Secrecy Rates for a Channel With Two Senders and Two Receivers

02/22/2019 ∙ by Hassan ZivariFard, et al. ∙ Georgia Institute of Technology The University of Texas at Dallas 0

Motivated in part by the problem of secure multicast distributed storage, we analyze secrecy rates for a channel in which two transmitters simultaneously multicast to two receivers in the presence of an eavesdropper. Achievable rates are calculated via extensions of a technique due to Chia and El Gamal and also the method of output statistics of random binning. An intriguing synergy is observed between the achievable rate expressions arising from the two techniques: the rate region of the latter is simplified via a constraint that is discovered while deriving the former rate region. Outer bounds are derived for both the degraded and non-degraded versions of the channel, and examples are provided in which the inner and outer bounds meet. The inner bounds recover known results for the multiple-access wiretap channel, broadcast channel with confidential messages, and the compound MAC channel. An auxiliary result is also produced that characterizes the minimal randomness necessary to achieve secrecy in multiple-access wiretap channels.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

In 1974, Ahlswede calculated the capacity of a channel with two senders and two receivers in a work [1] that proved highly influential for the MAC channel [2] and the interference channel [3]. We study the corresponding secrecy problem (Fig. 1), in which both transmitters send messages simultaneously to both receivers in the presence of an eavesdropper, and all senders, receivers, and eavesdropper are at different terminals. This problem is motivated in part by secure access of multiple users to data in a distributed cache, which is a multi-transmitter (multiple-access) multicast scenario [4, 5]. This problem is also equivalent to a compound two-state multiple-access wiretap channel. It has been known [6] that problems involving compound channels have an equivalent multicast representation, in which the channel to each multicast receiver is equivalent to one of the states of the compound channel.

In recent years the study of strong and semantic secrecy has gained momentum [7, 8], motivated by its operational significance and enabled by the introduction and/or increased popularity of new achievability techniques such as resolvability [9, 10, 11] and output statistics of random binning (OSRB) [12]. Strong secrecy implies weak secrecy, reducing the motivation to study the latter when the former is tractable. That said, weak secrecy retains interest and utility because the codebook design techniques that are aimed at weak and strong secrecy can produce different achievable rate expressions, especially in complex networks. This work studies two different achievability methods, one of which yields weak secrecy and the other, strong secrecy. The achievable rate of the latter method is simplified by introducing a constraint that appears through the derivation of the secrecy region of the former.

Fig. 1: Two-sender two-receiver channel with an eavesdropper

These achievability techniques are related to two recent results in network information theory [13, 12]. First, the method of Chia and El Gamal [13] uses Marton coding and indirect decoding (also known as non-unique decoding) [14] to achieve an improved secrecy rate for the transmission of a common message to two receivers that may experience different channel statistics. In particular, [13, Lemma 1] gives an upper bound on the number of codewords that are typical with an eavesdropper’s received sequence. We extend the method of Chia and El Gamal to multiple transmitters, and introduce a corresponding two-level Marton-type coding with associated non-unique decoding.

The second method, OSRB [12] (see also [15]

for a related approach), analyzes channel coding problems by conversion to a related source coding problem, where it tests achievability by probability approximation rather than counting arguments on typical sets. A reverse conversion is needed to complete the analysis. OSRB is well suited for secrecy problems, which are also associated with probability approximation. OSRB encoding is purely by random binning and is enabled by (and named after) the following key result: applying two independent random binning schemes on the same set, the two bin indices are statistically independent as long as binning rates are sufficiently small. We extend the tools and techniques of OSRB to match the requirements of the two-transmitter multicast problem.

In addition to extending, modifying, and adapting these two techniques for a multi-transmitter setting, our work showcases their relative merit and their relation to each other in a new context. This is independently of interest because the issue of the relative size of the achievability region provided by these two techniques has been broached [12], where it was shown that in one specific problem OSRB can provide a larger achievable rate region, but in a broader sense the question remains open and is of interest to the community.

Finally, outer bounds for degraded and non-degraded channels are derived and shown to be tight against inner bounds in some special cases. In addition, the extension of the method of Chia and El Gamal is utilized to highlight the minimal amount of randomness required to achieve secrecy rates of the multiple-access wiretap channel, and that therein channel prefixing can be replaced with superposition, in a manner reminiscent of Watanabe and Oohama [16] for minimizing the randomness resources for secrecy encoding. Part of the results, including the proof of the outer bounds, are available in the conference version of this paper [17] and are not duplicated here in the interest of brevity.

