Fault-Tolerant Secret Key Generation - ECE@IISc
Fault-Tolerant Secret Key Generation
Himanshu Tyagi University of Maryland, College Park
Navin Kashyap† †
Joint work with: Yogesh Sankarasubramaniam∗
Indian Institute of Sciences, Bangalore
∗
Kapali Viswanathan∗ HP Labs, Bangalore
Multiterminal Source Model Xn 3 Xn 4
Xn 2
Formulation An Upper Bound Symmetric Observations
Xn 5
Central Switch
Xn 1
Exchangeablity PIN Model
Xn m
Xn 6 Xn 7
K
K
Set of nodes: M = {1, ..., m} !
Observations of the ith node: Xin = (Xi1 , ..., Xin )
!
Denote by XMt the correlated rvs (X1t , ..., Xmt )
!
XM1 , ..., XMn are finite, discrete valued, i.i.d. rvs - with known probability distribution. 1 / 29
r-Rounds Adaptive Protocol Xn 3 Xn 4
Xn 2
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
Xn 5
Central Switch
Xn 1
Xn m
Xn 6 Xn 7 K
Available Nodes: A0 = M
2 / 29
r-Rounds Adaptive Protocol Xn 3 Xn 4
Xn 2
Formulation An Upper Bound
Round 1: F1
Symmetric Observations Exchangeablity PIN Model
Xn 1
Xn 5
Central Switch
Xn 6 Xn 7 K
Nodes Remaining: A1 = {1, 2, 3, 4, 5, 6, 7} Communication in round j depends on: local observations and the communication in the previous rounds.
3 / 29
r-Rounds Adaptive Protocol Xn 3
Formulation
Xn 4
Xn 2
An Upper Bound Round 2: F2
Symmetric Observations
Central Switch
Exchangeablity PIN Model
Xn 6 Xn 7 K
Nodes Remaining: A2 = {2, 3, 4, 6, 7} Communication in round j depends on: local observations and the communication in the previous rounds.
4 / 29
r-Rounds Adaptive Protocol
Formulation
Xn 4
Xn 2
An Upper Bound Round r − 1: Fr−1
Symmetric Observations
Central Switch
Exchangeablity PIN Model
Xn 6
K
Nodes Remaining: Ar−1 = {2, 4, 6} Communication in round j depends on: local observations and the communication in the previous rounds.
5 / 29
r-Rounds Adaptive Protocol
Xn 4
Xn 2
Formulation An Upper Bound
Round r: Fr
Symmetric Observations
Central Switch
Exchangeablity PIN Model
Xn 6
K
Nodes Remaining: Ar−1 = {2, 4, 6} = Ar Communication in round j depends on: local observations and the communication in the previous rounds. Assumption: Ar = Ar−1
6 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound
F
F
Xn 2
Xn 4
K2
Symmetric Observations
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
Communication in round j depends on: local observations and the communication in the previous rounds. Assumption: Ar = Ar−1 The overall communication depends on Ar = Ar−1 ⊆ ... ⊆ A1 - F denotes the overall communication.
7 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound
F
F
Xn 2
Xn 4
K2
Symmetric Observations
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
K constitutes a secret key if: 1. Recoverability: Pr (Ki = K, i ∈ Ar ) ≈ 1 2. Security: I(K ∧ F) ≈ 0 The rate of the SK:
1 H(K) n
8 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound Symmetric Observations
F
F
Xn 2
Xn 4
K2
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
Definition (Achievable (r, t)-fault-tolerant SK rate) R ≥ 0 is an achievable (r, t)-fault-tolerant SK rate if there is an r-rounds adaptive protocol that generates an SK of rate greater than R whenever not more than t nodes drop out.
9 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound
F
F
Xn 2
Xn 4
K2
Symmetric Observations
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
K constitutes a perfect secret key if: 1. Perfect Recoverability: Pr (Ki = K, i ∈ Ar ) = 1 2. Perfect Security: I(K ∧ F) = 0 The rate of the SK:
1 H(K) n
10 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound Symmetric Observations
F
F
Xn 2
Xn 4
K2
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
Definition (Achievable (r, t)-fault-tolerant perfect SK rate) R ≥ 0 is an achievable (r, t)-fault-tolerant perfect SK rate if there is an r-rounds adaptive protocol that generates a perfect SK of rate greater than R whenever not more than t nodes drop out.
