Paper 2023/813

Bayesian Leakage Analysis: A Framework for Analyzing Leakage in Cryptography

Zachary Espiritu, MongoDB
Seny Kamara, MongoDB, Brown University
Tarik Moataz, MongoDB
Abstract

We introduce a framework based on Bayesian statistical inference for analyzing leakage in cryptography and its vulnerability to inference attacks. Our framework naturally integrates auxiliary information, defines a notion of adversarial advantage, and provides information-theoretic measures that capture the security of leakage patterns against both full and functional recovery attacks. We present two main theorems that bound the advantage of powerful inference techniques: the maximum a posteriori (MAP), the maximum likelihood estimate (MLE) and the MAP test. Specifically, we show that the advantage of these methods is exponentially bounded by new entropy measures that capture the susceptibility of leakage patterns to inference. To demonstrate the applicability of our framework, we design and implement an automated leakage attack engine, Bayle, which leverages a novel inference algorithm that efficiently computes MAP estimates for a large class of i.i.d. leakage models. These models include query equality leakage, the combination of query equality and volume leakage, and leakage patterns arising from naive conjunctions.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published by the IACR in CIC 2025
Keywords
encrypted searchleakageleakage attacks
Contact author(s)
zachary espiritu @ mongodb com
seny kamara @ mongodb com
tarik moataz @ mongodb com
History
2025-04-01: last of 2 revisions
2023-06-02: received
See all versions
Short URL
https://ia.cr/2023/813
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/813,
      author = {Zachary Espiritu and Seny Kamara and Tarik Moataz},
      title = {Bayesian Leakage Analysis: A Framework for Analyzing Leakage in Cryptography},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/813},
      year = {2023},
      url = {https://eprint.iacr.org/2023/813}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.