{"title":"Provable Security Evaluations of XOR-Versions of SNOW Family Stream Ciphers Against Fast Correlation Attacks","authors":"Sudong Ma;Chenhui Jin;Xinxin Gong;Senpeng Wang;Ting Cui;Lin Ding;Jie Guan","doi":"10.1109/TIT.2025.3565463","DOIUrl":"https://doi.org/10.1109/TIT.2025.3565463","url":null,"abstract":"Fast correlation attack is one of the most powerful attack methods for LFSR-based stream ciphers, and the primary problem of the attack is to construct the linear approximations with great absolute correlations. For some stream ciphers with complex structures of linear approximations, the search for the maximum absolute correlation of linear approximations has always been a difficult problem because of the extremely high amount of masks that need to be searched. In this paper, an analysis method for searching maximum absolute correlation based on the linear mask structure is developed, including the filtering technology based on mask propagation trail, a structural characteristic of linear approximations of linear transformations with fewer active bytes, and linear approximation equivalence theorem of composite function composed of the parallel identical S-boxes and linear transformation. These methods efficiently reduce the exhaustive time complexity of the masks. As applications, this paper proves that the suprema of absolute correlations of all the linear approximations for the five XOR-versions of SNOW family stream ciphers (i.e., SNOW <inline-formula> <tex-math>$2.0_{oplus }$ </tex-math></inline-formula>, SNOW <inline-formula> <tex-math>$text{3G}_{oplus }$ </tex-math></inline-formula>, SNOW-<inline-formula> <tex-math>$text{V}_{oplus }$ </tex-math></inline-formula>, SNOW-<inline-formula> <tex-math>$text{Vi}_{oplus }$ </tex-math></inline-formula>, SNOW <inline-formula> <tex-math>$text{5G}_{oplus }$ </tex-math></inline-formula>) are <inline-formula> <tex-math>${2^{ - 9}}/{2^{ - 15.893}}/{2^{ - 37.964}}/{2^{ - 37.964}}/{2^{ - 37.964}}$ </tex-math></inline-formula>. The exhaustive time complexity of the masks can be reduced from <inline-formula> <tex-math>$O({2^{32}})/O({2^{96}})/O({2^{384}})/O({2^{384}})/O({2^{384}})$ </tex-math></inline-formula> to <inline-formula> <tex-math>$O({2^{24}})/O({2^{31.98}})/O({2^{39.98}})/O({2^{39.98}})/~O({2^{39.98}})$ </tex-math></inline-formula>, respectively. Furthermore, we give the provable security evaluations of the five ciphers against fast correlation attacks under the success probability of 0.99 for the known fast correlation attack method. For SNOW-<inline-formula> <tex-math>$text{V}_{oplus }$ </tex-math></inline-formula>/SNOW-<inline-formula> <tex-math>$text{Vi}_{oplus }$ </tex-math></inline-formula>/SNOW <inline-formula> <tex-math>$text{5G}_{oplus }$ </tex-math></inline-formula>, the time/data/memory complexity of the optimal fast correlation attacks are all <inline-formula> <tex-math>$O(2^{227.54})/O(2^{227.72})/O(2^{227.72})$ </tex-math></inline-formula>. The results show that SNOW-<inline-formula> <tex-math>$text{V}_{oplus }$ </tex-math></inline-formula>/SNOW-<inline-formula> <tex-math>$text{Vi}_{oplus }$ </tex-math></inline-formula>/SNOW <inline-formula> <tex-math>$text{5G}_{oplus }$ </tex-math></inline-formula> cannot guarantee the claimed 256-bit key security for the known fast correlation attack","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4035-4054"},"PeriodicalIF":2.2,"publicationDate":"2025-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Errata to “Channel Coding With Mean and Variance Cost Constraints”","authors":"Adeel Mahmood;Aaron B. Wagner","doi":"10.1109/TIT.2025.3547657","DOIUrl":"https://doi.org/10.1109/TIT.2025.3547657","url":null,"abstract":"Presents corrections to the paper, (Errata to “Channel Coding With Mean and Variance Cost Constraints”).","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 5","pages":"4032-4032"},"PeriodicalIF":2.2,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10975793","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143870980","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"IEEE Transactions on Information Theory Publication Information","authors":"","doi":"10.1109/TIT.2025.3560573","DOIUrl":"https://doi.org/10.1109/TIT.2025.3560573","url":null,"abstract":"","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 