# Secrecy Capacity under Limited Discussion Rate for Minimally Connected Hypergraphical Sources

We investigate the secret key generation in the multiterminal source model, where the users discuss under limited rate. For the minimally connected hypergraphical sources, we give an explicit formula of the maximum achievable secret key rate, called the secrecy capacity, under any given total discussion rate. Besides, we also partially characterize the region of achievable secret key rate and discussion rate tuple. When specializes to the hypertree sources, our results give rise to a complete characterization of the region.

## Authors

• 8 publications
• 9 publications
02/14/2018

### Multiterminal Secret Key Agreement at Asymptotically Zero Discussion Rate

In the multiterminal secret key agreement problem, a set of users want t...
05/09/2021

### Key Assistance, Key Agreement, and Layered Secrecy for Bosonic Broadcast Channels

Secret-sharing building blocks based on quantum broadcast communication ...
01/23/2018

### On the Key Generation Rate of Physically Unclonable Functions

In this paper, an algebraic binning based coding scheme and its associat...
01/07/2019

### Covert Secret Key Generation with an Active Warden

We investigate the problem of covert and secret key generation over a di...
09/07/2020

### Multiple Private Key Generation for Continuous Memoryless Sources with A Helper

We propose a method to study the secrecy constraints in key generation p...
04/25/2019

### Multiterminal Secret Key Agreement with Nearly No Discussion

We consider the secret key agreement problem under the multiterminal sou...
05/04/2021

### Securing the Inter-Spacecraft Links: Physical Layer Key Generation from Doppler Frequency Shift

In this work, we propose a secret key generation procedure specifically ...
##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## I Introduction

We study the secret key generation problem among multiple users [1], in which each user observes a component of some correlated discrete sources. The users discuss over a noiseless public channel, possibly interactively in several rounds, to agree on a common secret key that is independent of their discussion. While the maximum achievable secret key rate with unfettered discussion was characterized in [1], it remains open when the discussion has limited rate.

The secret key generation under limited discussion rate was first studied by Csiszár and Narayan for discrete sources in the two-user case with a helper [2]. For the one-way discussion, they characterized the optimal trade-off between the secret key rate and discussion rate, which was subsequently extended to gaussian sources in [3, 4]. The minimum rate of interactive discussion required to generate a secret key of maximum rate was examined by [5, 6] in the two-user case and [7] in the multiterminal case. In [8], the optimal trade-off between the secret key rate and discussion rate tuple was characterized for a variant of the multiterminal source model. In [9], a hypergraphical source model [10] was considered, and each user observes one realization of the source. They determined the minimum amount of discussion needed to generate a secret key of a given size when the discussion is restricted to be linear function of the source. In [11] , the optimal trade-off between the secret key rate and total discussion rate was characterized for the pairwise independent network (PIN) model proposed in [12, 13]. Chan et al. [11] also gave an outer bound on the region of achievable secret key rate and discussion rate tuple. The bound was shown to be tight for PIN model on a tree, but remains unknown whether it is tight for other sources. Besides, although the expression is single-letter, it may take exponential time to compute the bound since you have to evaluate all the subsets.

In this paper, we show that the bound is also tight for the minimally connected hypergraphical (MCH) sources [10], generalizing the result of [11]. We obtain a partial characterization of the region of achievable secret key rate and discussion rate tuple. Our result is stronger than the existing result for its being more explicit and can be computed more efficiently. In particular, for the hypertree sources, the region can be completely characterized. More importantly, for the MCH sources, we obtain an explicit formula of the maximum achievable secret key rate, called the secrecy capacity, under any given total discussion rate. The main property in deriving the results is the alternative characterization of two special classes of hypergraph, which is established via the notion of path and partition connectivity of hypergraph.

