arxiv: 2605.04720 · v1 · submitted 2026-05-06 · 💻 cs.IT · math.IT

Recognition: unknown

A Framework of Secure Source Coding using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

Yasutada Oohama , Bagus Santoso

Authors on Pith no claims yet

Pith reviewed 2026-05-08 16:33 UTC · model grok-4.3

classification 💻 cs.IT math.IT

keywords secure source codingmutual information securitystrong converse theoremuniversal codingShannon cipher systemsource encryptioninformation leakage

0 comments

The pith

Necessary and sufficient condition for secure source coding is independent of error and leakage bounds

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper proposes a framework for source encryption by applying cryptographic processing to fixed-length source codes, modeled after the Shannon cipher system. It measures security via mutual information leakage to an adversary. The authors derive the necessary and sufficient condition on the coding parameters for achieving error probability below any ε in (0,1) and leakage below any δ >0. They prove that this condition remains the same regardless of the specific values of ε and δ, which constitutes the strong converse theorem for the framework. Additionally, they show that universal encryption and decryption schemes exist that function effectively for any probability distributions of the plaintext and the encryption key.

Core claim

For the proposed source encryption framework, the necessary and sufficient condition for reliable and secure communication, with error probability bounded by ε and information leakage bounded by δ, does not depend on ε and δ. This establishes the strong converse. There exist universal schemes that achieve the condition for arbitrary distributions of the plaintext and key.

What carries the argument

The mutual information security criterion within the adapted Shannon cipher system for fixed-length source codes, which supports the derivation of the rate condition and universality.

If this is right

Reliable and secure communication is possible precisely when the coding rate meets the derived threshold.
The same threshold applies no matter what positive constants bound the error and leakage.
Universal schemes succeed without knowledge of the source or key distributions.
The framework allows cryptographic processing to be layered on standard fixed-length source codes.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This independence may allow designers to optimize for worst-case error and leakage without adjusting rates.
It could extend to other security metrics if they can be bounded by mutual information.
Testing these universal schemes in real-world cryptographic implementations would validate their practicality.

Load-bearing premise

Mutual information is a valid and sufficient measure of the information leakage to an adversary in this source encryption setup.

What would settle it

A counterexample consisting of specific plaintext and key distributions where a scheme meeting the rate condition fails to keep both error probability and mutual information leakage below the prescribed bounds, or where the required rate varies with ε or δ.

Figures

Figures reproduced from arXiv: 2605.04720 by Bagus Santoso, Yasutada Oohama.

**Figure 2.** Figure 2: System model of source encryption 1) Source Processing: At node L, is encrypted with the key using the encryption function Φ() : X × X → C () . The ciphertext of is given by () = Φ() (, ). On the encryption function Φ() , we use the following notation: Φ() (, ) = Φ() view at source ↗

**Figure 3.** Figure 3: Encoding process based on C () ( ) n X X ( ) n ( ) n K K X X view at source ↗

**Figure 4.** Figure 4: Constructions of (Φ() , Ψ() ) Proof of Lemma 2 is given in Section V-A. We construct ( () , () ) based on this lemma. Let view at source ↗

read the original abstract

In this paper, we propose a framework of source encryption, where cryptographic processing is applied to a prescribed fixed length source code. The proposed source encryption framework is based on the secure communication framework of the Shannon cipher system. In the proposed framework, we use the mutual information as a measure of information leakage to an adversary. For the proposed framework, we explicitly establish the necessary and sufficient condition for reliable and secure communication under the condition that error probability and information leakage, respectively, are upper bounded by prescribed constants $\epsilon\in (0,1)$ and $\delta \in (0,\infty)$. We also show that the obtained necessary and sufficient condition does not depend on the constants $\epsilon\in (0,1)$ and $\delta\in (0,\infty)$, demonstrating that we have the strong converse theorem for the proposed framework of source encryption. We further prove the existence of encryption/decryption schemes, which are universal in the sense that they work effectively for any distributions of the plain text and those of the key used for the encryption.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a clean strong-converse result plus universal schemes for mutual-information secure source coding on fixed-length codes, with rates independent of the specific ε and δ.

read the letter

The main takeaway is that this paper establishes necessary and sufficient rate conditions for reliable and secure communication in their framework, and shows those conditions do not depend on the error tolerance ε or the leakage tolerance δ. That independence is the strong converse. They also prove existence of encryption and decryption schemes that work for any fixed distributions on the plaintext and the key, without needing to know those distributions in advance. The setup applies cryptographic processing to a prescribed fixed-length source code and measures leakage by mutual information, following the Shannon cipher system structure. The derivations rely on standard information-theoretic tools such as random coding arguments, and the claims line up without internal contradictions or unsupported steps. The universality result is the part that stands out most, because it removes the usual dependence on knowing the source statistics. The fixed-length restriction keeps the analysis tractable but narrows the scope compared with variable-length or adaptive coding. Mutual information as the leakage metric is a deliberate choice that fits their criterion, though readers who prefer other security notions will see it as one possible measure rather than the only one. No load-bearing gaps appear in the logic. This is the kind of work that information theorists focused on secure source coding and strong converses will want to see. A reader who follows results on universal coding or rate regions independent of tolerances will get direct value from the explicit conditions. It is worth sending to peer review because the theorems are stated precisely and the framework is reproducible from the given constructions.

