Pub Date : 2025-11-11DOI: 10.1109/TIT.2025.3631441
Xiangliang Kong;Shreya Meel;Thomas Jacob Maranzatto;Itzhak Tamo;Sennur Ulukus
In this paper, we study the problem of private information retrieval (PIR) in both graph-based and multigraph-based replication systems, where each file is stored on exactly two servers, and any pair of servers shares at most r files. We derive upper bounds on the PIR capacity for such systems and construct PIR schemes that approach these bounds. For graph-based systems, we determine the exact PIR capacity for path graphs and improve upon existing results for complete bipartite graphs and complete graphs. For multigraph-based systems, we propose a PIR scheme that leverages the symmetry of the underlying graph-based construction, yielding a capacity lower bound for such multigraphs. Furthermore, we establish several general upper and lower bounds on the PIR capacity of multigraphs, which are tight in certain cases.
{"title":"New Capacity Bounds for PIR on Graph and Multigraph-Based Replicated Storage","authors":"Xiangliang Kong;Shreya Meel;Thomas Jacob Maranzatto;Itzhak Tamo;Sennur Ulukus","doi":"10.1109/TIT.2025.3631441","DOIUrl":"https://doi.org/10.1109/TIT.2025.3631441","url":null,"abstract":"In this paper, we study the problem of private information retrieval (PIR) in both graph-based and multigraph-based replication systems, where each file is stored on exactly two servers, and any pair of servers shares at most <italic>r</i> files. We derive upper bounds on the PIR capacity for such systems and construct PIR schemes that approach these bounds. For graph-based systems, we determine the exact PIR capacity for path graphs and improve upon existing results for complete bipartite graphs and complete graphs. For multigraph-based systems, we propose a PIR scheme that leverages the symmetry of the underlying graph-based construction, yielding a capacity lower bound for such multigraphs. Furthermore, we establish several general upper and lower bounds on the PIR capacity of multigraphs, which are tight in certain cases.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"72 1","pages":"691-709"},"PeriodicalIF":2.9,"publicationDate":"2025-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145808558","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-06DOI: 10.1109/TIT.2025.3629670
François Arnault;Philippe Gaborit;Wouter Rozendaal;Nicolas Saussay;Gilles Zémor
We present a modified version of the Bravyi-Terhal bound that applies to quantum codes defined by local parity-check constraints on a D-dimensional lattice quotient. Specifically, we consider a quotient $mathbb {Z}^{D}/Lambda $ of $mathbb {Z}^{D}$ of cardinality $ell $ , where $Lambda $ is some D-dimensional sublattice of $mathbb {Z}^{D}$ : we suppose that every vertex of this quotient indexes m qubits of a stabilizer code $mathcal {C}$ , which therefore has length $n = m ell $ . We prove that if all stabilizer generators act on qubits whose indices lie within a ball of radius $rho $ , then the minimum distance d of the code satisfies $d leq msqrt {gamma _{D}}(sqrt {D} + 4rho)ell ^{frac {D-1}{D}}$ , where $gamma _{D}$ is the D-dimensional Hermite constant. We then apply this bound to derive an upper bound on the minimum distance of Abelian Two-Block Group Algebra (2BGA) codes whose parity-check matrices have the form $[mathbf {A} {,}vert {,}mathbf {B}]$ with each submatrix representing an element of a group algebra over a finite abelian group.
