Side-channel attacks break cryptosystems by exploiting information that is revealed by the system’s implementation, e.g. through time or power consumption. Research on countermeasures against side-channel attacks has so far focussed either on (1) cryptographic primitives that remain secure despite leaky implementations, or on (2) hardening implementations, e.g. through program transformations that hide variations in the execution time. In this talk, I will show how one can achieve provable security against timing attacks by combining guarantees from the cryptographic primitive with guarantees from the implementation. This hybrid approach is considerably simpler and more efficient than purely cryptographic or purely implementation-based solutions, making it an interesting topic for further investigation. I will end with a discussion of/invitation to future work.