A side-channel attack recovers secret information by observing how a system behaves while it runs, rather than by defeating the algorithm it implements. A cipher might be mathematically sound, but its physical execution can leak. Classic side channels include the time an operation takes, the electrical power a chip draws, the electromagnetic radiation it emits, the patterns it leaves in a CPU cache, and even acoustic noise. By measuring these signals, an attacker can infer the data being processed, including secret keys.
Timing attacks are the most general example: if the duration of a cryptographic operation depends on the value of a secret, an attacker who can measure that duration learns something about the secret. This is why careful cryptographic code is written to run in constant time, performing the same work regardless of the data, so that the timing channel carries no information.
Cache-based side channels are central to modern processor attacks. When a CPU reads memory, it stores a copy in a fast cache; later accesses to cached data are measurably faster than accesses to uncached data. An attacker who can prime and then probe the cache can detect which memory locations a victim touched, leaking secrets indirectly.
Side channels are the basis of the 2018 Spectre and Meltdown attacks. As the official disclosure site and the “Spectre Attacks” paper (Kocher et al., arXiv:1801.01203) describe, those attacks induce a processor to speculatively access secret data and then read the secret back out through a cache timing side channel. Many real cryptographic systems have been broken this way over the years, which is why defending against side channels is now a standard part of secure implementation, not just secure algorithm design.