Learning from LadderLeak: Is ECDSA Broken?
> The paper authors were able to optimize existing attacks exploiting one-bit leakages against 192-bit and 160-bit elliptic curves. They were further able to exploit leakages of less than one bit in the same curves.
> We’re used to discrete quantities in computer science, but you can leak less than one bit of information in the case of side-channels.
> If “less than one bit” sounds strange, that’s probably our fault for always rounding up to the nearest bit when we express costs in computer science.