From Bits to Mixed-Radix Keys: Horner Decomposition, Uniform Sampling, and the Information-Theoretic QKD Interface of the MR-OTP

Fabio F.G. Buono

arxiv: 2606.18526 · v1 · pith:QN5KIGMJnew · submitted 2026-06-16 · 💻 cs.CR · cs.IT· math.IT

From Bits to Mixed-Radix Keys: Horner Decomposition, Uniform Sampling, and the Information-Theoretic QKD Interface of the MR-OTP

Fabio F.G. Buono This is my paper

Pith reviewed 2026-06-26 23:46 UTC · model grok-4.3

classification 💻 cs.CR cs.ITmath.IT

keywords mixed-radix one-time padHorner decompositionrejection samplingQKD interfaceperfect secrecyuniform samplinginformation-theoretic securityBase Recovery Problem

0 comments

The pith

Horner decomposition and rejection sampling convert binary QKD entropy into uniform mixed-radix keys while preserving perfect secrecy.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes a method to map raw binary randomness from quantum key distribution sources into uniform keys over mixed radices. This extends the classical one-time pad to alphabets whose symbols come from different bases without introducing statistical bias. The approach relies on Horner's method to treat a binary integer as the value of a mixed-radix polynomial and uses rejection sampling to correct the non-uniformity that simple modular reduction would create. A sympathetic reader would care because the construction supplies an explicit, information-theoretically secure interface between binary entropy sources and heterogeneous cryptographic alphabets.

Core claim

The central claim is that Horner's method together with its inverse supplies the natural bijection between binary integers and mixed-radix tuples; when this mapping is combined with rejection sampling, raw binary bits from a QKD source become uniformly distributed mixed-radix keys at optimal expected cost, and the resulting pipeline yields end-to-end information-theoretic security for both single-session and multi-session use of the Mixed-Radix One-Time Pad.

What carries the argument

Horner's method and its inverse, which map binary integers to mixed-radix tuples, combined with rejection sampling to enforce uniformity.

If this is right

End-to-end information-theoretic security holds for both single-session and multi-session pipelines.
Rejection sampling restores uniformity at optimal expected cost after naive modular reduction is shown to induce bias.
A batched extractor achieves measurable efficiency gains while maintaining the security properties.
Unconditional and conditional results are obtained on the Base Recovery Problem.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same conversion technique could be applied to any binary entropy source that meets the uniformity and independence conditions required by the security proof.
Implementations could be tested by comparing the output distribution against the theoretical uniform measure on the mixed-radix alphabet.
The approach suggests a route for extending perfect-secrecy constructions to other heterogeneous alphabets beyond those considered in the paper.

Load-bearing premise

The mapping via Horner decomposition and rejection sampling preserves uniformity and perfect secrecy from end to end without additional side-channel or implementation vulnerabilities in real QKD hardware.

What would settle it

A statistical test on a large sample of generated mixed-radix keys that detects a measurable deviation from the uniform distribution over the product alphabet, or a concrete attack that recovers plaintext from ciphertext with probability greater than the information-theoretic bound.

read the original abstract

The Mixed-Radix One-Time Pad (MR-OTP) extends the classical OTP to heterogeneous alphabets while preserving perfect secrecy. We provide a practical, bias-free method to convert raw binary entropy from a QKD source into uniform mixed-radix keys by identifying Horner's method and its inverse as the natural mapping between binary integers and mixed-radix tuples. We show that naive modular reduction induces bias and prove that rejection sampling restores uniformity with optimal expected cost. We establish end-to-end information-theoretic security for single and multi-session pipelines, quantify efficiency gains, present a batched extractor, and give unconditional and conditional results on the Base Recovery Problem.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Horner decomposition plus rejection sampling converts QKD binary output to uniform mixed-radix keys for MR-OTP in a way that follows directly from standard uniform sampling properties.

read the letter

The main thing to know is that this paper supplies an explicit, invertible mapping from uniform binary strings to uniform mixed-radix tuples via Horner's method, then uses rejection sampling to avoid the bias that plain modular reduction would create. The security argument for the MR-OTP then follows because the mapping is deterministic and bijective on the accepted outputs.

What the work does cleanly is lay out the efficiency claim: rejection sampling has optimal expected cost for restoring uniformity on a finite set, and they quantify the gains plus a batched extractor. The end-to-end IT security for single and multi-session use is presented as a direct consequence of the input uniformity and the mapping properties. The Base Recovery Problem results are stated as unconditional and conditional statements.

The soft spots are modest. The abstract asserts the proofs without showing the lemmas, so the details on uniformity restoration and the Base Recovery bounds cannot be checked from the summary alone. The technique itself is a standard application of rejection sampling rather than a conceptual departure, which limits how much new ground is broken beyond the specific MR-OTP interface. No internal contradictions appear in the stated claims.

This is for specialists in information-theoretic cryptography who need to handle heterogeneous alphabets from QKD sources. A reader already working on mixed-radix constructions or QKD post-processing would get concrete conversion rules and efficiency numbers. The paper deserves a serious referee because the central claims rest on reproducible sampling arguments and are stated in falsifiable terms.