{"title":"A Variant of the Bravyi–Terhal Bound for Arbitrary Boundary Conditions","authors":"François Arnault;Philippe Gaborit;Wouter Rozendaal;Nicolas Saussay;Gilles Zémor","doi":"10.1109/TIT.2025.3629670","DOIUrl":"https://doi.org/10.1109/TIT.2025.3629670","url":null,"abstract":"We present a modified version of the Bravyi-Terhal bound that applies to quantum codes defined by local parity-check constraints on a <italic>D</i>-dimensional lattice quotient. Specifically, we consider a quotient <inline-formula> <tex-math>$mathbb {Z}^{D}/Lambda $ </tex-math></inline-formula> of <inline-formula> <tex-math>$mathbb {Z}^{D}$ </tex-math></inline-formula> of cardinality <inline-formula> <tex-math>$ell $ </tex-math></inline-formula>, where <inline-formula> <tex-math>$Lambda $ </tex-math></inline-formula> is some <italic>D</i>-dimensional sublattice of <inline-formula> <tex-math>$mathbb {Z}^{D}$ </tex-math></inline-formula>: we suppose that every vertex of this quotient indexes <italic>m</i> qubits of a stabilizer code <inline-formula> <tex-math>$mathcal {C}$ </tex-math></inline-formula>, which therefore has length <inline-formula> <tex-math>$n = m ell $ </tex-math></inline-formula>. We prove that if all stabilizer generators act on qubits whose indices lie within a ball of radius <inline-formula> <tex-math>$rho $ </tex-math></inline-formula>, then the minimum distance <italic>d</i> of the code satisfies <inline-formula> <tex-math>$d leq msqrt {gamma _{D}}(sqrt {D} + 4rho)ell ^{frac {D-1}{D}}$ </tex-math></inline-formula>, where <inline-formula> <tex-math>$gamma _{D}$ </tex-math></inline-formula> is the <italic>D</i>-dimensional Hermite constant. We then apply this bound to derive an upper bound on the minimum distance of Abelian Two-Block Group Algebra (2BGA) codes whose parity-check matrices have the form <inline-formula> <tex-math>$[mathbf {A} {,}vert {,}mathbf {B}]$ </tex-math></inline-formula> with each submatrix representing an element of a group algebra over a finite abelian group.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"72 1","pages":"437-446"},"PeriodicalIF":2.9,"publicationDate":"2025-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145808617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Impossible differential cryptanalysis and impossible polytopic cryptanalysis are among the most effective techniques for evaluating the security of block ciphers. However, previous automatic search methods for their distinguishers—impossible differentials and impossible polytopic transitions—neither account for the influence of the key schedule in single-key settings nor are applicable to block ciphers that feature large S-boxes, variable rotations, or key-dependent permutations. Furthermore, existing approaches fail to search for clusters of impossible differentials when all details of a block cipher are considered. In contrast to previous methods that focus solely on the propagation of differences or <italic>s</i>-difference, we redefine impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions based on state propagation. This redefinition enables us to overcome the limitations inherent in earlier methodologies. Theoretically, we demonstrate that traditional definitions of impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions correspond to subsets of our redefined concepts, which offer broader analytical perspectives. Technically, we reformulate the automatic search model and develop an SAT-based tool to efficiently evaluate our redefined impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions. Building upon this foundational search method, we construct a comprehensive framework for detecting clusters of impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions. This framework not only fully incorporates the details and differential properties of block ciphers but is also applicable to those employing large S-boxes while considering the full linear layer. As a result, we derive new impossible differentials for <monospace>GIFT64</monospace>, <monospace>PRINTcipher</monospace>, <monospace>MISTY1</monospace>, <monospace>RC5-32/64/128</monospace> and <monospace>SPECK</monospace>, as well as new clusters of impossible differentials for <monospace>SPECK</monospace>, <monospace>DES</monospace> and <monospace>ARIA</monospace>. In assessing resistance against impossible differentials, we apply our method to evaluate the security of <monospace>GIFT64</monospace>, <monospace>PRINTcipher</monospace>, <monospace>MISTY1</monospace>, <monospace>SPECK</monospace>, <monospace>SIMON</monospace>, and <monospace>DES</monospace> while accounting for all details of the block ciphers. Moreover, we propose acceleration strategies and apply them to evaluate the security of <monospace>MISTY1</monospace> and <monospace>AES-128</monospace>. Notably, we prove that no 5-round impossible differentials exist for <monospace>AES-128</monospace> when considering one active input byte and one active output