## Ii Problem Formulation

Let be a finite set of users. The users have access to a correlated discrete memoryless multiple source taking values from a finite set

N.b., we use the sans serif font for random variable and the normal font for its corresponding alphabet set. Each user

observes an i.i.d. samples of the source . Then, each user generates a random variable independent of other sources, i.e., . Following these observations, the users are allowed to discuss interactively in ascending order of user indices over a noiseless channel for number of rounds. More specifically, at round , each user reveals a message that is a function of its accumulated observations, , where denotes all the previous messages in the same round, and denotes all the messages in the previous rounds. We will write and to denote, respectively, the collection of messages from user and all users. After the public discussion, each user then try to extract a common secret key from its accumulated observations. The secret key is required to satisfy

 limn→∞Pr(∃i∈V,K≠θi(Ui,Zni,F))=0, (2.1) limn→∞1n‘1[log|K|−H(K|F)‘2]=0, (2.2)

for some function for .

We say a secret key rate and discussion rate tuple is achievable if there exists a sequence satisfying

 r\operator@fontK≤liminfn→∞1nlog|K|, and ri≥limsupn→∞1nlog|Fi|, (2.3)

in addition to (2.1) and (2.2). Then, the achievable rate region is defined as

 R:={(r\operator@fontK,rV)∣(r\operator@fontK,rV)is achievable}. (2.4)

The secrecy capacity under a total pubic discussion rate is defined as

 C\operator@fontS(R):=max{r\operator@fontK∣(r\operator@fontK,rV)∈R,r(V)≤R}, (2.5)

where for notational convenience. The unconstrained secrecy capacity characterized in [1] is defined as

 C\operator@fontS:=limR→∞C\operator@fontS(R) (2.6)

The communication complexity  [7] is the minimum total discussion rate required to achieve the unconstrained secrecy capacity, namely,

 R\operator@fontS:=min{R≥0∣C\operator@fontS(R)=C\operator@fontS} (2.7)

Characterizing or even for the general multiterminal source model appears intractable [7], let alone . To simplify the problem, the following hypergraphical source model, which generalizes the PIN model [12, 13], has been considered in [10, 7, 14, 11, 9].

###### Definition 2.1 ([10])

is a hypergraphical source if there is a hypergraph with an edge function and some independent edge random variables for with , such that

 (2.8)

The weight function of the hypergraph is defined as

 w(e):=H(Xe),∀e∈E. (2.9)

A hypergraph is minimally connected if becomes disconnected after removing any edge. We will further simplify the problem by restricting ourselves to the following special hypergraphical source model.

###### Definition 2.2

is a minimally connected hypergraphical (MCH) source if it is a hypergraphical source and the corresponding hypergraph is minimally connected .

Our goal is to characterize or bound and for the above MCH source model.

## Iii Preliminaries

In this section, we give a brief introduction to some hypergraph notions and operations.

Let be a hypergraph with a set of vertices , a set of (hyper)edges , and an edge function 111Note that we allow to have multiple edges among the same vertices. The degree of a vertex in , denoted by , is the number of incident edges associated with it, i.e.,

 degH(v)=|{e∈E∣v∈ξH(e)}|. (3.1a)

Similarly, for a set of vertices , its degree is

 degH(C)=|{e∈E∣C∩ξH(e)}≠‘0|. (3.1b)

A path in between two vertices and is a sequence with the following properties: is a positive integer ; , for ; all are distinct; and for ; all are distinct. The sequence is called a cycle if instead with . We write to indicate is reachable from via a path in . It is easy to see that “” is a equivalence relation. The equivalence relation “” divides into a set of equivalence classes, each of which is the vertex set of a connected component of . Let denotes the number of equivalence classes, i.e., the number of connected components. A hypergraph is connected if there is a path in between any two distinct vertices, i.e., ; or . A special type of connected hypergraph, called hypertree, that generalizes tree in graph, will be considered is:

###### Definition 3.1

A hypergraph is a hypertree iff is connected and the path between any two distinct vertices is unique (no cycles).222Note that our definition of hypertree is different from the standard definition. In hypergraph theory, a hypergraph is called a hypertree if it admits a host graph such that is a tree. Compared with the standard definition, our definition is more stringent.

