[JoachimSchipper]

Leakage-resilient cryptography is cool, but it's very much a mathematics-first approach: the independence assumptions required for the mathematical proofs simply don't hold in the physical world, and it's not clear what an assumption about "may not leak more than lambda effective bits" means (the attacker has 10 GB of measurements, mostly noise; can we expect to remain secure?)

The leakage-resilient work with which I'm most familiar also looks more like "algorithmic countermeasures" (e.g. changing keys frequently) than like something which would protect an AES core per se; but that's also a function of the work I'm most familiar with (the work of my old advisor Pietrzak.)