The concept of communication over the wiretap channel was pioneered in the classical case by Wyner 
. In this model the wiretapper (Eve) is aware of the encoding strategy used by the transmitter (Alice) to transmit the messages reliably to the legitimate receiver (Bob). A wiretap channel is classically modeled as a conditional probability distributionwhere is the channel input supplied by Alice and are the channel outputs with received by Bob and received by Eve. The goal here is to maximize the rate of reliable message transmission from Alice to Bob over this channel, such that Eve gets to know as little information as possible about the transmitted message.
This problem of secure communication over noisy wiretap channel was extended to the quantum domain in [4, 5]. In the quantum case, the wiretap channel is modeled as a CPTP (completely positive and trace preserving) map where is the input register supplied by Alice and and represent Bob’s and Eve’s respective shares of the channel output. The quantum wiretap channel model has also been well studied in the one-shot scenario, see for example [6, 7, 8, 9].
Recently, there has been an interest in studying the classical wiretap channel with states. A classical wiretap channel with states is modeled as Similar to the wiretap channel as discussed above, it produces two outputs with received by Bob and received by Eve. However, unlike the normal wiretap channel, in this case the channel takes two inputs (supplied by Alice) and a random parameter . This random parameter is used to represent the channel state and is not controlled by the transmitter. A key motivation for studying this channel model is that it captures the scenario of communication both in the presence of a jammer and an eavesdropper. Further, this channel also models the scenario of a memory with stuck-at faults (for more details, please see ). In , Chen and Vinck considered the problem of communication over this channel model in the presence of an eavesdropper. They combined the coding strategy for the normal wiretap channel along with the coding strategy for the Gel’fand-Pinsker (GP) channel and obtained a lower bound on the secrecy capacity. In , Chia and El-Gamal further advanced the theory of communication over this channel model by proposing a more sophisticated coding technique in the case when the full channel side information is causally available at both the encoder and the decoder. Even though their coding strategy is restricted to utilize the state information in a causal manner, the authors show that their technique allows to achieve a better transmission rate as compared to the one obtained in . The GP channel model in the absence of Eve was first introduced by Gel’fand and Pinsker in their seminal work . In this model there are two parties (Alice and Bob) and it takes two inputs (supplied by Alice) and a random parameter . However, unlike the GP-wiretap channel model this channel only produces one output received by Bob.
In  Goldfeld, Cuff and Permuter revisit this communication problem when the channel state side information is causally available at the encoder. The authors motivate this model by noting that having information about the extra randomness (the channel state parameter) of the channel may help in secure transmission. They employ an encoding technique based on the superposition coding scheme  and obtain the best known lower bound on the secrecy capacity of the GP channel model and also recover the results of  and  as a special case. The converse result for this problem is not known except for some special cases (which do not seem to have natural interpretation in the quantum case). To obtain their results, the authors prove what they call a superposition covering lemma. Although the papers [2, 11, 12] call the approximation of the output distribution a covering lemma, this type of approximation was studied with the name of channel resovability in the earlier papers [15, 16, 17, 7].
We study the problem of secure communication over the fully quantum Gel’fand-Pinsker wiretap channel and provide an exact quantum generalization of the results obtained in . Fig 1 models this communication scheme.
To derive the quantum generalization of the coding technique in  we prove a generalization of classical-quantum channel resolvability lemma . This lemma is the quantum analogue of the [2, Lemma 7]. To prove the secrecy property of our coding technique we prove a conditional classical-quantum channel resolvability lemma. For the task of designing the decoding POVMs for our protocol we use the technique of simultaneous pinching (see  for details on the concept of pinching). Using this technique of simultaneous pinching we exhibit the existence of a simultaneous decoder in the single-shot case. One key feature of the single-shot bounds derived in this manuscript is that they are in terms of error exponent. The problem of reliable communication with no security constraint and in the presence of entanglement assistance was first studied in .
The result obtained in this manuscript allows us to recover the previous known results for classical message transmission over point-to-point quantum channels [19, 20] and the quantum wiretap channel (in the absence of the channel state) [4, 5]. Further, our result also implies an achievable rate for classical communication over fully quantum Gel’fand-Pinsker channel (in the absence of Eve). The form of our achievable rate for this problem is exactly similar to that obtained in . We note here that the fully quantum Gel’fand-Pinsker channel has been studied in [10, 21] only in the case when Alice and Bob share entanglement and in  for classical-quantum channels. Our work is the first work to study this model in the absence of entanglement assistance between Alice and Bob. We discuss these results in Corollary 1.
