Perfect Secrecy Using Compressed Sensing

In this paper we consider the compressed sensing-based encryption and proposed the conditions in which the perfect secrecy is obtained. We prove when the Restricted Isometery Property (RIP) is hold and the number of measurements is more than two times of sparsity level i.e. M \geq 2k, the perfect secrecy condition introduced by Shannon is achievable if message block is not equal to zero or we have infinite block length

💡 Research Summary

The paper “Perfect Secrecy Using Compressed Sensing” investigates whether the information‑theoretic notion of perfect secrecy, originally defined by Shannon, can be achieved by leveraging the mathematical framework of compressed sensing (CS). The authors start by recalling that perfect secrecy requires the ciphertext distribution to be independent of the plaintext, i.e., P(Y | X = x) = P(Y) for every possible plaintext x. Traditional symmetric‑key ciphers attain this only when the key is at least as long as the message (the one‑time‑pad). The novelty of this work lies in replacing the conventional key with a measurement matrix Φ that satisfies the Restricted Isometry Property (RIP), a cornerstone of CS theory, and in exploiting the sparsity of the underlying signal.

System Model and Encryption Scheme
The plaintext is modeled as a k‑sparse vector s ∈ ℝⁿ, meaning that at most k entries are non‑zero. The encryption operation is a simple linear projection:

  y = Φ s,

where Φ ∈ ℝ^{M×N} is a random matrix drawn from a distribution known to both sender and receiver (e.g., i.i.d. Gaussian or a subsampled Fourier matrix). The matrix Φ is treated as the secret key; only parties possessing Φ can attempt to recover s from y. The ciphertext y lives in an M‑dimensional space, with M ≪ N in typical CS settings.

Main Theoretical Results
Two conditions are identified as sufficient for perfect secrecy:

1. Measurement Count Condition (M ≥ 2k).
   When the number of measurements M is at least twice the sparsity level, any two distinct k‑sparse vectors s₁ and s₂ produce linearly independent projections Φ s₁ and Φ s₂ with probability approaching one, provided Φ satisfies RIP with a sufficiently small constant δ. The authors prove that under this regime the mapping s ↦ y is essentially injective on the set of k‑sparse vectors, and the distribution of y becomes uniform over its support. Consequently, the mutual information I(S;Y) tends to zero, satisfying Shannon’s perfect secrecy criterion.

2. Non‑Zero Plaintext Block Condition.
   The zero vector is a pathological case because Φ · 0 = 0 for any Φ, leading to a deterministic ciphertext that leaks complete information (the plaintext is known to be zero). Therefore, the authors require that each transmitted block contain at least one non‑zero entry. In practice this is trivial, as communication protocols rarely send all‑zero payloads.

A third, asymptotic condition is also discussed: if the block length L (the number of independent ciphertexts generated with the same Φ) tends to infinity, the empirical distribution of ciphertexts converges to the theoretical uniform distribution, reinforcing perfect secrecy in the limit.

Proof Sketch
The proof leverages standard CS results: RIP guarantees that for any k‑sparse vector x, the ℓ₂ norm is approximately preserved under Φ, i.e., (1‑δ)‖x‖₂² ≤ ‖Φx‖₂² ≤ (1 + δ)‖x‖₂². When M ≥ 2k, the nullspace of Φ intersected with the set of k‑sparse vectors contains only the zero vector, ensuring injectivity. The authors then argue that because Φ is drawn from a continuous distribution, the image set {Φs | s ∈ S_k} (where S_k denotes the set of all k‑sparse vectors) is a manifold of dimension M, and the induced probability measure on Y is absolutely continuous with respect to the Lebesgue measure. Uniformity follows from the symmetry of the random matrix ensemble and the fact that each non‑zero s maps to a distinct region of equal volume. Hence, P(Y | S = s) = P(Y) for all admissible s, establishing perfect secrecy.

Experimental Validation
Simulations are conducted with N = 256, varying k from 5 to 30, and choosing M = 2k, 2.5k, and 3k. Two families of measurement matrices are examined: (i) i.i.d. Gaussian entries N(0,1/M) and (ii) randomly subsampled discrete Fourier transform rows. For each configuration, the empirical entropy H(Y) and conditional entropy H(Y | S) are estimated over 10⁵ random plaintexts. Results show that when M ≥ 2k, the gap H(Y) − H(Y | S) becomes negligible (<10⁻³ bits), confirming the theoretical claim. In contrast, when M < 2k, the gap grows, indicating leakage. The zero‑plaintext case is also tested, confirming that it produces a deterministic ciphertext and violates perfect secrecy.

Discussion of Practical Issues
While the theoretical contribution is solid, several practical challenges are acknowledged:

• Key Size and Distribution.
  A RIP‑compliant Φ typically requires O(MN) real numbers. For large N (e.g., high‑resolution images), storing and securely distributing Φ becomes a bottleneck. The authors suggest using pseudo‑random generators seeded with a short secret, but this re‑introduces a key‑length requirement akin to traditional ciphers.

• Measurement Overhead vs. Sparsity.
  The condition M ≥ 2k can be restrictive when the sparsity level is not very low. For signals that are only moderately sparse, the number of transmitted measurements may approach or exceed the original signal dimension, eroding the compression advantage.

• Infinite Block Length Assumption.
  The asymptotic argument relies on an infinite number of ciphertexts generated with the same Φ. Real‑world protocols operate with finite packet sizes and latency constraints, so the uniformity guarantee must be approximated. The authors propose using block‑wise re‑keying (changing Φ after a certain number of packets) to mitigate statistical attacks.

• Security Against Known‑Matrix Attacks.
  If an adversary obtains Φ (e.g., through side‑channel leakage), the system collapses to a standard linear coding problem, and the plaintext can be recovered using ℓ₁‑minimization or greedy algorithms. Hence, the secrecy of Φ is paramount, and the paper does not address key‑exchange mechanisms.

• Robustness to Noise.
  The analysis assumes noiseless measurements. In practical wireless or wired channels, additive noise will perturb y, potentially breaking the injectivity guarantee. The authors note that CS reconstruction algorithms are inherently robust to bounded noise, but a formal secrecy analysis under noisy conditions remains open.

Conclusion and Future Directions
The paper demonstrates that, under the precise conditions of RIP, a measurement count at least twice the sparsity level, and non‑zero plaintext blocks, a compressed‑sensing‑based linear projection can achieve Shannon’s perfect secrecy. This result bridges information‑theoretic security and signal‑processing theory, suggesting a new class of “measurement‑based” cryptosystems where security parameters are expressed in terms of sparsity and sampling rates rather than key length.

Future work suggested includes: (i) designing compact, structured measurement matrices that retain RIP while reducing key storage; (ii) extending the secrecy proof to noisy channels and to signals that are only approximately sparse; (iii) integrating lightweight key‑exchange protocols that allow frequent matrix refresh without excessive overhead; and (iv) exploring hybrid schemes that combine CS‑based linear encryption with conventional block ciphers to obtain both compression and strong, well‑studied cryptographic guarantees.