Along with the conventional mathematic-driven approach of software security, 20 years of attacks harnessing the timing behaviour of programs to obtain secret data (timing attacks) pose a concerning threat to software systems. The complexity and the need for efficiency of softwares makes it difficult to expect constant-time implementations in general, requiring us to accept such leaks to some extent.

The border between unimpactful and critical leaks does not lie in the amount of information leaked by isolated runs of the software. Rather, the key criterion is the ability to aggregate different secret bits over and over through several executions. As the question of aggregation has not been tackled much in the literature, there is a need for techniques allowing to distinguish between critical and non-critical leaks: in this work we present a novel approach to help with this distinction.