5","pages":"C2-C2"},"PeriodicalIF":2.2,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10975822","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143873127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"IEEE Transactions on Information Theory Information for Authors","authors":"","doi":"10.1109/TIT.2025.3560575","DOIUrl":"https://doi.org/10.1109/TIT.2025.3560575","url":null,"abstract":"","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 5","pages":"C3-C3"},"PeriodicalIF":2.2,"publicationDate":"2025-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10975821","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143870965","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Compute-Forward Multiple Access for Gaussian Fast Fading Channels","authors":"Lanwei Zhang;Jamie Evans;Jingge Zhu","doi":"10.1109/TIT.2025.3560447","DOIUrl":"https://doi.org/10.1109/TIT.2025.3560447","url":null,"abstract":"Compute-forward multiple access (CFMA) is a transmission strategy which allows the receiver in a multiple access channel (MAC) to first decode linear combinations of the transmitted signals and then solve for individual messages. Compared to existing MAC strategies such as joint decoding or successive interference cancellation (SIC), CFMA was shown to achieve the MAC capacity region for fixed channels under certain signal-to-noise (SNR) conditions without time-sharing using only single-user decoders. This paper studies the CFMA scheme for a two-user Gaussian fast fading MAC with channel state information only available at the receiver (CSIR). We investigate appropriate lattice decoding schemes to decode linear combinations with any integer coefficients in the fading MAC and derive the achievable rate pairs. We give a sufficient and necessary condition under which the proposed scheme can achieve the ergodic sum capacity. Furthermore, we investigate the impact of channel statistics on the capacity achievability of the CFMA scheme. In general, the sum capacity is achievable if the channel variance is small compared to the mean value of the channel strengths. Various numerical results are presented to illustrate the theoretical findings.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4112-4124"},"PeriodicalIF":2.2,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"From Letters to Words and Back: Invertible Coding of Stationary Measures","authors":"Łukasz Dębowski","doi":"10.1109/TIT.2025.3562063","DOIUrl":"https://doi.org/10.1109/TIT.2025.3562063","url":null,"abstract":"Motivated by problems of statistical language modeling, we consider probability measures on infinite sequences over two countable alphabets of a different cardinality, such as letters and words. We introduce an invertible mapping between such measures, called the normalized transport, that preserves both stationarity and ergodicity. The normalized transport applies so called self-avoiding codes that generalize comma-separated codes and specialize bijective stationary codes. The normalized transport is also connected to the usual measure transport via underlying asymptotically mean stationary measures. It preserves the ergodic decomposition. The normalized transport and self-avoiding codes arise in the problem of successive recurrence times. In particular, we show that successive recurrence times are ergodic for an ergodic measure, which strengthens a result by Chen Moy from 1959. We also relate the entropy rates of processes linked by the normalized transport.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4306-4316"},"PeriodicalIF":2.2,"publicationDate":"2025-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Improved Bounds on the Size of Permutation Codes Under Kendall τ -Metric","authors":"Farzad Parvaresh;Reza Sobhani;Alireza Abdollahi;Javad Bagherian;Fatemeh Jafari;Maryam Khatami","doi":"10.1109/TIT.2025.3561119","DOIUrl":"https://doi.org/10.1109/TIT.2025.3561119","url":null,"abstract":"In order to overcome the challenges caused by flash memories and also to protect against errors related to reading information stored in DNA molecules in the shotgun sequencing method, the rank modulation method