[timschmidt]

I think GP's point is that one vulnerable hardware or software implementation in the entire network of implementations being passively observed by the attacker can reveal the private keys. So it's not just your implementations which must be perfect, but all your neighbors, and all theirs too.

[magicalhippo]

I read it as "only" the signing machine needs faulty hardware. Still, bit errors occur, even with ECC, and this allows for a passive hence very unobtrusive attack.