Multiple-Access Relay Wiretap Channel - Semantic Scholar

Download PDF
Comment
Report 5 Downloads 111 Views
1

Multiple-Access Relay Wiretap Channel Bin Dai

Abstract

arXiv:1403.7883v1 [cs.IT] 31 Mar 2014

In this paper, we investigate the effects of an additional trusted relay node on the secrecy of multiple-access wiretap channel (MAC-WT) by considering the model of multiple-access relay wiretap channel (MARC-WT). More specifically, first, we investigate the discrete memoryless MARC-WT. Three inner bounds (with respect to decodeforward (DF), noise-forward (NF) and compress-forward (CF) strategies) on the secrecy capacity region are provided. Second, we investigate the degraded discrete memoryless MARC-WT, and present an outer bound on the secrecy capacity region of this degraded model. Finally, we investigate the Gaussian MARC-WT, and find that the NF and CF strategies help to enhance Tekin-Yener’s achievable secrecy rate region of Gaussian MAC-WT. Moreover, we find that if the channel from the transmitters to the relay is less noisy than the channels from the transmitters to the legitimate receiver and the wiretapper, the DF strategy performs even better than the NF and CF strategies, i.e., the noise-forward strategy is not always the best way to enhance the security. Index Terms Multiple-access wiretap channel, relay channel, secrecy capacity region.

I. I NTRODUCTION Equivocation was first introduced into channel coding by Wyner in his study of wiretap channel [2]. It is a kind of discrete memoryless degraded broadcast channels. The object is to transmit messages to the legitimate receiver, while keeping the wiretapper as ignorant of the messages as possible. Based on Wyners work, Leung-YanCheong and Hellman studied the Gaussian wiretap channel (GWC) [3], and showed that its secrecy capacity was the difference between the main channel capacity and the overall wiretap channel capacity (the cascade of main channel and wiretap channel). After the publication of Wyner’s work, Csisz´ ar and K¨orner [4] investigated a more general situation: the broadcast channels with confidential messages (BCC). In this model, a common message and a confidential message were sent through a general broadcast channel. The common message was assumed to be decoded correctly by the legitimate receiver and the wiretapper, while the confidential message was only allowed to be obtained by the legitimate receiver. This model is also a generalization of [5], where no confidentiality condition is imposed. The capacity-equivocation region and the secrecy capacity region of BCC [4] were totally determined, and the results B. Dai is with the School of Information Science and Technology, Southwest JiaoTong University, Chengdu 610031, China e-mail: [email protected].

2

were also a generalization of those in [2]. Furthermore, the capacity-equivocation region of Gaussian BCC was determined in [21]. By using the approach of [2] and [4], the information-theoretic security for other multi-user communication systems has been widely studied, see the followings. •

For the broadcast channel, Liu et al. [6] studied the broadcast channel with two confidential messages (no common message), and provided an inner bound on the secrecy capacity region. Furthermore, Xu et al. [7] studied the broadcast channel with two confidential messages and one common message, and provided inner and outer bounds on the capacity-equivocation region.



For the multiple-access channel (MAC), the security problems are split into two directions. – The first is that two users wish to transmit their corresponding messages to a destination, and meanwhile, they also receive the channel output. Each user treats the other user as a wiretapper, and wishes to keep its confidential message as secret as possible from the wiretapper. This model is usually called the MAC with confidential messages, and it was studied by Liang and Poor [8]. An inner bound on the capacity-equivocation region is provided for the model with two confidential messages, and the capacityequivocation region is still not known. Furthermore, for the model of MAC with one confidential message [8], both inner and outer bounds on capacity-equivocation region are derived. Moreover, for the degraded MAC with one confidential message, the capacity-equivocation region is totally determined. – The second is that an additional wiretapper has access to the MAC output via a wiretap channel, and therefore, how to keep the confidential messages of the two users as secret as possible from the additional wiretapper is the main concern of the system designer. This model is usually called the multiple-access wiretap channel (MAC-WT). The Gaussian MAC-WT was investigated in [9], [10]. An inner bound on the capacity-equivocation region is provided for the Gaussian MAC-WT. Other related works on MAC-WT can be found in [11], [12], [13], [14], [15].



For the interference channel, Liu et al. [6] studied the interference channel with two confidential messages, and provided inner and outer bounds on the secrecy capacity region. In addition, Liang et al. [16] studied the cognitive interference channel with one common message and one confidential message, and the capacityequivocation region was totally determined for this model.