N.b., a hypertree is a minimally connected hypergraph, but the reverse does not hold.333In graph theory, minimally connected graph and tree are equivalent. An example is shown below.

###### Example 3.1

Consider the hypergraph in Fig. 1. is a minimally connected hypergraph, but not a hypertree since there are two paths between any two distinct vertices.

We can obtain new hypergraph from old via the following graph-theoretic operations. Let . is defined as a subhypergraph of induced by as follows:

###### Definition 3.2

is a hypergraph where the set of vertices is , the set of edges is , and the edge function is , for .

Similarly, we use to denote a subhypergraph obtained from by removing the vertex in from and , and then discarding the empty edges. More precisely,

###### Definition 3.3

is a hypergraph where the set of vertices is , the set of edges is , and the edge function is , for .

Let be the set of partitions of into non-empty disjoint subsets. For , is a hypergraph obtained from by agglomerating the vertices and edges with reference to (w.r.t.) in the following.

###### Definition 3.4

is a hypergraph where the set of vertices is , the set of edges is , and the edge function is , for .

A simple example that illustrates the above operations is as follows:

###### Example 3.2

Consider the hypergraph in Fig. 1. Let and . is a hypergraph with and . is a hypergraph with and . is a hypergraph with and . These hypergraphs are visualised in Fig. 2.

The last graph-theoretic notion we shall introduce is the partition connectivity of a hypergraph. Let denote the set of all partitions of into at least two non-empty disjoint subsets, i.e.,

 Π′(V)={P∈Π(V)∣|P|>1}=Π(V)‘/{{V}}. (3.1)

With , (which will be assume hereafter), the partition connectivity of a hypergraph is defined as

 I(H) :=minP∈Π′(V)1|P|−1EP(H),where (3.2a) EP(H) :=∑C∈P|{e∈E∣ξH(e)∩C≠‘0}|=degH(C)−|E(H)| (3.2b)

which corresponds to the number of edges that cross the partition . The partition connectivity we defined here is the multivariate mutual information [15] that specialises to the hypergraph without considering the weight of edges. It was pointed out in [15] that the set of optimal solutions to (3.2a) forms a lattice w.r.t. the partial order “” on partitions defined below. We say a partition is finer than another partition , denoted as , iff

 ∀C∈P,∃C′∈P′:C⊆C′. (3.1)

In other words, can be obtained from by further partitioning some parts of . Hence, there is a unique finest optimal partition, denoted by and referred to as the fundamental partition. Note that both and can be computed in strongly polynomial time [15]. The fundamental partition has various properties and operational meanings. In particular, we will rely on the following property, which has an elegant interpretation in data clustering.

###### Proposition 3.1 ([15, Lemma 5.1 and Theorem 5.2])

The fundamental partition of a hypergraph satisfies

 P∗(H)‘/{{i}∣i∈V}=\operator@fontmaximal{C⊆V∣|C|>1, I(HC)>I(H)} (3.2)

where denotes the collection of inclusion-wise maximal sets in a set family , i.e., .

## Iv Main Results

Our main result is an explicit formula of and a partial characterization of for the MCH sources.

###### Theorem 4.1

For a MCH source (see Definition 2.2), we have only if

 r(C)≥(degH(C)−1)r\operator@fontK,∀C∈P∗(H), (4.1)

where  (3.1b) is the degree of vertices in and is the fundamental partition. Moreover, for all , the above are simultaneously achievable for any secret key rate below the unconstrained secrecy capacity

 C\operator@fontS=mine∈E(H)w(e). (4.2)

In particular, this gives the optimal trade-off

 C\operator@fontS(R)=min‘1{R|E(H)|−1,C\operator@fontS‘2} (4.3)

and so .

###### Proof

See Appendix.

Our result is stronger than existing result:

1. Eq. (4.1) gives the exact minimum total discussion rate of users in each . However, for the discussion rate tuple obtained in [11], it remains unknown whether it is tight.

