The Chain Rule for HILL Pseudoentropy, Revisited

Conference paper

DOI: 10.1007/978-3-319-22174-8_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)
Cite this paper as:
Pietrzak K., Skórski M. (2015) The Chain Rule for HILL Pseudoentropy, Revisited. In: Lauter K., Rodríguez-Henríquez F. (eds) Progress in Cryptology -- LATINCRYPT 2015. LATINCRYPT 2015. Lecture Notes in Computer Science, vol 9230. Springer, Cham


Computational notions of entropy (a.k.a. pseudoentropy) have found many applications, including leakage-resilient cryptography, deterministic encryption or memory delegation. The most important tools to argue about pseudoentropy are chain rules, which quantify by how much (in terms of quantity and quality) the pseudoentropy of a given random variable X decreases when conditioned on some other variable Z (think for example of X as a secret key and Z as information leaked by a side-channel). In this paper we give a very simple and modular proof of the chain rule for HILL pseudoentropy, improving best known parameters. Our version allows for increasing the acceptable length of leakage in applications up to a constant factor compared to the best previous bounds. As a contribution of independent interest, we provide a comprehensive study of all known versions of the chain rule, comparing their worst-case strength and limitations.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.IST AustriaKlosterneuburgAustria
  2. 2.University of WarsawWarsawPoland

Personalised recommendations