has been proposed. In the rank modulation framework, codewords are permutations. In this paper, we study the largest size <inline-formula> <tex-math>$P(n, d)$ </tex-math></inline-formula> of permutation codes of length <italic>n</i>, i.e., subsets of the set <inline-formula> <tex-math>$S_{n}$ </tex-math></inline-formula> of all permutations on <inline-formula> <tex-math>${1,ldots , n}$ </tex-math></inline-formula> with the minimum distance at least <inline-formula> <tex-math>$din left {{{1,ldots ,binom {n}{2}}}right }$ </tex-math></inline-formula> under the Kendall <inline-formula> <tex-math>$tau $ </tex-math></inline-formula>-metric. By presenting an algorithm and two theorems, we improve the known lower and upper bounds for <inline-formula> <tex-math>$P(n,d)$ </tex-math></inline-formula>. In particular, we show that <inline-formula> <tex-math>$P(n,d)=4$ </tex-math></inline-formula> for all <inline-formula> <tex-math>$ngeq 6$ </tex-math></inline-formula> and <inline-formula> <tex-math>$frac {3}{5}binom {n}{2}lt d leq frac {2}{3} binom {n}{2}$ </tex-math></inline-formula>. Additionally, we prove that for any prime number <italic>n</i> and integer <inline-formula> <tex-math>$rleq frac {n}{6}$ </tex-math></inline-formula>, <inline-formula> <tex-math>$ P(n,3)leq (n-1)!-dfrac {n-6r}{sqrt {n^{2}-8rn+20r^{2}}}sqrt {dfrac {(n-1)!}{n(n-r)!}}$ </tex-math></inline-formula>. This result greatly improves the upper bound of <inline-formula> <tex-math>$P(n,3)$ </tex-math></inline-formula> for all primes <inline-formula> <tex-math>$ngeq 37$ </tex-math></inline-formula>.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4156-4166"},"PeriodicalIF":2.2,"publicationDate":"2025-04-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Generalized Approximate Message-Passing for Compressed Sensing With Sublinear Sparsity","authors":"Keigo Takeuchi","doi":"10.1109/TIT.2025.3560070","DOIUrl":"https://doi.org/10.1109/TIT.2025.3560070","url":null,"abstract":"This paper addresses the reconstruction of an unknown signal vector with sublinear sparsity from generalized linear measurements. Generalized approximate message-passing (GAMP) is proposed via state evolution in the sublinear sparsity limit, where the signal dimension <italic>N</i>, measurement dimension <italic>M</i>, and signal sparsity <italic>k</i> satisfy <inline-formula> <tex-math>$log k/log Nto gamma in [0, 1$ </tex-math></inline-formula>) and <inline-formula> <tex-math>$M/{klog (N/k)}to delta $ </tex-math></inline-formula> as <italic>N</i> and <italic>k</i> tend to infinity. While the overall flow in state evolution is the same as that for linear sparsity, each proof step for inner denoising requires stronger assumptions than those for linear sparsity. The required new assumptions are proved for Bayesian inner denoising. When Bayesian outer and inner denoisers are used in GAMP, the obtained state evolution recursion is utilized to evaluate the prefactor <inline-formula> <tex-math>$delta $ </tex-math></inline-formula> in the sample complexity, called reconstruction threshold. If and only if <inline-formula> <tex-math>$delta $ </tex-math></inline-formula> is larger than the reconstruction threshold, Bayesian GAMP can achieve asymptotically exact signal reconstruction. In particular, the reconstruction threshold is finite for noisy linear measurements when the support of non-zero signal elements does not include a neighborhood of zero. As numerical examples, this paper considers linear measurements and 1-bit compressed sensing. Numerical simulations for both cases show that Bayesian GAMP outperforms existing algorithms for sublinear sparsity in terms of the sample complexity.