2. We obtain an explicit formula of , which is not covered by any existing results.

###### Example 4.1

Let and

 Z1 :=(Xa,Xc), Z2 :=(Xa,Xb), Z3 :=(Xb,Xc), Z4 :=Xa, Z5 :=Xb, Z6 :=Xc,

where ’s are independent with , and . It is a MCH source where the corresponding hypergraph is in Fig. 1 with weight , , and . It can be show that . By (4.1) and (4.2), we have only if

 r\operator@fontK≤1,r1+r2+r3≥2,ri≥0,∀i∈V,

and . By (4.3), we have and so .

Applying the above result to a hypergraphical source , where the corresponding hypergraph is a hypertree, gives a complete characterization of .

###### Corollary 4.1

For a hypergraphical source w.r.t. a hypertree with weight , we have

 R={(r\operator@fontK,rV)∣r\operator@fontK∈[0,C\operator@fontS],ri≥‘1(degH(i)−1‘2)r\operator@fontK,i∈V},where (4.4a) C\operator@fontS =mine∈E(H)w(e), (4.4b)

and  (3.1a) is the degree of node in hypertree .

###### Proof

See Appendix.

In [11], the region has been completely characterized for PIN model on a tree. Since hypertree contains tree as a special case, our result generalizes [11].

###### Example 4.2

Let and

 Z1 :=(Xa,Xc), Z2 :=Xa, Z3 :=(Xa,Xb), Z4 :=Xb, Z5 :=Xc,

where ’s are independent with and . This is a hypergraphical source w.r.t. the hypertree in Fig. 4 with weight , , and . By (4.1), we have

 R={(r\operator@fontK,(r1,r2, r3,r4,r5))∣r\operator@fontK∈[0,1], r1≥r\operator@fontK,r2≥0,r3≥r\operator@fontK,r4≥0,r5≥0}.

This simple result is not directly covered by any existing results.

To prove Theorem 4.1, we will rely on the following property of the minimally connected hypergraph (MCH). It characterizes the relation of degree, number of connected component, and number of edges in MCH.

###### Lemma 4.1

is a MCH iff (see Definition 3.4) is a hypertree without singleton edges, that is, loopless. Furthermore, we have

 (4.1)

and

 ∑C∈P∗(H)‘1[degH(C)−1‘2]=|E(H)|−1, (4.2)

where is the number of connected components of after removing vertces , and  (3.1b) is the degree of vertices in .

N.b., (4.2) holds even if has singleton edges, i.e., such that for some .

See Appendix.

###### Example 4.3

Consider the MCH in Fig. 1. Recall that . Then, by Definition 3.4, is a hypergraph with vertices and edges . See Fig. 3, is indeed a loopless hypertree. It can be verified that

 C(H‘/C) =degH(C)={3,C={1,2,3},1,C={i},i∈{4,5,6}.

Therefore, we have , which equals .

To prove Corollary 4.1 and Lemma 4.1, we will use the following alternative characterization of the hypertree through the partition connectivity and fundamental partition.

###### Lemma 4.2

A hypergraph is a hypertree (see Definition 3.1) iff

 I(H) =1,and (4.3a) P∗(H) ={{v}∣v∈V} (4.3b)

i.e., singleton partition is the fundamental partition.

See Appendix.

###### Example 4.4

Consider the hypertree in Fig. 4. It can be shown that and , which is exactly (4.2).

## V Conclusion

In this paper, we give an explicit formula of the secrecy capacity under any given total public discussion rate for sources which correspond to minimally connected hypergraph. A key property in the derivation of the result is the alternative characterization of two special classes of hypergraph, which is established through the notion of path and partition connectivity of hypergraph. While we also partially characterize the region of achievable secret key rate and discussion rate tuple, a complete charaterization still remains unknown, and will be a interesting future work.

