Cong Ling

Rafael Cerna Loli, Onur Dizdar, Bruno Clerckx et al.

Effective and adaptive interference management is required in next generation wireless communication systems. To address this challenge, Rate-Splitting Multiple Access (RSMA), relying on multi-antenna rate-splitting (RS) at the transmitter and successive interference cancellation (SIC) at the receivers, has been intensively studied in recent years, albeit mostly under the assumption of perfect Channel State Information at the Receiver (CSIR) and ideal capacity-achieving modulation and coding schemes. To assess its practical performance, benefits, and limits under more realistic conditions, this work proposes a novel design for a practical RSMA receiver based on model-based deep learning (MBDL) methods, which aims to unite the simple structure of the conventional SIC receiver and the robustness and model agnosticism of deep learning techniques. The MBDL receiver is evaluated in terms of uncoded Symbol Error Rate (SER), throughput performance through Link-Level Simulations (LLS), and average training overhead. Also, a comparison with the SIC receiver, with perfect and imperfect CSIR, is given. Results reveal that the MBDL receiver outperforms by a significant margin the SIC receiver with imperfect CSIR, due to its ability to generate on demand non-linear symbol detection boundaries in a pure data-driven manner.

Cong Ling, Hao Yan, Nicholas Zhao

In this work, we revisit the dual attack and GPV trapdoor sampling, focusing on the lattice Gaussian sampling term, which can be a significant bottleneck in the overall complexity. We show that this sampling step can be quantumly accelerated by combining the lower bound underlying Wang and Ling's analysis of Klein's algorithm with the quantum rejection sampling (QRS) framework proposed by Ozols et al. Specifically, this lower bound gives precisely the pointwise domination condition required for quantum rejection sampling when given coherent oracle access to a truncated Klein proposal distribution, which yields a quantum procedure for preparing the truncated dual $q$-ary lattice Gaussian with a quadratic reduction in the sampling complexity. The truncation radius is chosen so that the truncated distribution is negligibly close to the full lattice Gaussian in total variation distance. Substituting this sampler into the dual attack framework results in reduced overall attack-cost estimates. Compared with Pouly and Shen's modern dual attack under the same parameter choices, our estimates reduce the attack cost by \(9\), \(4\), and \(13\) bits for Kyber-512, Kyber-768, and Kyber-1024, respectively. We also report the corresponding estimates with modulus switching. Finally, by replacing the Markov chain Monte Carlo (MCMC) sampler with the QRS algorithm, we achieve a similar quadratic speedup in the GPV signing process.

Juliana G. F. Souza, Conghui Li, Cong Ling

We construct multilevel lattice codes from multiquadratic number fields for the compound block-fading wiretap channel. More precisely, we specialize Construction $π_A$ over the ring of integers $\mathcal{O}_K$ and exploit rational primes that split completely in $K$ to obtain a Chinese Remainder Theorem (CRT) decomposition into small residue alphabets, notably binary, which enables multistage decoding. The resulting nested lattices fit into the algebraic Construction A framework and, when combined with discrete Gaussian shaping and flatness-factor bounds, provide universal reliability for the legitimate receiver and strong secrecy uniformly over the eavesdropper compound set.

Yirong Shen, Lu Gan, Cong Ling

Generative models that maximize model likelihood have gained traction in many practical settings. Among them, perturbation based approaches underpin many strong likelihood estimation models, yet they often face slow convergence and limited theoretical understanding. In this paper, we derive a tighter likelihood bound for noise driven models to improve both the accuracy and efficiency of maximum likelihood learning. Our key insight extends the classical KL divergence Fisher information relationship to arbitrary noise perturbations, going beyond the Gaussian assumption and enabling structured noise distributions. This formulation allows flexible use of randomized noise distributions that naturally account for sensor artifacts, quantization effects, and data distribution smoothing, while remaining compatible with standard diffusion training. Treating the diffusion process as a Gaussian channel, we further express the mismatched entropy between data and model, showing that the proposed objective upper bounds the negative log-likelihood (NLL). In experiments, our models achieve competitive NLL on CIFAR-10 and SOTA results on ImageNet across multiple resolutions, all without data augmentation, and the framework extends naturally to discrete data.

Christian Porter, Cong Ling

Lattices defined as modules over algebraic rings or orders have garnered interest recently, particularly in the fields of cryptography and coding theory. Whilst there exist many attempts to generalise the conditions for LLL reduction to such lattices, there do not seem to be any attempts so far to generalise stronger notions of reduction such as Minkowski, HKZ and BKZ reduction. Moreover, most lattice reduction methods for modules over algebraic rings involve applying traditional techniques to the embedding of the module into real space, which distorts the structure of the algebra. In this paper, we generalise some classical notions of reduction theory to that of free modules defined over an order. Moreover, we extend the definitions of Minkowski, HKZ and BKZ reduction to that of such modules and show that bases reduced in this manner have vector lengths that can be bounded above by the successive minima of the lattice multiplied by a constant that depends on the algebra and the dimension of the module. In particular, we show that HKZ reduced bases are polynomially close to the successive minima of the lattice in terms of the module dimension. None of our definitions require the module to be embedded and thus preserve the structure of the module.

