A side-channel attack exploits which kind of weakness?

Side-channel attacks exploit weaknesses in how a cryptosystem is implemented, not flaws in the cryptographic algorithm itself. They rely on information that leaks during actual operation—such as how long a computation takes, how much power is drawn, electromagnetic emissions, or small faults introduced into the hardware or software. This leakage can reveal secret keys or other sensitive data even when the algorithm is mathematically secure. That’s why the best description is exploiting physical implementation weaknesses. For example, timing and power analysis attacks observe variations in execution to infer values, while fault injections reveal data by inducing errors. The other options describe different security issues—reusing captured data is a replay attack, data at rest encryption protects stored data, and tokenization substitutes sensitive data with tokens—none of which hinge on leakage from the system’s physical operation.