Hi,

Here is an interesting side-channel attack that uses AVX2 timing to
potentially extract private key material (read section 4.2):

  https://news.ycombinator.com/item?id=17621823
  https://misc0110.net/web/files/netspectre.pdf

It is based on a power-saving feature: after being idle for 1 ms,
the AVX2 unit in Intel processors is powered off, which greatly increases
latency for the next AVX2 instruction.

Of course, to be exploited, the code would need to perform AVX2
instructions conditionnally.  I'd be curious to know if it is the case in
Wireguard.

Baptiste