Papers
Topics
Authors
Recent
Search
2000 character limit reached

Leakage-Guessing Proof System

Updated 7 July 2026
  • Leakage-Guessing Proof System is a framework that defines leakage as the improvement in an adversary’s ability to guess a secret after observing released data.
  • It extends maximal leakage by introducing parameters α and β to interpolate between log-loss and worst-case scenarios, thus unifying different privacy measures.
  • The framework underpins diverse applications in coding, program analysis, and side-channel attacks, ensuring robustness through axiomatic properties like data processing and additivity.

As an Editor’s term, Leakage-Guessing Proof System denotes a family of quantitative information-flow frameworks in which leakage is defined operationally by the improvement an adversary obtains in guessing a secret, or an arbitrary function of sensitive data, after observing a release. In the literature summarized here, the canonical form of this idea is the adversarial-guessing formulation of maximal leakage and its generalization to maximal α,β\alpha,\beta-leakage, where the adversary may choose any finite-alphabet UU such that UXYU\to X\to Y and compare optimal guessing performance with and without access to YY. This operational backbone recovers maximal α\alpha-leakage, maximal leakage, local differential privacy, and local Rényi differential privacy, while also supporting extensions to side information, coding-theoretic converse arguments, source-level quantitative information flow, and non-stochastic brute-force models (Gilani et al., 2022).

1. Operational core: leakage as adversarial guessing

The modern leakage-guessing framework begins from the observation that an adversary is not necessarily trying to recover the raw private variable XX itself. Instead, the adversary may care about some discrete randomized function UU of XX, with UXYU-X-Y, and the release YY should therefore be evaluated by how much it improves the adversary’s best guessing performance on that unknown target. In the finite-alphabet setting, maximal leakage is defined as

UU0

The denominator is the best prior guessing probability without observing UU1; the numerator is the best posterior guessing probability after observing UU2. The role of UU3 is central: maximizing over all such UU4 makes the measure robust to uncertainty about what secret the adversary actually cares about. For discrete alphabets, this yields the closed form

UU5

so maximal leakage is exactly Sibson mutual information of order UU6 (Issa et al., 2018).

Maximal UU7-leakage extends this operational picture by replacing the single-guess success probability with a generalized power-mean score. For UU8 and UU9,

UXYU\to X\to Y0

Here UXYU\to X\to Y1 has the same alphabet as UXYU\to X\to Y2, the adversary may choose any estimator UXYU\to X\to Y3, and the supremum over UXYU\to X\to Y4 is included to enable recovery of worst-case notions. The same work proves a simplified computable expression,

UXYU\to X\to Y5

where UXYU\to X\to Y6 ranges over distributions on the support of UXYU\to X\to Y7. This reduction is what turns the operational definition into a usable proof framework: the quantity depends only on the channel UXYU\to X\to Y8 and an auxiliary distribution UXYU\to X\to Y9 (Gilani et al., 2022).

2. The parameters YY0 and YY1 and the bridge between regimes

The parameter YY2 controls the local guessing loss function, while YY3 controls how the contributions from different outputs YY4 are aggregated. In maximal YY5-leakage, YY6 interpolates from log-loss at YY7 to the probability-of-error regime at YY8; equivalently, YY9 and α\alpha0 is the classical maximal leakage of Issa et al. (Liao et al., 2019). In maximal α\alpha1-leakage, α\alpha2 corresponds to simple averaging over outputs, whereas α\alpha3 turns the aggregation into a maximum over outputs, shifting the operational semantics from an average-case perspective toward a worst-case, local-privacy flavor (Gilani et al., 2022).

This interpolation is the precise mechanism by which a guessing-based framework spans multiple privacy notions that are often treated separately.

Parameters Recovered measure Expression or characterization
α\alpha4 maximal α\alpha5-leakage α\alpha6
α\alpha7 maximal leakage α\alpha8
α\alpha9 local Rényi differential privacy XX0
XX1 local differential privacy XX2
XX3 arbitrary variant of LRDP XX4

A recurrent misconception is that local differential privacy and guessing-based leakage belong to fundamentally different paradigms. The parameterization above shows otherwise: in this family, LDP appears as a corner point of the same operational construction that yields average-case maximal leakage. The paper explicitly interprets XX5 as the average-case regime and XX6 as the route to max-over-output worst-case privacy, with XX7 recovering the classical maximum-ratio flavor of local privacy (Gilani et al., 2022).