A brief outline of the related literature is as follows. Multicasting with common information in the presence of an eavesdropper has been studied in [18, 19], deriving inner bounds on secrecy capacity, and in some special cases also deriving secrecy capacity region. Salehkalaibar et al. [18] studied a one-receiver, two-eavesdropper broadcast channel with three degraded message sets. Ekrem and Ulukus [19] studied the transmission of public and confidential messages to two legitimate users, in the presence of an eavesdropper. Benammar and Piantanida [20] calculated the secrecy capacity region of some classes of wiretap broadcast channels.

The MAC wiretap channel has been investigated in [21, 22, 23, 24, 25, 26, 27]. In [21], a discrete memoryless MAC with confidential messages has been studied that consists of a MAC with generalized feedback [28] where each user’s message must be kept confidential from the other. The multiple access wiretap channel [22, 23, 27] consists of a MAC with an additional channel output to an eavesdropper. In [22, 23], achievable rate regions for the secrecy capacity region have been derived. Secrecy in the interference channel and broadcast channel has been studied in [29], where inner and outer bounds for the broadcast channel with confidential messages and the interference channel with confidential messages have been compared.

This paper is organized as follows. Section II describes the notation and the system model. Section III presents a general inner bound on the secrecy capacity region under the weak secrecy regime. Section IV produces an outer bound for the degraded model and discusses its implications. Section V derives a general outer bound and provides an example where this outer bound is optimal. Section VI presents a general achievable rate region under the strong secrecy regime.

Ii Preliminaries

Throughout this paper, random variables are denoted by capital letters and their realizations by lower case letters. The set of

strongly jointly typical sequences of length , according to , is denoted by . For convenience in notation, whenever there is no danger of confusion, typicality will reference the random variables rather than the distribution, e.g., . The set of sequences for a fixed , when the fixed sequence is clear from the context, is denoted with the shorthand notation

. Superscripts denote the dimension of a vector, e.g.,

. The integer set is denoted by , and indicates the set . The cardinality of a set is denoted by . We utilize the total variation between probability mass functions (pmfs), defined by . Also, following Cuff [30] we use the concept of random pmfs denoted by capital letters (e.g. ).

Definition 1.

A code for the considered model (Fig. 1) consists of the following:

  1. Two message sets , , from which independent messages and

    are drawn uniformly distributed over their respective sets.

  2. Stochastic encoders , , which are specified by conditional probability matrices , where , are channel inputs and private messages, respectively, and . Here, is the probability of the encoder producing the codeword for the message .

  3. A decoding function that assigns to received sequence .

  4. A decoding function that assigns to received sequence .

The probability of error is given by:

(1)
Definition 2 ([31]).

A rate pair is said to be achievable under weak secrecy if there exists a sequence of codes with , so that and

(2)
Definition 3.

A rate pair is said to be achievable under strong secrecy if there exists a sequence of codes with , so that and

(3)
Definition 4.

indicates . For two random pmfs [30], indicates .

Iii Achievable Rate Region for the Weak Secrecy Regime

We start with a lemma that fits Marton coding with indirect decoding in a MAC structure and produces an entropy bound needed in the secrecy analysis. Its basic idea can be highlighted as follows: given , if we independently produce random codevectors , we will have approximately jointly typical pairs, i.e., the “excess” rate will determine the number of jointly typical pairs. This lemma extends the basic idea of excess rate to multiple codebooks, multiple conditioning, and furthermore, a generalization is made from a counting argument to the entropy of the index of the codebook, which is essential for secrecy analysis.

Lemma 1.

Consider random variables distributed according to . Draw random sequences according to . Conditioned on , draw i.i.d. copies of according to , denoted . Similarly, conditioned on , draw i.i.d. copies of according to , denoted . Let and be random variables with arbitrary pmf. If

for a positive and if for an arbitrary sequence ,

there exists a positive , such that for sufficiently large

(4)

where .

Fig. 2: Structure of Lemma 1: subject to jointly typical sequences , finding a bound on the conditional entropy of , thus implicitly bounding the number of sequence pairs that can be jointly typical with from codebooks with certain size.

The proof is provided in Appendix A.