11 / 29
Fault-Tolerant Secret Key Capacity
(r, t)-fault-tolerant SK capacity C r,t (M): Formulation An Upper Bound
Supremum of all achievable (r, t)-fault-tolerant rates.
Symmetric Observations Exchangeablity PIN Model
(r, t)-fault-tolerant perfect SK capacity C0r,t (M): Supremum of all achievable (r, t)-fault-tolerant perfect SK rates.
Lemma For r ≥ 1, C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M).
12 / 29
An Upper Bound on Fault-Tolerant SK Capacity Theorem (Csisz´ ar-Narayan 2004) Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
The secret key capacity (for t=0) is given by C(M) = H (XM ) − min (R1 + R2 + ... + Rm ) , where the min is taken over (R1 , ..., Rm ) that satisfy: ! " # Ri ≥ H XB | XM\B , B ! M. i∈B
min value above is the minimum rate of communication for omniscience. Lemma (Upper Bound on C r,t (M)) C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|≥m−t
C(A),
r ≥ 1.
Proof Idea: Consider the sequence of sets A1 = ... = Ar−1 = Ar = A.
13 / 29
Monotonicity of SK Capacity Theorem (Chan-Zheng 2010) Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
C(M) =
min
P={C1 ,...,Ck }
1 D (XM ||XC1 .XC2 ...XCk ) , k
where the minimization is over all partitions P of M.
Lemma (Monotonicity of C(M)) C(M) ≥
min
A⊆M |A|=m−1
C(A).
Lemma (Upper Bound on C r,t (M)) C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|=m−t
C(A),
r ≥ 1. 14 / 29
Is this Upper Bound Tight??
Formulation An Upper Bound
Lemma (Upper Bound on C r,t (M))
Symmetric Observations Exchangeablity PIN Model
C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|=m−t
C(A),
r ≥ 1.
15 / 29
Is this Upper Bound Tight??
Formulation An Upper Bound
Lemma (Upper Bound on C r,t (M))
Symmetric Observations Exchangeablity PIN Model
C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|=m−t
C(A),
r ≥ 1.
Yes. When the observations of the nodes are symmetric
16 / 29
Exchangeable Random Variables PX1 ,...,Xm = PXσ(1) ,...,Xσ(m) , for all permutations σ of {1, ..., m} Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
For disjoint sets B1 , B2 : H (XB1 |XB2 ) depends only on |B1 |, |B2 | Define: g(i|j) = H (X1 , ..., Xi |Xi+1 , ..., Xi+j ) Lemma (Minimum Rate of Communication for Omniscience) For
g(m − 1|1) , m−1 (αm , ..., αm ) is an optimal rate-vector for omniscience, i.e., RCO = mαm . αm =
Lemma αm is nonincreasing in m. Proof: Uses properties g(i|j) inherited from H(·).
17 / 29
Optimal Fault-Tolerant SK Generation Protocol 2-rounds adaptive protocol: Formulation
1. Each node communicates using random mapping of rate αm . A1 = set of nodes that communicate in round 1, |A1 | = k
An Upper Bound Symmetric Observations Exchangeablity PIN Model
2. Nodes in A1 send further communication of rate αk − αm - if A2 (= A1 the protocol fails. Observation: Two random mappings of rates R1 and R2 can serve as a single random mapping of rate R1 + R2 in (multiterminal) Slepian-Wolf coding. Performance of the protocol: n - Nodes in A2 = A1 recover XA 1
- Rate of communication = kαk - Nodes in A2 generate SK of rate C(A2 )
18 / 29
Optimal Fault-Tolerant SK Generation Protocol
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
Theorem (Fault-Tolerant SK Capacity) For exchangeable rvs, for r ≥ 2, C r,t (M) =
min
A⊆M |A|=m−t
C(A) = g(m − t|0) −
(m − t)g(m − t − 1|1) . m−t−1
19 / 29
The Pairwise-Independent-Network Model Graph G = (V, E ) Formulation
3 4
2
An Upper Bound Symmetric Observations
e13
e14
e12
Exchangeablity PIN Model
e15
5
1 e16 e1m e17 m
6 7
Ye-Reznik 2007, Nitinawarat et.al. 2010 Bij : unbiased bit corresponding to the edge eij Random Variables {Bij : i, j ∈ M} are mutually independent. !
