# Secure communication over fully quantum Gel'fand-Pinsker wiretap channel

In this work we study the problem of secure communication over a fully quantum Gel'fand-Pinsker channel. The best known achievability rate for this channel model in the classical case was proven by Goldfeld, Cuff and Permuter in [Goldfeld, Cuff, Permuter, 2016]. We generalize the result of [Goldfeld, Cuff, Permuter, 2016]. One key feature of the results obtained in this work is that all the bounds obtained are in terms of error exponent. We obtain our achievability result via the technique of simultaneous pinching. This in turn allows us to show the existence of a simultaneous decoder. Further, to obtain our encoding technique and to prove the security feature of our coding scheme we prove a bivariate classical-quantum channel resolvability lemma and a conditional classical-quantum channel resolvability lemma. As a by product of the achievability result obtained in this work, we also obtain an achievable rate for a fully quantum Gel'fand-Pinsker channel in the absence of Eve. The form of this achievable rate matches with its classical counterpart. The Gel'fand-Pinsker channel model had earlier only been studied for the classical-quantum case and in the case where Alice (the sender) and Bob (the receiver) have shared entanglement between them.

## Authors

• 13 publications
• 39 publications
• 2 publications
09/19/2018

### One-shot Capacity bounds on the Simultaneous Transmission of Classical and Quantum Information

We study the communication capabilities of a quantum channel under the m...
02/03/2021

### One-shot multi-sender decoupling and simultaneous decoding for the quantum MAC

In this work, we prove a novel one-shot multi-sender decoupling theorem ...
07/22/2019

### Steganography Protocols for Quantum Channels

We study several versions of a quantum steganography problem, in which t...
10/24/2018

### Simultaneous transmission of classical and quantum information under channel uncertainty and jamming attacks

We derive universal codes for simultaneous transmission of classical mes...
02/02/2021

### Novel one-shot inner bounds for unassisted fully quantum channels via rate splitting

We prove the first non-trivial one-shot inner bounds for sending quantum...
09/26/2018

### A Quantum Multiparty Packing Lemma and the Relay Channel

Optimally encoding classical information in a quantum system is one of t...
05/30/2021

A multiple access channel (MAC) consists of multiple senders simultaneou...
##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## I Introduction

The concept of communication over the wiretap channel was pioneered in the classical case by Wyner [3]

. In this model the wiretapper (Eve) is aware of the encoding strategy used by the transmitter (Alice) to transmit the messages reliably to the legitimate receiver (Bob). A wiretap channel is classically modeled as a conditional probability distribution

where is the channel input supplied by Alice and are the channel outputs with received by Bob and received by Eve. The goal here is to maximize the rate of reliable message transmission from Alice to Bob over this channel, such that Eve gets to know as little information as possible about the transmitted message.

This problem of secure communication over noisy wiretap channel was extended to the quantum domain in [4, 5]. In the quantum case, the wiretap channel is modeled as a CPTP (completely positive and trace preserving) map where is the input register supplied by Alice and and represent Bob’s and Eve’s respective shares of the channel output. The quantum wiretap channel model has also been well studied in the one-shot scenario, see for example [6, 7, 8, 9].

Recently, there has been an interest in studying the classical wiretap channel with states. A classical wiretap channel with states is modeled as Similar to the wiretap channel as discussed above, it produces two outputs with received by Bob and received by Eve. However, unlike the normal wiretap channel, in this case the channel takes two inputs (supplied by Alice) and a random parameter . This random parameter is used to represent the channel state and is not controlled by the transmitter. A key motivation for studying this channel model is that it captures the scenario of communication both in the presence of a jammer and an eavesdropper. Further, this channel also models the scenario of a memory with stuck-at faults (for more details, please see [10]). In [11], Chen and Vinck considered the problem of communication over this channel model in the presence of an eavesdropper. They combined the coding strategy for the normal wiretap channel along with the coding strategy for the Gel’fand-Pinsker (GP) channel and obtained a lower bound on the secrecy capacity. In [12], Chia and El-Gamal further advanced the theory of communication over this channel model by proposing a more sophisticated coding technique in the case when the full channel side information is causally available at both the encoder and the decoder. Even though their coding strategy is restricted to utilize the state information in a causal manner, the authors show that their technique allows to achieve a better transmission rate as compared to the one obtained in [11]. The GP channel model in the absence of Eve was first introduced by Gel’fand and Pinsker in their seminal work [13]. In this model there are two parties (Alice and Bob) and it takes two inputs (supplied by Alice) and a random parameter . However, unlike the GP-wiretap channel model this channel only produces one output received by Bob.