This result is related to, and contains, [13, Lemma 1]. In particular, [13] considers a single-input channel and explores the properties of codebooks driven by this input, while observing an output . In contrast, this paper’s Lemma 1 develops a corresponding result for a multiple-access channel with respect to , motivated by the two-transmitters present in the model of this paper. This accounts for the new features of our Lemma 1, namely three rate constraints instead of one, as well as monitoring the entropy of two index random variables instead of one. Furthermore, the present result has one additional layer of conditioning to allow for indirect decoding of multiple confidential messages in the sequel, while in [13] only one confidential message is decoded.

Remark 1.

In addition to enabling the main results of this paper, Lemma 1 also has broader implications on the necessity of prefixing in multi-transmitter secrecy problems [32] and deriving the minimum amount of randomness needed to achieve secrecy. Csiszár and Körner introduced prefixing in [33] to expand the achievable rate region of the non-degraded broadcast channel with confidential messages, a technique that was subsequently used in essentially the same manner in multi-transmitter settings. Subsequently, Chia and El Gamal showed that in a single-transmitter wiretap channel, prefixing can be replaced with superposition coding [13]. Appendix B extends this concept to a multi-transmitter setting and presents an achievability technique for the multiple access wiretap channel that utilizes minimal randomness and matches the best known achievable rates without prefixing.

Theorem 1.

An inner bound on the secrecy capacity region of the two-transmitter two-receiver channel with confidential messages is given by the set of non-negative rate pairs such that

(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)

for some

(13)

such that

(14)
Fig. 3: Coding scheme for the first transmitter

The proof uses superposition coding, Wyner’s wiretap coding, Marton coding, as well as indirect decoding.

This result recovers several known earlier results:

  • By setting , , and , the result in Theorem 1 reduces to the capacity region of compound multiple access channel discussed in [1].

  • By setting (or ), and , the result in Theorem 1 reduces to the achievable rate region of multiple access wiretap channel without common message [22, 23, 24].

  • By setting (or ), , and (or ), the result in Theorem 1 reduces to the capacity region of broadcast channel with confidential message [34, Corollary 2].

  • By setting (or ), the result in Theorem 1 reduces to the achievable rate region for two-receiver, one-eavesdropper wiretap channel presented in [13, Theorem 1].

Remark 2.

By doing some algebraic manipulation we can show that the constraint in (14) holds only if

(15)
Corollary 1.

An inner bound on the secrecy capacity region of degraded two-transmitter two-receiver channel with confidential messages (Definition 5) is given by the set of non-negative rate pairs such that

(16)

for some

(17)
Proof.

The proof follows from Theorem 1 by setting and and considering the fact that the channel is degraded. ∎

Iv An Outer Bound for the Degraded Model

We develop an outer bound for the degraded version of the model and show an example where it meets the inner bound (Theorem 1).

Definition 5.

The degraded two-transmitter two-receiver channel with confidential messages obeys:

(18)
Theorem 2.

The secrecy capacity region for the degraded two-transmitter two-receiver channel with confidential messages is included in the set of rate pairs satisfying

(19)
(20)
(21)

for some joint distribution

(22)
Proof.

The proof is provided by the authors in [17, Section IV] and is omitted here for brevity. ∎

Example (Degraded Switch Model): We consider an example of the two-transmitter two-receiver channel where the first legitimate receiver has access to the noisy version of each of the two transmitted values in a time-sharing (switched) manner, without interference from the other transmitter (Fig. 4). The second legitimate receiver has access to a noisy version of the first receiver, and the eavesdropper has access to a noisy version of the second receiver. The switch channel state information is made available to all terminals. In this model the channel outputs are as follows:

(23)
(24)
(25)

This model consists of a channel with states that are causally available at both the encoders and decoders.

The statistics of the channel, conditioned on the switch state, are expressed as follows:

(26)

The switch model describes, e.g., frequency hopping over two frequencies [29]. The state (switch) is a binary random variable that chooses between listening to the Transmitter 1, with probability , and listening to the Transmitter 2, with probability , independently at each time slot. We further assume the state is i.i.d. across time.

Fig. 4: Degraded switch model
(27)

where is the indicator function.

Theorem 3.

The secrecy capacity region for the degraded switch two-transmitter two-receiver channel with confidential messages, is given by the set of rate pairs satisfying

(28)
(29)
(30)

for some joint distribution

(31)
Proof.