3. Axioms, proof obligations, and proof-theoretic structure

The leakage-guessing literature treats a leakage measure not merely as a scalar quantity, but as an object required to satisfy a recognizable set of operational and axiomatic properties. For maximal XX8-leakage, the framework establishes non-negativity,

XX9

with equality iff UU0 and UU1 are independent; monotonicity in UU2 for fixed UU3,

UU4

data processing inequalities for any Markov chain UU5,

UU6

and additivity over independent releases,

UU7

The same work also notes a reparameterization UU8 under which the leakage becomes non-increasing in UU9 for fixed XX0, and non-decreasing in XX1 for fixed XX2 (Gilani et al., 2022).

The paper frames these results as a general proof template. One first defines an adversary’s gain in guessing an arbitrary hidden function XX3 of XX4; then optimizes over all XX5; then introduces a tunable power mean in which XX6 governs guess quality and XX7 governs output aggregation; and finally proves the resulting quantity satisfies non-negativity, zero iff independence, data processing, and additivity. In this sense, “proof system” refers not only to a formal logic, but also to a reusable operational schema for deriving leakage measures from guessing games (Gilani et al., 2022).

For classical maximal leakage, several additional properties sharpen the distinction from mutual-information-based reasoning. It is generally asymmetric, convex in XX8 for fixed support of XX9, and depends on UXYU-X-Y0 only through UXYU-X-Y1. It also satisfies

UXYU-X-Y2

and no scalar multiple of mutual information can upper-bound it uniformly. These facts explain why maximal leakage is often used when worst-case guessing amplification, rather than average information transmission, is the relevant proof obligation (Issa et al., 2018).

4. Conditionalization and robustness to side information

A leakage-guessing proof system becomes substantially more realistic once side information is made explicit. Conditional maximal UXYU-X-Y3-leakage introduces a third variable UXYU-X-Y4, representing information already available to the adversary, and defines

UXYU-X-Y5

under the conditional Markov structure

UXYU-X-Y6

For UXYU-X-Y7, the resulting quantity is characterized as

UXYU-X-Y8

while for UXYU-X-Y9 it reduces to YY0. The paper interprets this as a supremum of conditional Arimoto channel capacities across side-information states (Liao et al., 2019).

The central robustness theorem states that if

YY1

then

YY2

The condition YY3 means that the side information is conditionally independent of the release given the private data; in operational terms, the release mechanism depends only on YY4 and private randomness, not on YY5. Under that assumption, arbitrary side information cannot increase leakage beyond the unconditional maximal YY6-leakage already quantified by the mechanism. A common misunderstanding is therefore corrected: side information does not automatically invalidate a leakage guarantee; it does so only when the release model itself breaks the required conditional independence (Liao et al., 2019).

5. Coding-theoretic and graph-theoretic realizations

The same guessing-based proof system appears in several coding problems, where the operational quantity becomes a leakage rate and the converse machinery becomes combinatorial or type-theoretic.

In zero-error source coding, the source symbols are constrained by a confusion graph YY7, and the leakage to a guessing adversary is measured by the ratio of best post-observation and pre-observation guessing success probabilities. The optimal normalized leakage rate is

YY8

where YY9 is the fractional chromatic number of the confusion graph. The paper further shows that this equals the optimal fixed-length zero-error compression rate,

UU00

and gives an optimum-achieving scalar stochastic mapping built from a fractional coloring (Liu et al., 2021).

In index coding, the adversary knows a subset UU01 of the messages, wants to guess UU02 for UU03, and is allowed at most UU04 guesses at blocklength UU05. The leakage metric is

UU06

For vanishing-error and zero-error decoding, the paper derives lower and upper bounds controlled by the broadcast rate of the induced subproblem on UU07; when the messages are independent and uniformly distributed, these bounds match: UU08 This yields a direct equivalence between leakage minimization and an induced index-coding problem on the messages not already known to the adversary (Liu et al., 2022).

