arxiv: 2605.06802 · v2 · submitted 2026-05-07 · 💻 cs.IT · math.IT

Recognition: 1 theorem link

· Lean Theorem

A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

Yasutada Oohama , Bagus Santoso

Authors on Pith no claims yet

Pith reviewed 2026-05-15 06:47 UTC · model grok-4.3

classification 💻 cs.IT math.IT

keywords variable-length source codingmutual information leakagestrong converse theoremuniversal codingShannon cipher systemsecure communicationinformation leakage bound

0 comments

The pith

Secure variable-length source encryption is possible exactly when the key rate is at least the source entropy rate, independent of the leakage bound

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a framework for variable-length lossless source coding with encryption to protect against information leakage measured by mutual information. It determines the exact condition under which secure communication is possible when the leakage is capped at any positive constant δ. This condition remains unchanged as δ varies, establishing a strong converse theorem. The work further demonstrates that universal encryption and decryption methods exist, performing well without prior knowledge of the source or key distributions.

Core claim

In the proposed source encryption framework based on the Shannon cipher system for variable-length lossless source coding of discrete memoryless sources, the necessary and sufficient condition for secure communication is derived under the constraint that the mutual information leakage to the adversary is at most δ for any δ > 0. This condition is shown to be independent of δ, which proves the strong converse coding theorem for the framework. Additionally, the existence of universal encryption and decryption schemes is established, meaning the schemes operate effectively for arbitrary distributions of the plaintext source and the shared secret key.

What carries the argument

The mutual information leakage criterion applied to variable-length codes in the shared secret key model for source encryption.

Load-bearing premise

The plaintext is a discrete memoryless source, the channel is noiseless, and the sender and receiver share a secret key independent of the source.

What would settle it

Constructing a sequence of variable-length encrypted codes with average key length less than the source entropy and checking if the mutual information leakage can stay below a fixed δ for large enough blocks; if it can, the necessary condition would be false.

Figures

Figures reproduced from arXiv: 2605.06802 by Bagus Santoso, Yasutada Oohama.

**Figure 3.** Figure 3: Encoding and decoding procedures We present two propositions necessary for the proof of Theorem 1. Under the choice (12) of , we have the following two propositions: Proposition 2: ∃{C ()}∞ =1 with C [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 4.** Figure 4: Binary sequence expressions of ciphertexts [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

read the original abstract

In this paper we consider the variable-length lossless source coding for discrete memoryless sources. We proposes a new encryption framework for securely transmitting codewords over a noiseless channel. The proposed source encryption framework is based on the secure communication framework of the Shannon cipher system. In the proposed framework, we use the mutual information as a measure of information leakage to an adversary. We establish the necessary and sufficient condition for secure communication under the condition that the information leakage is upper bounded by a constant $\delta\in (0,\infty)$, thereby providing a complete solution to the problem. We also show that the obtained necessary and sufficient condition does not depend on the constant $\delta \in (0,\infty)$, demonstrating that we have the strong converse coding theorem for the proposed framework of source encryption. We further prove the existence of encryption/decryption schemes, which are universal in the sense that they work effectively for any distributions of the plain text and those of the key used for the encryption.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This paper gives a clean necessary-and-sufficient condition for variable-length source encryption under mutual-information leakage, plus a strong converse and universal schemes.

read the letter

The main takeaway is that the authors characterize exactly when variable-length lossless source coding stays secure under a fixed mutual-information leakage bound δ. The condition is that the key entropy rate must strictly exceed the source entropy rate; when it does, leakage stays bounded by any δ > 0, and when it does not, normalized leakage grows linearly with expected length. They also prove that universal schemes exist via random coding that work for any source and key distributions without knowing the pmfs ahead of time. This combination of variable length, mutual-information security, strong converse independent of δ, and universality looks new relative to the fixed-length or perfect-secrecy results in the Shannon cipher literature. The derivations rely on standard chain-rule expansions and non-negativity of mutual information, which the stress-test note confirms hold without extra uniformity assumptions beyond the discrete memoryless source and noiseless channel. That keeps the argument straightforward and reproducible in principle. The soft spots are modest. Everything is asymptotic, so finite-blocklength behavior and explicit error exponents are not developed. The schemes are existence results from random coding rather than constructive, which is typical but limits immediate practicality. The model stays inside the classic Shannon setup with independent key and noiseless transmission, so it does not address noisy channels or correlated keys. No circularity or post-hoc fitting shows up in the approach. This paper is for information theorists working on secure source coding. A reader who needs a theoretical benchmark for mutual-information secure compression would get a clean reference point from it. I would send it to peer review; the central claims rest on standard techniques and the stress-test logic checks out, so referees can verify the details and suggest tightening on the error terms.