For the relay channel, Lai and Gamal [17] studied the relay-eavesdropper channel, where a source wishes to send messages to a destination while leveraging the help of a trusted relay node to hide those messages from the eavesdropper. Three inner bounds (with respect to decode-forward, noise-forward and compress-forward strategies) and one outer bound on the capacity-equivocation region were provided in [17]. Furthermore, Tang et. al. [26] introduced the noise-forward strategy of [17] into the wireless communication networks, and found that with the help of an independent interferer, the security of the wireless communication networks is enhanced. In addition, Oohama [18] studied the relay channel with confidential messages, where a relay helps the transmission of messages from one sender to one receiver. The relay is considered not only as a

3

sender that helps the message transmission but also as a wiretapper who can obtain some knowledge about the transmitted messages. Measuring the uncertainty of the relay by equivocation, the inner and outer bounds on the capacity-equivocation region were provided in [18]. Recently, Ekrem and Ulukus [19] investigated the effects of user cooperation on the secrecy of broadcast channels by considering a cooperative relay broadcast channel. They showed that user cooperation can increase the achievable secrecy rate region of [6]. In this paper, we study the multiple-access relay wiretap channel (MARC-WT), see Figure 1. This model generalizes the MAC-WT by considering an additional trusted relay node. The motivation of this work is to investigate the effects of the trusted relay node on the secrecy of MAC-WT, and whether the achievable secrecy rate region of [10] can be enhanced by using an additional relay node.

Fig. 1: The multiple-access relay wiretap channel

First, we provide three inner bounds on the secrecy capacity region (achievable secrecy rate regions) of the discrete memoryless model of Figure 1. The decode-forward (DF), noise-forward (NF) and compress-forward (CF) relay strategies are used in the construction of the inner bounds. Second, we investigate the degraded discrete memoryless MARC-WT, and present an outer bound on the secrecy capacity region of this degraded case. Finally, the Gaussian model of Figure 1 is investigated, and we find that with the help of this additional trusted relay node, Tekin-Yeners achievable secrecy rate region of the Gaussian MAC-WT [10] is enhanced. In this paper, random variab1es, sample values and alphabets are denoted by capital letters, lower case letters and calligraphic letters, respectively. A similar convention is applied to the random vectors and their sample values. For example, U N denotes a random N -vector (U1 , ..., UN ), and uN = (u1 , ..., uN ) is a specific vector value in U N that is the N th Cartesian power of U. UiN denotes a random N − i + 1-vector (Ui , ..., UN ), and uN i = (ui , ..., uN ) is a specific vector value in UiN . Let PV (v) denote the probability mass function P r{V = v}. Throughout the paper, the logarithmic function is to the base 2. The organization of this paper is as follows. Section II provides the achievable secrecy rate regions of the discrete memoryless model of Figure 1. The Gaussian model of Figure 1 is investigated in Section III. Final conclusions are provided in Section IV.

4

II. D ISCRETE MEMORYLESS MULTIPLE - ACCESS RELAY WIRETAP CHANNEL A. Inner bounds on the secrecy capacity region of the discrete memoryless MARC-WT The discrete memoryless model of Figure 1 is a five-terminal discrete channel consisting of finite sets X1 , X2 , Xr , Y , Yr , Z and a transition probability distribution PY,Yr ,Z|X1 ,X2 ,Xr (y, yr , z|x1 , x2 , xr ). X1N , X2N and XrN are the channel inputs from the transmitters and the relay respectively, while Y N , YrN , Z N are the channel outputs at the legitimate receiver, the relay and the wiretapper, respectively. The channel is discrete memoryless, i.e., the channel outputs (yi , yr,i , zi ) at time i only depend on the channel inputs (x1,i , x2,i , xr,i ) at time i. Definition 1: (Channel encoders) The confidential messages W1 and W2 take values in W1 , W2 , respectively. W1 and W2 are independent and uniformly distributed over their ranges. The channel encoders fE1 and fE2 are N N N stochastic encoders that map the messages w1 and w2 into the codewords xN 1 ∈ X1 and x2 ∈ X2 , respectively.

The transmission rates of the confidential messages W1 and W2 are

log kW1 k N

and

log kW2 k , N

respectively.

Definition 2: (Relay encoder) The relay encoder ϕi is also a stochastic encoder that maps the signals (yr,1 , yr,2 , ..., yr,i−1 ) received before time i to the channel input xr,i . Definition 3: (Decoder) The Decoder for the legitimate receiver is a mapping fD : Y N → W1 × W2 , with ˆ 1, W ˆ 2 . Let Pe be the error probability of the legitimate receiver, and it is defined as input Y N and outputs W ˆ 1, W ˆ 2 )}. P r{(W1 , W2 ) 6= (W The equivocation rate at the wiretapper is defined as ∆=

1 H(W1 , W2 |Z N ). N

(2.1)

A secrecy rate pair (R1 , R2 ) (where R1 , R2 > 0) is called achievable if, for any  > 0 (where  is an arbitrary small positive real number and  → 0), there exists a channel encoder-decoder (N, ∆, Pe ) such that lim

N →∞

log k W2 k log k W1 k = R1 , lim = R2 , N →∞ N N

lim ∆ ≥ R1 + R2 , Pe ≤ .