## References

• [1] I. Csiszár and P. Narayan, “Secrecy capacities for multiple terminals,” IEEE Trans. Inf. Theory, vol. 50, no. 12, pp. 3047–3061, Dec. 2004.
• [2] I. Csiszár and P. Narayan, “Common randomness and secret key generation with a helper,” IEEE Trans. Inf. Theory, vol. 46, no. 2, pp. 344–366, Mar. 2000.
• [3] S. Watanabe and Y. Oohama, “Secret key agreement from correlated gaussian sources by rate limited public communication,” IEICE Trans. on Fundamentals, vol. E93A, no. 11, pp. 1976–1983, Nov. 2010.
• [4]

——, “Secret key agreement from vector gaussian sources by rate limited public communication,”

IEEE Trans. Inf. Forensics Security, vol. 6, no. 3, pp. 541–550, Sep. 2011.
• [5] J. Liu, P. Cuff, and S. Verdú, “Secret key generation with limited interaction,” IEEE Trans. Inf. Theory, vol. 63, no. 11, pp. 7358–7381, Nov. 2017.
• [6] H. Tyagi, “Common information and secret key capacity,” IEEE Trans. Inf. Theory, vol. 59, no. 9, pp. 5627–5640, Sep. 2013.
• [7] M. Mukherjee, N. Kashyap, and Y. Sankarasubramaniam, “On the public communication needed to achieve SK capacity in the multiterminal source model,” IEEE Trans. Inf. Theory, vol. 62, no. 7, pp. 3811–3830, Jul. 2016.
• [8] J. Liu, P. Cuff, and S. Verdú, “Secret key generation with one communicator and a strong converse via hypercontractivity,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Hong Kong, Jun. 2015, pp. 710–714.
• [9] T. A. Courtade and T. R. Halford, “Coded cooperative data exchange for a secret key,” IEEE Trans. Inf. Theory, vol. 62, no. 7, pp. 3785–3795, Jul. 2016.
• [10] C. Chan and L. Zheng, “Mutual dependence for secret key agreement,” in Proc. 44th Annu. Conf. Inf. Sci. Syst. (CISS), Princeton, NJ, USA, Mar. 2010, pp. 1–6.
• [11] C. Chan, M. Mukherjee, N. Kashyap, and Q. Zhou, “Secret key agreement under discussion rate constraints,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Aachen, Germany, Jun. 2017, pp. 1519–1523.
• [12] S. Nitinawarat, C. Ye, A. Barg, P. Narayan, and A. Reznik, “Secret key generation for a pairwise independent network model,” IEEE Trans. Inf. Theory, vol. 56, no. 12, pp. 6482–6489, Dec. 2010.
• [13] S. Nitinawarat and P. Narayan, “Perfect omniscience, perfect secrecy, and Steiner tree packing,” IEEE Trans. Inf. Theory, vol. 56, no. 12, pp. 6490–6500, Dec. 2010.
• [14] M. Mukherjee, C. Chan, N. Kashyap, and Q. Zhou, “Bounds on the communication rate needed to achieve SK capacity in the hypergraphical source model,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Barcelona, Spain, Jul. 2016, pp. 2504–2508.
• [15] C. Chan, A. Al-Bashabsheh, J. Ebrahimi, T. Kaced, and T. Liu, “Multivariate mutual information inspired by secret-key agreement,” Proc. IEEE, vol. 103, no. 10, pp. 1883–1913, Oct. 2015.

## Appendix A Proofs

###### Proof (Theorem 4.1)

To prove Theorem 4.1, we will make use of the following outer bound on the region in [11].

###### Proposition 1.1 ([11, Theorem 4.1])

For any , we have

 r(V‘/B)≥(|P|−1)[r\operator@fontK−IP(ZB)],where (1.1a) (1.1b)

for any with size and .

Now, for any , let be the set of equivalent classes of hypergraph . It is clear that and . Since is a positive integer, we have the following two cases and will show that (4.1) holds for both.

Case 1: , i.e., remains connected after removing vertices . Then, for the R.H.S. of (4.1),

 (degH(C)−1)r\operator@fontK=[C(H‘/C)−1]r\operator@fontK=0

where the first equality follows from (4.1). Therefore, (4.1) holds trivially.