Consider a finite dimensional Hilbert space endowed with an inner product (in this paper, we only consider finite dimensional Hilbert-spaces). The norm of an operator on is and norm is . A quantum state (or a density matrix or a state) is a positive semi-definite matrix on with trace equal to . It is called pure if and only if its rank is . A sub-normalized state is a positive semi-definite matrix on with trace less than or equal to . Let
be a unit vector on, that is . With some abuse of notation, we use to represent the state and also the density matrix , associated with . Given a quantum state on , support of , called is the subspace of spanned by all eigen-vectors of
with non-zero eigenvalues.
A quantum register is associated with some Hilbert space . Define . Let represent the set of all linear operators on . Let represent the set of all positive semidefinite operators on . We denote by , the set of quantum states on the Hilbert space . State with subscript indicates . If two registers are associated with the same Hilbert space, we shall represent the relation by . Composition of two registers and , denoted , is associated with Hilbert space . For two quantum states and ,
represents the tensor product (Kronecker product) ofand . The identity operator on (and associated register ) is denoted
Let . We define
where is an orthonormal basis for the Hilbert space . The state is referred to as the marginal state of . Unless otherwise stated, a missing register from subscript in a state will represent partial trace over that register. Given a , a purification of is a pure state such that . Purification of a quantum state is not unique. A quantum map is a completely positive and trace preserving (CPTP) linear map (mapping states in to states in ). A unitary operator is such that . An isometry is such that and .
Our model is given as the following pair. One is a CPTP map from the joint system to the joint system , where is the input system, is the channel internal system, is the legitimate receiver (Bob)’s system, and is the wiretapper (Eve)’s system. The other is an entangled state across the channel internal system and the system of side information available to the transmitter (Alice). Using the information in , Alice can choose the encoder dependently of the channel internal system . That is, the pair of a CPTP map and an entangled state gives our model.
We shall consider the following information theoretic quantities.
Purified distance () For ,
This is different from the Hellinger distance which is defined as
Rényi mutual information and Rényi conditional mutual information () Let
where in the above and are appropriate marginals with respect to the state We define the Rényi mutual information
where is an arbitrary state on . Also, we define the Rényi conditional mutual information
where is given with an arbitrary state as
We will use the following facts.
Fact 1 (Minimum achieving state, ).
Fact 2 (Triangle inequality for purified distance, ).
For states ,
which implies that
For quantum states , and quantum operation , it holds that
Fact 4 (Uhlmann’s Theorem, ).
Let . Let be a purification of and be a purification of . There exists an isometry such that,
Let and be two quantum states. We have the following relation:
Fact 7 ( ).
Let and be quantum states. Then, for every let be an operator,
Fact 8 (Hayashi-Nagaoka inequality, ).
Let be positive semi-definite operators. Then
Fact 9 (Hayashi, ).
Let and be two quantum states. Further, let be the pinching operation with respect to the basis of . Then,
where represents the distinct number of eigenvalues of and is sometimes also called as the pinching constant.
(Jensen’s inequality) Let be a concave function. Then,
Iii Main result
Before giving our main result we first give the following definitions:
(Encoding, Decoding, Error, Secrecy) An secrecy code for communication over a quantum Gel’fand-Pinsker wiretap channel with channel state side information available at the encoder (i,e, when the sender shares an entangled state with the channel itself) consists of
an encoding operation (for Alice) where and such that
where and is the purified distance.
a decoding operation (for Bob) with such that
A rate is said to be achievable if there exists a sequence of - codes such that
The supremum of all the achievable rates is called the secrecy capacity of the Gel’fand-Pinsker channel.
The following theorem is one of our main result. It can be considered as the quantum generalization of the achievability result in [2, Equations and ].
Let be a quantum Gel’fand-Pinsker wiretap channel. Further, let be the shared entanglement between the sender and the channel.
We choose a joint distribution
be the shared entanglement between the sender and the channel. We choose a joint distributionand conditional states such that , where . Then, a rate is achievable if
where the information theoretic quantities above are calculated with respect to the state .
We denote the set of to satisfy the condition given in Theorem 1 by . Then, the rate
is achievable. To simplify this rate, we introduce the set . Then, we have the following lemma.
Therefore, Theorem 1 guarantees that the rate is also achievable. The proof of this lemma follows exactly similar to that given in [2, Appendix A]. However, we repeat the same proof in the Appendix just for completeness.
To achieve the rate given in (4), we employ superposition coding, in which we randomly choose and we make an encoder with respect to conditioned on . Here, we elaborate upon the roles of and . In Gel’fand-Pinsker wiretap channel, the register some correlation with the systems and , which makes our analysis difficult. We convert these correlations to the correlation between the register and the message. Therefore, we need three types of evaluations. The first one is the evaluation of the correlation between the register and the message. The second one is the evaluation of the decoding error probability with ignoring the correlation between the register and the receiver . It can be evaluated as a correlation between and . The third one is the evaluation of the information leakage while ignoring the correlation between the register and the eavesdropper . It can be evaluated as the correlation between and conditioned with .