{"title":"Revisit the Propagation of States: New Construction Theory and Search Method for Impossible Differentials and Impossible Polytopic Transitions","authors":"Xichao Hu;Lin Jiao;Yongqiang Li;Shizhu Tian;Zhengbin Liu;Mingsheng Wang;Dengguo Feng","doi":"10.1109/TIT.2025.3627983","DOIUrl":"https://doi.org/10.1109/TIT.2025.3627983","url":null,"abstract":"Impossible differential cryptanalysis and impossible polytopic cryptanalysis are among the most effective techniques for evaluating the security of block ciphers. However, previous automatic search methods for their distinguishers—impossible differentials and impossible polytopic transitions—neither account for the influence of the key schedule in single-key settings nor are applicable to block ciphers that feature large S-boxes, variable rotations, or key-dependent permutations. Furthermore, existing approaches fail to search for clusters of impossible differentials when all details of a block cipher are considered. In contrast to previous methods that focus solely on the propagation of differences or <italic>s</i>-difference, we redefine impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions based on state propagation. This redefinition enables us to overcome the limitations inherent in earlier methodologies. Theoretically, we demonstrate that traditional definitions of impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions correspond to subsets of our redefined concepts, which offer broader analytical perspectives. Technically, we reformulate the automatic search model and develop an SAT-based tool to efficiently evaluate our redefined impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions. Building upon this foundational search method, we construct a comprehensive framework for detecting clusters of impossible differentials and impossible <inline-formula> <tex-math>$(s+1)$ </tex-math></inline-formula>-polytopic transitions. This framework not only fully incorporates the details and differential properties of block ciphers but is also applicable to those employing large S-boxes while considering the full linear layer. As a result, we derive new impossible differentials for <monospace>GIFT64</monospace>, <monospace>PRINTcipher</monospace>, <monospace>MISTY1</monospace>, <monospace>RC5-32/64/128</monospace> and <monospace>SPECK</monospace>, as well as new clusters of impossible differentials for <monospace>SPECK</monospace>, <monospace>DES</monospace> and <monospace>ARIA</monospace>. In assessing resistance against impossible differentials, we apply our method to evaluate the security of <monospace>GIFT64</monospace>, <monospace>PRINTcipher</monospace>, <monospace>MISTY1</monospace>, <monospace>SPECK</monospace>, <monospace>SIMON</monospace>, and <monospace>DES</monospace> while accounting for all details of the block ciphers. Moreover, we propose acceleration strategies and apply them to evaluate the security of <monospace>MISTY1</monospace> and <monospace>AES-128</monospace>. Notably, we prove that no 5-round impossible differentials exist for <monospace>AES-128</monospace> when considering one active input byte and one active output ","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"72 1","pages":"742-764"},"PeriodicalIF":2.9,"publicationDate":"2025-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145808552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-11-03DOI: 10.1109/TIT.2025.3628160
Soham Jana;Kun Yang;Sanjeev Kulkarni
We consider the problem of clustering data points coming from sub-Gaussian mixtures. Existing methods that provably achieve the optimal mislabeling error, such as the Lloyd algorithm, are usually vulnerable to outliers. In contrast, clustering methods seemingly robust to adversarial perturbations are not known to satisfy the optimal statistical guarantees. We propose a simple robust algorithm based on the coordinatewise median that obtains the optimal mislabeling rate even when we allow adversarial outliers to be present. Our algorithm achieves the optimal error rate in constant iterations when a weak initialization condition is satisfied. In the absence of outliers, in fixed dimensions, our theoretical guarantees are similar to that of the Lloyd algorithm. Extensive experiments on various simulated and public datasets are conducted to support the theoretical guarantees of our method.
