side_channels: Add SLH DSA report

[aewag]

No description provided.

[reneme]

@aewag I rebased this draft to the currrent main branch and re-targetted the pull request onto main as well. Please be aware when you continue working on this.

Also, I fixed a few minor things and used the :srcref: extension in explicit commits.

[FAlbertDev]

Maybe we want to test the instance SLH-DSA-SHA2-128s instead. Both share ~99% of the code, but SphincsPlus-sha2-128s-r3.1 is the legacy SPHINCS+ support, while SLH-DSA-SHA2-128s is the final SLH-DSA standard. While I don't think we miss any side-channels when testing only the legacy mode, it looks better on paper with SLH-DSA. Do you think you can execute DATA once with the SLH-DSA instance and quickly verify it, or does it take too much time?

[aewag]

Thanks for the hint, will do! 👍

[FAlbertDev]

Looks good to me! I've mainly got some en-US vs. en-GB remarks. The execution difference description sounds sensible 👍 Thanks!

[FAlbertDev]

I think the argument is instead: The information about which nodes are part of the authentication path is public. The node values aren't leaked, aren't they?

[aewag]

You are right that it is observable which nodes are part of the authentication path. I will clarify this.

Just as note: In the treehash routine both (i) which nodes are used and (ii) the values itself are public data.