arxiv: 2605.06802 · v1 · submitted 2026-05-07 · 💻 cs.IT · math.IT

Recognition: 1 theorem link

· Lean Theorem

A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

Bagus Santoso, Yasutada Oohama

Pith reviewed 2026-05-11 00:46 UTC · model grok-4.3

classification 💻 cs.IT math.IT

keywords source encryptionmutual informationstrong converseuniversal codingShannon cipher systeminformation leakagefixed-length source code

0 comments

The pith

The necessary and sufficient condition for reliable and secure source encryption does not depend on the allowed error probability or leakage bound.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper introduces a framework that applies encryption to a fixed-length source code inside the Shannon cipher system, measuring security by the mutual information between plaintext and ciphertext. It derives the exact rate condition that guarantees both decoding error probability below any chosen ε and leakage below any chosen δ. The derived condition turns out to be identical for every ε in (0,1) and every δ in (0,∞), which establishes a strong converse theorem. The authors further prove that universal encryption and decryption functions exist that achieve the condition for every possible distribution of the source and of the key.

Core claim

For the proposed source encryption framework, the necessary and sufficient condition on the rates for reliable and secure communication is independent of the constants ε ∈ (0,1) and δ ∈ (0,∞). This independence demonstrates the strong converse theorem. In addition, there exist encryption and decryption schemes that are universal, in the sense that they operate successfully for any distributions of the plaintext and the key.

What carries the argument

The Shannon cipher system applied to a prescribed fixed-length source code, using mutual information between plaintext and ciphertext as the security criterion.

If this is right

The achievable rate region remains exactly the same no matter which positive values of ε and δ are prescribed.
Universal schemes achieve the rate condition without knowledge of the source or key distributions.
If the rate condition is violated, then for any scheme either the error probability or the leakage must exceed the bounds.
The same threshold governs both the direct and converse parts of the theorem.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The independence from ε and δ implies that the security threshold is asymptotically sharp in the large-blocklength regime.
Universal schemes open the possibility of deploying the method when source and key statistics are unknown or time-varying.
The mutual-information leakage measure may allow direct comparison with other information-theoretic secrecy results that use the same quantity.

Load-bearing premise

The framework assumes that the source can be encoded to a fixed length before encryption and that mutual information exactly captures the leakage observable by an adversary who sees only the ciphertext.

What would settle it

An explicit source distribution and key rate at the claimed threshold for which, for some ε and δ, every encryption scheme either produces error probability above ε or leakage above δ.

Figures

Figures reproduced from arXiv: 2605.06802 by Bagus Santoso, Yasutada Oohama.

**Figure 3.** Figure 3: Encoding and decoding procedures We present two propositions necessary for the proof of Theorem 1. Under the choice (12) of , we have the following two propositions: Proposition 2: ∃{C ()}∞ =1 with C [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 4.** Figure 4: Binary sequence expressions of ciphertexts [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

read the original abstract

In this paper, we propose a framework of source encryption, where cryptographic processing is applied to a prescribed fixed length source code. The proposed source encryption framework is based on the secure communication framework of the Shannon cipher system. In the proposed framework, we use the mutual information as a measure of information leakage to an adversary. For the proposed framework, we explicitly establish the necessary and sufficient condition for reliable and secure communication under the condition that error probability and information leakage, respectively, are upper bounded by prescribed constants $\varepsilon\in (0,1)$ and $\delta \in (0,\infty)$. We also show that the obtained necessary and sufficient condition does not depend on the constants $\varepsilon\in (0,1)$ and $\delta\in (0,\infty)$, demonstrating that we have the strong converse theorem for the proposed framework of source encryption. We further prove the existence of encryption/decryption schemes, which are universal in the sense that they work effectively for any distributions of the plain text and those of the key used for the encryption.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Paper proves strong converse for MI-secure fixed-length source encryption with universal schemes, but title claims variable-length which conflicts with the description.

read the letter

The one or two things to know are that this paper proposes a framework for encrypting a fixed-length source code using mutual information as the leakage measure in a Shannon cipher style setup, and it establishes necessary and sufficient conditions for the key rate that are independent of the error probability and leakage bounds, along with proving the existence of universal schemes that work for any distributions. The paper does well in delivering the strong converse result. Having the condition not depend on ε and δ is a standard but valuable feature of strong converses, and it shows they have a tight characterization. The universal coding part is also a plus, as it means the schemes are distribution-agnostic, which broadens their applicability. The work extends the classic model without introducing obvious inconsistencies in the logic. The soft spots are minor but worth noting. The title refers to variable-length source encryption, yet the description centers on a prescribed fixed length source code. This could be clarified to prevent readers from misunderstanding the setup. The claims seem grounded in standard information theory tools, but the lack of explicit rate formulas in the abstract leaves room for checking the details in the proofs. If the alphabets are not finite, the universality might need more justification, though it holds for finite cases. This is targeted at information theorists focused on security and coding theorems. Someone looking for extensions of strong converse results in secure communication would find it useful. It deserves a serious referee because the results are specific and build on established ideas with clear new elements like the framework and universality. I recommend sending it for peer review.

