I Introduction
We study the secret key generation problem among multiple users [1], in which each user observes a component of some correlated discrete sources. The users discuss over a noiseless public channel, possibly interactively in several rounds, to agree on a common secret key that is independent of their discussion. While the maximum achievable secret key rate with unfettered discussion was characterized in [1], it remains open when the discussion has limited rate.
The secret key generation under limited discussion rate was first studied by Csiszár and Narayan for discrete sources in the twouser case with a helper [2]. For the oneway discussion, they characterized the optimal tradeoff between the secret key rate and discussion rate, which was subsequently extended to gaussian sources in [3, 4]. The minimum rate of interactive discussion required to generate a secret key of maximum rate was examined by [5, 6] in the twouser case and [7] in the multiterminal case. In [8], the optimal tradeoff between the secret key rate and discussion rate tuple was characterized for a variant of the multiterminal source model. In [9], a hypergraphical source model [10] was considered, and each user observes one realization of the source. They determined the minimum amount of discussion needed to generate a secret key of a given size when the discussion is restricted to be linear function of the source. In [11] , the optimal tradeoff between the secret key rate and total discussion rate was characterized for the pairwise independent network (PIN) model proposed in [12, 13]. Chan et al. [11] also gave an outer bound on the region of achievable secret key rate and discussion rate tuple. The bound was shown to be tight for PIN model on a tree, but remains unknown whether it is tight for other sources. Besides, although the expression is singleletter, it may take exponential time to compute the bound since you have to evaluate all the subsets.
In this paper, we show that the bound is also tight for the minimally connected hypergraphical (MCH) sources [10], generalizing the result of [11]. We obtain a partial characterization of the region of achievable secret key rate and discussion rate tuple. Our result is stronger than the existing result for its being more explicit and can be computed more efficiently. In particular, for the hypertree sources, the region can be completely characterized. More importantly, for the MCH sources, we obtain an explicit formula of the maximum achievable secret key rate, called the secrecy capacity, under any given total discussion rate. The main property in deriving the results is the alternative characterization of two special classes of hypergraph, which is established via the notion of path and partition connectivity of hypergraph.
Ii Problem Formulation
Let be a finite set of users. The users have access to a correlated discrete memoryless multiple source taking values from a finite set
N.b., we use the sans serif font for random variable and the normal font for its corresponding alphabet set. Each user
observes an i.i.d. samples of the source . Then, each user generates a random variable independent of other sources, i.e., . Following these observations, the users are allowed to discuss interactively in ascending order of user indices over a noiseless channel for number of rounds. More specifically, at round , each user reveals a message that is a function of its accumulated observations, , where denotes all the previous messages in the same round, and denotes all the messages in the previous rounds. We will write and to denote, respectively, the collection of messages from user and all users. After the public discussion, each user then try to extract a common secret key from its accumulated observations. The secret key is required to satisfy(2.1)  
(2.2) 
for some function for .
We say a secret key rate and discussion rate tuple is achievable if there exists a sequence satisfying
(2.3) 
in addition to (2.1) and (2.2). Then, the achievable rate region is defined as
(2.4) 
The secrecy capacity under a total pubic discussion rate is defined as
(2.5) 
where for notational convenience. The unconstrained secrecy capacity characterized in [1] is defined as
(2.6) 
The communication complexity [7] is the minimum total discussion rate required to achieve the unconstrained secrecy capacity, namely,
(2.7) 
Characterizing or even for the general multiterminal source model appears intractable [7], let alone . To simplify the problem, the following hypergraphical source model, which generalizes the PIN model [12, 13], has been considered in [10, 7, 14, 11, 9].
Definition 2.1 ([10])
is a hypergraphical source if there is a hypergraph with an edge function and some independent edge random variables for with , such that
(2.8) 
The weight function of the hypergraph is defined as
(2.9) 
A hypergraph is minimally connected if becomes disconnected after removing any edge. We will further simplify the problem by restricting ourselves to the following special hypergraphical source model.
Definition 2.2
is a minimally connected hypergraphical (MCH) source if it is a hypergraphical source and the corresponding hypergraph is minimally connected .
Our goal is to characterize or bound and for the above MCH source model.
