Security amplification is randomized.

Our goal in the end is to show that the system doesn’t fail on any particular input x. View that as a distribution with some finite divergence from µ.

After one round of security amplification, you’ve reduced input x to some distribution η1, with lower divergence from µ.

After another round of security amplification, you’ve reduced η1 to η2, with still lower divergence.

You keep going until you reach a distribution with low enough divergence that it’s probably not an attack. Your system probably doesn’t fail on that input distribution.

Then you induct back along the chain, to conclude that your system probably doesn’t fail on any of the input distributions (both over the random choice of input, and over the randomness in security amplification).

At the end, you have gotten back to a deterministic distribution, so you are only averaging over the randomness of the algorithm.

At this point you can apply reliability amplification.

(That’s the basic idea at any rate, in reality I think you need to do reliability amplification intermittently. I haven’t thought about this in too much detail, but I’m pretty sure there is something like this that works. Next step is probably just writing out the proof.)