The proof is available in [17, Section IV]. ∎

V A General Outer Bound

We now develop a general outer bound for the model of Fig. 1 and show an example in which it meets the inner bound (Theorem 1).

Theorem 4.

The secrecy capacity region for the two-transmitter two-receiver channel with confidential messages is included in the set of rate pairs satisfying

(32)
(33)
(34)

for some joint distribution

(35)
Proof.

The proof is available in [17, Section V]. ∎

Example (Noiseless Switch Model):

Fig. 5: Noiseless switch model

We consider an example of the two-transmitter two-receiver channel in which the legitimate receivers as well as eavesdropper have access to the noiseless version of each of the two transmitted values in a time-sharing (switched) manner, without interference from the other transmitter (Fig. 5). This corresponds to a situation in which transmitters operate on different spectral bands, while the receiving terminals have the capability of operating on one adaptable (time-varying) band [29]. Here, it is assumed that both legitimate receivers operate according to a common random switch that is connected to Transmitter 1 with probability and to Transmitter 2 with probability , and the eavesdropper operates according to another random switch that is connected to Transmitter 1 with probability and to Transmitter 2 with probability . Aside from the switches, the channel is noiseless. Both receivers and the eavesdropper have access to their own switch state information. Therefore the channel outputs are considered as follows

(36)
(37)
(38)

Since , we also have .

Theorem 5.

The secrecy capacity region for the noiseless switch two-transmitter two-receiver channel with confidential messages is given by the set of rate pairs satisfying

(39)
(40)
Proof.

The proof is available in [17, Section V]. ∎

Remark 3.

The capacity region in Theorem 5 shows that transmitters can securely communicate to receivers as long as .

Vi Strong Secrecy

Theorem 6.

An inner bound on the secrecy capacity region of the two-transmitter two-receiver channel with confidential messages consists of the union of rate pairs regions satisfying (48)-(59), (68), (71), (76), and non-negativity constraints for all rate variables, for some distribution

(41)
Remark 4.

It is customary to simplify the rate region constraints via the Fourier-Motzkin method [35] to eliminate rate variables not associated with external messages; however, in the interest of brevity we omit the 291 inequalities resulting from Fourier-Motzkin elimination. Subsequently, a subset of this achievable rate region will be presented that enjoys a much simpler expression.

Proof.

The achievability proof is inspired by [12, 36], and is based on solving the dual secret key agreement problem in the so-called source model that includes shared randomness at all terminals (see Fig. 6). In this dual model, rate constraints are derived so that the input and output distributions of the dual model approximate that of the original model while satisfying reliability and secrecy conditions in the dual model. The probability approximation then guarantees that reliability and secrecy conditions can be achieved in the original model. Finally, it is shown that there exists one realization of shared randomness for which the above mentioned are valid, thus removing the necessity for common randomness.

We begin by developing the encoding and decoding strategies for the source model and the original model, and derive and compare the joint probability distributions arising from these two strategies.

Fig. 6: Dual secret key agreement problem in the source model for the original problem.

We begin with the multi-terminal secret key agreement problem in the source model as depicted in Fig. 6. Let be i.i.d. and distributed according to

(42)

Random Binning:

  • To each and every , uniformly and independently assign two random bin indices and .

  • To each pair for uniformly and independently assign random bin index .

  • To each uniformly and independently assign two random bin indices and .

  • To each pair for uniformly and independently assign random bin index .

  • The random variables representing bin indices are:

    (43)
  • Decoder 1 is a Slepian-Wolf decoder observing , and producing and , thus declaring and

    to be the estimate of the pair

    .

  • Decoder 2 is a Slepian-Wolf decoder observing , and producing and , thus declaring the bin indices and as the estimate of the pair .

To condense the notation, we define the following variables:

(44)
(45)

Then, the random pmf induced by random binning is as follows:

(46)

denotes the pmf of the output of the Slepian-Wolf decoder, which is a random pmf. Here and are omitted because they are functions of other random variables.

We now return to the original problem, represented by Fig. 1, except that, in addition, a genie provides all terminals with a shared randomness described by , whose distribution will be clarified in the sequel. In this augmented model:

  • The messages are mutually independent and uniformly distributed with rates respectively. Also, shared randomness are uniformly distributed over and , independent of each other, and of

  • Encoder 1 and 2 are stochastic encoders producing codewords