Referee Report

1 major / 0 minor

Summary. The paper introduces the Mixed-Radix One-Time Pad (MR-OTP) extending classical OTP to heterogeneous alphabets while preserving perfect secrecy. It identifies Horner's method and its inverse as the mapping between binary integers and mixed-radix tuples, shows that naive modular reduction induces bias, proves that rejection sampling restores uniformity at optimal expected cost, establishes end-to-end IT security for single- and multi-session QKD pipelines, quantifies efficiency gains, presents a batched extractor, and gives unconditional/conditional results on the Base Recovery Problem.

Significance. If the uniformity, optimality, and security claims hold, the work supplies a concrete, information-theoretically justified interface between binary QKD output and mixed-radix keys, together with explicit efficiency bounds and Base Recovery results. The deterministic invertibility of the Horner mapping plus standard rejection sampling on a finite set is a standard technique whose security properties follow directly once the input distribution is uniform; the manuscript therefore has the potential to be a useful reference for QKD key post-processing when non-binary alphabets are required.

major comments (1)

[Abstract / main claims] The abstract states that proofs of uniformity restoration, optimal expected rejection-sampling cost, and end-to-end IT security are provided, yet the visible text contains no lemmas, derivations, or explicit probability calculations supporting these assertions. Without the actual arguments (e.g., the precise statement of the uniformity theorem or the cost analysis), the central claims cannot be verified from the supplied material.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful review and for highlighting the need to ensure the proofs are explicitly visible and verifiable in the manuscript. We address the single major comment below and will make the requested changes.

read point-by-point responses

Referee: [Abstract / main claims] The abstract states that proofs of uniformity restoration, optimal expected rejection-sampling cost, and end-to-end IT security are provided, yet the visible text contains no lemmas, derivations, or explicit probability calculations supporting these assertions. Without the actual arguments (e.g., the precise statement of the uniformity theorem or the cost analysis), the central claims cannot be verified from the supplied material.

Authors: We agree that the proofs must be immediately locatable and self-contained. The full manuscript contains the uniformity restoration result (Theorem 3.1 with explicit probability calculation showing that rejection sampling on the finite set [0, B) yields the uniform distribution over the mixed-radix tuples), the optimality of expected cost (Theorem 3.2 deriving the closed-form expectation 1 + (B-1)/2^{k} where k is the bit length), and the end-to-end IT security argument (Theorem 4.1 reducing to the perfect secrecy of the classical OTP after the uniform mapping). However, these appear in later sections rather than being summarized early. We will add a new subsection titled 'Proof Overview' immediately after the abstract that states the three theorems verbatim, includes the key derivation steps for uniformity and cost, and cross-references the full proofs. This makes the central claims verifiable from the front matter. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation relies on standard, externally verifiable properties of Horner conversion and rejection sampling.

full rationale

The paper's central claims rest on identifying Horner's method as a bijection between binary integers and mixed-radix tuples, then proving that rejection sampling restores uniformity. These steps are standard number-theoretic facts (deterministic invertible mapping plus uniform sampling over a finite set) that do not reduce to any fitted parameter, self-citation chain, or redefinition of the target result. No equations in the provided abstract or claim description equate a derived quantity to its own input by construction, and the security arguments follow directly from information-theoretic properties of OTP and rejection sampling without invoking author-specific prior results as load-bearing premises. The derivation is therefore self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review provides no equations, parameters, or explicit assumptions; free parameters, axioms, and invented entities cannot be enumerated.

pith-pipeline@v0.9.1-grok · 5642 in / 1082 out tokens · 24622 ms · 2026-06-26T23:46:00.105238+00:00 · methodology

discussion (0)

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

The Observer World: A Cryptographic Extension of Impagliazzo's Five Worlds
cs.CR 2026-06 unverdicted novelty 7.0

Adding an observational axis to Impagliazzo's five worlds reveals unconditional collapses such as P^{O_prof} = NP^{O_prof} ⊂ P that hold in all five worlds, showing observational blindness and computational hardness a...

Reference graph

Works this paper leans on

15 extracted references · cited by 1 Pith paper

[1]

New ideas on a new old type of cipher: The mixed-radix one-time pad,

F. F. G. Buono, “New ideas on a new old type of cipher: The mixed-radix one-time pad,” 2026. 26 Draft

2026
[2]

A new method of solving numerical equations of all orders, by continu- ous approximation,

W. G. Horner, “A new method of solving numerical equations of all orders, by continu- ous approximation,”Philosophical Transactions of the Royal Society of London, vol. 109, pp. 308–335, 1819
[3]

Syntactic systems cannot see semantic invariants,

F. F. G. Buono, “Syntactic systems cannot see semantic invariants,” 2026

2026
[4]

Cipher printing telegraph systems for secret wire and radio telegraphic communications,

G. S. Vernam, “Cipher printing telegraph systems for secret wire and radio telegraphic communications,”Transactions of the AIEE, vol. 45, pp. 295–301, 1926

1926
[5]