Referee Report

0 major / 2 minor

Summary. The paper proposes a framework for secure source coding in which cryptographic processing is applied to a prescribed fixed-length source code within the Shannon cipher system. Mutual information is adopted as the measure of information leakage to an adversary. The central results are the explicit derivation of necessary and sufficient conditions for reliable and secure communication when the decoding error probability is at most ε ∈ (0,1) and the mutual-information leakage is at most δ ∈ (0,∞), the demonstration that these conditions are independent of the specific values of ε and δ (establishing a strong converse), and the proof of existence of universal encryption/decryption schemes that succeed for arbitrary distributions of the plaintext and the key.

Significance. If the derivations hold, the work supplies a parameter-independent strong converse together with universal schemes for secure source coding under mutual-information leakage. This is a meaningful extension of classical Shannon-cipher results to general sources and fixed-length coding, providing robust fundamental limits that do not depend on the precise error or leakage tolerances. The universality result is a particular strength, as it removes the need to know the source or key distributions in advance.

minor comments (2)

The precise relationship between the fixed source-code length and the block length n used in the asymptotic statements should be stated explicitly in the problem formulation (e.g., near the definition of the encryption/decryption functions).
A short remark clarifying why mutual information is chosen over other leakage measures (e.g., in comparison with the Shannon cipher literature) would improve accessibility for readers outside the immediate sub-area.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive assessment of our manuscript and the recommendation for minor revision. The referee's summary correctly identifies the key contributions: the necessary and sufficient conditions for reliable and secure communication under mutual-information leakage, the strong converse showing independence from specific ε and δ values, and the existence of universal encryption/decryption schemes that apply to arbitrary plaintext and key distributions.

Circularity Check

0 steps flagged

No significant circularity; derivation self-contained via standard IT arguments

full rationale

The paper defines a source encryption framework based on the classical Shannon cipher system, adopts mutual information as the leakage metric by explicit choice, and derives necessary and sufficient conditions for error probability ≤ ε and leakage ≤ δ. The strong-converse claim (independence of ε, δ) and the existence of universal schemes for arbitrary source/key distributions are obtained via standard random-coding and typical-set arguments that do not reduce to fitted parameters, self-definitions, or load-bearing self-citations. All central results follow directly from the stated definitions and constructions without internal reduction to inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the application of the Shannon cipher system to fixed-length source codes and the use of mutual information as a leakage measure. These are drawn from standard information theory without new postulates or fitted parameters. No invented entities are introduced.

axioms (1)

standard math Standard definitions and properties of entropy, mutual information, and error probability from classical information theory.
The framework and theorems rely on these established concepts to define reliability and security.

pith-pipeline@v0.9.0 · 5481 in / 1451 out tokens · 102640 ms · 2026-05-08T16:33:43.384347+00:00 · methodology

discussion (0)

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem
cs.IT 2026-05 unverdicted novelty 7.0

The paper gives necessary and sufficient conditions for secure variable-length source encryption under mutual information leakage bounded by any δ>0, proves these conditions are independent of δ (strong converse), and...
A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem
cs.IT 2026-05 unverdicted novelty 6.0

The necessary and sufficient condition for reliable and secure source encryption with mutual information leakage bounded by δ and error probability by ε is independent of ε and δ, establishing a strong converse theore...

Reference graph

Works this paper leans on

26 extracted references · 4 canonical work pages · cited by 1 Pith paper

[1]

Here, M ( /u1D45B )= { 1, 2, · · · , |M ( /u1D45B )|}

Encoding Process: At node E, the encoder function /u1D719( /u1D45B ) : X/u1D45B → M ( /u1D45B ) observes /u1D47Fto generate /u1D719( /u1D45B )( /u1D47F). Here, M ( /u1D45B )= { 1, 2, · · · , |M ( /u1D45B )|}
[2]

Transmission: Next, the encoded source /u1D719( /u1D45B )( /u1D47F)is sent to node D through a noiseless channel
[3]