Xi = {Bij corresponding to edges eij incident on i} 20 / 29
The Pairwise-Independent-Network Model
Formulation An Upper Bound
Assumption: The graph G is complete
Symmetric Observations Exchangeablity PIN Model
Symmetry: For B1 ∩ B2 = ∅, H (XB1 |XB2 ) depends only on |B1 |, |B2 |.
C01,t (M) ≤ C 2,t (M) = g(m − t|0) −
m−t (m − t)g(m − t − 1|1) = m−t−1 2
21 / 29
Generating 1-bit Fault-Tolerant SK
Assume that G is a (t + 1)-connected, spanning graph.
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
!
Noninteractive protocol to generate 1-bit of fault-tolerant SK: ei1
!
Bij ⊕ Bij # : eij , eij # ∈ E
"
ei2
i eim
For A ⊆ M with |A| ≥ m − t: let eA be an edge between nodes in A. Claim: H (BeA | (FA , Xi )) = 0 and I (BeA ∧ FA ) = 0, i ∈ A. BeA constitutes a 1-bit SK for A
22 / 29
Generating 1-bit Fault-Tolerant SK
Assume that G is a (t + 1)-connected, spanning graph.
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
!
Noninteractive protocol to generate 1-bit of fault-tolerant SK: ei1
!
Bij ⊕ Bij # : eij , eij # ∈ E
"
ei2
i eim
This noninteractive protocol generates 1-bit SK for each spanning tree. Nitinawarat et.al. use the interactive protocol of Csisz´ ar-Narayan.
23 / 29
Optimal Fault-Tolerant SK Generation Protocol
Assumption: The graph G is complete Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
Noninteractive protocol above gives 1-bit of SK for each spanning tree Find a “fault-tolerant” spanning tree packing - sufficiently many spanning trees must remain when nodes drop out !
Consider n = 2: Any two nodes share 2 independent bits
!
Can find a spanning tree packing such that: - any subset A contains |A| spanning trees
Thus, a subset of size ≥ m − t can pack m − t spanning trees
Secret key rate attained:
m−t 2
24 / 29
Optimal Fault-Tolerant SK Generation Protocol
2
3
1
3
2
3
Formulation An Upper Bound
2
1
2
m
Symmetric Observations Exchangeablity PIN Model
m
4
m
4
1
4
25 / 29
Optimal Fault-Tolerant SK Generation Protocol
2
3
1
3
2
3
Formulation An Upper Bound
2
1
2
m
Symmetric Observations Exchangeablity PIN Model
m
4
m
4
1
4
Theorem For the PIN model corresponding to a complete graph, C01,t (M) = C r,t (M) =
m−t , 2
r ≥ 2.
26 / 29
An Alternative Protocol A protocol to generate + m , − t bits of SK for n = 1: 2 Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
First consider m even. Tree remains connected if a leaf node drops out. !
Fix a matching in G.
27 / 29
An Alternative Protocol A protocol to generate + m , − t bits of SK for n = 1: 2 Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
First consider m even. Tree remains connected if a leaf node drops out. !
Fix a matching in G.
!
There is a spanning tree corresponding to each edge in the matching.
28 / 29
Future Directions
Formulation An Upper Bound Symmetric Observations
!
This work is a first step towards the larger goal of information-theoretic SK agreement for dynamic groups.
!
Incorporate rejoining of terminals that drop out.
!
What if the central switch has additional side information?
