I Introduction
Secure network coding is a method securely transmitting information from the authorized sender to the authorized receiver. Cai and Yeung [1, 2, 3] discussed the secrecy for the malicious adversary, Eve, wiretapping a subset of all channels in the network. The papers [4, 5, 6, 7, 8, 9, 10] developed several types of secure network coding. The papers [11, 12, 13, 14] showed the existence of a secrecy code that universally works for any types of eavesdroppers under the size constraint of . In particular, the papers [13, 14] constructed it by using the universal hashing lemma [15, 16, 17]. Further, the papers [11, 12, 18] evaluated errors when the information on a part of network is changed, but they evaluated the secrecy only when the information on a part of network is not changed or Eve did not know the replaced information. The recent paper [19] discussed the secrecy as well as the error when Eve contaminates the eavesdropped information and knows the replaced information. (For the detailed relation, see [19, Remark 8].) The effects of Eve’s contamination depend on the type of the network code. When the code is linear, the contamination does not improve her performance. However, when the code is not linear, there exists only one example where the contamination improves her performance [19].
Despite these developments, there are still some problems in existing studies. Although these existing studies achieved the optimal rate with secrecy condition, their optimality relies on the minimum cut theorem. That is, they assumed that the eavesdropper may choose any subset channels to access, and did not address another type of conditions for the eavesdropper. For example, the studies [11, 12, 13, 14] optimized only the codes in the source and terminal nodes and did not optimize the coding operations on the intermediate nodes. Also, in other existing studies, the intermediate nodes do not have as complicated codes as the source and terminal nodes. In this paper, to achieve the optimal rate beyond the minimum cut theorem, we address the optimization of the coding operations on the intermediate nodes as well as on the source and terminal nodes.
Further, we consider a new type of attacks, adaptive attacks. Assume that distinct numbers are assigned to the edges, and the communication on edges are done in the decreasing order for the assigned numbers. Usually, Eve cannot decide the edges to be attacked depending on the previous observation. Now, we allow Eve to choose the edges to be attacked based on the previous observations. Indeed, the channel discrimination, it is known that such an adaptive strategy does not improve the asymptotic performance [20]. Then, we find two characteristics for adaptive attacks, which are similar to the case of active attacks. First, we find a nonlinear code where an adaptive attack significantly improves Eve’s performance. Using this characteristic, we find an example of a nonasymptotic network model, which has no secure code for adaptive attacks, but has no secure code for conventional attacks. Second, we show that any adaptive attack cannot improve Eve’s performance when the code is linear. Using this fact, we derive the asymptotic performance in several typical network models in the following way when Eve is allowed to use adaptive and active attacks.
In this paper, we discuss the asymptotic securely transmittable rate over the above attacks not only for a unicast network but also for a multiple multicast network, in which, multiple senders are intended to send their different messages to different multiple receivers. Under these settings, we define the capacity and the capacity regions for given network models, and calculate them in several examples. For the definition, we define two types of capacity regions depending on the requirement on the code on the intermediate nodes. Usually, a secure network code employs scramble random numbers, which need to be physical random numbers different from pseudo random numbers. In the first capacity region, we allow each node to introduce new scramble random numbers unlimitedly. Here, the scramble random numbers of each node are not shared with other nodes and should be independent of random variables in other players and other nodes before starting the transmission. In the second capacity region, only source nodes are allowed to employ scramble random numbers due to the following reason. To realize physical random numbers as scramble random numbers, we need a physical device. If the physical random number has sufficient quality, the physical device is expensive and/or consumes a nonnegligible space because it often needs high level quantum information technologies with advanced security analysis
[21, 22]. It is not so difficult to prepare such devices in the source side. However, it increases the cost to prepare devices in the intermediate nodes because networks with such devices require more complicated maintenance than a conventional network. Therefore, from the economical reason, it is natural to impose this constraint to our network code. Unfortunately, only a few papers [23, 24, 25] discussed such a restriction. Hence, this paper addresses the difference between the capacities with and without such a restriction by introducing the norandomness capacity and the fullrandomness capacity. Further, as an intermediate case, by introducing the limitedrandomness capacity, we can consider the case when the number of available scramble random numbers in each intermediate node is limited to a certain amount. Then, the relation between our capacities and the existing studies is summarized as Table I. In addition, for both types of capacities and capacity regions, we define the linear codes version, in which, our codes are limited to linear codes. We also show that the linear version of capacities and capacity regions are the same as the original capacities and capacity regions under the above examples because the optimal rate and rate regions in the original setting can be attained by linear codes.The remaining parts of this paper is organized as follows. Section II gives the formulation of our network model. Section III gives an example of network model, in which, an adaptive attack efficiently improves Eve’s performance. To discuss the asymptotic setting, Section IV defines the capacity region. Section V discusses the relay network model and derives its capacity. Section VII discusses the homogenous multicast network model and derives its capacity. Section VIII discusses the homogenous multiple multicast network model and derives its capacity. In Section VI, we give an important lemma, which is used in the converse part in the above models.
Active  Adaptive  Node  Linearity  
attack  attack  randomness  
Papers [1, 2, 3, 6]  not allowed  not allowed  not allowed  scalar 
Paper [4]  not allowed  not allowed  allowed  nonlinear 
Papers [9, 10, 23, 24, 25]  not allowed  not allowed  allowed  scalar 
Papers [5, 8]  not allowed  not allowed  not allowed  scalar 
Papers [13, 14, 11]  not allowed  not allowed  not allowed  vector 
Papers [12, 35]  semi active attack  not allowed  not allowed  vector 
Paper [19]  allowed  not allowed  not allowed  vector/ 
nonlinear  
Our nonlinear example  not allowed  allowed  not allowed  nonlinear 
Norandomness capacity  allowed  allowed  not allowed  vector 
Limitedrandomness capacity  allowed  allowed  partially  vector 
Fullrandomness capacity  allowed  allowed  allowed  vector 
Node randomness expresses the random number generated in intermediate nodes, which is independent of the variables in other nodes and other players before starting the transmission. Linearity expresses whether the code is linear or not. When it is linear, the column expresses which linearity condition is imposed, scalar or vector linearity. These two kinds of linearity conditions are explained in Section VE
. Semi active attack means that Eve injects the noise in several nodes and eavesdrops several nodes, but she estimates the message only from the eavesdropped information on the node without use of the information of the noise. For the detailed relation for active attack, see Remark 8 of
[19].Ii Adaptive and active attack for general network
Iia Formulation and reduction to nonadaptive attack
Now, we give the most general formulation of network coding and adaptive and active attacks. We consider an acyclic general network with multiple multicast setting as follows. The network has source nodes, terminal nodes, several intermediate nodes, and edges, where each edge is assigned to a distinct number from . Hence, can be regarded as the set of edges. Each edge transmits a single letter on a finite set . Our task is the following. The th source node securely sends the message to the
th terminal node, where the messages are subject to independent uniform distribution. Here, the tuple of all messages are denoted by
.Next, we assume that as scramble random numbers, each intermediate node can use additional uniform random numbers, which are independent of other random variables. They might be realized as physical random numbers. The th source node converts the pair of the messages and the scramble random numbers to the tuple of the letters on the outgoing edges. Each intermediate node converts the pair of the letters on the incoming edges and the scramble random numbers to the tuple of the letters on the outgoing edges. The th terminal node converts the pair of the letters on the incoming edges to the tuple of the recovered messages . We denote a network code by . We denote the cardinality of the message by . When , we simply denote it by . In particular, when , we simply denote it by . We denote the set of codes by .
Now, we consider two conditions for our network code .
 (C1)

[Linearity] Any message, any scramble random number, and information on any edge can be given as elements of vector spaces over the finite field All of the conversions in source, intermediate, and terminal nodes are linear over , i.e., they are written as matrices whose entries are elements of . Then, the code is called linear with respect to ^{1}^{1}1This type of linear code is often called vector linear [26] because these random variables are given as elements of vector spaces over the finite field . Although the paper [26] assumes that all the messages, the scramble random numbers, and the variables on the edges have the same dimension, we do not assume this condition..
Here, to apply the linearity condition, we choose a subset of whose cardinality is a power of . Then, the information on any edge can be given as an element of vector space over the finite field . While all edges sent the information on the same set , the above subset might depend on the edge. This is because the dimension of the information to be sent depends on the edge in general. Since the cardinality of the set is an arbitrary number, we can apply this linearity condition to the case when is a given as the th power of a certain set.
 (C2)

[Norandomness] All of intermediate nodes have no scramble random numbers.
 (C2’)

[Limitedrandomness] Each limited intermediate node has limited scramble random numbers. When each group is composed of one node, as a typical example, we assume that the node in th group can use random numbers per transmission.
Next, we define Eve’s attack. The conventional attack is modeled by a collection of subset of . That is, in the conventional attack, Eve chooses a subset , and eavesdrops the edges in the subset . This types of attack is called a deterministic attack. Hence, the set of deterministic attacks is identified with . The following discussion depends on the collection of subset of . That is, our problem is characterized by the structure of network and the collection . Also, Eve can randomly choose her choice
. Such an attack is written as a probability distribution
and is called a randomized attack. We denote the set of randomized attacks by .In this paper, we allow Eve to adaptively choose the edges to be eavesdropped. For simplicity, we assume that all subsets in the collection have the same cardinality . While Eve is allowed to eavesdrop edges, she can adaptively choose them as follows. She chooses the first edge to be eavesdropped, and obtains the information on the edge. Based on the information , she chooses the second edge to be eavesdropped and obtains the information on the edge. In this way, based on the information , she chooses the th edge to be eavesdropped and obtains the information on the edge. Since the choice of the set of attacked edges is given as a function of outcomes , it is often written as to clarify this point. Here, for any data , is required to belong to the family . This type of attack is called a general adaptive attack. In this type of attack, the order of eavesdropped edges has no relation with the numbers assigned to the edges. A general adaptive attack is called a timeordered adaptive attack when . Although a general adaptive attack has less practical meaning than a timeordered adaptive attack, we consider a general adaptive attack due to its mathematical simplicity. We denote the sets of timeordered adaptive attacks and general adaptive attacks by and , respectively. The sets of their randomizations are written as and , respectively. Now, we identify the set of deterministic attacks with the collection . Considering a constant function , which does not depend on outcomes , we can consider the collection as a subset of while .
Next, we consider a more powerful attack than a timeordered adaptive attack . Although Eve decides the eavesdropped edges in the same way as the timeordered adaptive attack , she is allowed to change the information on the th eavesdropped edge to , which is a function of her observations . This kind of attack is called an adaptive and active attack and is written as the pair of and . We denote the set of adaptive and active attacks (such functions) by . The sets of the randomizations are written as . When does not depends on her observations , is a deterministic attack and the pair is called an active attack. Indeed, when active attack is made, the information on the network is changed. However, in this paper, we do not care about the correctness of the recovered information when active attack is made. We consider the correctness in the decoding only when no active attack is made, i.e., we discuss only the secrecy when active attack is made.
Hence, we have the relations , and . We also assume that there is no error in any edges except for the eavesdropped edge.
Under a code and an attack , we denote the mutual information between the messages and Eve’s observations by . Also, under an attack we denote it by . In addition, an attack with , we denote it by . Then, for any attack for and a network code , we can choose an attack such that . That is, we have
(1) 
for .
First, we consider the case when the network code is not necessarily linear. Then, we have the following theorem^{2}^{2}2 Even when the cardinality of each channel is different from , this theorem still holds. when expresses the information on the edge .
Theorem 1.
Assume that a network code satisfies the following condition. Given an arbitrary element , we have
(2) 
for any element . Then, any general adaptive attack satisfies
(3) 
Theorem 1 will be shown in the next subsection. Since for any implies the condition (2), we have the following corollary.
Corollary 1.
When the relation
(4) 
holds for an arbitrary element , any general adaptive attack satisfies
(5) 
This corollary guarantees that perfect security for any deterministic attack (4) implies perfect security for any general adaptive attack (5) without the linearity condition. Notice that the mutual information leaked to wiretapper is not zero in the counter example given in Section III.
In the case of linear network codes, we have the following lemma, which will be shown in the next subsection.
Lemma 1.
Let be the message and be the scramble random variable. We assume that they are subject to the independent uniform distribution. For a linear function , we define the variable . We choose a linear function such that . Then,
(6) 
When the message and the scramble random variable are subject to the independent uniform distribution, applying Lemma 1 to the case when , we have
(7) 
which implies the condition (2). Hence, Theorem 1 guarantees the following theorem.
Theorem 2.
Assume that a network code is linear with respect to a certain finite field . When the message and the scramble random variable are subject to the independent uniform distribution, any general adaptive attack satisfies (3).
Further, we have the following proposition.
Proposition 1 ([19, Theorem 1]).
Assume that a network code is linear. Any adaptive and active attack satisfies
(8) 
Although the paper [19] shows Proposition 1 only for an active attack, the proof can be extended to an adaptive and active attack. That is, the reduction from an adaptive and active attack to an adaptive attack can be shown in the same way as [19, Theorem 1]. Therefore, when is a linear code, combing the above fact and (1), we find the relations
(9) 
That is, when a network code is linear, we can restrict Eve’s attacks to deterministic attacks.
Remark 1.
Here, we remark the difference between our adaptive attack and the adaptive attack in [34]. The paper [34] considers the following attack when the code has block length and the sender sends information to the receiver times. The eavesdropper can change the nodes to be attacked on the th transmission by using the information obtained by the previous attacks. However, in our setting, the eavesdropper can change the node to be attacked during one transmission from the sender to the receiver.
IiB Proofs of Theorem 1 and Lemma 1
Iii Network with powerful adaptive attack
In this section, to consider when adaptive attack is more powerful than deterministic attack, we address the single shot setting, in which, the sender sends only one element of , which is called the scalar linearity. Although this section addresses the scalar linearity, Theorem 1 holds under vector linearity.
It is known that there exists a linear imperfectly secure code over a finite field of a sufficiently large prime power when Eve may access a subset of channels that does not contain a cut between Alice and Bob even when the linear code does not employ private randomness in the intermediate nodes [36]^{3}^{3}3In contrast, the paper [11] discussed a similar code construction by increasing (vector linearity) while it did not increase the size of . The paper [37] extended this type of vector linearity setting of imperfectly secure codes to the case with multisource multicast.. Theorem 1 guarantees that such a linear code is still imperfectly secure even for active and adaptive attack over the same network. However, it is not clear whether there exists such a linear imperfectly secure code over a finite field of prime . We consider this problem over the finite field in order to investigate the importance of the linearity condition in Theorem 1. The previous paper [19, Section VII] showed that there exists no imperfectly secure code over active attacks under a toy network while there exists a imperfectly secure code over deterministic attacks. In that network model, nonlinear code realizes the imperfect security over active attacks. In this section, we show that there exists no imperfectly secure code over adaptive attacks in the same network model.
The toy network model given in [19, Section VII] is the network of Fig. 1, whose edges are . Each edge is assumed to send the binary information . No scramble random variable is allowed in the intermediate node, which is the condition (C2). Eve is allowed to attack two edges of except for the pairs and . That is, . We adopt a imperfect security criterion in this section. When is Eve’s information and for all of Eve’s possible attacks, we say that the code is imperfectly secure. Otherwise, it is called insecure. That is, when there exists no function such that , our code is imperfectly secure. We consider the case when the sender transmits only the binary message and any edge can transmit only a binary information. As shown in [19, Theorem 4 of Section VII], there is no imperfectly secure linear code over finite field with prime for deterministic attacks. In other words, no linear code over finite field can realize the situation that Eve cannot recover the message perfectly with deterministic attack.
Now, we prepare the binary uniform scramble random variable . We consider the following code. The encoder is given as
(13) 
Then, we consider nonlinear code in the intermediate node as
(14)  
(15) 
The decoder is given as . Since and are given as follows under this code;
(16) 
the decoder can recover nevertheless the value of .
The leaked information for the deterministic attack is calculated as follows. As shown in [19, Appendix B], the mutual information and the norm security measure of these cases are calculated to
(17)  
(18) 
where the norm security measure is defined as by using the cardinality of the set of outcomes of the variable . In this section, we choose the base of the logarithm to be . Therefore, we find that this code is secure for deterministic attacks. That is, we find that there exists a secure code over deterministic attacks. Further, as shown in [19, Lemma 3 of Section VII], when Eve cannot recover the message perfectly with any deterministic attack in the code, the network code is limited to this code or a code equivalent to this code. This fact shows that there exists no imperfectly secure code over active attacks.
Now, we show that there exists no imperfectly secure code even for adaptive attacks without active modification. Due to the above observation, it is sufficient to show that there exists an adaptive attack to recover the message for the above given code. Here, we give two types of adaptive attacks to recover the message as follows.
 (i)

First, Eve eavesdrops . When , she eavesdrops . Then, she recovers as . When , she eavesdrops Then, she recovers as .
 (ii)

First, Eve eavesdrops . When , she eavesdrops . Then, she recovers as . When , she eavesdrops Then, she recovers as .
Therefore, we find that this code is not imperfectly secure even for adaptive attacks without active modification. That is, there exists no imperfectly secure code over adaptive attacks in this network model. This fact shows that an adaptive attack is powerful for this kind of nonlinear code as an active attack even when it has no active modification. The discussion in this section is summarized as Table II.
Code  deterministic attack  adaptive attack 

linear code over with prime  insecure  insecure 
linear code over with  imperfectly secure  imperfectly secure 
sufficiently large prime power  
nonlinear code over  imperfectly secure  insecure 
Iv Asymptotic formulation
Next, given a network and the collection , we consider the capacity and the capacity region depending on the restrictions on the codes. Due to (1), in the following, we do not consider randomization of Eve’s attack. We assume that each edge transmits when we use channel at times, where the number is called the blocklength. Given integers and , we apply the formulation (including the linearity) given in Section IIA to the case when is given as . In this sense, the linearity condition (C1) is defined with blocklength , and Theorem 1 can be applied in this discussion. Then, dependently of the block length , we denote and by and , respectively, although the collection does not depend on . First, we focus only on an adaptive attack . Since there is no noise, we denote the decoding error probability depends only on our code . Hence, we denote it by . Then, we impose the following two conditions to our code .
 (C3)

[Reliability] The relation .
 (C4)

[Secrecy] The relation holds for .
We denote the set of codes satisfying the above two conditions by . Additionally, we denote the set of codes satisfying the norandomness condition (C2) as well as these two conditions by . In the unicast case, i.e., the case with , we define the fullrandomness capacity and the norandomness capacity as
(19) 
Here, we should remark that we impose no linearity condition for our code. From the definition, we have the relation
(20) 
In the multiple multicast case, we define the fullrandomness capacity region and the norandomness capacity region as
(21) 
Similar to (20), we have the relation
(22) 
Next, we consider the case when each node has limited randomness, which is given as the condition (C2’). Since this generalized case is complicated, we discuss this generalized setting only with the unicast case. Further, we suppose that each group is composed of one node. Then, as in the condition (C2’), we assume that the node in th group can use random numbers per transmission. We denote the set of codes satisfying this condition with length by . Then, we define the capacity with limited randomness as
(23) 
To clarify the effect by the linearity restriction, we denote the capacity and capacity region by and , respectively when the linearity restriction (C1) is imposed to our codes. Then, we have the relation and . Also, the capacity with limited randomness with linearity restriction (C1) to our codes is denoted by .
Restricting Eve’s attack to the deterministic attacks , we define the above type of capacities and capacity regions, which are denoted by and , respectively. Then, we have the relations , , , , and the similar relations.
Now, we address the case when an adaptive and active attack is allowed for Eve. In this case, we replace the condition (C4) by the following condition;
 (C4’)

[Secrecy] The relation holds for .
However, we do not replace (C3) by the following robustness condition;
(24) 
where is the decoding error probability with our code when Eve makes the attack . This situation can be justified in the following way when free public channel with no error is available. In this case, to communicate each other securely, they need to share secret random variables. To generate secret random variables, they send secret random variables via the secure network coding. The secrecy of the generated random variables is guaranteed by the secrecy condition (C4). That is, condition (4) is definitely needed. However, the robustness condition (24) is not necessary because they can check whether the transmitted random number is correct by the error verification test with the public channel after the transmission [27, Section VIII] [28, Step 4 of Protocol 2]. Hence, we impose the condition (C3) instead of (24). Replacing the condition (C4) by the condition (C4’), we define the above type of capacities and capacity regions, which are denoted by and , respectively. Then, we have the relations , , , , and the similar relations. In summary, for each , we have
(25) 
That is, when the equality holds, all the capacities have the same value. In other cases, we have similar relations.
Example 1.
Now, as a typical example, we consider a single source acyclic network where Eve may choose any subset channels to access, which we call wiretap network [1, 2, 30, 31]. That is, is given as
. To discuss the capacities of the given network, we introduce two kinds of minimum cuts. To define them, we define a pseudo source node as a node that has only outgoing edges but has no original message to be transmitted. A pseudo source node is classified as an intermediate node because it is not the source node nor the terminal node. The first type of minimum cut
is the minimum number of edges crossing a line separating the source node and the terminal node. The second type of minimum cut is the minimum number of edges crossing a line separating the source node and the terminal node with removing all edges outgoing from pseudo source nodes. That, while edges outgoing from pseudo source nodes are ignored in , they are counted in . For wiretap network, we have(26)  
(27) 
When the network has no pseudo source node, , which implies the equalities in (27). For example, the network given in Fig. 2 shows a network has different rates and . This network has a linear code to realize when , which implies the equalities in (27).
The relations (26) and (27) can be shown as follows. It was shown in [2, Section III] that the rate is achievable by a linear code where only source node generates randomness when Eve is allowed to use deterministic attack. However, any adaptive and active attack is reduced to deterministic attack under a linear code. Hence, we obtain .
Using a idea similar to [2, Section IV], we show . For this aim, we choose edges crossing a line separating the source node and the terminal node such that these edges contains the eavesdropped edges. Let be the variable on the eavesdropped edges, and be the variable on the above edges crossing the separating line. Let be the message to be securely transmitted. Due to the security condition, we have When an edge has an information with cardinality , the receiver’s information satisfies
(28) 
which implies . Therefore, using (20) and (25) and combining these facts, we obtain (27).
When no intermediate node is allowed to generate randomness, any pseudo source node plays no role. Hence, the above discussion yields that . Thus, we obtain (26).
Example 2.
Next, we consider the case when is given by using the following group structure of the intermediate nodes. The intermediate nodes are divided into groups, from the first group to the th group. Here, source nodes and terminal nodes are regarded as the th group and the th group, respectively. For , there are several edges between the th group and the th group. We call the set of these edges the th edge group. As seen later, this grouping of edges is essential to define the collection . Each intermediate node has incoming edges and outgoing edges.
Eve is assumed to eavesdrop a part of edges from the th edge group. Eve’s ability is characterized by the collection of subsets of the th edge group to be eavesdropped, which is called the th tappededge collection and is denoted by . When an intermediate node of th group is directly linked to an intermediate node of th group, we consider that the intermediate node of th group is connected to intermediate node of th group with an edge that is not contained in any member of the th tappededge collection . Similarly, when an intermediate node of th group is directly linked to an intermediate node of th group, we can apply the same reduction. Hence, without loss of generality, we can assume that an outgoing edge of an intermediate node of th group is linked only to an intermediate node of th group. Hence, the collection is given to be .
V Relay network
Va Formulation and capacities
Now, as a special case of Example 2, we consider the relay network given in Fig. 3 as a generalization of the network of Fig 1. This network is a unicast network, and only one intermediate node in each intermediate group. That is, it has intermediate nodes. We have edges between the and th nodes. In one channel use, each edge can transmit the information for and that takes values on .
Here, we assume that Eve can eavesdrop edges among edges between the and th nodes. In this notation, the function expresses the edges eavesdropped by Eve. That is, she can eavesdrop edges totally. In this paper, we allow stronger attacks for Eve than conventional attacks, i.e., adaptive attacks and active attacks.
Then, we have the following capacity theorem.
Theorem 3.
Defining
(29) 
we have
(30)  
(31)  
(32) 
Here, we discuss the relation to existing results with respect to the difference between two capacities and . A larger part of studies discuss the capacity (or capacity region) with no restriction of randomness generated in intermediate nodes. For example, in wiretap network, which is a typical network model, as explained in Example 1, the capacity with no restriction can be achieved without use of randomness generated in intermediate nodes. However, the paper [23] showed an example, in which randomness generated in intermediate nodes improves the capacity. In this example, the source node is connected only with one edge. Usually, the secure transmission can be done by use of the difference between information on different edges connected to the same node. Hence, it is natural that randomness generated in intermediate nodes improves the capacity when each source node is connected only to one edge.
The papers [24, 25] addressed the difference between the existence and nonexistence of randomness generated in intermediate nodes in another network only for deterministic attacks. However, they did not derive the capacities and exactly. Their analysis depends on special codes. Therefore, our analysis is the first derivation of the difference between the capacities and except for the case when the source node is connected only with one edge.
VB Converse part
For any , the rate of secure transmission from the th intermediate node to the th intermediate node is . Taking the minimum with respect to , we obtain .
Next, we consider (31). For the amount of leaked information, we have the following theorem.
Theorem 4.
Under the condition (C2), we have
(33) 
Therefore, to realize the condition
(34) 
the message needs to satisfy the condition
(35) 
When use the same network times, the condition (34) requires the condition
(36) 
which implies .
Theorem 4 can be generalized to the limited randomness case as follows. Hence, it is sufficient to show Theorem 5.
Theorem 5.
Under the condition (C2’), we have
(37) 
Proof of Theorem 5: Now, we independently choose the sets subject to the uniform distribution. We denote the expectation is with respect to this random choice by . We prove Theorem 5 by using Lemma 4, which will be shown in the latter section. Application of Lemma 4 to shows the inequality
(38) 
for . Then we have for ,
Comments
There are no comments yet.