Side-Channel Risk Model for Timing Variability in Lattice-Based Post-Quantum Cryptography

Timing side-channels are an important threat to cryptography that still needs to be addressed in implementations, and the advent of post-quantum cryptography raises this issue because the lattice-based schemes may produce secret-dependent timing variability with the help of complex arithmetic and control flow. Since also real timing measurements are affected by environmental noise (e.g. scheduling effects, contention, heavy tailed delays), in this work a scenario-based statistical risk model is proposed for timing leakage as a problem of distributional distinguishability under controlled execution conditions. We synthesize traces for two secret classes in idle, jitter and loaded scenarios and for multiple leakage models and quantify leakage with Welch's t-test, KS distance, Cliff's delta, mutual information, and distribution overlap to combine in a TLRI like manner to obtain a consistent score for ranking scenarios. Across representative lattice-based KEM families (Kyber, Saber, Frodo), idle conditions generally have the best distinguishability, jitter and loaded conditions erode distinguishability through an increase in variance and increase in overlap; cache-index and branch-style leakage tends to give the highest risk signals, and faster schemes can have a higher peak risk given similar leakage assumptions, allowing reproducible comparisons at an early design stage, prior to platform-specific validation.