Exchangeablity PIN Model
29 / 29
Himanshu Tyagi University of Maryland, College Park
Navin Kashyap† †
Joint work with: Yogesh Sankarasubramaniam∗
Indian Institute of Sciences, Bangalore
∗
Kapali Viswanathan∗ HP Labs, Bangalore
Multiterminal Source Model Xn 3 Xn 4
Xn 2
Formulation An Upper Bound Symmetric Observations
Xn 5
Central Switch
Xn 1
Exchangeablity PIN Model
Xn m
Xn 6 Xn 7
K
K
Set of nodes: M = {1, ..., m} !
Observations of the ith node: Xin = (Xi1 , ..., Xin )
!
Denote by XMt the correlated rvs (X1t , ..., Xmt )
!
XM1 , ..., XMn are finite, discrete valued, i.i.d. rvs - with known probability distribution. 1 / 29
r-Rounds Adaptive Protocol Xn 3 Xn 4
Xn 2
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
Xn 5
Central Switch
Xn 1
Xn m
Xn 6 Xn 7 K
Available Nodes: A0 = M
2 / 29
r-Rounds Adaptive Protocol Xn 3 Xn 4
Xn 2
Formulation An Upper Bound
Round 1: F1
Symmetric Observations Exchangeablity PIN Model
Xn 1
Xn 5
Central Switch
Xn 6 Xn 7 K
Nodes Remaining: A1 = {1, 2, 3, 4, 5, 6, 7} Communication in round j depends on: local observations and the communication in the previous rounds.
3 / 29
r-Rounds Adaptive Protocol Xn 3
Formulation
Xn 4
Xn 2
An Upper Bound Round 2: F2
Symmetric Observations
Central Switch
Exchangeablity PIN Model
Xn 6 Xn 7 K
Nodes Remaining: A2 = {2, 3, 4, 6, 7} Communication in round j depends on: local observations and the communication in the previous rounds.
4 / 29
r-Rounds Adaptive Protocol
Formulation
Xn 4
Xn 2
An Upper Bound Round r − 1: Fr−1
Symmetric Observations
Central Switch
Exchangeablity PIN Model
Xn 6
K
Nodes Remaining: Ar−1 = {2, 4, 6} Communication in round j depends on: local observations and the communication in the previous rounds.
5 / 29
r-Rounds Adaptive Protocol
Xn 4
Xn 2
Formulation An Upper Bound
Round r: Fr
Symmetric Observations
Central Switch
Exchangeablity PIN Model
Xn 6
K
Nodes Remaining: Ar−1 = {2, 4, 6} = Ar Communication in round j depends on: local observations and the communication in the previous rounds. Assumption: Ar = Ar−1
6 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound
F
F
Xn 2
Xn 4
K2
Symmetric Observations
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
Communication in round j depends on: local observations and the communication in the previous rounds. Assumption: Ar = Ar−1 The overall communication depends on Ar = Ar−1 ⊆ ... ⊆ A1 - F denotes the overall communication.
7 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound
F
F
Xn 2
Xn 4
K2
Symmetric Observations
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
K constitutes a secret key if: 1. Recoverability: Pr (Ki = K, i ∈ Ar ) ≈ 1 2. Security: I(K ∧ F) ≈ 0 The rate of the SK:
1 H(K) n
8 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound Symmetric Observations
F
F
Xn 2
Xn 4
K2
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
Definition (Achievable (r, t)-fault-tolerant SK rate) R ≥ 0 is an achievable (r, t)-fault-tolerant SK rate if there is an r-rounds adaptive protocol that generates an SK of rate greater than R whenever not more than t nodes drop out.
9 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound
F
F
Xn 2
Xn 4
K2
Symmetric Observations
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
K constitutes a perfect secret key if: 1. Perfect Recoverability: Pr (Ki = K, i ∈ Ar ) = 1 2. Perfect Security: I(K ∧ F) = 0 The rate of the SK:
1 H(K) n
10 / 29
r-Rounds Adaptive Protocol
Formulation An Upper Bound Symmetric Observations
F
F
Xn 2
Xn 4
K2
F
K4
Central Switch
Exchangeablity PIN Model F Xn 6
K6
Definition (Achievable (r, t)-fault-tolerant perfect SK rate) R ≥ 0 is an achievable (r, t)-fault-tolerant perfect SK rate if there is an r-rounds adaptive protocol that generates a perfect SK of rate greater than R whenever not more than t nodes drop out.