Referee Report

0 major / 3 minor

Summary. The manuscript proposes a framework for variable-length lossless source coding with encryption over a noiseless channel, modeled after the Shannon cipher system. Using mutual information to quantify information leakage to an adversary, it claims to derive the necessary and sufficient condition for security when leakage is upper-bounded by any fixed δ > 0. The work further asserts that this condition is independent of δ (establishing a strong converse) and proves the existence of universal encryption/decryption schemes that function for arbitrary discrete memoryless source and key distributions.

Significance. If the derivations hold, the results deliver a complete single-letter characterization of secure variable-length source coding under mutual-information leakage, including a strong converse and universality via random coding. These elements strengthen the theoretical foundation for information-theoretic security in source coding and provide practical value through distribution-independent schemes. The use of standard chain-rule and non-negativity arguments for the converse, together with the explicit rate condition (key entropy rate strictly exceeding source entropy rate), adds to the manuscript's rigor.

minor comments (3)

[Abstract] The abstract contains a grammatical inconsistency: 'We proposes a new encryption framework' should read 'We propose a new encryption framework'.
[Section II] Notation for normalized mutual information and entropy rates should be introduced with explicit definitions in the model section to avoid ambiguity when transitioning from finite-blocklength to asymptotic statements.
[Section IV] The random-coding argument for universality would benefit from a brief remark on how the averaging is performed over the product of all possible source and key pmfs, even if the steps are standard.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive review and the recommendation to accept the manuscript. The referee's summary accurately captures our contributions regarding the necessary and sufficient conditions for secure variable-length source encryption under mutual information leakage, the strong converse result independent of δ, and the existence of universal schemes.

Circularity Check

0 steps flagged

No significant circularity; derivation is self-contained via standard inequalities

full rationale

The paper derives the necessary and sufficient condition (key entropy rate strictly exceeding source entropy rate) for bounded mutual-information leakage using only the chain rule, non-negativity of mutual information, and the memoryless property of the discrete source. The strong converse follows directly because violation causes normalized leakage to grow linearly with block length, precluding any fixed δ bound. Universal schemes are established by random-coding arguments that average over all source and key distributions without requiring knowledge of their pmfs or fitting parameters. No self-definitional loops, fitted inputs renamed as predictions, or load-bearing self-citations appear; all steps are externally verifiable from the stated model assumptions.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The paper rests on the standard domain assumptions of discrete memoryless sources and noiseless channels that are routine in information theory; no free parameters or newly invented entities are introduced in the abstract.

axioms (2)

domain assumption The source is a discrete memoryless source.
Explicitly stated for the variable-length lossless source coding setting.
domain assumption The transmission channel is noiseless.
Used to transmit the encrypted codewords without additional noise.

pith-pipeline@v0.9.0 · 5470 in / 1407 out tokens · 33255 ms · 2026-05-15T06:47:35.229611+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We establish the necessary and sufficient condition for secure communication under the condition that the information leakage is upper bounded by a constant δ∈(0,∞)... the key entropy rate strictly exceeding the source entropy rate

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

23 extracted references · 23 canonical work pages · 1 internal anchor

[1]

A Framework of Variable-Length Source Encryption using Mutual Information Security Criterion: Universal Coding, Strong Converse Theorem

and Hayashi and Y amamoto [4]. In this paper we consider the variable-length lossless sour ce coding for discrete memoryless sources. We proposes a new encryption framework for securely transmitting codewords over a noiseless channel. The proposed source encryption framework is based on the secure communication framework of SCS. In [5] and [6], Oohama and...

work page internal anchor Pith review Pith/arXiv arXiv 2026
[2]

Encoding process: The sequence /u1D499is encoded using an encoder /u1D719 ( /u1D45B ) deﬁned by /u1D719 ( /u1D45B ) : X/u1D45B → Y ∗

work page
[3]

Transmission: The encoded sequence /u1D466.alt= /u1D719 ( /u1D45B ) ( /u1D499) is transmitted through a noiseless channel

work page
[4]