Iii Preliminaries
In this section, we give a brief introduction to some hypergraph notions and operations.
Let be a hypergraph with a set of vertices , a set of (hyper)edges , and an edge function ^{1}^{1}1Note that we allow to have multiple edges among the same vertices. The degree of a vertex in , denoted by , is the number of incident edges associated with it, i.e.,
(3.1a) 
Similarly, for a set of vertices , its degree is
(3.1b) 
A path in between two vertices and is a sequence with the following properties: is a positive integer ; , for ; all are distinct; and for ; all are distinct. The sequence is called a cycle if instead with . We write to indicate is reachable from via a path in . It is easy to see that “” is a equivalence relation. The equivalence relation “” divides into a set of equivalence classes, each of which is the vertex set of a connected component of . Let denotes the number of equivalence classes, i.e., the number of connected components. A hypergraph is connected if there is a path in between any two distinct vertices, i.e., ; or . A special type of connected hypergraph, called hypertree, that generalizes tree in graph, will be considered is:
Definition 3.1
A hypergraph is a hypertree iff is connected and the path between any two distinct vertices is unique (no cycles).^{2}^{2}2Note that our definition of hypertree is different from the standard definition. In hypergraph theory, a hypergraph is called a hypertree if it admits a host graph such that is a tree. Compared with the standard definition, our definition is more stringent.
N.b., a hypertree is a minimally connected hypergraph, but the reverse does not hold.^{3}^{3}3In graph theory, minimally connected graph and tree are equivalent. An example is shown below.
Example 3.1
Consider the hypergraph in Fig. 1. is a minimally connected hypergraph, but not a hypertree since there are two paths between any two distinct vertices.
We can obtain new hypergraph from old via the following graphtheoretic operations. Let . is defined as a subhypergraph of induced by as follows:
Definition 3.2
is a hypergraph where the set of vertices is , the set of edges is , and the edge function is , for .
Similarly, we use to denote a subhypergraph obtained from by removing the vertex in from and , and then discarding the empty edges. More precisely,
Definition 3.3
is a hypergraph where the set of vertices is , the set of edges is , and the edge function is , for .
Let be the set of partitions of into nonempty disjoint subsets. For , is a hypergraph obtained from by agglomerating the vertices and edges with reference to (w.r.t.) in the following.
Definition 3.4
is a hypergraph where the set of vertices is , the set of edges is , and the edge function is , for .
A simple example that illustrates the above operations is as follows:
Example 3.2
The last graphtheoretic notion we shall introduce is the partition connectivity of a hypergraph. Let denote the set of all partitions of into at least two nonempty disjoint subsets, i.e.,
(3.1) 
With , (which will be assume hereafter), the partition connectivity of a hypergraph is defined as
(3.2a)  
(3.2b) 
which corresponds to the number of edges that cross the partition . The partition connectivity we defined here is the multivariate mutual information [15] that specialises to the hypergraph without considering the weight of edges. It was pointed out in [15] that the set of optimal solutions to (3.2a) forms a lattice w.r.t. the partial order “” on partitions defined below. We say a partition is finer than another partition , denoted as , iff
(3.1) 
In other words, can be obtained from by further partitioning some parts of . Hence, there is a unique finest optimal partition, denoted by and referred to as the fundamental partition. Note that both and can be computed in strongly polynomial time [15]. The fundamental partition has various properties and operational meanings. In particular, we will rely on the following property, which has an elegant interpretation in data clustering.
Proposition 3.1 ([15, Lemma 5.1 and Theorem 5.2])
The fundamental partition of a hypergraph satisfies
(3.2) 
where denotes the collection of inclusionwise maximal sets in a set family , i.e., .
Iv Main Results
Our main result is an explicit formula of and a partial characterization of for the MCH sources.
Theorem 4.1
For a MCH source (see Definition 2.2), we have only if
(4.1) 
where (3.1b) is the degree of vertices in and is the fundamental partition. Moreover, for all , the above are simultaneously achievable for any secret key rate below the unconstrained secrecy capacity
(4.2) 
In particular, this gives the optimal tradeoff
(4.3) 
and so .
Proof
See Appendix.
Our result is stronger than existing result:

We obtain an explicit formula of , which is not covered by any existing results.
