Idea: Add side-channel attack demo for Rust

[sumin-world]

Summary
Proposal to add a short, educational demo that demonstrates a simple side-channel attack in Rust (e.g., timing-based secret extraction on a toy crypto function). The goal is to show how typical naïve implementations leak information and how to mitigate them.

Why

• Side-channel topics are trending in security circles and make engaging demos.
• Great for community contributions, blog posts, and drawing attention to the repo.
• Low barrier to entry: contributors can implement PoC, tests, and mitigation notes.

Proposed scope / milestones

1. PoC: Implement a tiny example (toy HMAC-like function) that is vulnerable to timing leakage.
2. Exploit: Simple script that measures timings and recovers secret bits in controlled conditions.
3. Mitigation: Show fixed version (constant-time operations) and benchmark comparison.
4. Docs: Add README section + how-to-run instructions.

Tech stack

• Rust for PoC; optional Python/bench harness for measurement and exploitation.
• Add test vectors and Docker/Cargo scripts for reproducible runs.

How to contribute

• I can start with the PoC. Would love help on measurement harness, writeup, and tests.
• Tagging help wanted for contributors who want to add the exploitation script or mitigation benchmarks.