Final Report Summary - GAPS (Guiding Physical Security by Proofs) Cryptographic algorithms and protocols are widely used in practice and provide solutions for problems related to data confidentiality and integrity. They help to prevent fraud in, e.g. electronic payment systems or the electronic passport, and hence play a fundamental role in daily life. An important tool for the design and security analysis of cryptographic algorithms are security proofs. They are a systematic tool for guiding design decisions avoiding ad-hoc solutions and instead provide a solid foundation for developing secure algorithms. Given a proof we can reach confidence that certain important attacks are infeasible, and sometimes even show that any attack is impossible when certain mathematical assumptions hold. A fundamental requirement for most security proofs is the assumption of fully-trusted computation -- so-called black-box computation. In the black-box model the adversary is allowed to interact with the algorithm, e.g. by providing inputs to the algorithm and observing its outputs, but otherwise has no control and no knowledge about the internal state of the device. Unfortunately, when cryptographic algorithms get implemented on real-world devices the assumption of black-box computation ceases to hold due to so-called side-channel attacks. In a side-channel attack the adversary exploits leakage emitting from the device by, e.g. measuring its running time or the power consumption in order to break the cryptographic implementation. Countless examples illustrate that side-channel attacks are one of the most severe real-world threats for the security of cryptographic implementations. The main goal of the project is to incorporate important practical side-channel attacks into the black-box model in order to extend the proof-driven security analysis to the level of cryptographic implementations. To this end, the project considers the so-called masking countermeasure that is widely used on smart-cards as a countermeasure against power analysis attacks. An important result of the GAPS project is the development of new security models and proof techniques for the masking countermeasure. In particular, we are able to show a relation between the probing model and the noisy leakage model. While security proofs in the probing model are much easier to carry out (and in fact can potentially be automatized), the noisy leakage model closer matches reality and provides more meaningful security guarantees from a practical perspective. A second important result of the GAPS project is the development of new masking schemes with improved efficiency. Improved efficiency is of particular importance since most side-channel attacks are performed against smart-cards which only have very restricted computational resources. The GAPS project has lead to 7 publications including 4 publications at EUROCRYPT, which is one of the flagship conferences of the IACR.