This study addresses the side-channel vulnerability of the RISC-V CVA6 processor core under power-based attacks. We construct, for the first time at the RTL level, a fine-grained power consumption model and perform electromagnetic and power side-channel analysis on an AES software implementation using the VeriSide framework. Leveraging VCD waveform-driven leakage localization, correlation power analysis (CPA), and RTL-level power simulation, we identify and validate critical exploitable leakage paths in early CVA6 designs, ultimately recovering the full AES key. Results confirm that the unhardened CVA6 exhibits significant power side-channel leakage. This work establishes the first RTL-level CPA attack demonstration on a RISC-V core and introduces a reproducible, quantifiable side-channel security evaluation benchmark—providing both methodological guidance and empirical evidence for secure RISC-V architecture design and verification.

Security in modern RISC-V processors demands more than functional correctness: It requires resilience to side-channel attacks. This paper evaluates the vulnerability of the side channel of the CVA6 RISC-V core by analyzing software-based AES encryption uses an RTL-level power profiling framework called VeriSide. This work represents that this design's Correlation Power Analysis (CPA) reveals significant leakage, enabling key recovery. These findings underscore the importance of early-stage RTL assessments in shaping future secure RISC-V designs.