In [2] Goldfeld, Cuff and Permuter revisit this communication problem when the channel state side information is causally available at the encoder. The authors motivate this model by noting that having information about the extra randomness (the channel state parameter) of the channel may help in secure transmission. They employ an encoding technique based on the superposition coding scheme [14] and obtain the best known lower bound on the secrecy capacity of the GP channel model and also recover the results of [11] and [12] as a special case. The converse result for this problem is not known except for some special cases (which do not seem to have natural interpretation in the quantum case). To obtain their results, the authors prove what they call a superposition covering lemma. Although the papers [2, 11, 12] call the approximation of the output distribution a covering lemma, this type of approximation was studied with the name of channel resovability in the earlier papers [15, 16, 17, 7].

We study the problem of secure communication over the fully quantum Gel’fand-Pinsker wiretap channel and provide an exact quantum generalization of the results obtained in [2]. Fig 1 models this communication scheme.

To derive the quantum generalization of the coding technique in [2] we prove a generalization of classical-quantum channel resolvability lemma [7]. This lemma is the quantum analogue of the [2, Lemma 7]. To prove the secrecy property of our coding technique we prove a conditional classical-quantum channel resolvability lemma. For the task of designing the decoding POVMs for our protocol we use the technique of simultaneous pinching (see [18] for details on the concept of pinching). Using this technique of simultaneous pinching we exhibit the existence of a simultaneous decoder in the single-shot case. One key feature of the single-shot bounds derived in this manuscript is that they are in terms of error exponent. The problem of reliable communication with no security constraint and in the presence of entanglement assistance was first studied in [10].

The result obtained in this manuscript allows us to recover the previous known results for classical message transmission over point-to-point quantum channels [19, 20] and the quantum wiretap channel (in the absence of the channel state) [4, 5]. Further, our result also implies an achievable rate for classical communication over fully quantum Gel’fand-Pinsker channel (in the absence of Eve). The form of our achievable rate for this problem is exactly similar to that obtained in [13]. We note here that the fully quantum Gel’fand-Pinsker channel has been studied in [10, 21] only in the case when Alice and Bob share entanglement and in [22] for classical-quantum channels. Our work is the first work to study this model in the absence of entanglement assistance between Alice and Bob. We discuss these results in Corollary 1.

## Ii Preliminaries

Consider a finite dimensional Hilbert space endowed with an inner product (in this paper, we only consider finite dimensional Hilbert-spaces). The norm of an operator on is and norm is . A quantum state (or a density matrix or a state) is a positive semi-definite matrix on with trace equal to . It is called pure if and only if its rank is . A sub-normalized state is a positive semi-definite matrix on with trace less than or equal to . Let

be a unit vector on

, that is . With some abuse of notation, we use to represent the state and also the density matrix , associated with . Given a quantum state on , support of , called is the subspace of spanned by all eigen-vectors of

with non-zero eigenvalues.

A quantum register is associated with some Hilbert space . Define . Let represent the set of all linear operators on . Let represent the set of all positive semidefinite operators on . We denote by , the set of quantum states on the Hilbert space . State with subscript indicates . If two registers are associated with the same Hilbert space, we shall represent the relation by . Composition of two registers and , denoted , is associated with Hilbert space . For two quantum states and ,

represents the tensor product (Kronecker product) of

and . The identity operator on (and associated register ) is denoted

Let . We define

 ρB:=TrAρAB:=∑i(⟨i|⊗IB)ρAB(|i⟩⊗IB),

where is an orthonormal basis for the Hilbert space . The state is referred to as the marginal state of . Unless otherwise stated, a missing register from subscript in a state will represent partial trace over that register. Given a , a purification of is a pure state such that . Purification of a quantum state is not unique. A quantum map is a completely positive and trace preserving (CPTP) linear map (mapping states in to states in ). A unitary operator is such that . An isometry is such that and .