Decoding Process: At node D, the decoder function /u1D713( /u1D45B ): M ( /u1D45B )→ X /u1D45B observes /u1D719( /u1D45B )( /u1D47F)to output ˆ /u1D47F, where ˆ/u1D47F:= /u1D713( /u1D45B )◦ /u1D719( /u1D45B )( /u1D47F). For the above ( /u1D719( /u1D45B ), /u1D713( /u1D45B )), deﬁne the set D ( /u1D45B )of correct decoding by D ( /u1D45B ):= { /u1D499∈ X /...
[4]

The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B )= Φ ( /u1D45B )( /u1D472, /u1D47F)

Source Processing: At node L, /u1D47Fis encrypted with the key /u1D472using the encryption function Φ ( /u1D45B ): X/u1D45B × X /u1D45B → C ( /u1D45B ). The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B )= Φ ( /u1D45B )( /u1D472, /u1D47F). On the encryption function Φ ( /u1D45B ), we use the following notation: Φ ( /u1D45B )( /u1D472, /u1D47F)= Φ ( /...
[5]

Meanwhile, the key /u1D472is sent to D through the private communication channel

Transmission: The ciphertext /u1D436 ( /u1D45B ) is sent to node D through the public communication channel. Meanwhile, the key /u1D472is sent to D through the private communication channel
[6]

Here we set ˆ /u1D47F:= Ψ ( /u1D45B )( /u1D472, /u1D436 ( /u1D45B ))

Sink Node Processing: At node D, the ciphertext is decrypted using the key /u1D472through the corresponding decryption procedure Ψ ( /u1D45B ) : X/u1D45B × C ( /u1D45B ) → X /u1D45B . Here we set ˆ /u1D47F:= Ψ ( /u1D45B )( /u1D472, /u1D436 ( /u1D45B )). On the decryption function Ψ ( /u1D45B ), we use the following notation: Ψ ( /u1D45B )( /u1D472, /u1D43...
[7]

On the reliability, /u1D45De( /u1D719( /u1D45B ), /u1D713( /u1D45B )| /u1D45D/u1D45B /u1D44B )vanishes exponen- tially as /u1D45B→ ∞ , and its exponent is lower bounded by /u1D438 ( /u1D445 | /u1D45D/u1D44B )
[8]

On the security, Δ ( /u1D45B ) MI ( Φ ( /u1D45B )| /u1D45D/u1D45B /u1D44B , /u1D45D /u1D45B /u1D43E )vanishes exponen- tially as /u1D45B→ ∞ , and its exponent is lower bounded by /u1D439 ( /u1D445 | /u1D45D/u1D43E )
[9]

Here, we deﬁne the following quantity

The code that attains the pair ( /u1D438 ( /u1D445 | /u1D45D/u1D44B ), /u1D439 ( /u1D445 | /u1D45D/u1D44B ))of exponent functions is the universal code that depends only on /u1D445 not on the value of the pair of the distributions ( /u1D45D/u1D44B , /u1D45D /u1D43E ) ∈ P2(X). Here, we deﬁne the following quantity. /u1D445 ∗( /u1D45D/u1D44B , /u1D45D /u1D4...
[10]

Let /u1D436 /u1D45A = Φ ( /u1D45B )( /u1D47F, /u1D472), ˜/u1D44B/u1D45A = /u1D719( /u1D45B )( /u1D47F), and ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472)

Deﬁne Φ ( /u1D45B ): X/u1D45B × X /u1D45B → X /u1D45A by Φ ( /u1D45B )( /u1D48C, /u1D499)= /u1D711( /u1D45B )( /u1D48C) ⊕/u1D719( /u1D45B )( /u1D499) for /u1D48C, /u1D499∈ X /u1D45B . Let /u1D436 /u1D45A = Φ ( /u1D45B )( /u1D47F, /u1D472), ˜/u1D44B/u1D45A = /u1D719( /u1D45B )( /u1D47F), and ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472). Then we have /u1...
[11]

Us- ing /u1D711( /u1D45B ), Ψ ( /u1D45B )ﬁrst encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472)

Ψ ( /u1D45B )receives the ciphertext /u1D436 /u1D45A = ˜/u1D44B/u1D45A ⊕ ˜/u1D43E /u1D45A and the key /u1D472, respectively, through public and private channels. Us- ing /u1D711( /u1D45B ), Ψ ( /u1D45B )ﬁrst encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711( /u1D45B )( /u1D472). Ψ ( /u1D45B ) next subtracts ˜/u1D43E /u1D45A from /u1D436 /u1D45A to obtain ˜/u...
[12]

Step (a) follows from Lemma 3 part b)