Example 4.1
Applying the above result to a hypergraphical source , where the corresponding hypergraph is a hypertree, gives a complete characterization of .
Corollary 4.1
For a hypergraphical source w.r.t. a hypertree with weight , we have
(4.4a)  
(4.4b) 
and (3.1a) is the degree of node in hypertree .
Proof
See Appendix.
In [11], the region has been completely characterized for PIN model on a tree. Since hypertree contains tree as a special case, our result generalizes [11].
Example 4.2
To prove Theorem 4.1, we will rely on the following property of the minimally connected hypergraph (MCH). It characterizes the relation of degree, number of connected component, and number of edges in MCH.
Lemma 4.1
N.b., (4.2) holds even if has singleton edges, i.e., such that for some .
Proof
See Appendix.
Example 4.3
To prove Corollary 4.1 and Lemma 4.1, we will use the following alternative characterization of the hypertree through the partition connectivity and fundamental partition.
Lemma 4.2
A hypergraph is a hypertree (see Definition 3.1) iff
(4.3a)  
(4.3b) 
i.e., singleton partition is the fundamental partition.
Proof
See Appendix.
V Conclusion
In this paper, we give an explicit formula of the secrecy capacity under any given total public discussion rate for sources which correspond to minimally connected hypergraph. A key property in the derivation of the result is the alternative characterization of two special classes of hypergraph, which is established through the notion of path and partition connectivity of hypergraph. While we also partially characterize the region of achievable secret key rate and discussion rate tuple, a complete charaterization still remains unknown, and will be a interesting future work.
References
 [1] I. Csiszár and P. Narayan, “Secrecy capacities for multiple terminals,” IEEE Trans. Inf. Theory, vol. 50, no. 12, pp. 3047–3061, Dec. 2004.
 [2] I. Csiszár and P. Narayan, “Common randomness and secret key generation with a helper,” IEEE Trans. Inf. Theory, vol. 46, no. 2, pp. 344–366, Mar. 2000.
 [3] S. Watanabe and Y. Oohama, “Secret key agreement from correlated gaussian sources by rate limited public communication,” IEICE Trans. on Fundamentals, vol. E93A, no. 11, pp. 1976–1983, Nov. 2010.

[4]
——, “Secret key agreement from vector gaussian sources by rate limited public communication,”
IEEE Trans. Inf. Forensics Security, vol. 6, no. 3, pp. 541–550, Sep. 2011.  [5] J. Liu, P. Cuff, and S. Verdú, “Secret key generation with limited interaction,” IEEE Trans. Inf. Theory, vol. 63, no. 11, pp. 7358–7381, Nov. 2017.
 [6] H. Tyagi, “Common information and secret key capacity,” IEEE Trans. Inf. Theory, vol. 59, no. 9, pp. 5627–5640, Sep. 2013.
 [7] M. Mukherjee, N. Kashyap, and Y. Sankarasubramaniam, “On the public communication needed to achieve SK capacity in the multiterminal source model,” IEEE Trans. Inf. Theory, vol. 62, no. 7, pp. 3811–3830, Jul. 2016.
 [8] J. Liu, P. Cuff, and S. Verdú, “Secret key generation with one communicator and a strong converse via hypercontractivity,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Hong Kong, Jun. 2015, pp. 710–714.
 [9] T. A. Courtade and T. R. Halford, “Coded cooperative data exchange for a secret key,” IEEE Trans. Inf. Theory, vol. 62, no. 7, pp. 3785–3795, Jul. 2016.
 [10] C. Chan and L. Zheng, “Mutual dependence for secret key agreement,” in Proc. 44th Annu. Conf. Inf. Sci. Syst. (CISS), Princeton, NJ, USA, Mar. 2010, pp. 1–6.
 [11] C. Chan, M. Mukherjee, N. Kashyap, and Q. Zhou, “Secret key agreement under discussion rate constraints,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Aachen, Germany, Jun. 2017, pp. 1519–1523.
 [12] S. Nitinawarat, C. Ye, A. Barg, P. Narayan, and A. Reznik, “Secret key generation for a pairwise independent network model,” IEEE Trans. Inf. Theory, vol. 56, no. 12, pp. 6482–6489, Dec. 2010.