Our model is given as the following pair. One is a CPTP map from the joint system to the joint system , where is the input system, is the channel internal system, is the legitimate receiver (Bob)’s system, and is the wiretapper (Eve)’s system. The other is an entangled state across the channel internal system and the system of side information available to the transmitter (Alice). Using the information in , Alice can choose the encoder dependently of the channel internal system . That is, the pair of a CPTP map and an entangled state gives our model.

###### Definition 1.

We shall consider the following information theoretic quantities.

 F(ρA,σA)def=∥√ρA√σA∥1.
2. Purified distance ([25]) For ,

 P(ρA,σA)=√1−F2(ρA,σA).

This is different from the Hellinger distance which is defined as

3. Sandwiched Rényi relative entropies ([26, 27]) Let and let we define the following two kinds of Rényi relative entropies:

 D––1+α(ρ∥σ) :=1αlogTr(σ−α2(1+α)ρσ−α2(1+α))1+α.
4. Rényi mutual information and Rényi conditional mutual information ([28]) Let

 ρUVB:= ∑u,vpUV(u,v)|u⟩⟨u|U⊗|v⟩⟨v|V⊗ρB∣u,v; ρV−U−B:= ∑upU(u)|u⟩⟨u|U⊗ρV∣u⊗ρB∣u,

where in the above and are appropriate marginals with respect to the state We define the Rényi mutual information

 I–1+α(UV;B)ρUVB|ρUV:=minσBD––1+α(ρUVB∥ρUV⊗σB),

where is an arbitrary state on . Also, we define the Rényi conditional mutual information

 I–1+α(V;B|U)ρUVB|ρUV:=minσUVBD––1+α(ρUVB∥σUVB), (1)

where is given with an arbitrary state as

 σUVB=∑upU(u)|u⟩⟨u|⊗ρV∣u⊗σB∣u.

We will use the following facts.

###### Fact 1 (Minimum achieving state, [29]).

For , the minimum in (1) is uniquely attained when satisfies

 σB|u=TrA[(ρV∣u⊗ρB∣u)−α2(1+α)ρVB∣u(ρV|u⊗ρB∣u)−α2(1+α)]Tr[(ρV∣u⊗ρB∣u)−α2(1+α)ρVB∣u(ρV∣u⊗ρB∣u)−α2(1+α)]. (2)

Lemma 5 of [29] showed the above inequality without the classical system . Since is a classical system, we can apply Lemma 5 of [29] to the state for each element , which implies (2).

###### Fact 2 (Triangle inequality for purified distance, [30]).

For states ,

 P(ρA,σA)≤P(ρA,τA)+P(τA,σA),

which implies that

 P(ρA,σA)2≤(P(ρA,τA)+P(τA,σA))2≤2(P(ρA,τA)2+P(τA,σA)2).
###### Fact 3 (Monotonicity under quantum operations, [31],[32]).

For quantum states , and quantum operation , it holds that

 D––1+α(E(ρ)∥E(σ))≤D1+α(ρ∥σ)andP(E(ρ),E(σ))≤P(ρ,σ)
###### Fact 4 (Uhlmann’s Theorem, [24]).

Let . Let be a purification of and be a purification of . There exists an isometry such that,

 F(|θ⟩⟨θ|AB,|ρ⟩⟨ρ|AB)=F(ρA,σA),

where .

###### Fact 5.

For quantum states ,

 F2(ρ,σ)≥2−D––1+α(ρ∥σ).

The fact follows from [33, Lemma 5], see also [34, Corollary 4.3,] and from the monotonicity of sandwiched Rényi relative entropy.

###### Fact 6.

Let and be two quantum states. We have the following relation:

 P(ρ,σ)≤√2∥ρ−σ∥1. (3)
###### Fact 7 ( [21]).

Let and be quantum states. Then, for every let be an operator,

 |√Tr[Λρ]−√Tr[Λσ]|≤P(ρ,σ).
###### Fact 8 (Hayashi-Nagaoka inequality, [35]).

Let be positive semi-definite operators. Then

 I−(S+T)−12S(S+T)−12≤2(I−S)+4T.
###### Fact 9 (Hayashi, [18]).