{"title":"Adversarially Robust Clustering With Optimality Guarantees","authors":"Soham Jana;Kun Yang;Sanjeev Kulkarni","doi":"10.1109/TIT.2025.3628160","DOIUrl":"https://doi.org/10.1109/TIT.2025.3628160","url":null,"abstract":"We consider the problem of clustering data points coming from sub-Gaussian mixtures. Existing methods that provably achieve the optimal mislabeling error, such as the Lloyd algorithm, are usually vulnerable to outliers. In contrast, clustering methods seemingly robust to adversarial perturbations are not known to satisfy the optimal statistical guarantees. We propose a simple robust algorithm based on the coordinatewise median that obtains the optimal mislabeling rate even when we allow adversarial outliers to be present. Our algorithm achieves the optimal error rate in constant iterations when a weak initialization condition is satisfied. In the absence of outliers, in fixed dimensions, our theoretical guarantees are similar to that of the Lloyd algorithm. Extensive experiments on various simulated and public datasets are conducted to support the theoretical guarantees of our method.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"72 1","pages":"478-500"},"PeriodicalIF":2.9,"publicationDate":"2025-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145808603","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-28DOI: 10.1109/TIT.2025.3618164
{"title":"TechRxiv: Share Your Preprint Research with the World!","authors":"","doi":"10.1109/TIT.2025.3618164","DOIUrl":"https://doi.org/10.1109/TIT.2025.3618164","url":null,"abstract":"","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 11","pages":"9134-9134"},"PeriodicalIF":2.9,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11220201","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145374728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-28DOI: 10.1109/TIT.2025.3618138
{"title":"IEEE Transactions on Information Theory Information for Authors","authors":"","doi":"10.1109/TIT.2025.3618138","DOIUrl":"https://doi.org/10.1109/TIT.2025.3618138","url":null,"abstract":"","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 11","pages":"C3-C3"},"PeriodicalIF":2.9,"publicationDate":"2025-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11220202","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145374727","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-27DOI: 10.1109/TIT.2025.3625861
Dean Doron;Jonathan Mosheiff;Nicolas Resch;João Ribeiro
We study list-recoverability of random linear codes over small fields, both from errors and from erasures. We consider codes of rate $varepsilon $ -close to capacity, and aim to bound the dependence of the output list size $L$ on $varepsilon $ , the input list size $ell $ , and the alphabet size $q$ . Prior to our work, the best upper bound was $L = q^{O(ell /varepsilon)}$ (Zyablov and Pinsker, Prob. Per. Inf. 1981). Previous work has identified cases in which linear codes provably perform worse than non-linear codes with respect to list-recovery. While there exist non-linear codes that achieve $L=O(ell /varepsilon)$ , we know that $L ge ell ^{Omega (1/varepsilon)}$ is necessary for list recovery from erasures over fields of small characteristic, and for list recovery from errors over large alphabets. We show that in other relevant regimes there is no significant price to pay for linearity, in the sense that we get the correct dependence on the gap-to-capacity $varepsilon $ and go beyond the Zyablov–Pinsker bound for the first time. Specifically, when $q$ is constant and $varepsilon $ approaches zero: 1) for list-recovery from erasures over prime fields, we show that $L leq C_{1}/varepsilon $ . By prior work, such a result cannot be obtained for low-characteristic fields and 2) for list-recovery from errors over arbitrary fields, we prove that $L leq C_{2}/varepsilon $ . Above, $C_{1}$ and $C_{2}$ depend on the decoding radius, input list size, and field size. We provide concrete bounds on the constants above, and the upper bounds on $L$ improve upon the Zyablov–Pinsker bound whenever $qleq 2^{(1/varepsilon)^{c}}$ for some small universal constant $cgt 0$ .
