






















Ananta Mukherjee, Centre for Quantum Technologies, National University of Singapore
Maciej Obremski
João Ribeiro, Instituto de Telecomunicações and Instituto Superior Técnico, Universidade de Lisboa
Lawrence Roy, Aarhus University
François-Xavier Standaert, Crypto Group, ICTEAM Institute, UCLouvain, Belgium
Daniele Venturi, Sapienza University of Rome
Theoretical treatments of leakage-resilient cryptography typically work under the assumption that the leakage learned by the adversary (e.g., about an n-bit secret key) is arbitrary but bounded, in the sense that the leakage is an l-bit string for some threshold l significantly smaller than n. On the other hand, real-world side-channel attacks on physical implementations of cryptographic protocols produce leakage transcripts that are much longer than n. However, unlike the bounded leakage model, these transcripts are inherently noisy. We would like to generically claim that cryptographic schemes resilient to bounded leakage are also resilient to realistic noisy leakages. This boils down to showing that noisy leakages can be simulated using only one bounded leakage query. Prior work (EUROCRYPT 2021 and CRYPTO 2024) made important progress on this problem. Yet, barriers to applicability and interpretability remain, such as the need for large noise levels, the difficulty to estimate the necessary parameters of the leakage distributions, undesirable independence assumptions, and inefficient simulation in certain regimes. In this work, we resolve (or make progress towards resolving) these shortcomings: 1. We show that simple modifications to the simulation strategies in prior work simultaneously allow a cheaper computation of simulation parameters and better parameters than previous results. 2. Leveraging the first item, we obtain a reduction whose amount of extra bounded leakage to simulate correlated signals only increase very mildly. This captures the limited incentive for an adversary to oversample a side-channel signal leading to correlated signal, improving previous results treating these samples as independent. 3. We establish a new ``bounded leakage vs.\ simulation efficiency'' tradeoff, roughly trading $\mathcal{O}(\Delta)$ bits leaked by the bounded leakage query for a $\frac{2^{\Delta}}{\mathrm{poly}(\Delta)}$-factor reduction in simulation complexity. This widens the applicability of our results in the context of computational security, as former simulators were only efficient when simulating from $\mathcal{O}(\log \lambda)$ bits of bounded leakage, with $\lambda$ the security parameter.
BibTeX
@misc{cryptoeprint:2026/357,
author = {Julien Béguinot and Ananta Mukherjee and Maciej Obremski and João Ribeiro and Lawrence Roy and François-Xavier Standaert and Daniele Venturi},
title = {Simulating Noisy Leakage with Bounded Leakage: Simpler, Better, Faster},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/357},
year = {2026},
url = {https://eprint.iacr.org/2026/357}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。