Let and be two quantum states. Further, let be the pinching operation with respect to the basis of . Then,

 ρ≤vE(ρ),

where represents the distinct number of eigenvalues of and is sometimes also called as the pinching constant.

###### Fact 10.

(Jensen’s inequality) Let be a concave function. Then,

## Iii Main result

Before giving our main result we first give the following definitions:

###### Definition 2.

(Encoding, Decoding, Error, Secrecy) An secrecy code for communication over a quantum Gel’fand-Pinsker wiretap channel with channel state side information available at the encoder (i,e, when the sender shares an entangled state with the channel itself) consists of

• an encoding operation (for Alice) where and such that

where and is the purified distance.

• a decoding operation (for Bob) with such that

 Pr{M≠^M}≤εn
###### Definition 3.

A rate is said to be achievable if there exists a sequence of - codes such that

 liminfn→∞1nlogMn ≥R; limsupn→∞εn →0; limn→∞δn →0.

The supremum of all the achievable rates is called the secrecy capacity of the Gel’fand-Pinsker channel.

The following theorem is one of our main result. It can be considered as the quantum generalization of the achievability result in [2, Equations and ].

###### Theorem 1.

Let be a quantum Gel’fand-Pinsker wiretap channel. Further, let

be the shared entanglement between the sender and the channel. We choose a joint distribution

and conditional states such that , where . Then, a rate is achievable if

 R≤Ra(ρUVAS):=min{I[V;B∣U]−I[V;E∣U],I[UV;B]−I[UV;S],I[UV;B]−I[U;S]−I[V;E∣U]}, (4)

where the information theoretic quantities above are calculated with respect to the state .

We denote the set of to satisfy the condition given in Theorem 1 by . Then, the rate

 maxρUVAS∈S1Ra(ρUVAS)

is achievable. To simplify this rate, we introduce the set . Then, we have the following lemma.

###### Lemma 1.
 maxρUVAS∈S1Ra(ρUVAS)=maxρUVAS∈S2Ralt(ρUVAS), (5)

where

 Ralt(ρUVAS):=min{I[V;B∣U]−I[V;E∣U],I[UV;B]−I[UV;S]}. (6)

Therefore, Theorem 1 guarantees that the rate is also achievable. The proof of this lemma follows exactly similar to that given in [2, Appendix A]. However, we repeat the same proof in the Appendix just for completeness.

To achieve the rate given in (4), we employ superposition coding, in which we randomly choose and we make an encoder with respect to conditioned on . Here, we elaborate upon the roles of and . In Gel’fand-Pinsker wiretap channel, the register some correlation with the systems and , which makes our analysis difficult. We convert these correlations to the correlation between the register and the message. Therefore, we need three types of evaluations. The first one is the evaluation of the correlation between the register and the message. The second one is the evaluation of the decoding error probability with ignoring the correlation between the register and the receiver . It can be evaluated as a correlation between and . The third one is the evaluation of the information leakage while ignoring the correlation between the register and the eavesdropper . It can be evaluated as the correlation between and conditioned with .

To realize the third type of evaluation, we need a scramble variable related to with the rate . This type of analysis requires the condition

 R1>I[V;E∣U]. (7)

In contrast, to realize the second type of analysis, we need another scramble variable related to with the rate as well as the scramble variable related to with the rate . This type of analysis requires the conditions

 r >I[U;S]; (8) R1+r >I[UV;S]. (9)

In addition, the first type of analysis requires the condition for the coding rate ;

 R+R1+r

As explained in the final part of our proof, combining the conditions (7) – (11), we can show that the rate given in (4) is achievable.

An important consequence of our achievability result is the following corollary:

###### Corollary 1.
• (Communication over point-to-point channel, [19, 20]) Let be a quantum channel. Further, let where the maximization is over the states of the following form: Then every rate satisfying the following constraint

 R≤limk→∞1kχ(N⊗k)

is achievable.

• (Communication over point-to-point wiretap channel, [4, 5]) Let be a quantum wiretap channel. Further, let where the maximization is over the states of the following form: Then every rate satisfying the following constraint

 R≤limk→∞1kP(N⊗k)

is achievable for the wiretap channel .