11 / 29
Fault-Tolerant Secret Key Capacity
(r, t)-fault-tolerant SK capacity C r,t (M): Formulation An Upper Bound
Supremum of all achievable (r, t)-fault-tolerant rates.
Symmetric Observations Exchangeablity PIN Model
(r, t)-fault-tolerant perfect SK capacity C0r,t (M): Supremum of all achievable (r, t)-fault-tolerant perfect SK rates.
Lemma For r ≥ 1, C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M).
12 / 29
An Upper Bound on Fault-Tolerant SK Capacity Theorem (Csisz´ ar-Narayan 2004) Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
The secret key capacity (for t=0) is given by C(M) = H (XM ) − min (R1 + R2 + ... + Rm ) , where the min is taken over (R1 , ..., Rm ) that satisfy: ! " # Ri ≥ H XB | XM\B , B ! M. i∈B
min value above is the minimum rate of communication for omniscience. Lemma (Upper Bound on C r,t (M)) C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|≥m−t
C(A),
r ≥ 1.
Proof Idea: Consider the sequence of sets A1 = ... = Ar−1 = Ar = A.
13 / 29
Monotonicity of SK Capacity Theorem (Chan-Zheng 2010) Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
C(M) =
min
P={C1 ,...,Ck }
1 D (XM ||XC1 .XC2 ...XCk ) , k
where the minimization is over all partitions P of M.
Lemma (Monotonicity of C(M)) C(M) ≥
min
A⊆M |A|=m−1
C(A).
Lemma (Upper Bound on C r,t (M)) C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|=m−t
C(A),
r ≥ 1. 14 / 29
Is this Upper Bound Tight??
Formulation An Upper Bound
Lemma (Upper Bound on C r,t (M))
Symmetric Observations Exchangeablity PIN Model
C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|=m−t
C(A),
r ≥ 1.
15 / 29
Is this Upper Bound Tight??
Formulation An Upper Bound
Lemma (Upper Bound on C r,t (M))
Symmetric Observations Exchangeablity PIN Model
C01,t (M) ≤ C r,t (M) ≤ C r+1,t (M) ≤
min
A⊆M |A|=m−t
C(A),
r ≥ 1.
Yes. When the observations of the nodes are symmetric
16 / 29
Exchangeable Random Variables PX1 ,...,Xm = PXσ(1) ,...,Xσ(m) , for all permutations σ of {1, ..., m} Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
For disjoint sets B1 , B2 : H (XB1 |XB2 ) depends only on |B1 |, |B2 | Define: g(i|j) = H (X1 , ..., Xi |Xi+1 , ..., Xi+j ) Lemma (Minimum Rate of Communication for Omniscience) For
g(m − 1|1) , m−1 (αm , ..., αm ) is an optimal rate-vector for omniscience, i.e., RCO = mαm . αm =
Lemma αm is nonincreasing in m. Proof: Uses properties g(i|j) inherited from H(·).
17 / 29
Optimal Fault-Tolerant SK Generation Protocol 2-rounds adaptive protocol: Formulation
1. Each node communicates using random mapping of rate αm . A1 = set of nodes that communicate in round 1, |A1 | = k
An Upper Bound Symmetric Observations Exchangeablity PIN Model
2. Nodes in A1 send further communication of rate αk − αm - if A2 (= A1 the protocol fails. Observation: Two random mappings of rates R1 and R2 can serve as a single random mapping of rate R1 + R2 in (multiterminal) Slepian-Wolf coding. Performance of the protocol: n - Nodes in A2 = A1 recover XA 1
- Rate of communication = kαk - Nodes in A2 generate SK of rate C(A2 )
18 / 29
Optimal Fault-Tolerant SK Generation Protocol
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
Theorem (Fault-Tolerant SK Capacity) For exchangeable rvs, for r ≥ 2, C r,t (M) =
min
A⊆M |A|=m−t
C(A) = g(m − t|0) −
(m − t)g(m − t − 1|1) . m−t−1
19 / 29
The Pairwise-Independent-Network Model Graph G = (V, E ) Formulation
3 4
2
An Upper Bound Symmetric Observations
e13
e14
e12
Exchangeablity PIN Model
e15
5
1 e16 e1m e17 m
6 7
Ye-Reznik 2007, Nitinawarat et.al. 2010 Bij : unbiased bit corresponding to the edge eij Random Variables {Bij : i, j ∈ M} are mutually independent. !
