This work studies the design and fundamental limits of leakage-resilient Algebraic Manipulation Detection (AMD) codes, which guarantee message integrity even when an adversary obtains partial codeword information—quantified by a leakage rate ρ. The authors establish tight information-theoretic bounds: strong security requires 2ρ + κ < 1, and weak security requires ρ + κ < 1, where κ denotes the code rate; they further construct asymptotically optimal coding schemes achieving these bounds. Additionally, they demonstrate that, under computationally bounded adversaries in the ideal cipher model, these information-theoretic limits can be surpassed. Their methodology integrates information-theoretic analysis, random coding constructions, and probabilistic security proofs. Key contributions are: (1) the first precise characterization of optimal parameters for leakage-resilient AMD codes; (2) dual achievability and tightness proofs across almost the entire (ρ, κ)-parameter space; and (3) a clear quantification of how computational assumptions relax information-theoretic security constraints.

Algebraic Manipulation Detection (AMD) codes [CDFPW08] are keyless message authentication codes that protect messages against additive tampering by the adversary assuming that the adversary cannot “see” the codeword. For certain applications, it is unreasonable to assume that the adversary computes the added offset without any knowledge of the codeword $c$. Recently, Ahmadi and Safavi-Naini [AS13], and then Lin, Safavi-Naini, and Wang [LSW16] gave a construction of leakage-resilient AMD codes where the adversary has some partial information about the codeword before choosing added offset, and the scheme is secure even conditioned on this partial information. In this paper we show the bounds on the leakage rate $ ho$ and the code rate $K$ for leakage-resilient AMD codes. In particular we prove that $2 ho+kappa < 1$ and for the weak case (security is averaged over a uniformly random message) $ ho+kappa < 1$. These bounds hold even if adversary is polynomial-time bounded, as long as we allow leakage function to be arbitrary. We present the constructions of AMD codes that (asymptotically) fulfill above bounds for almost full range of parameters $ ho$ and $kappa$. This shows that above bounds and constructions are in-fact optimal. In the full version of the paper we also show that if a leakage function is computationally bounded (we use Ideal Cipher Model) then it is possible to break these bounds.