Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Secure list decoding and its application to bit-string commitment

Masahito Hayashi

TL;DR

Secure list decoding unifies list decoding with secrecy constraints to realize bit-string commitment over general probability spaces, including continuous channels. The work formalizes a three-parameter rate region $(R_1,R_2,R_3)$ and derives the capacity region for both discrete and continuous inputs, while also providing a hash-based method to convert secure list decodings into bit-string commitment with strong concealing. It develops an information-theoretic framework with generalized entropies and auxiliary variables, proves outer (converse) and inner (direct) results, and extends the construction to continuous-input/output settings and restricted honest-input subsets. A randomized hash-then-code approach yields strong concealing and binding properties, even for continuous systems, bridging theory and potential practical implementations. The results have implications for secure commitment protocols over noisy channels and offer a pathway to practical codes via established list-decoding constructions, while highlighting open problems around stochastic encoders and practical coding schemes.

Abstract

We propose a new concept of secure list decoding, which is related to bit-string commitment. While the conventional list decoding requires that the list contains the transmitted message, secure list decoding requires the following additional security conditions to work as a modification of bit-string commitment. The first additional security condition is the receiver's uncertainty for the transmitted message, which is stronger than the impossibility of the correct decoding, even though the transmitted message is contained in the list. The other additional security condition is the impossibility for the sender to estimate another element of the decoded list except for the transmitted message. The first condition is evaluated by the equivocation rate. The asymptotic property is evaluated by three parameters, the rates of the message and list sizes, and the equivocation rate. We derive the capacity region of this problem. We show that the combination of hash function and secure list decoding yields the conventional bit-string commitment. Our results hold even when the input and output systems are general probability spaces including continuous systems. When the input system is a general probability space, we formulate the abilities of the honest sender and the dishonest sender in a different way.

Secure list decoding and its application to bit-string commitment

TL;DR

Secure list decoding unifies list decoding with secrecy constraints to realize bit-string commitment over general probability spaces, including continuous channels. The work formalizes a three-parameter rate region and derives the capacity region for both discrete and continuous inputs, while also providing a hash-based method to convert secure list decodings into bit-string commitment with strong concealing. It develops an information-theoretic framework with generalized entropies and auxiliary variables, proves outer (converse) and inner (direct) results, and extends the construction to continuous-input/output settings and restricted honest-input subsets. A randomized hash-then-code approach yields strong concealing and binding properties, even for continuous systems, bridging theory and potential practical implementations. The results have implications for secure commitment protocols over noisy channels and offer a pathway to practical codes via established list-decoding constructions, while highlighting open problems around stochastic encoders and practical coding schemes.

Abstract

We propose a new concept of secure list decoding, which is related to bit-string commitment. While the conventional list decoding requires that the list contains the transmitted message, secure list decoding requires the following additional security conditions to work as a modification of bit-string commitment. The first additional security condition is the receiver's uncertainty for the transmitted message, which is stronger than the impossibility of the correct decoding, even though the transmitted message is contained in the list. The other additional security condition is the impossibility for the sender to estimate another element of the decoded list except for the transmitted message. The first condition is evaluated by the equivocation rate. The asymptotic property is evaluated by three parameters, the rates of the message and list sizes, and the equivocation rate. We derive the capacity region of this problem. We show that the combination of hash function and secure list decoding yields the conventional bit-string commitment. Our results hold even when the input and output systems are general probability spaces including continuous systems. When the input system is a general probability space, we formulate the abilities of the honest sender and the dishonest sender in a different way.

Paper Structure

This paper contains 34 sections, 27 theorems, 191 equations, 5 figures.

Table of Contents

  1. Introduction
  2. Review of existing results for bit-string commitment
  3. Various types of conditional entropies with general probability space
  4. Problem setting
  5. Our problem setting without explicit description of coding structure
  6. Our setting with coding-theoretic description
  7. Information quantities and regions with general probability space
  8. Information quantities
  9. Regions
  10. Results for secure list decoding with discrete input
  11. Statements of results
  12. Outline of proof of direct theorem
  13. Results for secure list decoding with continuous input
  14. Application to bit-string commitment
  15. Bit-string commitment based on secure list decoding
  16. ...and 19 more sections

Key Result

Proposition 1

When the channel $\bm{W}$ satisfies Conditions (W1) and (W2), the commitment capacity is given as $\square$

Figures (5)

  • Figure 1: Case with honest Alice and honest Bob. The set of Bob's decoded messages contains Alice's message $M$. Alice cannot infer other decoded messages.
  • Figure 2: Case with dishonest Alice and honest Bob. Dishonest Alice chooses $X^n \in {\cal X}^n$ such that she infers at least two elements in the set of Bob's decoded messages. Condition (D) guarantees the non-existence of such an element $X^n \in {\cal X}^n$.
  • Figure 3: Numerical plots for $\overline{{\cal C}^{1,3}}$, $\overline{{\cal C}^{s,1,3}}$ and $\overline{{\cal C}_{\alpha}^{1,3}}$ under the binary symmetric channel with cross over probability $0.1$. Green normal horizontal line expresses the upper bound of $\overline{{\cal C}^{s,1,3}}$. Blue normal line expresses the upper bound of $\overline{{\cal C}^{1,3}}$. Red dashed line expresses the upper bound of $\overline{{\cal C}_{1.1}^{1,3}}$. Black dotted line expresses the upper bound of $\overline{{\cal C}_{1.2}^{1,3}}$. Other bounds of $\overline{{\cal C}_{1,3}}$ and $\overline{{\cal C}_{\alpha,1,3}}$ are $R_1=1$ and $R_3=0$. We numerically checked that $\gamma_{1,o}$, $\gamma_{1.1,o}$, and $\gamma_{1.2,o}$ satisfy the condition in Lemma \ref{['LL3']}.
  • Figure 4: Our protocol for bit-string commitment with message set ${\cal K}$.
  • Figure 5: Numerical plot of the commitment capacity for AWGN channel with BPSK modulation. The vertical axis shows the commitment capacity, and the horizontal axis shows the noise power of the AWGN channel. $x \in \mathbb{F}_2 \mapsto Y=(-1)^x+ N$, where $N$ subject to the Gaussian distribution with average $0$ and variance $v$.

Theorems & Definitions (33)

  • Proposition 1: BC1, BC2
  • Proposition 2
  • Theorem 1
  • proof
  • Lemma 1
  • Lemma 2
  • Lemma 3
  • Theorem 2
  • Theorem 3
  • Corollary 1
  • ...and 23 more