Xi = {Bij corresponding to edges eij incident on i} 20 / 29
The Pairwise-Independent-Network Model
Formulation An Upper Bound
Assumption: The graph G is complete
Symmetric Observations Exchangeablity PIN Model
Symmetry: For B1 ∩ B2 = ∅, H (XB1 |XB2 ) depends only on |B1 |, |B2 |.
C01,t (M) ≤ C 2,t (M) = g(m − t|0) −
m−t (m − t)g(m − t − 1|1) = m−t−1 2
21 / 29
Generating 1-bit Fault-Tolerant SK
Assume that G is a (t + 1)-connected, spanning graph.
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
!
Noninteractive protocol to generate 1-bit of fault-tolerant SK: ei1
!
Bij ⊕ Bij # : eij , eij # ∈ E
"
ei2
i eim
For A ⊆ M with |A| ≥ m − t: let eA be an edge between nodes in A. Claim: H (BeA | (FA , Xi )) = 0 and I (BeA ∧ FA ) = 0, i ∈ A. BeA constitutes a 1-bit SK for A
22 / 29
Generating 1-bit Fault-Tolerant SK
Assume that G is a (t + 1)-connected, spanning graph.
Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
!
Noninteractive protocol to generate 1-bit of fault-tolerant SK: ei1
!
Bij ⊕ Bij # : eij , eij # ∈ E
"
ei2
i eim
This noninteractive protocol generates 1-bit SK for each spanning tree. Nitinawarat et.al. use the interactive protocol of Csisz´ ar-Narayan.
23 / 29
Optimal Fault-Tolerant SK Generation Protocol
Assumption: The graph G is complete Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
Noninteractive protocol above gives 1-bit of SK for each spanning tree Find a “fault-tolerant” spanning tree packing - sufficiently many spanning trees must remain when nodes drop out !
Consider n = 2: Any two nodes share 2 independent bits
!
Can find a spanning tree packing such that: - any subset A contains |A| spanning trees
Thus, a subset of size ≥ m − t can pack m − t spanning trees
Secret key rate attained:
m−t 2
24 / 29
Optimal Fault-Tolerant SK Generation Protocol
2
3
1
3
2
3
Formulation An Upper Bound
2
1
2
m
Symmetric Observations Exchangeablity PIN Model
m
4
m
4
1
4
25 / 29
Optimal Fault-Tolerant SK Generation Protocol
2
3
1
3
2
3
Formulation An Upper Bound
2
1
2
m
Symmetric Observations Exchangeablity PIN Model
m
4
m
4
1
4
Theorem For the PIN model corresponding to a complete graph, C01,t (M) = C r,t (M) =
m−t , 2
r ≥ 2.
26 / 29
An Alternative Protocol A protocol to generate + m , − t bits of SK for n = 1: 2 Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
First consider m even. Tree remains connected if a leaf node drops out. !
Fix a matching in G.
27 / 29
An Alternative Protocol A protocol to generate + m , − t bits of SK for n = 1: 2 Formulation An Upper Bound Symmetric Observations Exchangeablity PIN Model
First consider m even. Tree remains connected if a leaf node drops out. !
Fix a matching in G.
!
There is a spanning tree corresponding to each edge in the matching.
28 / 29
Future Directions
Formulation An Upper Bound Symmetric Observations
!
This work is a first step towards the larger goal of information-theoretic SK agreement for dynamic groups.
!
Incorporate rejoining of terminals that drop out.
!
What if the central switch has additional side information?
Exchangeablity PIN Model
29 / 29