• (Entanglement unassisted communication over Gel’fand-Pinsker quantum channel) Let be a Gel’fand-Pinsker quantum channel. Further, let where the maximization is over the states of the following form: such that Then any rate satisfying the following constraint

 R≤limk→∞1kχGP(N⊗k)

is achievable for the channel .

###### Proof.

The proof follows by setting in (6) and then using the coding strategy in the proof of Theorem 1 for

The proof follows by setting in (6) and then using the coding strategy in the proof of Theorem 1 for

The proof follows by setting in (6) and then using the coding strategy in the proof of Theorem 1 for

This completes the proof. ∎

Before giving the proof of Theorem 1 we first study the single-shot version of the task mentioned in Fig 1. For the single-shot case we obtain an error exponent like bound on the decoding error probability and the secrecy criterion.

## Iv Code construction in single-shot form

In this section, we give the construction of our code in the single-shot form, and evaluate its performance. Let be a quantum Gel’fand-Pinsker wiretap channel. Further, let be the shared entanglement between the sender and the channel.

Let be as defined in Theorem 1 and define the following states:

 ρUVBE :=NAS→BE(ρUVAS); (12) ρB :=TrUVENAS→BE(ρUVAS); (13) ρB∣u :=∑vpV∣U(v∣u)ρB∣u,v. (14)

The codebook: We choose real numbers . Let , be drawn independently according to Further, for every and for every message generate independently, where for every The distribution is with respect to the conditional distribution of the joint distribution In what follows we will use the notation and . Both and for all are known to all the parties involved, i.e., Alice, Bob and Eve. We will use the notation

Remark: In the above stands for the final rate of communication. Our encoding scheme mentioned below is a multi-level coding scheme which has the dual feature of being a good wiretap channel code along with being a good code for the Gel’fand-Pinsker channel. Intuitively, the coding scheme should be such that it should be able to keep the messages secure from Eve. Further, since Bob does not have any information about therefore the encoding scheme should be such that it should somehow help Bob in decoding. These two features about our encoding schemes are reflected by bounds on and derived below.

Encoding: To define our encoder, we introduce a register such that is a purification of the state , which is given in Theorem 1. Thus, we have the following purification of the state

 |τCASIJ∣U(1),⋯U(2r),V(m,1,1),⋯,V(m,2r,2R1)⟩:=1√2(R1+r)∑(i,j)|ρCAS∣U(i)V(m,i,j)⟩|i⟩I|j⟩J. (15)

It follows from the Uhlmann’s theorem (Fact 4) that for every there exists a set of isometries such that

 P(τCASIJ∣U(1),⋯U(2r),V(m,1,1),⋯,V(m,2r,2R1),WS′→ACIJCU,Cm(ϕS′S)W†S′→ACIJCU,Cm) =P⎛⎝12n(R1+r)∑(i,j)ρS∣U(i)V(m,i,j),ρS)⎞⎠, (16)

where . Using these notations, we define our encoder depending on the codewords in the codebook and as follows. When Alice intends to send the message , she applies the isometry ( obtained in the derivation of (16)) on her register and transmits the register across the channel

Pinching: Our decoder will be based on the method of pinching. Therefore, before designing our decoder we first discuss this method. Consider the following classical-quantum states

 ρUVB:= ∑u,vpUV(u,v)|u⟩⟨u|U⊗|v⟩⟨v|V⊗ρB∣u,v; (17) ρV−U−B:= ∑upU(u)|u⟩⟨u|U⊗ρV∣u⊗ρB∣u, (18)

where in the above and are appropriate marginals with respect to the state

In the subsequent discussions the main aim is to come up with completely positive and trace preserving operations such that at the end of these operations the states and start commuting. Towards this we define the following operations: be the pinching operation with respect to the spectral decomposition of the state Further, for every let be the pinching operation with respect to the spectral decomposition of the operator Then, is defined as . It easy to observe that and the state commute with each other. In what follows further in this section we will use the notation and to represent the maximum number of components of the pinching map and the maximum number of components of the pinching maps . Further, in the discussions below we will define pinching maps and where is the pinching map with respect to the the spectral basis of is the pinching map with respect to the spectral basis of the operator and is defined with respect to the state Then, and are defined from and in the same way as . Further, let and be defined as follows:

 v1 := distinct components of the pinching map E1; (19) v2 :=maximum number of distinct components of the pinching % maps {E2∣u}u; v3 := distinct components of the pinching map E3; v4 :=maximum number of distinct components of the pinching % maps {E4∣u}u; v5 :=maximum number of distinct components of the pinching map%  {E5∣u}u .