Referee Report

0 major / 3 minor

Summary. The paper proposes a framework for source encryption in which cryptographic processing is applied to a prescribed fixed-length source code within the Shannon cipher system. Using mutual information as the measure of information leakage to an adversary, it establishes necessary and sufficient conditions for reliable and secure communication when the decoding error probability is bounded by ε ∈ (0,1) and the leakage is bounded by δ ∈ (0,∞). The paper shows that these conditions are independent of ε and δ, thereby proving a strong converse theorem, and further establishes the existence of universal encryption/decryption schemes that function effectively for arbitrary distributions of the plaintext and the key.

Significance. If the derivations hold, the work supplies a distribution-independent necessary and sufficient condition on the key rate together with a strong converse for mutual-information security in this source-encryption setting. The explicit proof of universal schemes that require no knowledge of the source or key statistics is a concrete strength, as is the parameter-free character of the bound with respect to ε and δ. These features extend classical strong-converse arguments to a cryptographic source-coding context and could inform the design of robust, distribution-agnostic secure coding systems.

minor comments (3)

Title and Abstract: The title refers to 'Variable-Length Source Encryption' while the abstract and framework description consistently specify encryption applied to a 'prescribed fixed length source code.' This mismatch should be resolved in the introduction or by adjusting the title to prevent reader confusion about the precise role of length variability.
Abstract: The abstract is quite compact. Adding one sentence that states the explicit form of the necessary and sufficient condition (e.g., the key-rate threshold) would help readers immediately grasp the main result without having to reach the theorems.
Notation: Ensure that the definitions of the error probability and the mutual-information leakage are stated with the same symbols and conditioning as used in the theorems; any slight re-use of symbols across sections should be flagged.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful review and positive assessment of our manuscript, including recognition of the distribution-independent necessary and sufficient conditions, the strong converse theorem, and the existence of universal encryption schemes. We note the recommendation for minor revision.

read point-by-point responses

Referee: No major comments are listed in the referee report.

Authors: We acknowledge that the report contains no specific major comments. The overall evaluation is favorable, and we will address any minor issues identified during the revision process. revision: no

Circularity Check

0 steps flagged

No significant circularity detected

full rationale

The derivation establishes a distribution-independent necessary and sufficient condition on key rate for the strong converse under mutual-information leakage in a fixed-length source coding framework, plus existence of universal schemes. These follow from standard single-letter characterizations and random coding arguments that apply uniformly over finite alphabets and arbitrary distributions, without reducing any claimed result to a fitted parameter, self-definition, or load-bearing self-citation chain. The independence from ε and δ is a standard feature of strong-converse proofs once the single-letter bound is obtained, and no equations or steps in the abstract or described logic collapse the output to the inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The work rests on standard information-theoretic definitions of mutual information, entropy, and the Shannon cipher system model; no free parameters, new entities, or ad-hoc axioms are introduced in the abstract.

axioms (2)

standard math Standard properties of mutual information and conditional entropy as measures of uncertainty and leakage
Used to define the security criterion and reliability condition in the framework.
domain assumption The Shannon cipher system model for secure communication with shared key
The proposed source encryption framework is explicitly based on this model.

pith-pipeline@v0.9.0 · 5482 in / 1442 out tokens · 62729 ms · 2026-05-11T00:46:29.437590+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/ArithmeticFromLogic.lean (LogicNat recovery) and IndisputableMonolith/Cost/FunctionalEquation.lean (J-uniqueness) reality_from_one_distinction; washburn_uniqueness_aczel unclear
We explicitly establish the necessary and sufficient condition for reliable and secure communication under the condition that error probability and information leakage... demonstrating that we have the strong converse theorem... universal in the sense that they work effectively for any distributions

Reference graph

Works this paper leans on

23 extracted references · 6 canonical work pages · 2 internal anchors

[1]

A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

and Hayashi and Y amamoto [4]. In this paper we consider the variable-length lossless sour ce coding for discrete memoryless sources. We proposes a new encryption framework for securely transmitting codewords over a noiseless channel. The proposed source encryption framework is based on the secure communication framework of SCS. In [5] and [6], Oohama and...