Case 2: , i.e., will be disconnected after removing vertices . It follows that

Applying the lower bound (1.1) with and the partition of , we have

 r(C) ≥(|P|−1)[r\operator@fontK−IP(V‘/C)] =(C(H‘/C)−1)r\operator@fontK =(degH(C)−1)r\operator@fontK,

where the last equality follows from (4.1) in Lemma 4.1. This completes the proof of (4.1).

Next, we consider to prove (4.2). Let be the optimal solution to the R.H.S. of (4.2) and be the set of equivalent classes of after removing edge . It follows that due to the fact that is minimally connected. Then,

 C\operator@fontS(a)≤IP(ZV)(b)=w(e∗)

where (a) follows from [15, (4.1) and (4.3)] ; (b) is because is the only edge that crosses . Therefore, we have proved the converse “’ of (4.2). The achievability “” of (4.2) can be proved by utilizing the secret key agreement scheme in [10]. More precisely, reducing the weight of every edge to . Since is connected, such that for some .444Otherwise, and , , due to the fact that is minimally connected. This gives trivially. We will assume hereafter. User discusses in public which is independent of . Then, all users can recover securely. Now we have achieved a common secret key among users in . Doing this repeatedly for the remaining edges, we can agree on a common secret key among all users since is connected. This gives the achievability “” of (4.2).

Indeed, the above scheme achieves a common secret key of bits by using bits of public discussion, which also gives the achievability “” of (4.3). For the converse “” of (4.3), we have trivially. Then, summing the (4.1) over , we have

 r(V) ≥∑C∈P∗(H)‘1[degH(C)−1‘2]r\operator@fontK =(|E(H)|−1)r\operator@fontK,

where the equality follows from (4.2) in Lemma 4.1. Hence, we have , which completes the proof of (4.3), and (4.1) is simultaneously achievable for all . In particular, when , we have as desired.

###### Proof (Corollary 4.1)

For being a hypertree, we have by (4.3b) in Lemma 4.2. Then, by (4.1), we have

 ri≥‘1(degH(i)−1‘2)r\operator@fontK,∀i∈V,

which are simultaneously achievable for any key rate as suggested by Theorem 4.1. This completes the proof of Corollary 4.1.

###### Proof (Lemma 4.1)

“if” case: Suppose is a hypertree without singleton edges. Note that by Proposition 3.1. This implies by (4.3b) and [15, Corollary 5.3]. By (4.3a), we have , therefore, is connected. Since is a hypertree and therefore connected for its vertices , i.e., , . Altogether, we have is also connected. Since is loopless, every edge is incident on at least two distinct vertices in , say and . Then, such that by Definition 3.4 of . Hence, is a path in . It is unique because is a unique path in the hypertree . Removing edge from disconnects and . Therefore, is minimally connected.

“only if” case: If is minimally connected, then is connected by Definition 3.4. Let be the set of equivalent classes (or connected components) of after removing any edge . Since is minimally connected, we have . Then,

where the equality follows from the fact that only edge crosses . Suppose to the contrary that there is a cycle in , then there is also a cycle in , say , that crosses , i.e., . We have

 I(H∩{v1,…,vℓ−1})(a)>1(b)≥I(H)

where (a) is as argued in (1.2); (b) is as argued above. This violates the Proposition 3.1. Therefore, is a hypertree. It remains to prove is loopless. Suppose to the contrary that has a singleton edge incident on . Then, , such that . Removing from does not disconnect , otherwise, contradicts Proposition 3.1. Doing so does not disconnect the vertices in either, since is a hypertree. Therefore, remains connected after removing , contradicting the fact that is minimally connected. Hence, is loopless.

Next, we proceed to prove (4.1). For any , consider two distinct . If there is a path in between any and any , then there is a path in between and by Definition 3.4 of , The contrapositive statement implies

 C(H‘/C)≥C(H[P∗(H)]‘/C).

Note that is connected for all . If there is a path in between and