pith. sign in
Pith Number

pith:JTJYE2J7

pith:2026:JTJYE2J7GOWFWOX2QGPE3A4FL5
not attested not anchored not stored refs resolved

Rethinking Side-Channel Analysis: Automated Discovery and Analysis of Side-Channel Leakage with LLM-Assisted Agents

Xiaofeng Wang, Yuhua Sun, Zhen Xu, Zihao Wang

SCAgent automates discovery of side-channel leaks by using LLM agents to explore sensitive events and verify channels without manual targets or large datasets.

arxiv:2605.17406 v1 · 2026-05-17 · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{JTJYE2J7GOWFWOX2QGPE3A4FL5}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

SCAgent performs agent-driven system exploration guided by LLM-based semantic reasoning to identify sensitive targets beyond manually specified events, reasons over system documentation with explicit verification, and enables scalable analysis under limited data via few-shot learning with a time-shift-robust feature extraction layer.

C2weakest assumption

The assumption that LLM semantic reasoning combined with explicit verification steps over system documentation can reliably identify feasible side channels and mitigate hallucination risks sufficiently for practical use, as stated in the description of target identification and channel discovery.

C3one line summary

SCAgent automates side-channel leakage discovery via LLM agents for target identification and few-shot foundation models for scalable analysis on iOS.

References

67 extracted · 67 resolved · 2 Pith anchors

[1] Peeking into your app without actually seeing it: UI state inference and novel android attacks, 2014
[2] Memento: Learning secrets from process footprints, 2012
[3] Screenmilker: How to milk your android screen for secrets, 2014
[4] Identity, location, disease and more: inferring your secrets from android public resources, 2013
[5] Os-level side channels without procfs: Exploring cross-app information leakage on ios, 2018
Receipt and verification
First computed 2026-05-20T00:03:56.857799Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

4cd382693f33ac5b3afa819e4d83855f66457d7e293fee7b4a4e733a41b623c7

Aliases

arxiv: 2605.17406 · arxiv_version: 2605.17406v1 · doi: 10.48550/arxiv.2605.17406 · pith_short_12: JTJYE2J7GOWF · pith_short_16: JTJYE2J7GOWFWOX2 · pith_short_8: JTJYE2J7
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/JTJYE2J7GOWFWOX2QGPE3A4FL5 \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 4cd382693f33ac5b3afa819e4d83855f66457d7e293fee7b4a4e733a41b623c7
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "c98622e9feb154bfbb11a7a97a810eb90cb2887924dd1555c59fc79b857d4fed",
    "cross_cats_sorted": [],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-17T12:03:45Z",
    "title_canon_sha256": "f4d14b50bfb517b3168c13cec698d03c380811cf06251d4ff587adc30bac4f47"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.17406",
    "kind": "arxiv",
    "version": 1
  }
}