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4602-4636"},"PeriodicalIF":2.2,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10963836","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Lattice-Based Key-Value Commitment Scheme","authors":"Hideaki Miyaji;Atsuko Miyaji","doi":"10.1109/TIT.2025.3559974","DOIUrl":"https://doi.org/10.1109/TIT.2025.3559974","url":null,"abstract":"A blockchain is an important component in the design of secure distributed file systems, such as cryptocurrencies. One of the key components of the blockchain is the key-value commitment scheme, which constructs a commitment value from two inputs: a key and a value. In a conventional commitment scheme, a single user constructs a commitment value from an input value, whereas in a key-value commitment scheme, multiple users construct a commitment value from their keys and values. Both conventional and key-value commitment schemes must satisfy binding and hiding properties. The key-binding and key-hiding properties guarantee that neither the sender nor the verifier can act maliciously. The concept of a key-value commitment scheme was first proposed by Agrawal et al. in 2020 using a strong RSA assumption. Their scheme satisfies the key-binding but not key-hiding properties. In this paper, we propose two lattice-based key-value commitment schemes, <inline-formula> <tex-math>${mathsf { Insert}}text {-}{mathsf { KVC}}_{m/2,n,q,beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${mathsf {text {KVC}}}_{m,n,q,beta }$ </tex-math></inline-formula>, that satisfy both the key-binding and the key-hiding properties. The key-binding property of both <inline-formula> <tex-math>${mathsf { Insert}}text {-}{mathsf { KVC}}_{m/2,n,q,beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${mathsf {text {KVC}}}_{m,n,q,beta }$ </tex-math></inline-formula> are proven under the short integer solution (<inline-formula> <tex-math>${mathsf {text {SIS}}}^{infty } _{n,m,q,beta }$ </tex-math></inline-formula>) problem. The key-hiding property of both <inline-formula> <tex-math>${mathsf { Insert}}text {-}{mathsf { KVC}}_{m/2,n,q,beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${mathsf {text {KVC}}}_{m,n,q,beta }$ </tex-math></inline-formula> are proven under the Decisional-<inline-formula> <tex-math>${mathsf {text {SIS}}}^{infty } _{n,m,q,beta }$ </tex-math></inline-formula>-form problem, which is newly defined in this paper. We demonstrate the difficulty of the Decisional-<inline-formula> <tex-math>${mathsf {text {SIS}}}^{infty } _{n,m,q,beta }$ </tex-math></inline-formula>-form problem by showing that the Decisional-<inline-formula> <tex-math>${mathsf {text {SIS}}}^{infty } _{n,m,q,beta }$ </tex-math></inline-formula>-form problem is secure when the <inline-formula> <tex-math>${mathsf {text {SIS}}}^{infty } _{n,m,q,beta }$ </tex-math></inline-formula> problem is secure. Finally, we analyze the computational costs of <inline-formula> <tex-math>${mathsf { Insert}}text {-}{mathsf { KVC}}_{m/2,n,q,beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${mathsf {text {KVC}}}_{m,n,q,beta }$ </tex-math></inline-formula>. Our method is the first lattice-based key-value commitment scheme with proven the key-binding and the key-hiding properties.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4839-4853"},"PeriodicalIF":2.2,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10963723","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"DNA-Correcting Codes: End-to-End Correction in DNA Storage Systems","authors":"Avital Boruchovsky;Daniella Bar-Lev;Eitan Yaakobi","doi":"10.1109/TIT.2025.3559684","DOIUrl":"https://doi.org/10.1109/TIT.2025.3559684","url":null,"abstract":"This paper introduces a new solution to DNA storage that integrates all three steps of retrieval, namely clustering, reconstruction, and error correction. <italic>DNA-correcting codes</i> are presented as a unique solution to the problem of ensuring that the output of the storage system is unique for any valid set of input strands. To this end, we introduce a novel distance metric to capture the unique behavior of the DNA storage system and provide necessary and sufficient conditions for DNA-correcting codes. We also establish bounds and constructions for these codes, including an exploration of the <inline-formula> <tex-math>$ell _{infty } $ </tex-math></inline-formula> distance applied to permutations. Here, instead of interpreting permutation elements as numerical values and assessing absolute differences, we treat them as vectors and consider the Hamming distance to better model the DNA Storage System.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4214-4227"},"PeriodicalIF":2.2,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144117331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}