A related privacy-utility model, explicitly inspired by index coding, places several legitimate users and one adversary in a single-shot guessing framework. The adversary’s privacy metric is conditional maximal leakage

UU09

and the utility constraints imply converse lower bounds such as

UU10

where UU11 is the clique number of the induced confusion graph. A second converse uses a polymatroid rank function

UU12

to obtain entropy-based lower bounds, and the constructive side of the paper proposes a greedy privacy-enhancing mechanism inspired by agglomerative clustering in the information bottleneck and privacy funnel problems (Liu et al., 2020).

In the successive-refinement Shannon cipher system, maximal leakage again supports a guessing-based converse. The eavesdropper observes public messages UU13 and tries to infer a hidden random function UU14 of the source. Under joint excess-distortion probability and expected distortion criteria, the paper characterizes inner and outer normalized maximal leakage regions; the achievability proof uses type-based coding, binning, and key masking, while the converse constructs a multi-stage guessing strategy in which Eve first guesses the keys and then applies source-sequence guessing functions derived from type arguments (Wu et al., 2023). This is an especially explicit illustration of the proof-system viewpoint: secrecy bounds are proved by lower-bounding the success of a carefully chosen guessing attack.

6. Source-level logics, non-stochastic variants, and empirical manifestations

One branch of the literature turns the leakage-guessing framework into an actual source-level proof system for programs. In quantitative information flow, a program is modeled as a channel from prior distributions to hyper-distributions, and an attacker is specified by a gain function

UU15

The source-level judgment

UU16

states that the attacker’s best expected post-execution gain is exactly represented by a pre-gain computed by backward transformation rules. The language includes assignment, sequencing, conditionals, while loops, and explicit leakage via Print, while also modeling implicit leakage through branch and loop observations. Gain expressions built from UU17, UU18, and UU19 generalize “Guess the secret in one try” to more structured adversarial utilities (Chen et al., 2024). This formalism clarifies another recurrent misconception: explicit output is not the only leakage channel; branch-on-high control flow is itself observable in the semantics.

A different extension removes probability altogether. In the non-stochastic brute-force setting, random variables are replaced by uncertain variables, posterior uncertainty is represented by conditional ranges, and leakage is defined by the reduction in worst-case brute-force search complexity. For a sensitive attribute UU20,

UU21

Maximizing over all attributes UU22 gives a maximal non-stochastic brute-force guessing leakage

UU23

with data processing, nonnegativity, zero iff unrelated, and additivity for independent components. The same paper relates this quantity to maximin information and to stochastic maximal leakage, showing that the brute-force measure upper bounds the existing non-stochastic one-shot notion (Ding et al., 2021).

The small-leakage regime has also been analyzed directly in terms of guessing moments. For a secret alphabet of size UU24, the guessing advantage is

UU25

and the leakage side is measured by

UU26

The resulting non-asymptotic theory gives exact parametric lower envelopes of UU27 versus UU28 and, near the no-leakage point, the square-root law

UU29

Operationally, this provides a direct way to upper-bound guessing advantage from a bound on conditional Rényi–Arimoto entropy (Béguinot et al., 2024).

Finally, the framework has concrete side-channel manifestations. The PILOT attack studies password and PIN leakage from videos of masked typing feedback, where the leakage source is inter-keystroke timing inferred from the frames in which masking symbols first appear. The paper reports that, by leveraging inter-keystroke timings, PILOT recovers 8-character alphanumeric passwords in as little as 19 attempts, and guesses about 3% of PINs within 10 attempts, corresponding to a 26-fold improvement compared to random guessing (Balagani et al., 2019). This empirical result is fully consistent with the operational definition of leakage used throughout the theory: even when the symbols themselves are obfuscated, the release can still substantially increase an adversary’s ranking or guessing success.

The resulting picture is coherent across probabilistic, program-logical, coding-theoretic, and non-stochastic settings. A leakage-guessing proof system specifies an adversarial objective, measures the improvement caused by observation, proves axiomatic properties such as data processing and additivity, and then uses those properties to derive guarantees or converses. What varies across the literature is the semantic substrate—channels, hyper-distributions, confusion graphs, type classes, or conditional ranges—rather than the underlying operational question of how much easier guessing becomes after the release.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Leakage-Guessing Proof System.