Quantitative information flow under generic leakage functions and adaptive adversaries

We put forward a model of action-based randomization mechanisms to analyse quantitative information flow (QIF) under generic leakage functions, and under possibly adaptive adversaries. This model subsumes many of the QIF models proposed so far. Our main contributions include the following: (1) we identify mild general conditions on the leakage function under which it is possible to derive general and significant results on adaptive QIF; (2) we contrast the efficiency of adaptive and non-adaptive strategies, showing that the latter are as efficient as the former in terms of length up to an expansion factor bounded by the number of available actions; (3) we show that the maximum information leakage over strategies, given a finite time horizon, can be expressed in terms of a Bellman equation. This can be used to compute an optimal finite strategy recursively, by resorting to standard methods like backward induction.

💡 Research Summary

The paper presents a unified framework for quantitative information flow (QIF) that simultaneously addresses two long‑standing issues in the field: (i) the choice of a leakage measure, and (ii) the relationship between adaptive and non‑adaptive adversaries. The authors introduce an “action‑based randomization mechanism” S = (X, Y, Act, {Mₐ}) where X is a finite set of secrets, Y a finite set of observable outputs, Act a finite set of possible queries (actions), and each action a∈Act is associated with a stochastic matrix Mₐ that defines the conditional distribution pₐ(y|x) of the response y given the secret x. The mechanism is stateless, so each answer is independent of previous ones.

A central novelty is the abstraction of the leakage measure into a generic “uncertainty function” U : P → ℝ, where P denotes the simplex of probability distributions over X. The only requirements on U are convexity and continuity. Under these mild conditions, many classical QIF measures—Shannon entropy, error probability, guessing entropy, variance, etc.—fit into the framework, while non‑convex measures such as min‑entropy are excluded. The authors argue that convexity captures the intuition that mixing two priors cannot reduce the adversary’s uncertainty below the weighted average of the uncertainties of the components.

The adversary’s behavior is modeled by a (deterministic) strategy σ : Y* → Act, which maps the sequence of observations obtained so far to the next query. Strategies may be finite or infinite; a finite strategy has a well‑defined length, and a non‑adaptive strategy is one whose choice depends only on the number of past observations, not on their actual values. The paper shows that any strategy can be represented as a tree whose internal nodes are labeled by actions and edges by observations.

The first major result shows that, for any convex‑continuous U, the expected leakage of an adaptive attack can be expressed as the reduction of U from the prior to the posterior distribution induced by the joint distribution pσ over (X, Y). This yields a single, uniform formula that subsumes the many ad‑hoc derivations that previously existed for specific leakage functions.

The second result concerns the comparative power of adaptive versus non‑adaptive attacks. The authors prove that for any adaptive strategy of length L there exists a non‑adaptive strategy whose length is at most |Act|·L and that achieves exactly the same expected leakage. Consequently, when the number of available actions is modest (as is typical in many practical systems), it suffices to analyse non‑adaptive attacks; the analysis of adaptive attacks does not bring additional difficulty beyond a bounded blow‑up in strategy length.

A third contribution is the identification of an indistinguishability equivalence relation on the secret space X that completely characterises the maximum leakage achievable by any strategy, adaptive or not. Two secrets that are indistinguishable under all possible action‑output distributions cannot be separated by any strategy, and thus the maximal leakage depends only on the partition of X induced by this relation.

The fourth and perhaps most technically significant contribution is the formulation of the optimal‑leakage problem as a dynamic‑programming (Bellman) equation. For a finite horizon T, define V₀(x) = U(δₓ) (the uncertainty of a point mass) and recursively compute for t = 1,…,T:

 V_t(x) = max_{a∈Act} ∑_{y∈Y} pₐ(y|x) · U( posterior distribution after observing y with action a and having t‑1 steps left ).

The optimal strategy σ* is obtained by selecting at each step the action that attains the maximum in the Bellman update. This reduction enables the use of standard MDP solution techniques such as backward induction, providing a constructive method to compute optimal finite‑horizon attacks for any convex‑continuous leakage measure.

Finally, the paper offers a decision‑theoretic justification of the uncertainty function. It shows that any convex‑continuous U can be interpreted as the minimal expected loss for some loss function ℓ, and conversely, any expected loss function yields a convex‑continuous U. This establishes a two‑way bridge between QIF and Bayesian decision theory.

The paper is organized as follows: Section 2 formalises the action‑based mechanism and the uncertainty function; Section 3 gives concrete examples (Shannon entropy, error probability, guessing entropy, variance). Sections 4–7 develop the four main results listed above, with proofs and illustrative discussions. Section 8 discusses related work, practical implications, and future research directions. Technical proofs and additional examples are relegated to three appendices.

In summary, the work provides a powerful, unifying theory for QIF that accommodates a wide class of leakage measures, clarifies the role of adaptivity, and supplies an algorithmic pathway (via Bellman equations) to compute optimal attacks. This advances both the theoretical foundations and the practical analysis tools available to researchers and practitioners concerned with information leakage in security‑critical systems.