Charbel Saliba, Laura Luzzi, Cong Ling

We consider FrodoKEM, a lattice-based cryptosystem based on LWE, and propose a new error correction mechanism to improve its performance. Our encoder maps the secret key block-wise into the Gosset lattice $E_8$. We propose two sets of parameters for our modified implementation. Thanks to the improved error correction, the first implementation outperforms FrodoKEM in terms of concrete security by $10$ to $13$ bits by increasing the error variance; the second allows to reduce the bandwidth by $7\%$ by halving the modulus $q$. In both cases, the decryption failure probability is improved compared to the original FrodoKEM. Unlike some previous works on error correction for lattice-based protocols, we provide a rigorous error probability bound by decomposing the error matrix into blocks with independent error coefficients.

Christian Porter, Andrew Mendelsohn, Cong Ling

Whilst lattice-based cryptosystems are believed to be resistant to quantum attack, they are often forced to pay for that security with inefficiencies in implementation. This problem is overcome by ring- and module-based schemes such as Ring-LWE or Module-LWE, whose keysize can be reduced by exploiting its algebraic structure, allowing for faster computations. Many rings may be chosen to define such cryptoschemes, but cyclotomic rings, due to their cyclic nature allowing for easy multiplication, are the community standard. However, there is still much uncertainty as to whether this structure may be exploited to an adversary's benefit. In this paper, we show that the decomposition group of a cyclotomic ring of arbitrary conductor can be utilised to significantly decrease the dimension of the ideal (or module) lattice required to solve a given instance of SVP. Moreover, we show that there exist a large number of rational primes for which, if the prime ideal factors of an ideal lie over primes of this form, give rise to an "easy" instance of SVP. It is important to note that the work on ideal SVP does not break Ring-LWE, since its security reduction is from worst case ideal SVP to average case Ring-LWE, and is one way.

Nitish Mital, Cong Ling, Deniz Gunduz

We consider the problem of secure distributed matrix computation (SDMC), where a \textit{user} queries a function of data matrices generated at distributed \textit{source} nodes. We assume the availability of $N$ honest but curious computation servers, which are connected to the sources, the user, and each other through orthogonal and reliable communication links. Our goal is to minimize the amount of data that must be transmitted from the sources to the servers, called the \textit{upload cost}, while guaranteeing that no $T$ colluding servers can learn any information about the source matrices, and the user cannot learn any information beyond the computation result. We first focus on secure distributed matrix multiplication (SDMM), considering two matrices, and propose a novel polynomial coding scheme using the properties of finite field discrete Fourier transform, which achieves an upload cost significantly lower than the existing results in the literature. We then generalize the proposed scheme to include straggler mitigation, and to the multiplication of multiple matrices while keeping the input matrices, the intermediate computation results, as well as the final result secure against any $T$ colluding servers. We also consider a special case, called computation with own data, where the data matrices used for computation belong to the user. In this case, we drop the security requirement against the user, and show that the proposed scheme achieves the minimal upload cost. We then propose methods for performing other common matrix computations securely on distributed servers, including changing the parameters of secret sharing, matrix transpose, matrix exponentiation, solving a linear system, and matrix inversion, which are then used to show how arbitrary matrix polynomials can be computed securely on distributed servers using the proposed procedure.

Charbel Saliba, Laura Luzzi, Cong Ling

We consider a key encapsulation mechanism (KEM) based on Module-LWE where reconciliation is performed on the 8-dimensional lattice $E_8$, which admits a fast CVP algorithm. Our scheme generates 256 bits of key and requires 3 or 4 bits of reconciliation per dimension. We show that it can outperform Kyber in terms of the modulus q with comparable error probability. We prove that our protocol is IND-CPA secure and improves the security level of Kyber by 7.3%.

Xiaofu Wu, Zhen Yang, Cong Ling et al.

In the past, two main approaches for the purpose of authentication, including information-theoretic authentication codes and complexity-theoretic message authentication codes (MACs), were almost independently developed. In this paper, we propose a new cryptographic primitive, namely, artificial-noise-aided MACs (ANA-MACs), which can be considered as both computationally secure and information-theoretically secure. For ANA-MACs, we introduce artificial noise to interfere with the complexity-theoretic MACs and quantization is further employed to facilitate packet-based transmission. With a channel coding formulation of key recovery in the MACs, the generation of standard authentication tags can be seen as an encoding process for the ensemble of codes, where the shared key between Alice and Bob is considered as the input and the message is used to specify a code from the ensemble of codes. Then, we show that the introduction of artificial noise in ANA-MACs can be well employed to resist the key recovery attack even if the opponent has an unlimited computing power. Finally, a pragmatic approach for the analysis of ANA-MACs is provided, and we show how to balance the three performance metrics, including the completeness error, the false acceptance probability, and the conditional equivocation about the key. The analysis can be well applied to a class of ANA-MACs, where MACs with Rijndael cipher are employed.

Kezhi Li, Lu Gan, Cong Ling

In this paper, a new class of circulant matrices built from deterministic sequences is proposed for convolution-based compressed sensing (CS). In contrast to random convolution, the coefficients of the underlying filter are given by the discrete Fourier transform of a deterministic sequence with good autocorrelation. Both uniform recovery and non-uniform recovery of sparse signals are investigated, based on the coherence parameter of the proposed sensing matrices. Many examples of the sequences are investigated, particularly the Frank-Zadoff-Chu (FZC) sequence, the \textit{m}-sequence and the Golay sequence. A salient feature of the proposed sensing matrices is that they can not only handle sparse signals in the time domain, but also those in the frequency and/or or discrete-cosine transform (DCT) domain.