{"title":"List-Recovery of Random Linear Codes Over Small Fields","authors":"Dean Doron;Jonathan Mosheiff;Nicolas Resch;João Ribeiro","doi":"10.1109/TIT.2025.3625861","DOIUrl":"https://doi.org/10.1109/TIT.2025.3625861","url":null,"abstract":"We study list-recoverability of random linear codes over small fields, both from errors and from erasures. We consider codes of rate <inline-formula> <tex-math>$varepsilon $ </tex-math></inline-formula>-close to capacity, and aim to bound the dependence of the output list size <inline-formula> <tex-math>$L$ </tex-math></inline-formula> on <inline-formula> <tex-math>$varepsilon $ </tex-math></inline-formula>, the input list size <inline-formula> <tex-math>$ell $ </tex-math></inline-formula>, and the alphabet size <inline-formula> <tex-math>$q$ </tex-math></inline-formula>. Prior to our work, the best upper bound was <inline-formula> <tex-math>$L = q^{O(ell /varepsilon)}$ </tex-math></inline-formula> (Zyablov and Pinsker, Prob. Per. Inf. 1981). Previous work has identified cases in which <italic>linear</i> codes provably perform worse than non-linear codes with respect to list-recovery. While there exist non-linear codes that achieve <inline-formula> <tex-math>$L=O(ell /varepsilon)$ </tex-math></inline-formula>, we know that <inline-formula> <tex-math>$L ge ell ^{Omega (1/varepsilon)}$ </tex-math></inline-formula> is necessary for list recovery from erasures over fields of small characteristic, and for list recovery from errors over large alphabets. We show that in other relevant regimes there is no significant price to pay for linearity, in the sense that we get the correct dependence on the gap-to-capacity <inline-formula> <tex-math>$varepsilon $ </tex-math></inline-formula> and go beyond the Zyablov–Pinsker bound for the first time. Specifically, when <inline-formula> <tex-math>$q$ </tex-math></inline-formula> is constant and <inline-formula> <tex-math>$varepsilon $ </tex-math></inline-formula> approaches zero: 1) for list-recovery from erasures over <italic>prime fields</i>, we show that <inline-formula> <tex-math>$L leq C_{1}/varepsilon $ </tex-math></inline-formula>. By prior work, such a result cannot be obtained for low-characteristic fields and 2) for list-recovery from errors over <italic>arbitrary fields</i>, we prove that <inline-formula> <tex-math>$L leq C_{2}/varepsilon $ </tex-math></inline-formula>. Above, <inline-formula> <tex-math>$C_{1}$ </tex-math></inline-formula> and <inline-formula> <tex-math>$C_{2}$ </tex-math></inline-formula> depend on the decoding radius, input list size, and field size. We provide concrete bounds on the constants above, and the upper bounds on <inline-formula> <tex-math>$L$ </tex-math></inline-formula> improve upon the Zyablov–Pinsker bound whenever <inline-formula> <tex-math>$qleq 2^{(1/varepsilon)^{c}}$ </tex-math></inline-formula> for some small universal constant <inline-formula> <tex-math>$cgt 0$ </tex-math></inline-formula>.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 12","pages":"9548-9562"},"PeriodicalIF":2.9,"publicationDate":"2025-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145612064","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The paradigm of integrated sensing and communication (ISAC) is envisioned as a key enabler for the evolution of 6G, leveraging inherent similarities of dual functions in hardware architectures and signal processing to sense the environment and send messages via a shared waveform. In this paper, we establish a theoretical framework to evaluate the sensing and communication (S&C) performance of bistatic ISAC systems under Gaussian fading channels at finite blocklength, where a primary focus lies in uncovering the fundamental tradeoff between dual functions due to limited resources. In particular, we first formulate the joint S&C problem in bistatic single-input and single-output (SISO) ISAC systems, and define the rate-error tradeoff to quantify the performance balance between S&C. Then we derive the achievability and converse bounds for the rate-error tradeoff, providing a deep comprehension of the interplay between S&C functions. Finally, we discuss the extensions of our framework involving infinite blocklength regime, general parameter estimation and multiple-input and multiple-output (MIMO) channel.
