Refining a Quantitative Information Flow Metric

We introduce a new perspective into the field of quantitative information flow (QIF) analysis that invites the community to bound the leakage, reported by QIF quantifiers, by a range consistent with the size of a program’s secret input instead of by a mathematically sound (but counter-intuitive) upper bound of that leakage. To substantiate our position, we present a refinement of a recent QIF metric that appears in the literature. Our refinement is based on slight changes we bring into the design of that metric. These changes do not affect the theoretical premises onto which the original metric is laid. However, they enable the natural association between flow results and the exhaustive search effort needed to uncover a program’s secret information (or the residual secret part of that information) to be clearly established. The refinement we discuss in this paper validates our perspective and demonstrates its importance in the future design of QIF quantifiers.

💡 Research Summary

The paper addresses a long‑standing tension in quantitative information flow (QIF) research between mathematically sound leakage bounds and the intuitive expectations of security practitioners. Traditional QIF metrics, rooted in information theory, often produce leakage values that exceed the maximum entropy of a program’s secret input (i.e., the number of bits that the secret can contain). While such results are theoretically valid, they are counter‑intuitive because they suggest that more information can be leaked than the secret actually holds.

To resolve this mismatch, the authors propose a refinement of a recently published QIF metric. The refinement consists of minimal modifications to the metric’s definition—adding a small normalization term and adjusting the logarithmic scaling—so that the resulting leakage is guaranteed to lie within the interval