The above processes of the source coding is shown in Fig

Decoding process: The decoder /u1D713 ( /u1D45B ) deﬁned by /u1D713 ( /u1D45B ) : Y∗ → X /u1D45B receives /u1D466.alt= /u1D719 ( /u1D45B ) ( /u1D499) to decode the sequence /u1D499of the source output. The above processes of the source coding is shown in Fig. 1. Throughout this paper we assume Y = { 0, 1} . Let | /u1D719 ( /u1D45B ) ( /u1D499)| represents...

work page
[5]

The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) ( /u1D472, /u1D47F)

Source Processing: At node L, /u1D47Fis encrypted with the key /u1D472using the encryption function Φ ( /u1D45B ) : X/u1D45B × X /u1D45B → Y∗. The ciphertext of /u1D47Fis given by /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) ( /u1D472, /u1D47F) . On the encryption function Φ ( /u1D45B ) , we use the following notation: Φ ( /u1D45B ) ( /u1D472, /u1D47F) = Φ ( /u1D4...

work page
[6]

Meanwhile, the key /u1D472is sent to D through the private communication channel

Transmission: The ciphertext /u1D436 ( /u1D45B ) is sent to node D through the public communication channel. Meanwhile, the key /u1D472is sent to D through the private communication channel

work page
[7]

On the decryption function Ψ ( /u1D45B ) , we use the following notation: Ψ ( /u1D45B ) ( /u1D472, /u1D436 ( /u1D45B ) ) = Ψ ( /u1D45B ) /u1D472( /u1D436 ( /u1D45B ) )

Sink Node Processing: At node D, the ciphertext is decrypted using the key /u1D472through the corresponding decryption procedure Ψ ( /u1D45B ) : X/u1D45B × Y ∗ → X /u1D45B . On the decryption function Ψ ( /u1D45B ) , we use the following notation: Ψ ( /u1D45B ) ( /u1D472, /u1D436 ( /u1D45B ) ) = Ψ ( /u1D45B ) /u1D472( /u1D436 ( /u1D45B ) ) . We ﬁx an arbi...

work page
[8]

On the eﬃciency, the average length of codewords per symbol ( 1/ /u1D45B) /u1D43F Φ ( /u1D45B) is asymptotically upper bounded by /u1D445

work page
[9]

On the security, Δ ( /u1D45B ) MI ( Φ ( /u1D45B ) | /u1D45D/u1D45B /u1D44B , /u1D45D /u1D45B /u1D43E ) vanishes exponen- tially as /u1D45B → ∞ , and its exponent is lower bounded by min{ /u1D438 ( /u1D445| /u1D45D/u1D44B ) , /u1D439 ( /u1D445| /u1D45D/u1D43E )}

work page
[10]

We deﬁne the following quantity

The code that attains the exponent function min { /u1D438 ( /u1D445| /u1D45D/u1D44B ) , /u1D439 ( /u1D445| /u1D45D/u1D43E )} is the universal code not depending on ( /u1D45D/u1D44B , /u1D45D /u1D43E ) ∈ P 2(X) . We deﬁne the following quantity. /u1D445∗( /u1D45D/u1D44B , /u1D45D /u1D43E ) = { /u1D43B ( /u1D44B) if /u1D43B ( /u1D44B) < /u1D43B ( /u1D43E ) ...

work page
[11]

We set /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) ( /u1D472, /u1D47F) = Φ ( /u1D45B ) /u1D472( /u1D47F)

Construction of Φ ( /u1D45B ) : Deﬁne Φ ( /u1D45B ) : X/u1D45B × X /u1D45B → X /u1D45A by Φ ( /u1D45B ) ( /u1D48C, /u1D499) := { /u1D711 ( /u1D45B ) ( /u1D48C) ⊕ ˜/u1D719 ( /u1D45B ) ( /u1D499) , if /u1D499∈ C /u1D45B ( /u1D445) , [ /u1D711 ( /u1D45B ) ( /u1D48C) 0/u1D45B − /u1D45A ] ⊕ /u1D499, if /u1D499∈ X /u1D45B − C /u1D45B ( /u1D445) . We set /u1D436...

work page
[12]

Here ⌈/u1D44E⌉ stands for the smallest integer not below /u1D44E

Binary Sequence Expressions of Ciphertexts: For each /u1D48C∈ X /u1D45B , Φ ( /u1D45B ) /u1D48C( /u1D47F) is transformed into some binary sequence in a one-to-one manner using the injective map /u1D708 = { /u1D7081, /u1D708 2} such that { /u1D7081 : X/u1D45A → { 0, 1} ⌈/u1D45B/u1D445 /u1D45B⌉, /u1D7082 : X/u1D45B − C /u1D45B ( /u1D445) → { 0, 1} ⌈/u1D45B ...

work page
[13]

The decryption process consists of the following three steps: i) Using /u1D711 ( /u1D45B ) , Ψ ( /u1D45B ) encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711 ( /u1D45B ) ( /u1D472)

Construction of Ψ ( /u1D45B ) : Ψ ( /u1D45B ) receives the ciphertext /u1D436 ( /u1D45B ) = Φ ( /u1D45B ) /u1D472( /u1D47F) and the key /u1D472, respectively, through public and private channels. The decryption process consists of the following three steps: i) Using /u1D711 ( /u1D45B ) , Ψ ( /u1D45B ) encodes /u1D472into ˜/u1D43E /u1D45A = /u1D711 ( /u1D4...

work page
[14]

Communication theory of secrecy systems ,

C. E. Shannon, “Communication theory of secrecy systems ,” The Bell System Technical Journal , vol. 28, no. 4, pp. 656–715, 1949

work page 1949
[15]

Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,

H. Y amamoto, “Coding theorems for Shannon’s cipher syst em with correlated source outputs, and common information,” IEEE Transactions on Information Theory , vol. 40, no. 1, pp. 85–95, 1994

work page 1994
[16]

Rate-distortion theory for the Shannon cipher syst em,

——, “Rate-distortion theory for the Shannon cipher syst em,” IEEE Transactions on Information Theory , vol. 43, no. 3, pp. 827–835, 1997

work page 1997
[17]

Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,

Y . Hayashi and H. Y amamoto, “Coding theorems for the Shan non cipher system with a guessing wiretapper and correlated source out puts,” IEEE Transactions on Information Theory , vol. 54, no. 6, pp. 2808–2817, 2008

work page 2008
[18]

A framework for Shannon cipher s under side-channel attacks: A strong converse and more,

Y . Oohama and B. Santoso, “ A framework for Shannon cipher s under side-channel attacks: A strong converse and more,” in IEEE International Symposium on Information Theory, ISIT 2022, Espoo, Finland, June 26 - July 1, 2022 . IEEE, 2022, pp. 862–867. [Online]. Available: https://doi.org/10.1109/ISIT50566.2022.9834899

work page doi:10.1109/isit50566.2022.9834899 2022
[19]

Universal source encryption under side-channel at tacks,

——, “Universal source encryption under side-channel at tacks,” in IEEE International Symposium on Information Theory, ISIT 2 024, Athens, Greece, July 7-12, 2024 . IEEE, 2024, pp. 3344–3349. [Online]. Available: https://doi.org/10.1109/ISIT5786 4.2024.10619496

work page doi:10.1109/isit5786 2024
[20]

Strong converse for distributed source coding with encryption using correlated keys,

——, “Strong converse for distributed source coding with encryption using correlated keys,” in IEEE Information Theory Workshop, ITW 2021, Kanazawa, Japan, October 17-21, 2021 . IEEE, 2021, pp. 1–6. [Online]. Available: https://doi.org/10.1109/ITW48936 .2021.9611414

work page doi:10.1109/itw48936 2021
[21]

A framework for distributed source coding with encr yption: A new strong converse and more,

——, “ A framework for distributed source coding with encr yption: A new strong converse and more,” in International Symposium on Information Theory and Its Applications, ISITA 2022, Tsuku ba, Ibaraki, Japan, October 17-19, 2022 . IEEE, 2022, pp. 189–193. [Online]. Available: https://ieeexplore.ieee.org/document/10683942

work page arXiv 2022
[22]

Strong converse for distributed source encryption under standard mutual information,

——, “Strong converse for distributed source encryption under standard mutual information,” in 2025 IEEE Information Theory Workshop (ITW) , 2025, pp. 632–637

work page 2025
[23]

A framework of secure source coding using mutual in formation security criterion: Universal coding, strong converse the orem,

——, “ A framework of secure source coding using mutual in formation security criterion: Universal coding, strong converse the orem,” preprint, pp. 1–10, 2026, available at https://arxiv.org/pdf/2605. 04720. A/p.pc/p.pc/e.pc/n.pc/d.pc/i.pc/x.pc A. Proof of Proposition 1 In this appendix, we give the proof of Proposition 1. We ﬁrst present a lemma necessary...

work page 2026