Our digital world relies on a wide range of hardware components. In addition to traditional processors, FPGAs (Field Programmable Gate Arrays) are increasingly used in 5G networks, the automotive industry, and for secure cryptographic processing of sensitive data. Researchers from Ruhr University Bochum, in collaboration with a team from the Worcester Polytechnic Institute, have now introduced a novel method that exposes a security vulnerability in FPGAs, potentially putting confidential data at risk.
FPGA in controlled sleep state
Hardware inherently produces side information during operation, such as power consumption or timing behavior. Attackers can exploit these signals in side-channel attacks to, for example, reconstruct cryptographic keys. In their paper Chynopsis, to be presented at the IEEE Symposium on Security and Privacy 2026, Prof. Yuval Yarom and PhD Robbie Dumitru, along with WPI collaborators, demonstrate how FPGAs can be put into a controlled sleep state without triggering built-in security mechanisms, such as the “Alert Handler.”
Modern FPGAs are equipped with clock and voltage sensors as well as data-clearing mechanisms designed to protect sensitive information. Chynopsis circumvents these defenses deliberately: by rapidly and precisely lowering the supply voltage (undervolting), the FPGA’s clock logic effectively stops while stored values, such as cryptographic keys, remain intact. “We aim to put the FPGA into a sleep state, hence the name Chynopsis, a portmanteau of ‘chip’ and ‘hypnosis’,” explains Yarom. The sensors often fail to react quickly enough to the abrupt voltage drop, preventing clearing or alarm routines from being triggered.
Attack not merely theoretical
This creates a window during which attackers can probe the hardware in detail. Using specialized measurement techniques, such as laser logic state imaging (LLSI) or electrical impedance analysis, it becomes possible to extract data—e.g., secret keys used for secure authentication—which remains stored on the chip.
The researchers demonstrated that this attack is not merely theoretical: they successfully targeted OpenTitan FPGA implementations and bypassed the Alert Handler, which normally responds to such threats. The vulnerability was reported to two FPGA manufacturers, AMD (formerly Xilinx) and Microchip, through a responsible disclosure process. At the same time, the team provided and validated a concrete proposal for mitigating the issue, aiming to improve the security of both future and currently deployed FPGAs.
Original Publication
Chypnosis: Undervolting-based Static Side-channel Attacks.
Kyle Mitard, Saleh Khalaj Monfared, Fatemeh Khojasteh Dana (all Worcester Polytechnic Institute), Robert Dumitru, Ruhr University Bochum & The University of Adelaide, Yuval Yarom, Ruhr University Bochum, Shahin Tajik, Worcester Polytechnic Institute
Details: https://arxiv.org/pdf/2504.11633
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.