International Association
for Cryptologic Research

Recently, Benhamouda et al. proposed a framework to evaluate the local leakage resilience of the n shares of (k,n)-threshold scheme. Lletting (X_1,X_2, ... ,X_n) be the n shares, the leakage is defined as (Y_1, Y_2, ..., Y_n) , where Y_i is the output of a deterministic mapping belonging to {0,1, ..., L-1} with the input X_i. We evaluate the worst-case total variational distance V between the conditional probability distributions of two leakages given two secrets s and s'. In this paper, we propose a new method to evaluate V more precisely than the existing methods for the (n,n)-threshold scheme over a finite field with p elements, where p>= 3 is an arbitrary prime number. For the case of L=2, we show that V converges to zero of order O(( sin (\pi / 2p ))^{-n}). We also characterize the class of leakage functions that attains V. For the case of L > 2, we succeed in obtaining an upper bound of V by using the theory of majorization. The order of the obtained upper bound is smaller than the existing upper bound and is proved to be tight under a certain assumption.