@ryanc I'm not a cryptographer. I can flag obviously non constant time implementations and major footguns like using rand() for key material or encrypting data in ECB mode.
But actually going from, say, a reused ECDSA nonce to a practical break isn't something I have any idea how to do. And while I get the basics of linear and differential cryptanalysis, actually being able to use that to achieve a realistic speedup vs brute force on real world encraption is a different story.