work page internal anchor Pith review Pith/arXiv arXiv 2026
[2]

Encoding process: The sequence /u1D499is encoded using an encoder /u1D719 ( /u1D45B ) deﬁned by /u1D719 ( /u1D45B ) : X/u1D45B → Y ∗
[3]

Transmission: The encoded sequence /u1D466.alt= /u1D719 ( /u1D45B ) ( /u1D499) is transmitted through a noiseless channel
[4]

The above processes of the source coding is shown in Fig

Decoding process: The decoder /u1D713 ( /u1D45B ) deﬁned by /u1D713 ( /u1D45B ) : Y∗ → X /u1D45B receives /u1D466.alt= /u1D719 ( /u1D45B ) ( /u1D499) to decode the sequence /u1D499of the source output. The above processes of the source coding is shown in Fig. 1. In the subsequent discussion, we set Y = { 0, 1} . We deﬁne D/u1D459 as follows: D/u1D459 = { ...
[5]

The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) ( /u1D472, /u1D47F)

Source Processing: At node L, /u1D47Fis encrypted with the key /u1D472using the encryption function Φ ( /u1D45B ) : X/u1D45B × X /u1D45B → Y∗. The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) ( /u1D472, /u1D47F) . On the encryption function Φ ( /u1D45B ) , we use the following notation: Φ ( /u1D45B ) ( /u1D472, /u1D47F) = Φ ( /u1D4...
[6]

Meanwhile, the key /u1D472is sent to D through the private communication channel

Transmission: The ciphertext /u1D436 ( /u1D45B ) is sent to node D through the public communication channel. Meanwhile, the key /u1D472is sent to D through the private communication channel
[7]

On the decryption function Ψ ( /u1D45B ) , we use the following notation: Ψ ( /u1D45B ) ( /u1D472, /u1D436 ( /u1D45B ) ) = Ψ ( /u1D45B ) /u1D472( /u1D436 ( /u1D45B ) )

Sink Node Processing: At node D, the ciphertext is decrypted using the key /u1D472through the corresponding decryption procedure Ψ ( /u1D45B ) : X/u1D45B × Y ∗ → X /u1D45B . On the decryption function Ψ ( /u1D45B ) , we use the following notation: Ψ ( /u1D45B ) ( /u1D472, /u1D436 ( /u1D45B ) ) = Ψ ( /u1D45B ) /u1D472( /u1D436 ( /u1D45B ) ) . We ﬁx an arbi...
[8]

On the eﬃciency, the average length of codewords per symbol ( 1/ /u1D45B) /u1D43F Φ ( /u1D45B ) is asymptotically upper bounded by /u1D445
[9]

On the security, Δ ( /u1D45B ) MI ( Φ ( /u1D45B ) | /u1D45D/u1D45B /u1D44B , /u1D45D /u1D45B /u1D43E ) vanishes exponen- tially as /u1D45B → ∞ , and its exponent is lower bounded by min{ /u1D438 ( /u1D445| /u1D45D/u1D44B ) , /u1D439 ( /u1D445| /u1D45D/u1D43E )}
[10]

We deﬁne the following quantity

The code that attains the exponent function min { /u1D438 ( /u1D445| /u1D45D/u1D44B ) , /u1D439 ( /u1D445| /u1D45D/u1D43E )} is the universal code not depending on ( /u1D45D/u1D44B , /u1D45D /u1D43E ) ∈ P 2(X) . We deﬁne the following quantity. /u1D445∗( /u1D45D/u1D44B , /u1D45D /u1D43E ) = { /u1D43B ( /u1D44B) if /u1D43B ( /u1D44B) < /u1D43B ( /u1D43E ) ...
[11]

We set /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) ( /u1D472, /u1D47F) = Φ ( /u1D45B ) /u1D472( /u1D47F)

Construction of Φ ( /u1D45B ) : Deﬁne Φ ( /u1D45B ) : X/u1D45B × X /u1D45B → X /u1D45A by Φ ( /u1D45B ) ( /u1D48C, /u1D499) := { /u1D711 ( /u1D45B ) ( /u1D48C) ⊕ ˜/u1D719 ( /u1D45B ) ( /u1D499) , if /u1D499∈ C /u1D45B ( /u1D445) , [ /u1D711 ( /u1D45B ) ( /u1D48C) 0/u1D45B − /u1D45A ] ⊕ /u1D499, if /u1D499∈ X /u1D45B − C /u1D45B ( /u1D445) . We set /u1D436...
[12]

