Usefulness of Hellinger Distance in Cryptography

We usually prove the security of cryptographic primitives by assuming "ideal" probability distributions. In practice, we need to replace them with "real" distributions with preserving the security levels of the primitives. We demonstrate that the Hellinger distance is useful for measuring the closeness of distributions in this problem. To quantify the security levels of primitives, we employ two frameworks of bit security proposed by Micciancio and Walter (Eurocrypt 2018) and Watanabe and Yasunaga (Asiacrypt 2021). In both frameworks, approximating distributions in the Hellinger distance is effective, especially for decision-type primitives such as encryption schemes and pseudorandom generators.