A tool for estimating a system's leakage via Machine Learning
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



F-BLEAU is a tool for estimating the leakage of a system in a black-box manner (i.e., by only looking at its secret inputs and outputs). It was proposed in [2]. It considers a generic system as a black-box, taking secret inputs and returning outputs accordingly, and it measures how much the outputs "leak" about the inputs. This is done by only looking at observations of inputs and respective outputs.

F-BLEAU is based on the equivalence between estimating the error of a Machine Learning model of a specific class and the estimation of information leakage [1,2,3].

This code was also used for the experiments of [2] on the following evaluations: Gowalla, e-passport, and side channel attack to finite field exponentiation.


The code is written in Rust, but it is thought to be used as a standalone command line tool. Bindings to other programming languages (e.g., Python) may happen in the future.

Install rustup (and, consequently, cargo). Then run:

git clone https://github.com/gchers/fbleau
cd fbleau
cargo install

You should now find the binary fbleau in your $PATH (if not, check out rustup again).

Note If rustup is not available on your system (e.g., *BSD systems), you should still be able to install cargo and compile fbleau as shown above.

Note I'll also put fbleau on https://crates.io, hopefully soon.


(Section under construction)

fbleau accepts as input CSV files of the following form:

Each row represents an example sampled from the black-box, where is the secret input given to the system, and is the (vector) output of the system. Secrets must have discrete values (although this restriction can be lifted in the future), outputs may have either discrete or continuous values.


Currently, the code provided here:

  • is based on frequentist and nearest neighbor methods; in the future we hope to extend this to other ML methods; note that this does not affect the generality of the results, which hold against any classifier,
  • computes one estimate at the time, which can be improved in the future.

Short term

  • return various leakage measures (instead of just R*)
  • resubstitution estimate

Mid term

  • predictions for multiple estimators at the same time
  • get training data from standard input (on-line mode)


  • other ML methods (e.g., SVM)
  • Python and Java bindings


Giovanni Cherubin (maintainer), Konstantinos Chatzikokolakis, Catuscia Palamidessi.


[1] 2017, "Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses". Giovanni Cherubin

[2] 2018, "F-BLEAU: Practical Channel Leakage Estimation". Giovanni Cherubin, Konstantinos Chatzikokolakis, Catuscia Palamidessi.

[3] "Machine Learning methods for Quantifying the Security of Black-boxes". https://giocher.com/pages/bayes.html