Bilinear Compressive Security (BCS)

• Bilinear Compressive Security is a cryptographic framework that embeds random convolution into linear compressive measurements, substantially complicating key recovery for adversaries.
• It employs a two-step process—first encoding with a fixed measurement matrix followed by a per-transmission random convolution—to introduce effective ciphertext ambiguity.
• The framework enables efficient decryption via blind deconvolution and is particularly suited to applications like IoT where energy and computational efficiency are critical.

Bilinear Compressive Security (BCS) is a cryptographic framework designed to enhance the security of compressed sensing–based systems by embedding the key-dependent linear measurement into a bilinear (typically convolutional) structure, thereby robustly safeguarding against known plaintext attacks even under adversary-favorable conditions such as repeated transmissions and plaintext observability (Flinth et al., 17 Oct 2025). Unlike conventional compressive security, which encodes a sparse signal $x$ with a secret matrix $Q$ as $y=Qx$, BCS conjoins this embedding with a random convolution filter $h$ per transmission, resulting in ciphertext $y = h * Qx$. The critical insight is that the additional bilinear mixing complicates key recovery for the adversary, rendering standard attacks insufficient and forcing a substantial increase in required attack complexity.

1. Augmenting Linear Compressive Security: Motivations and Foundations

Traditional compressive security schemes employ a fixed, secret, complex measurement matrix $Q \in \mathbb{C}^{m \times n}$ to linearly encode sparse messages $x \in \mathbb{C}^n$, achieving security comparable to a one-time pad if $Q$ is changed for every message (Flinth et al., 17 Oct 2025). However, the reuse of $Q$ fundamentally undermines security: $n$ independent plaintext–ciphertext pairs suffice for an adversary to reconstruct $Q$ in full. Bilinear Compressive Security is introduced to address this limitation by integrating a second layer—random convolution with $h$—thereby increasing the ambiguity in the ciphertext space and complicating key recovery via injection of independent, distributionally symmetric noise.

2. Encryption Construction and Transmission Protocol

The BCS encryption mechanism comprises two serial operations:

1. Linear Measurement: Given a fixed (per sender) measurement matrix $Q$ and a sparse message $x$, form the vector $v = Qx$.
2. Random Convolution Filter: For each transmission, independently draw a random filter $h \in \mathbb{C}^m$ from a prescribed distribution $D$ (often phase symmetric), then compute the ciphertext as

$y = h * Qx$

where $*$ denotes (circular) convolution. Equivalently, in the Fourier domain using the convolution theorem,

$$\mathcal{F}(y) = \mathcal{F}(h) \odot \mathcal{F}(Qx)$$

with $\odot$ indicating elementwise multiplication.

This sequential composition ensures that, for each message, the $Q$-embedding is entangled with an independently randomized filter, resulting in a bilinear relation between the key, message, and per-transmission noise.

3. Security Analysis: Known Plaintext Attacks and Phase Retrieval Reductions

Security against known plaintext attacks is the central theoretical contribution. In standard compressive security, $n$ linearly independent $(x_k, Qx_k)$ pairs uniquely determine $Q$. In BCS, even an adversary granted complete access to the distributions $\{h * Qx_k\}_k$ for known sparse $\{x_k\}$ must solve a coupled system of phase retrieval problems. Specifically, under a phase symmetry assumption for $h$ (the distribution is invariant under multiplication by unit-modulus complex scalars), the main result (Theorem 4 (Flinth et al., 17 Oct 2025)) establishes:

• For sparsity $s$, recovering $Q$ from $M$ plaintext–ciphertext pairs demands

$M = \Omega\left(\max\left(n, (n/s)^2\right)\right)$

• If $s=1$, recovery becomes theoretically impossible: key cannot be determined even up to a unitary phase from any finite $M$.

This result is derived by mapping the key recovery challenge to classical phase retrieval, reduced to injectivity of $Q \mapsto \{Qx_k\}_k$ up to a global phase. Standard lower bounds for the number of samples needed for phase retrieval then yield the security threshold above.

4. Decryption and Blind Deconvolution Algorithms

The receiver (Bob) reconstructs $x$ from $y = h * Qx$ without knowledge of $h$, resulting in a blind deconvolution problem. Both $h$ and $x$ are assumed sparse, a critical restriction that enables efficient demixing algorithms such as HiHTP (hierarchical hard thresholding pursuit):

• Bob knows $Q$, receives $y$, and (assuming knowledge of the sparsity levels) applies sparse blind deconvolution methods to jointly recover $(h, x)$ up to an inherent scaling ambiguity: $(h, x)$ and $(h/\alpha, \alpha x)$ yield the same $y$ for any $\alpha \in \mathbb{C}\setminus\{0\}$.

Blind deconvolution in the sparse regime is computationally tractable and robust, with recovery correctness guaranteed under standard random matrix and filter assumptions [(Flinth et al., 17 Oct 2025), Theorem 1].

5. Practical Impact and System Integration

BCS confers several practical advantages over classical compressive security methodologies:

• Energy and Computational Efficiency: The scheme retains the compression and reduced complexity of compressed sensing, making it suitable for resource-constrained environments, notably IoT.
• Physical Layer Compatibility: The convolution with $h$ seamlessly accommodates physical channels exhibiting sparse multipath effects, aligning cryptographic processes with natural channel diversity.
• Dynamic Key Concealment: As $h$ is regenerated for each transmission and unshared with the receiver, each message is effectively masked, bolstering security against ciphertext aggregation attacks.
• Key Reuse Security: Unlike the linear case, the same $Q$ may be safely reused for many transmissions, obviating the (otherwise fundamental) need to change encryption keys per message.

6. Theoretical Guarantees and Mathematical Formalism

The mathematical results in BCS quantify both correctness and security. Notably:

• Correctness: Provided $h$ is $\sigma$-sparse, $x$ is $s$-sparse, and $Q$ is drawn iid random (e.g., Gaussian), algorithms such as HiHTP recover $(h, x)$ from $y$ with high probability and computational efficiency.
• Security: Under phase-symmetric $h$ distributions, recovery of $Q$ through any number of $s$-sparse $(x_k, y_k)$ pairs is infeasible for $s=1$.
• Phase Retrieval Barrier: The reduction to phase retrieval provides a rigorous lower bound on attack complexity, with the mapping $Q \rightarrow \{Qx_k\}_k$ only injective (modulo phase) if $\{x_k\}$ spans phase retrieval, known to require $\Omega(n^2)$ samples for $s$-sparse vectors.

7. Future Directions and Open Questions

Several avenues for further research are identified:

• Extension of phase symmetry assumptions to more general or realistic $h$ distributions.
• Design and analysis of practical attack algorithms and evaluation of their empirical limits.
• Incorporation of modeling errors such as noise, quantization, and physical nonidealities.
• Analysis of partial recovery scenarios for $x$ or $Q$ given side information.

A plausible implication is that further strengthening the filter randomness and sparsity models would deepen both provable and empirical security bounds, while tailored blind deconvolution developments could extend applicability in high-noise or high-dimensional operational regimes.

---

Bilinear Compressive Security, by embedding random convolution into compressed sensing, presents a mathematically formalized, practically robust architecture for secure signal transmission in measurement-limited and adversary-rich environments. Its theoretical basis ensures substantially increased attack complexity and practical resilience compared to traditional linear compressive security approaches (Flinth et al., 17 Oct 2025).