On upper bounds of |C /u1D45B ( /u1D445 )|, we have the following: |C /u1D45B ( /u1D445 )|= /summationdisplay.1 /u1D443 ∈ P/u1D45B ( X ): /u1D445>/u1D43B ( /u1D443 ) | /u1D447 /u1D45B ( /u1D443 )| ( a) ≤ /summationdisplay.1 /u1D443 ∈ P/u1D45B ( X ): /u1D445>/u1D43B ( /u1D443 ) 2/u1D45B/u1D43B ( /u1D443 ) ( b) ≤ |P /u1D45B (X)|2/u1D45B/u1D445 ( c) ≤ ( /u1D...
[13]

Communication theory of secrecy systems ,

C. E. Shannon, “Communication theory of secrecy systems ,” The Bell System Technical Journal , vol. 28, no. 4, pp. 656–715, 1949

1949
[14]

Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,

H. Y amamoto, “Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,” IEEE Transactions on Information Theory , vol. 40, no. 1, pp. 85–95, 1994

1994
[15]

Rate-distortion theory for the Shannon cipher syst em,

——, “Rate-distortion theory for the Shannon cipher syst em,” IEEE Transactions on Information Theory , vol. 43, no. 3, pp. 827–835, 1997

1997
[16]

Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,

Y . Hayashi and H. Y amamoto, “Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,” IEEE Transactions on Information Theory , vol. 54, no. 6, pp. 2808–2817, 2008

2008
[17]

A framework for Shannon cipher s under side-channel attacks: a strong converse and more,

Y . Oohama and B. Santoso, “ A framework for Shannon cipher s under side-channel attacks: a strong converse and more,” in IEEE International Symposium on Information Theory, ISIT 2022, Espoo, Finland, June 26 - July 1, 2022 . IEEE, 2022, pp. 862–867. [Online]. Available: https://doi.org/10.1109/ISIT50566.2022.9834899

work page doi:10.1109/isit50566.2022.9834899 2022
[18]

Universal source encryption under side-channel at tacks,

——, “Universal source encryption under side-channel at tacks,” in IEEE International Symposium on Information Theory, ISIT 2 024, Athens, Greece, July 7-12, 2024 . IEEE, 2024, pp. 3344–3349. [Online]. Available: https://doi.org/10.1109/ISIT5786 4.2024.10619496

work page doi:10.1109/isit5786 2024
[19]

Strong converse for distributed source coding with encryption using correlated keys,

——, “Strong converse for distributed source coding with encryption using correlated keys,” in IEEE Information Theory Workshop, ITW 2021, Kanazawa, Japan, October 17-21, 2021 . IEEE, 2021, pp. 1–6. [Online]. Available: https://doi.org/10.1109/ITW48936 .2021.9611414

work page doi:10.1109/itw48936 2021
[20]

A framework for distributed source coding with encr yption: A new strong converse and more,

——, “ A framework for distributed source coding with encr yption: a new strong converse and more,” in International Symposium on Information Theory and Its Applications, ISITA 2022, Tsuku ba, Ibaraki, Japan, October 17-19, 2022 . IEEE, 2022, pp. 189–193. [Online]. Available: https://ieeexplore.ieee.org/document/10683942

work page arXiv 2022
[21]

Strong converse for distributed source encryption under standard mutual information,

——, “Strong converse for distributed source encryption under standard mutual information,” in 2025 IEEE Information Theory Workshop (ITW) , 2025, pp. 632–637

2025
[22]

T. S. Han, Information-Spectrum Methods in Information Theory . Springer, 2003

2003
[23]

Security notions for informati on theoreti- cally secure encryptions,

M. Iwamoto and K. Ohta, “Security notions for informati on theoreti- cally secure encryptions,” in 2011 IEEE International Symposium on Information Theory Proceedings , 2011, pp. 1777–1781

2011
[24]

T. S. Han and K. Kobayashi, Mathematics of Information and Cod- ing, ser. Translation of Mathematical Monographs, S. Kobayash i and M. Takesaki, Eds. American Mathematical Society, 2002, vol . 203

2002
[25]

Information theoretic secur ity for Shannon cipher system under side-channel attacks,

B. Santoso and Y . Oohama, “Information theoretic secur ity for Shannon cipher system under side-channel attacks,” Entropy, vol. 21, no. 5,
[26]

Available: https://www.mdpi.com/1099-4 300/21/5/469 A/p.pc/p.pc/e.pc/n.pc/d.pc/i.pc/x.pc A

[Online]. Available: https://www.mdpi.com/1099-4 300/21/5/469 A/p.pc/p.pc/e.pc/n.pc/d.pc/i.pc/x.pc A. Proof of Property 1 Under /u1D499, /u1D499′ ∈ D ( /u1D45B )and /u1D499≠ /u1D499′, we assume that Φ ( /u1D45B ) /u1D48C( /u1D499)= Φ ( /u1D45B ) /u1D48C( /u1D499′). (34) Then, we have the following: /u1D499 ( a) = /u1D713( /u1D45B )◦ /u1D719( /u1D45B )( /u...