Communication theory of secrecy systems,

C. E. Shannon, “Communication theory of secrecy systems,”Bell System Technical Journal, vol. 28, no. 4, pp. 656–715, 1949

1949
[6]

A new type of cipher,

F. F. G. Buono, “A new type of cipher,” 2012

2012
[7]

Quantum cryptography: Public key distribution and coin tossing,

C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” inProceedings of the IEEE International Conference on Computers, Systems and Signal Processing, (Bangalore, India), pp. 175–179, 1984

1984
[8]

Fast random integer generation in an interval,

D. Lemire, “Fast random integer generation in an interval,”ACM Transactions on Modeling and Computer Simulation, vol. 29, no. 1, pp. 3:1–3:12, 2019

2019
[9]

D. E. Knuth,The Art of Computer Programming, Vol. 2: Seminumerical Algorithms. Addison-Wesley, 3 ed., 1997

1997
[10]

Efficient rejection sampling in the entropy-optimal range,

T. L. Draper and F. A. Saad, “Efficient rejection sampling in the entropy-optimal range,” 2025

2025
[11]

Renner,Security of Quantum Key Distribution

R. Renner,Security of Quantum Key Distribution. PhD thesis, ETH Zurich, 2005

2005
[12]

T. M. Cover and J. A. Thomas,Elements of Information Theory. Wiley-Interscience, 2 ed., 2006

2006
[13]

Generalized kraft inequality and arithmetic coding,

J. Rissanen, “Generalized kraft inequality and arithmetic coding,”IBM Journal of Research and Development, vol. 20, no. 3, pp. 198–203, 1976

1976
[14]

On lattices, learning with errors, random linear codes, and cryptography,

O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” Journal of the ACM, vol. 56, no. 6, pp. 34:1–34:40, 2009

2009
[15]

On the inherent intractability of certain coding problems,

E. R. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg, “On the inherent intractability of certain coding problems,”IEEE Transactions on Information Theory, vol. 24, no. 3, pp. 384–386, 1978. 27

1978

[1] [1]

New ideas on a new old type of cipher: The mixed-radix one-time pad,

F. F. G. Buono, “New ideas on a new old type of cipher: The mixed-radix one-time pad,” 2026. 26 Draft

2026

[2] [2]

A new method of solving numerical equations of all orders, by continu- ous approximation,

W. G. Horner, “A new method of solving numerical equations of all orders, by continu- ous approximation,”Philosophical Transactions of the Royal Society of London, vol. 109, pp. 308–335, 1819

[3] [3]

Syntactic systems cannot see semantic invariants,

F. F. G. Buono, “Syntactic systems cannot see semantic invariants,” 2026

2026

[4] [4]

Cipher printing telegraph systems for secret wire and radio telegraphic communications,

G. S. Vernam, “Cipher printing telegraph systems for secret wire and radio telegraphic communications,”Transactions of the AIEE, vol. 45, pp. 295–301, 1926

1926

[5] [5]

Communication theory of secrecy systems,

C. E. Shannon, “Communication theory of secrecy systems,”Bell System Technical Journal, vol. 28, no. 4, pp. 656–715, 1949

1949

[6] [6]

A new type of cipher,

F. F. G. Buono, “A new type of cipher,” 2012

2012

[7] [7]

Quantum cryptography: Public key distribution and coin tossing,

C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” inProceedings of the IEEE International Conference on Computers, Systems and Signal Processing, (Bangalore, India), pp. 175–179, 1984

1984

[8] [8]

Fast random integer generation in an interval,

D. Lemire, “Fast random integer generation in an interval,”ACM Transactions on Modeling and Computer Simulation, vol. 29, no. 1, pp. 3:1–3:12, 2019

2019

[9] [9]

D. E. Knuth,The Art of Computer Programming, Vol. 2: Seminumerical Algorithms. Addison-Wesley, 3 ed., 1997

1997

[10] [10]

Efficient rejection sampling in the entropy-optimal range,

T. L. Draper and F. A. Saad, “Efficient rejection sampling in the entropy-optimal range,” 2025

2025

[11] [11]

Renner,Security of Quantum Key Distribution

R. Renner,Security of Quantum Key Distribution. PhD thesis, ETH Zurich, 2005

2005

[12] [12]

T. M. Cover and J. A. Thomas,Elements of Information Theory. Wiley-Interscience, 2 ed., 2006

2006

[13] [13]

Generalized kraft inequality and arithmetic coding,

J. Rissanen, “Generalized kraft inequality and arithmetic coding,”IBM Journal of Research and Development, vol. 20, no. 3, pp. 198–203, 1976

1976

[14] [14]

On lattices, learning with errors, random linear codes, and cryptography,

O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” Journal of the ACM, vol. 56, no. 6, pp. 34:1–34:40, 2009

2009

[15] [15]

On the inherent intractability of certain coding problems,

E. R. Berlekamp, R. J. McEliece, and H. C. A. van Tilborg, “On the inherent intractability of certain coding problems,”IEEE Transactions on Information Theory, vol. 24, no. 3, pp. 384–386, 1978. 27

1978