 [13] S. Nitinawarat and P. Narayan, “Perfect omniscience, perfect secrecy, and Steiner tree packing,” IEEE Trans. Inf. Theory, vol. 56, no. 12, pp. 6490–6500, Dec. 2010.
 [14] M. Mukherjee, C. Chan, N. Kashyap, and Q. Zhou, “Bounds on the communication rate needed to achieve SK capacity in the hypergraphical source model,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Barcelona, Spain, Jul. 2016, pp. 2504–2508.
 [15] C. Chan, A. AlBashabsheh, J. Ebrahimi, T. Kaced, and T. Liu, “Multivariate mutual information inspired by secretkey agreement,” Proc. IEEE, vol. 103, no. 10, pp. 1883–1913, Oct. 2015.
Appendix A Proofs
Proof (Theorem 4.1)
Proposition 1.1 ([11, Theorem 4.1])
For any , we have
(1.1a)  
(1.1b) 
for any with size and .
Now, for any , let be the set of equivalent classes of hypergraph . It is clear that and . Since is a positive integer, we have the following two cases and will show that (4.1) holds for both.
Case 1: , i.e., remains connected after removing vertices . Then, for the R.H.S. of (4.1),
where the first equality follows from (4.1). Therefore, (4.1) holds trivially.
Case 2: , i.e., will be disconnected after removing vertices . It follows that
Applying the lower bound (1.1) with and the partition of , we have
where the last equality follows from (4.1) in Lemma 4.1. This completes the proof of (4.1).
Next, we consider to prove (4.2). Let be the optimal solution to the R.H.S. of (4.2) and be the set of equivalent classes of after removing edge . It follows that due to the fact that is minimally connected. Then,
where (a) follows from [15, (4.1) and (4.3)] ; (b) is because is the only edge that crosses . Therefore, we have proved the converse “’ of (4.2). The achievability “” of (4.2) can be proved by utilizing the secret key agreement scheme in [10]. More precisely, reducing the weight of every edge to . Since is connected, such that for some .^{4}^{4}4Otherwise, and , , due to the fact that is minimally connected. This gives trivially. We will assume hereafter. User discusses in public which is independent of . Then, all users can recover securely. Now we have achieved a common secret key among users in . Doing this repeatedly for the remaining edges, we can agree on a common secret key among all users since is connected. This gives the achievability “” of (4.2).
Indeed, the above scheme achieves a common secret key of bits by using bits of public discussion, which also gives the achievability “” of (4.3). For the converse “” of (4.3), we have trivially. Then, summing the (4.1) over , we have
where the equality follows from (4.2) in Lemma 4.1. Hence, we have , which completes the proof of (4.3), and (4.1) is simultaneously achievable for all . In particular, when , we have as desired.
Proof (Corollary 4.1)
Proof (Lemma 4.1)
“if” case: Suppose is a hypertree without singleton edges. Note that by Proposition 3.1. This implies by (4.3b) and [15, Corollary 5.3]. By (4.3a), we have , therefore, is connected. Since is a hypertree and therefore connected for its vertices , i.e., , . Altogether, we have is also connected. Since is loopless, every edge is incident on at least two distinct vertices in , say and . Then, such that by Definition 3.4 of . Hence, is a path in . It is unique because is a unique path in the hypertree . Removing edge from disconnects and . Therefore, is minimally connected.
“only if” case: If is minimally connected, then is connected by Definition 3.4. Let be the set of equivalent classes (or connected components) of after removing any edge . Since is minimally connected, we have . Then,
where the equality follows from the fact that only edge crosses . Suppose to the contrary that there is a cycle in , then there is also a cycle in , say , that crosses , i.e., . We have
where (a) is as argued in (1.2); (b) is as argued above. This violates the Proposition 3.1. Therefore, is a hypertree. It remains to prove is loopless. Suppose to the contrary that has a singleton edge incident on . Then, , such that . Removing from does not disconnect , otherwise, contradicts Proposition 3.1. Doing so does not disconnect the vertices in either, since is a hypertree. Therefore, remains connected after removing , contradicting the fact that is minimally connected. Hence, is loopless.
Comments
There are no comments yet.