pith. sign in

arxiv: 2606.02934 · v1 · pith:LFUXIGS2new · submitted 2026-06-01 · 💻 cs.CR · cs.IT· math.IT

Quantifying Side-Channel Leakage in Public Metrology Releases

Pith reviewed 2026-06-28 13:39 UTC · model grok-4.3

classification 💻 cs.CR cs.ITmath.IT
keywords side-channel leakagemetrology releasespower spectral densitygamma channelKullback-Leibler divergenceChernoff exponentinformation leakageEUV roughness spectra
0
0 comments X

The pith

Public metrology releases leak protected acid-transport settings through a ninth-order exponent in the low-frequency regime.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper formalizes side-channel leakage from public metrology releases as a profiled statistical audit in which a release map exposes finite-band PSD statistics and an observer distinguishes two utility-equivalent recipes that differ only in a protected coordinate. Averaged PSD bins are modeled as a gamma channel (or covariance-weighted log-spectrum channel when bins are correlated) to obtain exact Kullback-Leibler divergences and Chernoff exponents. The resulting finite-band transport-leakage law states that, once amplitude and blur are removed, the protected information scales as (64/1225) w λ^6 K^9 plus higher-order terms for Kλ ≪ 1. A step-by-step protocol converts any measured release into these quantitative leakage figures, and the work supplies a fixed-seed reproducibility package.

Core claim

After amplitude and blur are eliminated, the protected acid-transport information obeys I_{\lambda|\alpha,\beta}(K) = (64/1225) w \lambda^{6} K^{9} + O(w \lambda^{8} K^{11}) for K\lambda ≪ 1, a ninth-order exponent with a closed-form safe band.

What carries the argument

Profiled statistical side-channel audit that models averaged PSD bins as a gamma channel to derive exact Kullback-Leibler divergences, Chernoff exponents, and the closed-form ninth-order leakage law.

If this is right

  • Leakage between two utility-equivalent recipes can be computed directly from the finite-band statistics of a single release.
  • Finite-training, finite-library, finite-compute, and model-mismatch corrections are available for the same divergence quantities.
  • A concrete protocol converts any measured release into numerical leakage values together with a closed-form safe band.
  • The ninth-order scaling holds after amplitude and blur contributions have been removed.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same gamma-channel audit could be applied to other classes of public scientific data releases that expose spectral statistics.
  • The closed-form safe band supplies an immediate numerical threshold for deciding whether a planned release stays below a chosen leakage limit.
  • Because the leading term is proportional to w λ^6, the leakage is most sensitive to the lowest spatial frequencies that remain after blur removal.

Load-bearing premise

Averaged PSD bins follow a gamma channel (or covariance-weighted log-spectrum channel when correlated), which supplies the exact divergences used to derive the leakage law.

What would settle it

Compute the observed scaling exponent of leakage versus spatial frequency K on a collection of real metrology releases whose protected parameters are known independently, and check whether the exponent is nine.

Figures

Figures reproduced from arXiv: 2606.02934 by Faruk Alpay, Taylan Alpay.