Here ⌈/u1D44E⌉ stands for the smallest integer not below /u1D44E

Binary Sequence Expressions of Ciphertexts: For each /u1D48C∈ X /u1D45B , Φ ( /u1D45B ) /u1D48C( /u1D47F) is transformed into some binary sequence in a one-to-one manner using the injective map /u1D708 = { /u1D7081, /u1D708 2} such that { /u1D7081 : X/u1D45A → { 0, 1} ⌈/u1D45B/u1D445 /u1D45B ⌉, /u1D7082 : X/u1D45B − C /u1D45B ( /u1D445) → { 0, 1} ⌈/u1D45B...
[13]

The decryption process consists of the following three steps: i) Using /u1D711 ( /u1D45B ) , Ψ ( /u1D45B ) encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711 ( /u1D45B ) ( /u1D472)

Construction of Ψ ( /u1D45B ) : Ψ ( /u1D45B ) receives the ciphertext /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) /u1D472( /u1D47F) and the key /u1D472, respectively, through public and private channels. The decryption process consists of the following three steps: i) Using /u1D711 ( /u1D45B ) , Ψ ( /u1D45B ) encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711 ( /u1D4...
[14]

Communication theory of secrecy systems ,

C. E. Shannon, “Communication theory of secrecy systems ,” The Bell System Technical Journal , vol. 28, no. 4, pp. 656–715, 1949

1949
[15]

Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,

H. Y amamoto, “Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,” IEEE Transactions on Information Theory , vol. 40, no. 1, pp. 85–95, 1994

1994
[16]

Rate-distortion theory for the Shannon cipher syst em,

——, “Rate-distortion theory for the Shannon cipher syst em,” IEEE Transactions on Information Theory , vol. 43, no. 3, pp. 827–835, 1997

1997
[17]

Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,

Y . Hayashi and H. Y amamoto, “Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,” IEEE Transactions on Information Theory , vol. 54, no. 6, pp. 2808–2817, 2008

2008
[18]

A framework for Shannon cipher s under side-channel attacks: A strong converse and more,

Y . Oohama and B. Santoso, “ A framework for Shannon cipher s under side-channel attacks: A strong converse and more,” in IEEE International Symposium on Information Theory, ISIT 2022, Espoo, Finland, June 26 - July 1, 2022 . IEEE, 2022, pp. 862–867. [Online]. Available: https://doi.org/10.1109/ISIT50566.2022.9834899

work page doi:10.1109/isit50566.2022.9834899 2022
[19]

Universal source encryption under side-channel at tacks,

——, “Universal source encryption under side-channel at tacks,” in IEEE International Symposium on Information Theory, ISIT 2 024, Athens, Greece, July 7-12, 2024 . IEEE, 2024, pp. 3344–3349. [Online]. Available: https://doi.org/10.1109/ISIT5786 4.2024.10619496

work page doi:10.1109/isit5786 2024
[20]

Strong converse for distributed source coding with encryption using correlated keys,

——, “Strong converse for distributed source coding with encryption using correlated keys,” in IEEE Information Theory Workshop, ITW 2021, Kanazawa, Japan, October 17-21, 2021 . IEEE, 2021, pp. 1–6. [Online]. Available: https://doi.org/10.1109/ITW48936 .2021.9611414

work page doi:10.1109/itw48936 2021
[21]

A framework for distributed source coding with encr yption: a new strong converse and more,

——, “ A framework for distributed source coding with encr yption: A new strong converse and more,” in International Symposium on Information Theory and Its Applications, ISITA 2022, Tsuku ba, Ibaraki, Japan, October 17-19, 2022 . IEEE, 2022, pp. 189–193. [Online]. Available: https://ieeexplore.ieee.org/document/10683942

work page arXiv 2022
[22]

Strong converse for distributed source encryption under standard mutual information,

——, “Strong converse for distributed source encryption under standard mutual information,” in 2025 IEEE Information Theory Workshop (ITW) , 2025, pp. 632–637

2025
[23]

A Framework of Secure Source Coding using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

——, “ A framework of secure source coding using mutual in formation security criterion: Universal coding, strong converse the orem,” preprint, pp. 1–10, 2026, available at https://arxiv.org/pdf/2605.04720. A/p.pc/p.pc/e.pc/n.pc/d.pc/i.pc/x.pc A. Proof of Proposition 1 In this appendix, we give the proof of Proposition 1. We ﬁrst present a lemma necessary ...

work page internal anchor Pith review Pith/arXiv arXiv 2026