To realize the third type of evaluation, we need a scramble variable related to with the rate . This type of analysis requires the condition
In contrast, to realize the second type of analysis, we need another scramble variable related to with the rate as well as the scramble variable related to with the rate . This type of analysis requires the conditions
In addition, the first type of analysis requires the condition for the coding rate ;
An important consequence of our achievability result is the following corollary:
(Entanglement unassisted communication over Gel’fand-Pinsker quantum channel) Let be a Gel’fand-Pinsker quantum channel. Further, let where the maximization is over the states of the following form: such that Then any rate satisfying the following constraint
is achievable for the channel .
This completes the proof. ∎
Iv Code construction in single-shot form
In this section, we give the construction of our code in the single-shot form, and evaluate its performance. Let be a quantum Gel’fand-Pinsker wiretap channel. Further, let be the shared entanglement between the sender and the channel.
Let be as defined in Theorem 1 and define the following states:
The codebook: We choose real numbers . Let , be drawn independently according to Further, for every and for every message generate independently, where for every The distribution is with respect to the conditional distribution of the joint distribution In what follows we will use the notation and . Both and for all are known to all the parties involved, i.e., Alice, Bob and Eve. We will use the notation
Remark: In the above stands for the final rate of communication. Our encoding scheme mentioned below is a multi-level coding scheme which has the dual feature of being a good wiretap channel code along with being a good code for the Gel’fand-Pinsker channel. Intuitively, the coding scheme should be such that it should be able to keep the messages secure from Eve. Further, since Bob does not have any information about therefore the encoding scheme should be such that it should somehow help Bob in decoding. These two features about our encoding schemes are reflected by bounds on and derived below.
Encoding: To define our encoder, we introduce a register such that is a purification of the state , which is given in Theorem 1. Thus, we have the following purification of the state
It follows from the Uhlmann’s theorem (Fact 4) that for every there exists a set of isometries such that
where . Using these notations, we define our encoder depending on the codewords in the codebook and as follows. When Alice intends to send the message , she applies the isometry ( obtained in the derivation of (16)) on her register and transmits the register across the channel
Pinching: Our decoder will be based on the method of pinching. Therefore, before designing our decoder we first discuss this method. Consider the following classical-quantum states
where in the above and are appropriate marginals with respect to the state
In the subsequent discussions the main aim is to come up with completely positive and trace preserving operations such that at the end of these operations the states and start commuting. Towards this we define the following operations: be the pinching operation with respect to the spectral decomposition of the state Further, for every let be the pinching operation with respect to the spectral decomposition of the operator Then, is defined as . It easy to observe that and the state commute with each other. In what follows further in this section we will use the notation and to represent the maximum number of components of the pinching map and the maximum number of components of the pinching maps . Further, in the discussions below we will define pinching maps and where is the pinching map with respect to the the spectral basis of is the pinching map with respect to the spectral basis of the operator and is defined with respect to the state Then, and are defined from and in the same way as . Further, let and be defined as follows:
Decoding: First, for two Hermitian matrices and , we define the projection as , where the spectral decomposition of is given as . In this notation,
is the projection to the eigenspace corresponding to the eigenvalue. Then, we define the following projectors:
Let For every define the following operator:
We now scale these operators to obtain a valid set of POVM operators as follows:
Bob uses the above set of decoding POVM operators to decode the transmitted message.
Average performance: Under the above random construction, we can evaluate the average performances. Let be the message which was transmitted by Alice using the strategy above and let be the decoded message by Bob using the decoding POVMs defined in (23). Notice that by the symmetry of the encoding and decoding strategy, it is enough to bound . The following lemma discusses the average performance of our protocol.
The average performances are evaluated with as follows.
where and are constants defined in (19).
This lemma will be proven in Section VI. For now we assume this lemma and prove the existence of a code which is robust to both decoding error and secrecy.
Existence of good code: Applying expurgation to this construction, we obtain the following theorem.
For and for every there exists a code such that
where and are constants defined in (19) and the information theoretic quantities above are calculated with respect to the state such that
We now show the existence of a code which simultaneously satisfies both the reliability and the secrecy criterion as discussed in the Definition (2). Towards this let and represent the decoding error and secrecy parameter of a random codebook . Define the following events:
where is an arbitrary constant. From Markov’s inequality and union bound it now easily follows that