{"title":"Fundamental Tradeoff of Bistatic ISAC Under Gaussian Fading Channels at Finite Blocklength","authors":"Xiao Shen;Ziping Lu;Na Zhao;Hanying Zhao;Yuan Shen","doi":"10.1109/TIT.2025.3623189","DOIUrl":"https://doi.org/10.1109/TIT.2025.3623189","url":null,"abstract":"The paradigm of integrated sensing and communication (ISAC) is envisioned as a key enabler for the evolution of 6G, leveraging inherent similarities of dual functions in hardware architectures and signal processing to sense the environment and send messages via a shared waveform. In this paper, we establish a theoretical framework to evaluate the sensing and communication (S&C) performance of bistatic ISAC systems under Gaussian fading channels at finite blocklength, where a primary focus lies in uncovering the fundamental tradeoff between dual functions due to limited resources. In particular, we first formulate the joint S&C problem in bistatic single-input and single-output (SISO) ISAC systems, and define the rate-error tradeoff to quantify the performance balance between S&C. Then we derive the achievability and converse bounds for the rate-error tradeoff, providing a deep comprehension of the interplay between S&C functions. Finally, we discuss the extensions of our framework involving infinite blocklength regime, general parameter estimation and multiple-input and multiple-output (MIMO) channel.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"72 2","pages":"1176-1200"},"PeriodicalIF":2.9,"publicationDate":"2025-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"146026513","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2025-10-20DOI: 10.1109/TIT.2025.3623726
Jianqiang Ni;Yingxin Li;Fukang Liu;Gaoli Wang
The key collision attack was proposed as an open problem in key-committing security in Authenticated Encryption (AE) schemes like AES-GCM and ChaCha20Poly1305. In ASIACRYPT 2024, Taiyama et al. introduce a novel type of key collision—target-plaintext key collision (TPKC) for AES. Depending on whether the plaintext is fixed, TPKC can be divided into fixed-TPKC and free-TPKC, which can be directly converted into collision attacks and semi-free-start collision attacks on the Davies-Meyer (DM) hashing mode. In this paper, we propose a new rebound attack framework leveraging a time-memory tradeoff strategy, enabling practical key collision attacks with optimized complexity. We also present an improved automatic method for finding rebound-friendly differential characteristics by controlling the probabilities in the inbound and outbound phases, allowing the identified characteristics to be directly used in rebound-based key collision attacks. Our analysis reveals that the 2-round AES-128 fixed-TPKC attack proposed by Taiyama et al. is, in fact, a free-TPKC attack. This distinction is significant, as fixed-TPKC attacks are substantially more difficult than their free-TPKC counterparts. By integrating our improved automatic method with a new rebound attack framework, we successfully identify a new differential characteristic for the 2-round AES-128 fixed-TPKC attack and develope the first practical fixed-TPKC attack against 2-round AES-128. Additionally, we present practical fixed-TPKC attacks against 5-round AES-192 and 3-round Kiasu-BC, along with a practical free-TPKC attack against 6-round Kiasu-BC. Furthermore, we reduce time complexities for free-TPKC and fixed-TPKC attacks on other AES variants.
{"title":"Practical Key Collision on AES and Kiasu-BC","authors":"Jianqiang Ni;Yingxin Li;Fukang Liu;Gaoli Wang","doi":"10.1109/TIT.2025.3623726","DOIUrl":"https://doi.org/10.1109/TIT.2025.3623726","url":null,"abstract":"The key collision attack was proposed as an open problem in key-committing security in Authenticated Encryption (AE) schemes like <monospace>AES-GCM</monospace> and <monospace>ChaCha20Poly1305</monospace>. In ASIACRYPT 2024, Taiyama et al. introduce a novel type of key collision—target-plaintext key collision (<monospace>TPKC</monospace>) for <monospace>AES</monospace>. Depending on whether the plaintext is fixed, <monospace>TPKC</monospace> can be divided into <monospace>fixed-TPKC</monospace> and <monospace>free-TPKC</monospace>, which can be directly converted into collision attacks and semi-free-start collision attacks on the Davies-Meyer (<monospace>DM</monospace>) hashing mode. In this paper, we propose a new rebound attack framework leveraging a time-memory tradeoff strategy, enabling practical key collision attacks with optimized complexity. We also present an improved automatic method for finding <italic>rebound-friendly</i> differential characteristics by controlling the probabilities in the inbound and outbound phases, allowing the identified characteristics to be directly used in <italic>rebound-based</i> key collision attacks. Our analysis reveals that the 2-round <monospace>AES-128 fixed-TPKC</monospace> attack proposed by Taiyama et al. is, in fact, a <monospace>free-TPKC</monospace> attack. This distinction is significant, as <monospace>fixed-TPKC</monospace> attacks are substantially more difficult than their <monospace>free-TPKC</monospace> counterparts. By integrating our improved automatic method with a new rebound attack framework, we successfully identify a new differential characteristic for the 2-round <monospace>AES-128 fixed-TPKC</monospace> attack and develope the first practical <monospace>fixed-TPKC</monospace> attack against 2-round <monospace>AES-128</monospace>. Additionally, we present practical <monospace>fixed-TPKC</monospace> attacks against 5-round <monospace>AES-192</monospace> and 3-round <monospace>Kiasu-BC</monospace>, along with a practical <monospace>free-TPKC</monospace> attack against 6-round <monospace>Kiasu-BC</monospace>. Furthermore, we reduce time complexities for <monospace>free-TPKC</monospace> and <monospace>fixed-TPKC</monospace> attacks on other <monospace>AES</monospace> variants.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 12","pages":"9732-9752"},"PeriodicalIF":2.9,"publicationDate":"2025-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145595136","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We study the Gaussian multiple access channel with random user activity, in the regime where the number of users is proportional to the code length. The receiver may know some statistics about the number of active users, but does not know the exact number nor the identities of the active users. We derive two achievability bounds on the probabilities of missed detection, false alarm, and active user error, and propose an efficient CDMA-type scheme whose performance can be compared against these bounds. The first bound is a finite-length result based on Gaussian random codebooks and maximum-likelihood decoding. The second is an asymptotic bound, established using spatially coupled Gaussian codebooks and approximate message passing (AMP) decoding. These bounds can be used to compute an achievable tradeoff between the active user density and energy-per-bit, for a fixed user payload and target error rate. The efficient CDMA scheme uses a spatially coupled signature matrix and AMP decoding, and we give rigorous asymptotic guarantees on its error performance. Our analysis provides the first state evolution result for spatially coupled AMP with matrix-valued iterates, which may be of independent interest. Numerical experiments demonstrate the promising error performance of the CDMA scheme for both small and large user payloads, when compared with the two achievability bounds.
{"title":"Many-User Multiple Access With Random User Activity: Achievability Bounds and Efficient Schemes","authors":"Xiaoqi Liu;Pablo Pascual Cobo;Ramji Venkataramanan","doi":"10.1109/TIT.2025.3622969","DOIUrl":"https://doi.org/10.1109/TIT.2025.3622969","url":null,"abstract":"We study the Gaussian multiple access channel with random user activity, in the regime where the number of users is proportional to the code length. The receiver may know some statistics about the number of active users, but does not know the exact number nor the identities of the active users. We derive two achievability bounds on the probabilities of missed detection, false alarm, and active user error, and propose an efficient CDMA-type scheme whose performance can be compared against these bounds. The first bound is a finite-length result based on Gaussian random codebooks and maximum-likelihood decoding. The second is an asymptotic bound, established using spatially coupled Gaussian codebooks and approximate message passing (AMP) decoding. These bounds can be used to compute an achievable tradeoff between the active user density and energy-per-bit, for a fixed user payload and target error rate. The efficient CDMA scheme uses a spatially coupled signature matrix and AMP decoding, and we give rigorous asymptotic guarantees on its error performance. Our analysis provides the first state evolution result for spatially coupled AMP with matrix-valued iterates, which may be of independent interest. Numerical experiments demonstrate the promising error performance of the CDMA scheme for both small and large user payloads, when compared with the two achievability bounds.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"72 1","pages":"383-414"},"PeriodicalIF":2.9,"publicationDate":"2025-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"145808595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: