pith. sign in

arxiv: 2605.04720 · v2 · pith:UNFNDGF6new · submitted 2026-05-06 · 💻 cs.IT · math.IT

A Framework of Secure Source Coding using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

Yasutada Oohama , Bagus Santoso This is my paper

Pith reviewed 2026-05-22 10:17 UTC · model grok-4.3

classification 💻 cs.IT math.IT
keywords secure source codingmutual information securitystrong converse theoremuniversal codingShannon cipher systeminformation leakagesource encryption
0
0 comments X

The pith

Reliable and secure source coding is possible exactly when a rate condition holds, and this condition does not depend on the allowed error or leakage levels.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a framework for source encryption by applying cryptographic processing to a fixed-length source code inside the Shannon cipher system, with mutual information serving as the measure of leakage to an adversary. It derives the necessary and sufficient rate condition under which schemes can keep error probability below any fixed ε in (0,1) and leakage below any fixed δ in (0,∞). This condition turns out to be the same no matter what specific values ε and δ take, which proves the strong converse theorem for the framework. The authors also construct encryption and decryption schemes that work for every possible distribution of the plaintext and the key.

Core claim

In the proposed source encryption framework, the necessary and sufficient condition for the existence of schemes with error probability at most ε and mutual information leakage at most δ is independent of ε and δ. This condition fully characterizes when reliable and secure communication is possible, and universal encryption/decryption schemes exist that achieve the condition for arbitrary distributions of the source and key.

What carries the argument

Mutual information security criterion applied after cryptographic processing of a fixed-length source code in the Shannon cipher system.

If this is right

  • Whenever the rate condition holds, encryption and decryption schemes exist that simultaneously meet the error and leakage bounds.
  • If the rate condition fails, then for large enough blocks every scheme must violate either the error bound or the leakage bound.
  • Universal schemes achieve the bounds without any knowledge of the source or key distributions.
  • Source coding and encryption steps can be separated while still guaranteeing the information-theoretic security condition.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same strong-converse approach may apply when leakage is measured by quantities other than mutual information.
  • The universal schemes suggest direct use in settings where source or key statistics are unknown or vary over time.
  • The framework could be adapted to lossy source coding or to cases with side information at the decoder.

Load-bearing premise

Mutual information is assumed to be the right measure of what an adversary learns, and encryption is applied to a fixed-length compressed version of the source inside the Shannon cipher system.

What would settle it

For a binary source with known entropy, explicitly compute the smallest key rate that keeps leakage below a chosen δ for two different values of ε and check whether the rate stays exactly the same.

Figures

Figures reproduced from arXiv: 2605.04720 by Bagus Santoso, Yasutada Oohama.

Figure 2
Figure 2. Figure 2: System model of source encryption 1) Source Processing: At node L, is encrypted with the key using the encryption function Φ() : X × X → C () . The ciphertext of is given by () = Φ() (, ). On the encryption function Φ() , we use the following notation: Φ() (, ) = Φ() view at source ↗
Figure 3
Figure 3. Figure 3: Encoding process based on C () ( ) n X X ( ) n ( ) n K K X X view at source ↗
Figure 4
Figure 4. Figure 4: Constructions of (Φ() , Ψ() ) Proof of Lemma 2 is given in Section V-A. We construct ( () , () ) based on this lemma. Let view at source ↗
read the original abstract

In this paper, we propose a framework of source encryption, where cryptographic processing is applied to a prescribed fixed length source code. The proposed source encryption framework is based on the secure communication framework of the Shannon cipher system. In the proposed framework, we use the mutual information as a measure of information leakage to an adversary. For the proposed framework, we explicitly establish the necessary and sufficient condition for reliable and secure communication under the condition that error probability and information leakage, respectively, are upper bounded by prescribed constants $\epsilon\in (0,1)$ and $\delta \in (0,\infty)$. We also show that the obtained necessary and sufficient condition does not depend on the constants $\epsilon\in (0,1)$ and $\delta\in (0,\infty)$, demonstrating that we have the strong converse theorem for the proposed framework of source encryption. We further prove the existence of encryption/decryption schemes, which are universal in the sense that they work effectively for any distributions of the plain text and those of the key used for the encryption.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The manuscript proposes a framework for source encryption in the Shannon cipher system, where cryptographic processing is applied to a fixed-length source code. Using mutual information as the security criterion for information leakage, the authors derive the necessary and sufficient condition for reliable and secure communication subject to error probability bounded by ε ∈ (0,1) and leakage bounded by δ ∈ (0,∞). They show that the resulting condition is independent of the specific values of ε and δ, establishing a strong converse theorem, and prove the existence of universal encryption/decryption schemes that perform well for arbitrary distributions of the plaintext and the key.

Significance. If the derivations hold, the work is significant for information-theoretic security: it supplies a single-letter characterization of the achievable rate region together with a strong converse that is free of the tolerance parameters ε and δ, plus universal schemes that do not require knowledge of the source or key statistics. The use of standard random-coding arguments for both the direct and converse parts is a strength, as is the explicit demonstration that the region expression does not depend on the prescribed constants.

minor comments (2)
  1. The abstract states the independence of the condition from ε and δ clearly; adding a one-line display of the resulting rate region would improve immediate readability for readers scanning the abstract.
  2. Notation for the mutual-information leakage term is introduced in the framework section; a short reminder equation when the strong-converse statement is proved would help readers track the parameter independence.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the careful reading of the manuscript and for the positive recommendation to accept. We are encouraged by the recognition of the significance of the single-letter characterization, the strong converse independent of ε and δ, and the existence of universal schemes.

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained via standard information-theoretic arguments

full rationale

The paper derives the necessary and sufficient condition for reliable secure communication under mutual information leakage bounds using the Shannon cipher system framework. The strong converse result—that the achievable region is independent of specific ε ∈ (0,1) and δ ∈ (0,∞)—follows from direct and converse proofs based on random coding and single-letter characterizations. These steps are internally consistent and do not reduce to self-defined parameters, fitted inputs renamed as predictions, or load-bearing self-citations. The universal coding existence is established separately via standard arguments. No quoted reduction of the central claim to its own inputs appears; the result is externally falsifiable against classical source coding bounds.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The framework rests on standard information-theoretic assumptions such as finite alphabets and the validity of mutual information as a leakage measure; no new free parameters or invented entities are introduced in the abstract.

axioms (2)
  • domain assumption Mutual information is an appropriate security criterion for the adversary in the Shannon cipher system
    Invoked when defining the information leakage bound δ in the necessary and sufficient condition.
  • domain assumption Source codes are of prescribed fixed length
    Stated as the starting point for applying cryptographic processing.

pith-pipeline@v0.9.0 · 5712 in / 1466 out tokens · 36383 ms · 2026-05-22T10:17:07.005120+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

  • IndisputableMonolith/Foundation/AbsoluteFloorClosure.lean reality_from_one_distinction unclear
    ?
    unclear

    Relation between the paper passage and the cited Recognition theorem.

    We explicitly establish the necessary and sufficient condition for reliable and secure communication under the condition that error probability and information leakage, respectively, are upper bounded by prescribed constants ε∈(0,1) and δ∈(0,∞). We also show that the obtained necessary and sufficient condition does not depend on the constants ε∈(0,1) and δ∈(0,∞), demonstrating that we have the strong converse theorem

  • IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear
    ?
    unclear

    Relation between the paper passage and the cited Recognition theorem.

    We use the mutual information as a measure of information leakage to an adversary

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

    cs.IT 2026-05 unverdicted novelty 7.0

    The paper gives necessary and sufficient conditions for secure variable-length source encryption under mutual information leakage bounded by any δ>0, proves these conditions are independent of δ (strong converse), and...

  2. A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

    cs.IT 2026-05 unverdicted novelty 6.0

    The necessary and sufficient condition for reliable and secure source encryption with mutual information leakage bounded by δ and error probability by ε is independent of ε and δ, establishing a strong converse theore...

Reference graph

Works this paper leans on

26 extracted references · 26 canonical work pages · cited by 1 Pith paper

  1. [1]

    Here, M ( /u1D45B )= { 1, 2, · · · , |M ( /u1D45B )|}

    Encoding Process: At node E, the encoder function /u1D719( /u1D45B ) : X/u1D45B → M ( /u1D45B ) observes /u1D47Fto generate /u1D719( /u1D45B )( /u1D47F). Here, M ( /u1D45B )= { 1, 2, · · · , |M ( /u1D45B )|}

    work page

  2. [2]

    Transmission: Next, the encoded source /u1D719( /u1D45B )( /u1D47F)is sent to node D through a noiseless channel

    work page

  3. [3]

    Decoding Process: At node D, the decoder function /u1D713( /u1D45B ): M ( /u1D45B )→ X /u1D45B observes /u1D719( /u1D45B )( /u1D47F)to output ˆ /u1D47F, where ˆ/u1D47F:= /u1D713( /u1D45B )◦ /u1D719( /u1D45B )( /u1D47F). For the above ( /u1D719( /u1D45B ), /u1D713( /u1D45B )), define the set D ( /u1D45B )of correct decoding by D ( /u1D45B ):= { /u1D499∈ X /...

    work page

  4. [4]

    The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B )= Φ ( /u1D45B )( /u1D472, /u1D47F)

    Source Processing: At node L, /u1D47Fis encrypted with the key /u1D472using the encryption function Φ ( /u1D45B ): X/u1D45B × X /u1D45B → C ( /u1D45B ). The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B )= Φ ( /u1D45B )( /u1D472, /u1D47F). On the encryption function Φ ( /u1D45B ), we use the following notation: Φ ( /u1D45B )( /u1D472, /u1D47F)= Φ ( /...

    work page

  5. [5]

    Meanwhile, the key /u1D472is sent to D through the private communication channel

    Transmission: The ciphertext /u1D436 ( /u1D45B ) is sent to node D through the public communication channel. Meanwhile, the key /u1D472is sent to D through the private communication channel

    work page

  6. [6]

    Here we set ˆ /u1D47F:= Ψ ( /u1D45B )( /u1D472, /u1D436 ( /u1D45B ))

    Sink Node Processing: At node D, the ciphertext is decrypted using the key /u1D472through the corresponding decryption procedure Ψ ( /u1D45B ) : X/u1D45B × C ( /u1D45B ) → X /u1D45B . Here we set ˆ /u1D47F:= Ψ ( /u1D45B )( /u1D472, /u1D436 ( /u1D45B )). On the decryption function Ψ ( /u1D45B ), we use the following notation: Ψ ( /u1D45B )( /u1D472, /u1D43...

    work page

  7. [7]

    On the reliability, /u1D45De( /u1D719( /u1D45B ), /u1D713( /u1D45B )| /u1D45D/u1D45B /u1D44B )vanishes exponen- tially as /u1D45B→ ∞ , and its exponent is lower bounded by /u1D438 ( /u1D445 | /u1D45D/u1D44B )

    work page

  8. [8]

    On the security, Δ ( /u1D45B ) MI ( Φ ( /u1D45B )| /u1D45D/u1D45B /u1D44B , /u1D45D /u1D45B /u1D43E )vanishes exponen- tially as /u1D45B→ ∞ , and its exponent is lower bounded by /u1D439 ( /u1D445 | /u1D45D/u1D43E )

    work page

  9. [9]

    Here, we define the following quantity

    The code that attains the pair ( /u1D438 ( /u1D445 | /u1D45D/u1D44B ), /u1D439 ( /u1D445 | /u1D45D/u1D44B ))of exponent functions is the universal code that depends only on /u1D445 not on the value of the pair of the distributions ( /u1D45D/u1D44B , /u1D45D /u1D43E ) ∈ P2(X). Here, we define the following quantity. /u1D445 ∗( /u1D45D/u1D44B , /u1D45D /u1D4...

    work page

  10. [10]

    Let /u1D436 /u1D45A = Φ ( /u1D45B )( /u1D47F, /u1D472), ˜/u1D44B/u1D45A = /u1D719( /u1D45B )( /u1D47F), and ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472)

    Define Φ ( /u1D45B ): X/u1D45B × X /u1D45B → X /u1D45A by Φ ( /u1D45B )( /u1D48C, /u1D499)= /u1D711( /u1D45B )( /u1D48C) ⊕/u1D719( /u1D45B )( /u1D499) for /u1D48C, /u1D499∈ X /u1D45B . Let /u1D436 /u1D45A = Φ ( /u1D45B )( /u1D47F, /u1D472), ˜/u1D44B/u1D45A = /u1D719( /u1D45B )( /u1D47F), and ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472). Then we have /u1...

    work page

  11. [11]

    Us- ing /u1D711( /u1D45B ), Ψ ( /u1D45B )first encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472)

    Ψ ( /u1D45B )receives the ciphertext /u1D436 /u1D45A = ˜/u1D44B/u1D45A ⊕ ˜/u1D43E /u1D45A and the key /u1D472, respectively, through public and private channels. Us- ing /u1D711( /u1D45B ), Ψ ( /u1D45B )first encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472). Ψ ( /u1D45B ) next subtracts ˜/u1D43E /u1D45A from /u1D436 /u1D45A to obtain ˜/u...

    work page

  12. [12]

    Step (a) follows from Lemma 3 part b)

    On upper bounds of |C /u1D45B ( /u1D445 )|, we have the following: |C /u1D45B ( /u1D445 )|= /summationdisplay.1 /u1D443 ∈ P/u1D45B ( X ): /u1D445>/u1D43B ( /u1D443 ) | /u1D447 /u1D45B ( /u1D443 )| ( a) ≤ /summationdisplay.1 /u1D443 ∈ P/u1D45B ( X ): /u1D445>/u1D43B ( /u1D443 ) 2/u1D45B/u1D43B ( /u1D443 ) ( b) ≤ |P /u1D45B (X)|2/u1D45B/u1D445 ( c) ≤ ( /u1D...

    work page

  13. [13]

    Communication theory of secrecy systems ,

    C. E. Shannon, “Communication theory of secrecy systems ,” The Bell System Technical Journal , vol. 28, no. 4, pp. 656–715, 1949

    work page 1949

  14. [14]

    Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,

    H. Y amamoto, “Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,” IEEE Transactions on Information Theory , vol. 40, no. 1, pp. 85–95, 1994

    work page 1994

  15. [15]

    Rate-distortion theory for the Shannon cipher syst em,

    ——, “Rate-distortion theory for the Shannon cipher syst em,” IEEE Transactions on Information Theory , vol. 43, no. 3, pp. 827–835, 1997

    work page 1997

  16. [16]

    Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,

    Y . Hayashi and H. Y amamoto, “Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,” IEEE Transactions on Information Theory , vol. 54, no. 6, pp. 2808–2817, 2008

    work page 2008

  17. [17]

    A framework for Shannon cipher s under side-channel attacks: A strong converse and more,

    Y . Oohama and B. Santoso, “ A framework for Shannon cipher s under side-channel attacks: A strong converse and more,” in IEEE International Symposium on Information Theory, ISIT 2022, Espoo, Finland, June 26 - July 1, 2022 . IEEE, 2022, pp. 862–867. [Online]. Available: https://doi.org/10.1109/ISIT50566.2022.9834899

    work page doi:10.1109/isit50566.2022.9834899 2022

  18. [18]

    Universal source encryption under side-channel at tacks,

    ——, “Universal source encryption under side-channel at tacks,” in IEEE International Symposium on Information Theory, ISIT 2 024, Athens, Greece, July 7-12, 2024 . IEEE, 2024, pp. 3344–3349. [Online]. Available: https://doi.org/10.1109/ISIT5786 4.2024.10619496

    work page doi:10.1109/isit5786 2024

  19. [19]

    Strong converse for distributed source coding with encryption using correlated keys,

    ——, “Strong converse for distributed source coding with encryption using correlated keys,” in IEEE Information Theory Workshop, ITW 2021, Kanazawa, Japan, October 17-21, 2021 . IEEE, 2021, pp. 1–6. [Online]. Available: https://doi.org/10.1109/ITW48936 .2021.9611414

    work page doi:10.1109/itw48936 2021

  20. [20]

    A framework for distributed source coding with encr yption: A new strong converse and more,

    ——, “ A framework for distributed source coding with encr yption: A new strong converse and more,” in International Symposium on Information Theory and Its Applications, ISITA 2022, Tsuku ba, Ibaraki, Japan, October 17-19, 2022 . IEEE, 2022, pp. 189–193. [Online]. Available: https://ieeexplore.ieee.org/document/10683942

    work page arXiv 2022

  21. [21]

    Strong converse for distributed source encryption under standard mutual information,

    ——, “Strong converse for distributed source encryption under standard mutual information,” in 2025 IEEE Information Theory Workshop (ITW) , 2025, pp. 632–637

    work page 2025

  22. [22]

    T. S. Han, Information-Spectrum Methods in Information Theory . Springer, 2003

    work page 2003

  23. [23]

    Security notions for informati on theoreti- cally secure encryptions,

    M. Iwamoto and K. Ohta, “Security notions for informati on theoreti- cally secure encryptions,” in 2011 IEEE International Symposium on Information Theory Proceedings , 2011, pp. 1777–1781

    work page 2011

  24. [24]

    T. S. Han and K. Kobayashi, Mathematics of Information and Cod- ing, ser. Translation of Mathematical Monographs, S. Kobayash i and M. Takesaki, Eds. American Mathematical Society, 2002, vol . 203

    work page 2002

  25. [25]

    Information theoretic secur ity for Shannon cipher system under side-channel attacks,

    B. Santoso and Y . Oohama, “Information theoretic secur ity for Shannon cipher system under side-channel attacks,” Entropy, vol. 21, no. 5,

    work page

  26. [26]

    Available: https://www.mdpi.com/1099-4 300/21/5/469 A/p.pc/p.pc/e.pc/n.pc/d.pc/i.pc/x.pc A

    [Online]. Available: https://www.mdpi.com/1099-4 300/21/5/469 A/p.pc/p.pc/e.pc/n.pc/d.pc/i.pc/x.pc A. Proof of Property 1 Under /u1D499, /u1D499′ ∈ D ( /u1D45B )and /u1D499≠ /u1D499′, we assume that Φ ( /u1D45B ) /u1D48C( /u1D499)= Φ ( /u1D45B ) /u1D48C( /u1D499′). (34) Then, we have the following: /u1D499 ( a) = /u1D713( /u1D45B )◦ /u1D719( /u1D45B )( /u...

    work page