Figure 1
Figure 1. Figure 1: Threat model for a metrology-release audit. A release owner holds a hidden recipe θB whose protected coordinate is the effective acid-transport length λ; the release map R exposes a finite-band PSD transcript Y ∼ P R θB . A profiled observer, trained by a labeled-template oracle (Q releases per recipe), attributes the protected bit Bb by likelihood. The profiling budget (N, Q, L, T) (library size, training… view at source ↗
Figure 2
Figure 2. Figure 2: Screened-model fit to a reconstructed EUV PSD. Circles are the reconstructed digitized points; the solid curve is the unconstrained least-squares fit of (1) in log-PSD (free λ), and the dashed curve forces λ = 17 nm, the reported correlation-length scale. The free fit follows the plateau, the transport roll-off, and the high-frequency floor with a small log-RMSE, whereas the forced curve is visibly too sti… view at source ↗
Figure 3
Figure 3. Figure 3: compares the exact flat-weight Schur complement (backward-stable QR projection) with (8): the ratio → 1 and log-log slope → 9 as Kλ → 0, numerically checking consistency with the asymptotic Theorem 4 and the corrected prefactor of Remark 3. 10−1 100 10−18 10−7 104 Kλ Iλ|α,β(K)/w transport-knee leakage law exact Schur complement (64/1225) wλ6K9 10−1 100 0 0.5 1 Kλ exact / asymptotic low-band agreement [PIT… view at source ↗
Figure 4
Figure 4. Figure 4: The finite-training penalty closes as profiling improves. Each curve fixes a challenge length L and plots the gap between ideal-template success and plug-in success against the per-template training budget Q (log scale). The penalty is large and L-dependent when Q is small (a sparsely profiled adversary is far from the channel optimum) and decays steadily toward zero as Q grows (up to Monte-Carlo scatter),… view at source ↗
Figure 5
Figure 5. Figure 5: Bin correlation makes the diagonal audit conservative. Ratio of the correlated-bin leakage exponent to the diagonal-gamma exponent as a function of the AR(1) log-residual correlation ρ, with the protected mean difference and the per-bin variances held fixed. At ρ = 0 the ratio is one by construction; as ρ grows, neighbouring bins carry redundant information, the covariance-weighted Chernoff 1 8 d ⊤Σ −1d sh… view at source ↗
Figure 6
Figure 6. Figure 6: Where a floor-blind audit can be trusted. Heatmaps over the released band edge Kλ (horizontal) and the relative metrology floor S0/A (vertical). Left: log10 of the floor-aware conditional transport information Iλ|α,β,S0 , the Schur complement of λ after eliminating amplitude, blur, and floor; it rises steeply with band edge as the knee enters the window. Right: log10 of the condition number of the 3 × 3 nu… view at source ↗
Figure 7
Figure 7. Figure 7: The minimum-leakage public statistic under a utility constraint. For a protected tangent p (transport) and a utility tangent u (amplitude) with correlation ρ, the curve gives the maximum retained utility | ⟨z, u⟩ | of an optimal rank-one release z subject to the protected leakage budget ⟨z, p⟩ 2 /(2τ 2 ) ≤ ε (Theorem 6); the dashed line is the matching converse, the least leakage any release achieving a gi… view at source ↗
read the original abstract

Public scientific and metrology releases can leak the hidden settings that produced them. We formalize and quantify this risk as a profiled statistical side-channel audit: a release map exposes finite-band statistics of a power spectral density (PSD), a profiled observer trains labeled template spectra under an explicit budget, and a challenge release is drawn from one of two utility-equivalent recipes separated by a protected coordinate. Averaged PSD bins follow a gamma channel, replaced by a covariance-weighted log-spectrum channel when the bins are correlated; this yields exact Kullback-Leibler divergences, Chernoff exponents, protected-bit advantage bounds, and finite-training, finite-library, finite-compute, and model-mismatch corrections. Our headline result is a finite-band transport-leakage law: after amplitude and blur are eliminated, the protected acid-transport information obeys $I_{\lambda|\alpha,\beta}(K) = (64/1225)\, w \lambda^{6} K^{9} + O(w \lambda^{8} K^{11})$ for $K\lambda \ll 1$, a ninth-order exponent with a closed-form safe band. A step-by-step protocol turns a measured release into these numbers, and a fixed-seed reproducibility package regenerates every table and figure. We instantiate the audit on screened extreme-ultraviolet (EUV) roughness spectra as a model-conditioned case study, with deployment on measured releases the next step.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper formalizes a profiled statistical side-channel audit for public metrology releases, where a release map exposes finite-band PSD statistics. Averaged PSD bins are modeled as a gamma channel (or covariance-weighted log-spectrum channel when correlated) to obtain exact KL divergences and Chernoff exponents. The headline result is the finite-band transport-leakage law I_{\lambda|\alpha,\beta}(K) = (64/1225) w \lambda^6 K^9 + O(w \lambda^8 K^{11}) for K\lambda \ll 1 after eliminating amplitude and blur, instantiated on EUV roughness spectra with a reproducibility package.