Decoding: First, for two Hermitian matrices and , we define the projection as , where the spectral decomposition of is given as . In this notation,

is the projection to the eigenspace corresponding to the eigenvalue

. Then, we define the following projectors:

 ΠUVB(1):= {E2(ρUVB)≥2R+R1+rρUV⊗ρB}, (20) ΠUVB(2):= {E2(ρUVB)≥2R+R1E1(ρV−U−B)}. (21)

Let For every define the following operator:

 γ(m,i,j):=TrUV[ΠUVB(|U(i)⟩⟨U(i)|U⊗|V(m,i,j)⟩⟨V(m,i,j)|V⊗IB)]. (22)

We now scale these operators to obtain a valid set of POVM operators as follows:

 β(m,i,j):=⎛⎝∑(m′,i′,j′)γ(m′,i′,j′)⎞⎠−12γ(m,i,j)⎛⎝∑(m′,i′,j′)γ(m′,i′,j′)⎞⎠−12. (23)

Bob uses the above set of decoding POVM operators to decode the transmitted message.

Average performance: Under the above random construction, we can evaluate the average performances. Let be the message which was transmitted by Alice using the strategy above and let be the decoded message by Bob using the decoding POVMs defined in (23). Notice that by the symmetry of the encoding and decoding strategy, it is enough to bound . The following lemma discusses the average performance of our protocol.

###### Lemma 2.

The average performances are evaluated with as follows.

 ECPr{^M≠1|M=1} ≤20(vα22α(R+R1+r−D––1−α(ρUVB∥ρUV⊗ρB))+vα22α(R+R1−I–1−α[V;B|U])) +2α((v32r)α2αD––1+α(ρUS∥ρU⊗ρS)+(v42R1+r)α2αD––1+α(ρUVS∥ρUV⊗ρS)), (24)

and

 EC[P(ρME,TrE[ρME]⊗TrM[ρME])2] ≤8α((v12r)α2αD––1+α(ρUS∥ρU⊗ρS)+(v22R1+r)α2αD––1+α(ρUVS∥ρUV⊗ρS)) +8α(vα52αR12αD––1+α(ρUVE∥ρU−V−E)), (25)

where and are constants defined in (19).

This lemma will be proven in Section VI. For now we assume this lemma and prove the existence of a code which is robust to both decoding error and secrecy.

Existence of good code: Applying expurgation to this construction, we obtain the following theorem.

###### Theorem 2.

For and for every there exists a code such that

 Pr{M≠^M} ≤42(vα22α(R+R1+r−D––1−α(ρUVB∥ρUV⊗ρB))+vα22α(R+R1−I–1−α[V;B|U])) +5α((v32r)α2αD––1+α(ρUS∥ρU⊗ρS)+(v42R1+r)α2αD––1+α(ρUVS∥ρUV⊗ρS)),

and

 P(ρME,TrE[ρME]⊗TrM[ρME])2≤ +1α(vα52αR12αD––1+α(ρUVE∥ρV−U−E)),

where and are constants defined in (19) and the information theoretic quantities above are calculated with respect to the state such that

###### Proof.

We now show the existence of a code which simultaneously satisfies both the reliability and the secrecy criterion as discussed in the Definition (2). Towards this let and represent the decoding error and secrecy parameter of a random codebook . Define the following events:

 B1 :={ε(C)≤(1+β)EC[ε(C)]}; (26) B2 :={δ(C)≤(1+β)EC[δ(C)]}, (27)

where is an arbitrary constant. From Markov’s inequality and union bound it now easily follows that

 Pr{B1,B2}≥β−1β+1. (28)

Thus, from (2), (25), (26), (27) and setting in (28) we now conclude that there exists a codebook such that: