Strong Secrecy for General Multiple-Access Wiretap Channels
aa r X i v : . [ c s . I T ] M a r Strong Secrecy for General Multiple-AccessWiretap Channels
Manos Athanasakos, and Nicholas Kalouptsidis
Department of Informatics and TelecommunicationsNational and Kapodistrian University of Athens
Athens, [email protected], [email protected]
Abstract —This paper is concerned with the general multipleaccess wiretap channel (MAC-WT) and the existence of codes thataccomplish reliability and strong secrecy. Information leakage tothe eavesdropper is assessed by the variational distance metric,whereas the average error probability is bounded by modifyingFeinstein’s Lemma. We derive an achievable strong secrecy rateregion by utilizing the resolvability theory for the multiple-accesschannel in terms of information-spectrum methods.
I. I
NTRODUCTION
The multiple access wiretap channel involves transmissionsfrom multiple sources to a single destination under the pres-ence of an unauthorized node. Achievable rates are supportedby codes that offer vanishingly small error probability at thelegitimate receiver and vanishingly small information leakageto the eavesdropper. When the multiple access dimension isseparated from the wiretap dimension, well known charac-terizations of capacity are available for both specialized andabstract channel settings [1]. More precisely, the seminal workof Wyner [2], Csisz´ar and K¨orner [3] laid the foundations forthe analysis of the wiretap channel using information-theoretictools and proved the existence of coding schemes that achievereliability and secrecy when rates are confined to the secrecycapacity region. The capacity region of the multiple accesschannel was extensively studied in [4], [5].During the last decades many communication models havebeen investigated [6], [7], [8] using the notion of channelcapacity as basis for the development of coding schemes.Recently, the authors in [9] showed that capacity based codeshave many limitations and cannot provide strong secrecyresults. On the other hand, information spectrum methods aslaid out in Hayashi [10] and Han [11], [12] demonstrate thatthere is a connection between wiretap coding and channelresolvability which can lead to strong secrecy results. Theidea behind channel-resolvability based constructions is to usea codebook to control the statistical distribution induced atthe output of a noisy channel and the objective is to approx-imate the eavesdropper’s observation by drawing codewordsuniformly at random from a codebook. Based on this concept
This research is co-financed by Greece and the European Union (EuropeanSocial Fund- ESF) through the Operational Programme “Human ResourcesDevelopment, Education and Lifelong Learning” in the context of the project“Strengthening Human Resources Research Potential via Doctorate Research”(MIS-5000432), implemented by the State Scholarships Foundation (IKY). various communication models have been investigated [9],[13], [14] with the strong secrecy requirement as introducedby Maurer [15].In this paper, we derive regions of achievable rate pairs forthe general multiple-access wiretap channel (MAC-WT) underthe strong secrecy criterion. We use the variational distancemetric in order to prove statistical independence between thetransmitted messages and the eavesdropper distribution, whilereliability is provided by modifying Feinstein’s Lemma [16].Our main result is valid for general channels with abstractalphabets as the proof is based on Steinberg’s multiple-accesschannel (MAC) resolvability theory [17] and thus can beapplied in both a discrete and continuous environment makingno common and restrictive assumptions such as stationarity,ergodicity and memory.The rest of the paper is organized as follows. Section IIdescribes the model and formulates the problem. In Section IIIwe first introduce some basic prerequisites and then we provethe main theorem highlighting the reliability and informationleakage analysis. Finally, Section V concludes the paper.
Notation:
We represent random variables with capital letters.Sample values are denoted with lower case letters x ; they takevalues in alphabets X which can be arbitrary sets. We usebold upper case letters such as X to denote random vectors.We write p ¯ Y to express the approximated output distributionof a channel resulting from input ¯ X chosen from code C n .Also we use the notation x ( i, j ) and x (1) ij interchangeablyfor readability purposes.II. M ULTIPLE ACCESS WIRETAP CHANNEL AND CODINGSCHEME
Two users wish to send messages to a legitimate receiverreliably with no errors and simultaneously ensure no leak-age to a potential eavesdropper. More precisely, transmis-sion over the MAC-WT, involves two arbitrary input alpha-bets X , X , two arbitrary output alphabets Y , Z and a se-quence of transition probabilities { p Y Z | X X } n ≥ . The chan-nels ( X , X , p ( y | x , x ) , Y ) and ( X , X , p ( z | x , x ) , Z ) arecalled the main and the eavesdropper’s channel, respectively.A ( e nR , e nR , n ) wiretap coding scheme C n for the MAC-WT channel consists of: • two private message sets M = { , . . . , e nR } and M = { , . . . , e nR } , two auxiliary message sets M ′ = { , . . . , e nR ′ } and M ′ = { , . . . , e nR ′ } , which are used to randomize thetransmission of the private messages, • two stochastic encoders with mappings φ : M ×M ′ →X n and φ : M × M ′ → X n , • and a decoder ψ n : Y n → M × M ′ × M × M ′ .The reliability performance of the code is evaluated by theprobability of error, where we require correct decoding atthe legitimate receiver for both the actual and the auxiliarymessage and is defined as P e ( C n ) = P ( { ( ˆ M , ˆ M , ˆ M ′ , ˆ M ′ ) = ( M , M , M ′ , M ′ ) |C n } ) . Ideally, perfect secrecy obtains when knowledge of the obser-vation vector Z ∈ Z n at the eavesdropper offers no cluesabout the transmitted messages M ∈ M , M ∈ M .Perfect secrecy conditions are asymptotically met providedthe relative entropy D ( p M M Z || p M M p Z ) goes to zero as n → ∞ . Here we will assess the amount of leaked informationto the eavesdropper by the second strongest secrecy metric [9]defined in terms of the variational distance. L ( C n ) = V ( p M M Z , p M M p Z ) . Where V is the variational distance between two distributions V ( P, Q ) = 2 sup
A∈F | P ( A ) − Q ( A ) | Based on the above, we call a pair ( R , R ) achievable if thereexists a sequence of codes such that the • lim n →∞ P e ( C n ) = 0 , • lim n →∞ L ( C n ) = 0 .The strongly secure achievable rate region of the generalMAC-WT channel is characterized in the next section.III. A CHIEVABILITY OF THE
MAC-WT
CHANNEL
The achievable rate region of the MAC-WT channel is de-scribed in terms of information density and spectrum concepts.These are defined next.
A. Information-spectrum theory
The information density between X and Y is the randomvariable i ( X ; Y ) = log p XY ( XY ) p X ( X ) p Y ( Y ) and the conditional information density of X , Y given Z isdefined as i ( X ; Y | Z ) = log p XY | Z ( X, Y | Z ) p X | Z ( X | Z ) p Y | Z ( Y | Z ) . The mean of the above variables is the usual mutual infor-mation, i.e. I ( X ; Y ) = E XY [ i ( X ; Y )] and I ( X ; Y | Z ) = E XY Z [ i ( X ; Y | Z )] . If X = ( X , . . . , X n ) and Y =( Y , . . . , Y n ) denote random vectors of dimension n , thedistribution of the random variable n i ( X ; Y ) is called the information spectrum [11] of p XY . The asymptotic regime isdescribed by the sup-information rate ¯ i ( X ; Y ) = p - lim sup n →∞ n i ( X ; Y )= inf { α : lim n →∞ P [ 1 n i ( X ; Y ) > α ] = 0 } , and the inf-information rate ¯ i ( X ; Y ) = p - lim inf n →∞ n i ( X ; Y )= sup { β : lim n →∞ P [ 1 n i ( X ; Y ) < β ] = 0 } . We are now ready to present the main result of this paper.
Theorem:
The achievable rate region under the strong secrecycriterion for the general MAC-WT is R SS = R ≤ p- lim inf n →∞ n i ( X ; Y | X ) − p- lim sup n →∞ n i ( X ; Z ) − γR ≤ p- lim inf n →∞ n i ( X ; Y | X ) − p- lim sup n →∞ n i ( X ; Z ) − γR + R ≤ p- lim inf n →∞ n i ( X X ; Y ) − p- lim sup n →∞ n i ( X X ; Z ) − γ where γ is a positive arbitrary constant. Remark:
In [13] Yassaee and Aref, use output statisticsapproximation techniques to obtain the same rate region forthe MAC-WT. However, their result is confined to discretememoryless channels as it is based on typicality. In this paperachievability is established for a broader class of channels thatincludes both discrete and continuous channel and withoutmemory constraints.The proof of the above theorem proceeds in a numberof steps. First we analyze achievability by working outthe attributes that shape the probability of error. Then wedemonstrate that in addition the strong secrecy criterion isvalid. More precisely, consider a rate pair ( R , R ) satisfyingthe inequalities given in the theorem. We show that thereis a sequence of codes with asymptotically vanishing errorprobability and leakage. B. Reliability analysis
We construct a coding scheme with the following structure:
Codebook generation:
We generate M M ′ codewords inde-pendently and at random by generating ⌈ e nR ⌉⌈ e nR ′ ⌉ i.i.d.sequences x n ( m ) with m = ( i, j ) ∈ M × M ′ accordingto p X . Similarly we generate the codewords for the seconduser. Encoding:
To transmit m = ( i, j ) ∈ M × M ′ , where i is the actual message and j is the auxiliary message, user 1computes x n ( m ) and send it over the channel. User 2 actsn the same way. Decoding:
For arbitrary γ > we define the sets T n = { ( x , x , y ) :1 n log p Y | X X ( y | x , x ) p Y | X ( y | x ) > n log M M ′ + γ (cid:27) , T n = { ( x , x , y ) :1 n log p Y | X X ( y | x , x ) p Y | X ( y | x ) > n log M M ′ + γ (cid:27) , T n = { ( x , x , y ) :1 n log p Y | X X ( y | x , x ) p Y ( y ) > n (log M M + log M ′ M ′ )+ γ (cid:27) and T n = T n ∩ T n ∩ T n .After receiving a y ∈ Y n , the threshold decoder ψ n searchesfor messages m , m and their corresponding indices whichsatisfy ( x ( m ) , x ( m ) , y n ) ∈ T n . If such a tuple exists andis unique the decoder outputs ψ n ( y ) = ( ˆ m , ˆ m ) , otherwisedeclares an error.The analysis of the error probability relies on standardarguments. The following Lemma provides conditions for reli-able communication between the two users and the legitimatereceiver. Lemma 1: If ≤ R + R ′ ≤ p- lim inf n →∞ n i ( X ; Y | X ) − γ ≤ R + R ′ ≤ p- lim inf n →∞ n i ( X ; Y | X ) − γ ≤ R + R + R ′ + R ′ ≤ p- lim inf n →∞ n i ( X X ; Y ) − γ, then lim n →∞ E [ P e ( C n )] = 0 . Proof.
In order to prove that for the any rate pairs whichcomply with the above inequalities, P e ( C n ) → for large n , we consider the multi-user version of Feinstein’s Lemma[16], [11] and modify it properly so that includes the auxiliarymessage rates. This is necessary since the legitimate receiverhas to decode the auxiliary random message as well. Moreprecisely the following Lemma holds. Lemma 2:
Let X , X be an arbitrary pair of channelinputs and Y is the channel output from a MAC. Then forarbitrary positive integers M , M , M ′ , M ′ , there exists an ( M , M , M ′ , M ′ , n ) -code satisfying P e ( C n ) ≤ P (cid:26) n i ( X ; Y | X ) ≤ n log M M ′ + γ (cid:27) + P (cid:26) n i ( X ; Y | X ) ≤ n log M M ′ + γ (cid:27) + P (cid:26) n i ( X X ; Y ) ≤ n (log M M + log M ′ M ′ )+ γ (cid:27) + 5 e − nγ . for all n and arbitrary γ > .We provide a sketch of the proof only; the full details followthe same line of arguments with those employed for the simpleMAC case in [11, Theorem 7.7]. First we define the event E ijkl = ( x ( i, j ) , x ( k, l ) , y ) ∈ T n E cijkl stands for the complement. Using the symmetry ofthe random code construction, the average error probability E [ P e ( C n )] is equal to the error probability of a randomcodeword transmission. Without loss of generality, we assumethat user 1 and user 2 send x (1 , and x (1 , , respectively.Therefore the error probability is upper bounded as follows: E [ P e ( C n )] = P {E c [ ( i ′ j ′ k ′ l ′ ) =(1111) E i ′ j ′ k ′ l ′ }≤ P {E c } + X i ′ =1 P {E i ′ } + X j ′ =1 P {E j ′ } + X k ′ =1 P {E k ′ } + X l ′ =1 P {E l ′ } + X ( i ′ j ′ k ′ l ′ ) =(1111) P {E i ′ j ′ k ′ l ′ } (1)Each of the terms appearing above can be handled in a mannersimilar to [11, Theorem 7.7]. For instance, the first summandis bounded as follows P {E i ′ } = X ( x , x , y ) ∈T n p X ( x ) p X Y ( x , y ) ≤ X ( x , x , y ) ∈T n p X ( x ) p X Y ( x , y ) . (2)Also, for ( x , x , y ) ∈ T n p X Y ( x , y ) ≤ p X ( x ) p Y | X X ( y | x x ) e − nγ M (3)and eq.(1) leads to P {E i ′ }≤ X ( x , x , y ) ∈T n p X ( x ) p X ( x ) p Y | X X ( y | x x ) e − nγ M ≤ e − nγ M , (4)and finally we obtain P i ′ =1 P {E i ′ } ≤ e − nγ . Similarly wecan bound the other terms and by substituting into eq. (1) weget E [ P e ( C n )] ≤ P {E c } + 5 e − nγ where the first term is trivial. According to this we concludethat there must exist at least one ( M , M , M ′ , M ′ , n ) -codesatisfying the condition of Lemma 2 and any information andauxiliary rate pair satisfying Lemma 1 is achievable. Hence,for arbitrary ( R , R ) and ( R ′ , R ′ ) and a small constant γ > we define M i = e n ( R i − γ ) and M ′ i = e n ( R ′ i − γ ) or i = 1 , and Lemma 2 guarantees the existence of an ( M , M , M ′ , M ′ , n ) -code satisfying P e ( C n ) ≤ P (cid:26) n i ( X ; Y | X ) ≤ R + R ′ − γ (cid:27) + P (cid:26) n i ( X ; Y | X ) ≤ R + R ′ − γ (cid:27) + P (cid:26) n i ( X X ; Y ) ≤ R + R ′ + R + R ′ − γ (cid:27) + 5 e − nγ . Because the definitions of spectral inf-information rates implythat all the terms of the RHS converge to zero as n → ∞ then lim n →∞ E [ P e ( C n )] = 0 . C. Secrecy Analysis
We next analyze the code performance in terms of informa-tion leakage. The following Lemma identifies the constraintson the rates of local randomness needed to asymptoticallyeliminate leakage.
Lemma 3:
If the rate pair satisfies R ′ ≥ p- lim sup n →∞ n i ( X ; Z ) + 2 γR ′ ≥ p- lim sup n →∞ n i ( X ; Z ) + 2 γR ′ + R ′ ≥ p- lim sup n →∞ n i ( X X ; Z ) + 2 γ (5)then lim n →∞ E [ L ( C n )] = 0 . Proof.
Let ¯ Z denote the random vector received by the eaves-dropper if X , X are i.i.d distributed according to p X ( x ) , p X ( x ) . We can bound the variational distance between p M M Z and p M M p Z as follows L ( C n ) = V ( p M M ¯ Z , p M M p ¯ Z )= E M M [ V ( p ¯ Z | M M , p ¯ Z )] ≤ E M M [ V ( p ¯ Z | M M , p Z ) + V ( p Z , p ¯ Z )] ≤ E M M [ V ( p ¯ Z | M M , p Z )] . (6)Furthermore if we average over all possible codewords and usethe symmetry of the random coding construction, we obtain E [ L ( C n )] ≤ E [ V ( p ¯ Z | M =1 M =1 , p Z )] (7)where the output distribution is given by p ¯ Z | ( z ) = 1 M ′ M ′ M ′ X j =1 M ′ X l =1 p Z | X X ( z | x (1 , j ) , x (1 , l )) (8)To ensure asymptotic decay of L ( C n ) to zero, it suffices toestablish that each of the sub-codebooks { x ( i, j ) } j ∈ M ′ and { x ( k, l ) } l ∈ M ′ are channel resolvability codes [6], [11]. The proof of this claim relies on the following known inequality. Lemma 4: [11] For any µ > and any two distributions P , QV ( P, Q ) ≤ µ + 2 P (cid:26) log P ( X ) Q ( X ) > µ (cid:27)| {z } J µ where P , Q are distributed over X .Guided by the above Lemma we define J µ for any µ > asfollows, J µ = X x (1)11 ∈X n . . . X x (1)1 M ′ ∈X n X x (2)11 ∈X n . . . X x (2)1 M ′ ∈X n p X ( x (1)11 ) . . .p X ( x (1)1 M ′ ) p X ( x (2)11 ) . . . p X ( x (2)1 M ′ ) × X z ∈Z n p ¯ Z | ( z ) (cid:26) log p ¯ Z | ( z ) p Z ( z ) > µ (cid:27) (9)and we show that for any µ > ; J µ → [17]. Indeed, J µ = X x (1)11 ∈X n . . . X x (1)1 M ′ ∈X n X x (2)11 ∈X n . . . X x (2)1 M ′ ∈X n p X ( x (1)11 ) . . .p X ( x (1)1 M ′ ) p X ( x (2)11 ) . . . p X ( x (2)1 M ′ ) × X z ∈Z n M ′ X j =1 M ′ X l =1 M ′ M ′ p Z | X X ( z | x (1 , j ) , x (1 , l )) × (cid:26) P M ′ j =1 P M ′ l =1 p Z | X X ( z | x (1 , j ) , x (1 , l )) M ′ M ′ p Z ( z ) > e µ (cid:27) = X x (1)12 ∈X n . . . X x (1)1 M ′ ∈X n X x (2)12 ∈X n . . . X x (2)1 M ′ ∈X n p X ( x (1)12 ) . . .p X ( x (1)1 M ′ ) p X ( x (2)12 ) . . . p X ( x (2)1 M ′ ) × X x (1)11 ∈X n X x (2)11 ∈X n X z ∈Z n p X X Z ( x (1)11 , x (2)11 , z ) × (cid:26) p Z | X X ( z | x (1 , , x (1 , M ′ M ′ p Z ( z )+ P ( j,l ) =(1 , p Z | X X ( z | x (1 , j ) , x (1 , l )) M ′ M ′ p Z ( z ) > e µ (cid:27) (10)where the last equality exploits symmetry. Moreover, fromeq.(10) we obtain eq. (11) on the top of the next page, where τ = ( e µ − . Taking the expectation we obtain J µ ≤ J + J + J + J (12) µ = X x (1)12 ∈X n . . . X x (1)1 M ′ ∈X n X x (2)12 ∈X n . . . X x (2)1 M ′ ∈X n p X ( x (1)12 ) . . . p X ( x (1)1 M ′ ) p X ( x (2)12 ) . . . p X ( x (2)1 M ′ ) × X x (1)11 ∈X n X x (2)11 ∈X n X z ∈Z n p X X Z ( x (1)11 , x (2)11 , z ) (cid:26) M ′ M ′ exp( i ( x (1)11 x (2)11 ; z )) + 1 M ′ M ′ X ( j,l ) =(1 , exp( i ( x (1)1 j x (2)1 l ; z )) > τ (cid:27) ≤ X x (1)12 ∈X n . . . X x (1)1 M ′ ∈X n X x (2)12 ∈X n . . . X x (2)1 M ′ ∈X n p X ( x (1)12 ) . . . p X ( x (1)1 M ′ ) p X ( x (2)12 ) . . . p X ( x (2)1 M ′ ) × X x (1)11 ∈X n X x (2)11 ∈X n X z ∈Z n p X X Z ( x (1)11 , x (2)11 , z ) ( (cid:26) M ′ M ′ exp( i ( x (1)11 x (2)11 ; z )) > τ (cid:27) + (cid:26) M ′ M ′ X j =1 exp( i ( x (1)1 j x (2)11 ; z )) > τ (cid:27) + (cid:26) M ′ M ′ X l =1 exp( i ( x (1)11 x (2)1 l ; z )) > τ (cid:27) + (cid:26) M ′ M ′ X ( j,l ) =(1 , exp( i ( x (1)1 j x (2)1 l ; z )) > τ (cid:27)) (11)where J = P (cid:26) M ′ M ′ exp( i ( X X ; Z )) > τ (cid:27) J = P (cid:26) M ′ M ′ M ′ X j =1 exp( i ( X (1 , j ) X ; Z )) > τ (cid:27) J = P (cid:26) M ′ M ′ M ′ X l =1 exp( i ( X X (1 , l ); Z )) > τ (cid:27) J = P (cid:26) M ′ M ′ M ′ X j =1 M ′ X l =1 exp( i ( X (1 , j ) X (1 , l ); Z )) > τ (cid:27) , Application of similar steps to those developed in [17] allowsus to conclude that each one the terms J i , i = 1 , , , , goto zero, if the auxiliary rate pairs satisfy the inequalities ofLemma 3. Finally, convergence of J µ to zero in conjunctionwith Lemma 4 prove the claim.Finally, combining the results of Lemma 1 and Lemma 3and performing Fourier-Motzkin elimination for the auxiliaryrates R ′ , R ′ we obtain the achievable rate region of the mainTheorem. IV. C ONCLUSION
In this paper achievability has been studied for stronglysecure communication in a MAC-WT. Thanks to theinformation-spectrum methods adopted in this work, there isno need for assumptions such as stationarity, ergodicity andmemorylessness. Moreover we obtained generalized resultswhich can be useful to specific applications. Extensions thatinclude relay nodes as well as specialized settings are consid-ered in forthcoming work. R
EFERENCES[1] T. M. Cover and J. A. Thomas,
Elements of Information Theory . NewYork: John Wiley & Sons, 1991.[2] A. D. Wyner, “The wire-tap channel,”
Bell System Technical Journal ,vol. 54, no. 8, pp. 1355-1367, Oct. 1975.[3] I. Csisz´ar and J. K¨orner,“Broadcast Channels with Confidential Mes-sages,”
IEEE Trans. Inform. Theory , vol. 24, no. 3, pp. 339-348, May1978.[4] R. Ahlswede, “Multi-way communication channels,” in Proc. of 2ndIEEE International Symposium on Information Theory (ISIT) , pp. 23-51, Tsahkadsor, Armenia, 1971.[5] Henry H.-J. Liao,“Multiple access channels,” Ph.D. dissertation, Univer-sity of Hawaii, Honolulu, USA, September 1972.[6] M. Bloch and J. Barros,
Physical-Layer Security: From InformationTheory to Security Engineering . Cambridge University Press, October2011.[7] Y. Liang and H. V. Poor, “Multiple-access channels with confidentialmessages,”
IEEE Trans. Inform. Theory , vol. 54, no. 3, pp. 976-1002,March 2008.[8] E. Tekin and A. Yener, “The general Gaussian multiple-access and two-way wiretap channels: Achievable rates and cooperative jamming,”
IEEETrans. Inform. Theory , vol. 54, no. 6, pp. 2735-2751, 2008.[9] M. R. Bloch and J. N. Laneman, “Strong secrecy from channel re-solvability,”
IEEE Trans. Inform. Theory , vol. 59, no.12, pp.8077-8098,2013.[10] M. Hayashi, “General nonasymptotic and asymptotic formulas in chan-nel resolvability and identication capacity and their application to thewiretap channel,”
IEEE Trans. Inform. Theory , vol. 52, no. 4, pp. 1562-1575, Apr. 2006.[11] T. S. Han,
Information-Spectrum Methods in Information Theory .Springer, 2002.[12] T. S. Han and S. Verd´u, “Approximation theory of output statistics,”
IEEE Trans. Inform. Theory , vol. 39, no. 3, pp. 752-772, 1993.[13] M. H. Yassaee and M. R. Aref, “Multiple access wiretap channels withstrong secrecy,” in proc. of IEEE Inf. Theory Workshop , pages 1-5. ,Aug 2010.[14] M. Wiese and H. Boche, “An achievable region for the wiretap multiple-access channel with common message,” in Proc. of IEEE InternationalSymposium on Information Theory (ISIT) , pp. 249-253, Cambridge,USA, 2012.[15] U. M. Maurer and S. Wolf, “Information-Theoretic Key Agreement:From Weak to Strong Secrecy for Free,” in proc. of Advances inCryptology-Eurocrypt 2000 , Lecture Notes in Computer Science. B.Preneel, 2000, p. 351.[16] A. Feinstein, “ A new basic theorem of information theory,”
IEEE Trans.Inform. Theory, vol. 4, no. 4, pp. 2-22, 1954.[17] Y. Steinberg.“Resolvability theory for the multiple-access channel,”