Significance. If the gamma-channel modeling choice is justified and the small-K\lambda expansion is accurate, the closed-form leakage law with explicit safe band supplies a concrete, quantitative tool for auditing leakage in scientific data releases. The fixed-seed reproducibility package that regenerates every table and figure is a clear strength, enabling direct verification of the reported coefficients and bounds.

major comments (2)
  1. [§3 and headline result equation] §3 (modeling) and the derivation of the headline result: The specific prefactor 64/1225 and the ninth-order leading term are obtained only after replacing the release map with the gamma (or covariance-weighted log-spectrum) channel to yield closed-form KL/Chernoff quantities, followed by the small-K\lambda expansion. The manuscript does not provide a sensitivity analysis or empirical test showing how deviations from the gamma assumption (e.g., non-gamma tails or non-stationarity in EUV roughness) alter the order of the leading term or the numerical coefficient; this modeling choice is load-bearing for the quantitative claim.
  2. [headline result and case-study section] The finite-training, finite-library, and model-mismatch corrections are stated to follow from the exact divergences, yet no explicit bounds or numerical verification are given for the parameter regime of the EUV case study; without these, it is unclear whether the O(w \lambda^8 K^{11}) remainder remains negligible under realistic training budgets.
minor comments (2)
  1. [abstract and §2] The notation I_{\lambda|\alpha,\beta}(K) is introduced without an explicit definition of the conditioning variables \alpha, \beta in the main text; a one-sentence clarification would improve readability.
  2. [figures in case study] Figure captions for the EUV spectra should state the exact number of averaged bins and the frequency range used to obtain the gamma parameters.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive comments, which identify key areas where additional analysis would strengthen the presentation of our modeling assumptions and verification. We respond to each major comment below and will revise the manuscript accordingly.

read point-by-point responses
  1. Referee: [§3 and headline result equation] §3 (modeling) and the derivation of the headline result: The specific prefactor 64/1225 and the ninth-order leading term are obtained only after replacing the release map with the gamma (or covariance-weighted log-spectrum) channel to yield closed-form KL/Chernoff quantities, followed by the small-Kλ expansion. The manuscript does not provide a sensitivity analysis or empirical test showing how deviations from the gamma assumption (e.g., non-gamma tails or non-stationarity in EUV roughness) alter the order of the leading term or the numerical coefficient; this modeling choice is load-bearing for the quantitative claim.

    Authors: The gamma channel (and its covariance-weighted log-spectrum extension) is selected because averaged PSD bins converge to this distribution under the central limit theorem for stationary processes with sufficient averaging, enabling the exact closed-form KL divergences and Chernoff exponents that produce the ninth-order expansion. We agree that the absence of a sensitivity analysis leaves open questions about robustness to deviations such as heavier tails or non-stationarity. In revision we will add a new subsection with Monte Carlo simulations under alternative distributions (e.g., scaled t or gamma mixtures) and will assess whether the leading-term order or the 64/1225 coefficient changes materially; we will also cite supporting literature on the approximate stationarity of EUV roughness spectra. revision: yes

  2. Referee: [headline result and case-study section] The finite-training, finite-library, and model-mismatch corrections are stated to follow from the exact divergences, yet no explicit bounds or numerical verification are given for the parameter regime of the EUV case study; without these, it is unclear whether the O(w λ^8 K^{11}) remainder remains negligible under realistic training budgets.

    Authors: The finite-training, finite-library, and model-mismatch corrections are obtained directly by substituting the exact gamma-channel KL and Chernoff expressions into the corresponding information-theoretic bounds. For the EUV parameters the small-Kλ regime implies the O(w λ^8 K^{11}) remainder is small, yet we concur that explicit numerical confirmation for realistic training budgets is required. In the revised case-study section we will use the fixed-seed reproducibility package to compute the corrections and remainder bounds at the reported EUV values and at a range of training sizes, thereby verifying negligibility. revision: yes

Circularity Check

0 steps flagged

No circularity; explicit modeling assumption yields derived law

full rationale

The paper states the gamma (or covariance-weighted log-spectrum) channel as an explicit modeling choice for averaged PSD bins, from which exact KL divergences, Chernoff exponents, and the small-Kλ expansion producing the specific coefficient 64/1225 are obtained. This assumption is independent of the target leakage law and is not derived from or equivalent to it; the ninth-order term is a mathematical consequence of the expansion under the stated model rather than a self-definition, fitted input renamed as prediction, or self-citation load-bearing step. No self-citations, uniqueness theorems, or ansatzes smuggled via prior work appear in the text. The derivation is therefore self-contained against its modeling premises.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on the gamma-channel model for PSD bins and the utility-equivalence of the two recipes; these are domain assumptions rather than derived quantities.

axioms (2)
  • domain assumption Averaged PSD bins follow a gamma channel (or covariance-weighted log-spectrum when correlated)
    Invoked to obtain exact KL divergences and the leakage law
  • domain assumption Challenge release drawn from one of two utility-equivalent recipes separated by a protected coordinate
    Defines the side-channel setup

pith-pipeline@v0.9.1-grok · 5784 in / 1364 out tokens · 31019 ms · 2026-06-28T13:39:38.416866+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

34 extracted references

  1. [1]

    Chemical amplification in the design of dry developing resist materials,

    H. Ito and C. G. Willson, “Chemical amplification in the design of dry developing resist materials,”Polymer Eng. Sci., 23(18):1012–1018, 1983

  2. [2]

    Chemical amplification mechanisms for microlithography,

    E. Reichmanis et al., “Chemical amplification mechanisms for microlithography,”Chem. Mater., 3(3):394–407, 1991

  3. [3]

    Lithographic imaging techniques for the formation of nanoscopic features,

    G. M. Wallraff and W. D. Hinsberg, “Lithographic imaging techniques for the formation of nanoscopic features,”Chem. Rev., 99(7):1801–1822, 1999. 23

  4. [4]

    Determination of coupled acid catalysis-diffusion processes in a positive-tone chemically amplified photoresist,

    F. A. Houle et al., “Determination of coupled acid catalysis-diffusion processes in a positive-tone chemically amplified photoresist,”J. Vac. Sci. Technol. B, 18(4):1874–1885, 2000

  5. [5]

    Acid-base reactions in a positive-tone chemically amplified photoresist,

    F. A. Houle et al., “Acid-base reactions in a positive-tone chemically amplified photoresist,”J. Vac. Sci. Technol. B, 22(2):747–754, 2004

  6. [6]

    Lithographic importance of acid diffusion in chemically amplified resists,

    D. Van Steenwinckel et al., “Lithographic importance of acid diffusion in chemically amplified resists,”Proc. SPIE, 5753:269–280, 2005

  7. [7]

    Dynamic absorption coefficients of CARs and non-CARs at EUV,

    R. Fallica et al., “Dynamic absorption coefficients of CARs and non-CARs at EUV,”J. Micro/Nanolith. MEMS MOEMS, 15(3):033506, 2016

  8. [8]

    The use of fast Fourier transform for the estimation of power spectra,

    P. D. Welch, “The use of fast Fourier transform for the estimation of power spectra,”IEEE Trans. Audio Electroacoust., 15(2):70–73, 1967

  9. [9]

    Resist blur and line edge roughness,

    G. M. Gallatin, “Resist blur and line edge roughness,”Proc. SPIE, 5754:38–52, 2005

  10. [10]

    Resolution, LER, and sensitivity limitations of photoresist,

    G. M. Gallatin, “Resolution, LER, and sensitivity limitations of photoresist,”Proc. SPIE, 6921:69211E, 2008

  11. [11]

    Evaluation of EUV resist materials for use at the 32 nm half-pitch node,

    T. Wallow et al., “Evaluation of EUV resist materials for use at the 32 nm half-pitch node,” Proc. SPIE, 6921:69211F, 2008

  12. [12]

    Critical challenges for EUV resist materials,

    P. P. Naulleau et al., “Critical challenges for EUV resist materials,”Proc. SPIE, 7972:797202, 2011

  13. [13]

    LER Metrology: Can we trust the numbers?,

    P. P. Naulleau and B. McClinton, “LER Metrology: Can we trust the numbers?,” EUV Lithography Workshop P31, 2011

  14. [14]

    Line-edge roughness performance targets for EUV lithography,

    T. A. Brunner et al., “Line-edge roughness performance targets for EUV lithography,”Proc. SPIE, 10143:101430E, 2017

  15. [15]

    Stochastic effects in EUV lithography,

    P. De Bisschop, “Stochastic effects in EUV lithography,”J. Micro/Nanolith. MEMS MOEMS, 16(4):041013, 2017

  16. [16]

    Shot noise: a 100-year history, with applications to lithography,

    C. A. Mack, “Shot noise: a 100-year history, with applications to lithography,”J. Mi- cro/Nanolith. MEMS MOEMS, 17(4):041002, 2018

  17. [17]

    Metrics for stochastic scaling in EUV lithography,

    C. A. Mack, “Metrics for stochastic scaling in EUV lithography,”Proc. SPIE, 10957:109570F, 2019

  18. [18]

    Line edge roughness and critical dimension variation,

    V. Constantoudis et al., “Line edge roughness and critical dimension variation,”J. Vac. Sci. Technol. B, 22(4):1974–1981, 2004

  19. [19]

    The imec roughness protocol,

    G. F. Lorusso et al., “The imec roughness protocol,”Proc. SPIE, 10585:105850D, 2018

  20. [20]

    Pattern roughness analysis using power spectral density,

    C. Cutler et al., “Pattern roughness analysis using power spectral density,”J. Mi- cro/Nanopattern. Mater. Metrol., 20(1):010901, 2021

  21. [21]

    Roughness spectrum and surface width of self-affine fractal surfaces via the K-correlation model,

    G. Palasantzas, “Roughness spectrum and surface width of self-affine fractal surfaces via the K-correlation model,”Phys. Rev. B, 48(19):14472–14478, 1993

  22. [22]

    Differential power analysis,

    P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” inCRYPTO ’99, LNCS 1666, pp. 388–397, Springer, 1999. 24

  23. [23]

    Template attacks,

    S. Chari, J. R. Rao, and P. Rohatgi, “Template attacks,” inCHES 2002, LNCS 2523, pp. 13–28, Springer, 2003

  24. [24]

    Probabilistic encryption,

    S. Goldwasser and S. Micali, “Probabilistic encryption,”J. Comput. Syst. Sci., 28(2):270–299, 1984

  25. [25]

    Level crossing methodology applied to line-edge roughness characterization,

    C. A. Mack, T. A. Brunner, X. Chen, and L. Sun, “Level crossing methodology applied to line-edge roughness characterization,”Proc. SPIE, 10145:101450Z, 2017

  26. [26]

    On the foundations of quantitative information flow,

    G. Smith, “On the foundations of quantitative information flow,” inFoSSaCS, LNCS 5504, pp. 288–302, Springer, 2009

  27. [27]

    Differential privacy,

    C. Dwork, “Differential privacy,” inICALP, LNCS 4052, pp. 1–12, Springer, 2006

  28. [28]

    T. M. Cover and J. A. Thomas,Elements of Information Theory, 2nd ed., Wiley, 2006

  29. [29]

    A unified framework for the analysis of side- channel key recovery attacks,

    F.-X. Standaert, T. G. Malkin, and M. Yung, “A unified framework for the analysis of side- channel key recovery attacks,” inEUROCRYPT 2009, LNCS 5479, pp. 443–461, Springer, 2009

  30. [30]

    Efficient template attacks,

    O. Choudary and M. G. Kuhn, “Efficient template attacks,” inCARDIS 2013, LNCS 8419, pp. 253–270, Springer, 2014

  31. [31]

    A well-conditioned estimator for large-dimensional covariance matrices,

    O. Ledoit and M. Wolf, “A well-conditioned estimator for large-dimensional covariance matrices,” J. Multivariate Anal., 88(2):365–411, 2004

  32. [32]

    M. S. Alvim, K. Chatzikokolakis, A. McIver, C. Morgan, C. Palamidessi, and G. Smith,The Science of Quantitative Information Flow, Springer, 2020

  33. [33]

    Membership inference attacks against machine learning models,

    R. Shokri, M. Stronati, C. Song, and V. Shmatikov, “Membership inference attacks against machine learning models,” inIEEE Symp. Security and Privacy, pp. 3–18, 2017

  34. [34]

    Revealing information while preserving privacy,

    I. Dinur and K. Nissim, “Revealing information while preserving privacy,” inPODS, pp. 202–210, ACM, 2003. Appendices: worked derivations The appendices collect the full computations behind the results quoted in the main text. They are deliberately explicit (each integral is carried out, each Gram matrix is inverted, each optimization is solved by hand), s...