N →∞

(2.2)

The secrecy capacity region Rd is a set composed of all achievable secrecy rate pairs (R1 , R2 ). Three inner bounds (with respect to DF, NF and CF strategies) on Rd are provided in the following Theorem 1, 2, 3. Our first step is to characterize the inner bound on the secrecy capacity region Rd by using Cover-Gamal’s Decode and Forward (DF) Strategy [22]. In the DF Strategy, the relay node will first decode the confidential messages, and then re-encode them to cooperate with the transmitters. The superposition coding and random binning techniques will be combined with the classical DF strategy [22] to characterize the DF inner bound of Figure 1. Theorem 1: (Inner bound 1: DF strategy) A single-letter characterization of the region Rd1 (Rd1 ⊆ Rd ) is as

5

follows, Rd1 = {(R1 , R2 ) : R1 ≤ min{I(X1 ; Yr |Xr , X2 , V1 , V2 ), I(X1 , Xr ; Y |X2 , V2 )} − I(X1 ; Z), R2 ≤ min{I(X2 ; Yr |Xr , X1 , V1 , V2 ), I(X2 , Xr ; Y |X1 , V1 )} − I(X2 ; Z), R1 + R2 ≤ min{I(X1 , X2 ; Yr |Xr , V1 , V2 ), I(X1 , X2 , Xr ; Y )} − I(X1 , X2 ; Z)}, for some distribution PY,Z,Yr ,Xr ,X1 ,X2 ,V1 ,V2 (y, z, yr , xr , x1 , x2 , v1 , v2 ) = PY,Z,Yr |Xr ,X1 ,X2 (y, z, yr |xr , x1 , x2 )PXr |V1 ,V2 (xr |v1 , v2 )PX1 |V1 (x1 |v1 )PX2 |V2 (x2 |v2 )PV1 (v1 )PV2 (v2 ). Proof: The achievable coding scheme is a combination of [25], [20] and [10], and the details about the proof are provided in Appendix A. Remark 1: There are some notes on Theorem 1, see the following. •

If we let Z = const (which implies that there is no wiretapper), the region Rd1 reduces to the region Rmarc , where Rmarc = {(R1 , R2 ) : R1 ≤ min{I(X1 ; Yr |Xr , X2 , V1 , V2 ), I(X1 , Xr ; Y |X2 , V2 )}, R2 ≤ min{I(X2 ; Yr |Xr , X1 , V1 , V2 ), I(X2 , Xr ; Y |X1 , V1 )}, R1 + R2 ≤ min{I(X1 , X2 ; Yr |Xr , V1 , V2 ), I(X1 , X2 , Xr ; Y )}}.

(2.3)

Here note that the region Rmarc is exactly the same as the DF region of the discrete memoryless multiple-access relay channel [25], [20]. •

If we let Yr = Y and V1 = V2 = Xr = const (which implies that there is no relay), the region Rd1 reduces to the region Rmac−wt , where Rmac−wt = {(R1 , R2 ) : R1 ≤ I(X1 ; Y |X2 ) − I(X1 ; Z), R2 ≤ I(X2 ; Y |X1 ) − I(X2 ; Z), R1 + R2 ≤ I(X1 , X2 ; Y ) − I(X1 , X2 ; Z)}.

(2.4)

Also note that the region Rmac−wt is exactly the same as the achievable secrecy rate region of discrete memoryless multiple-access wiretap channel [10]. The second step is to characterize the inner bound on the secrecy capacity region Rd by using the noise and forward (NF) strategy. In the NF Strategy, the relay node does not attempt to decode the messages but sends codewords that are independent of the transmitters’ messages, and these codewords aid in confusing the wiretapper.

6

More Specifically, if the channel from the relay to the legitimate receiver is less noisy than the channel from the relay to the wiretapper, we allow the legitimate receiver to decode the relay codeword, and the wiretapper can not decode it. Therefore, in this case, the relay codeword can be viewed as a noise signal to confuse the wiretapper. On the other hand, if the channel from the relay to the legitimate receiver is more noisy than the channel from the relay to the wiretapper, we allow both the receivers to decode the relay codeword, and therefore, in this case, the relay codeword does not make any contribution to the security of the model of Figure 1. Theorem 2: (Inner bound 2: NF strategy) A single-letter characterization of the region Rd2 (Rd2 ⊆ Rd ) is as follows, Rd2 = L1

[

L2 ,

where L1 is given by

[

L1 =

PY,Z,Y ,X ,X ,X : r r 1 2 I(Xr ; Y ) ≥ I(Xr ; Z)

   (R1 , R2 ) :      R ≤ I(X ; Y |X , X ) − I(X , X ; Z) + R , 1 1 2 r 1 r r   R2 ≤ I(X2 ; Y |X1 , Xr ) − I(X2 , Xr ; Z) + Rr ,      R + R ≤ I(X , X ; Y |X ) − I(X , X , X ; Z) + R . 1 2 1 2 r 1 2 r r

       

,

      

L2 is given by

L2 =

[ PY,Z,Y ,X ,X ,X : r r 1 2 I(Xr ; Z) ≥ I(Xr ; Y )

   (R1 , R2 ) :      R ≤ I(X ; Y |X , X ) − I(X ; Z|X ), 1 1 2 r 1 r   R2 ≤ I(X2 ; Y |X1 , Xr ) − I(X2 ; Z|Xr ),      R + R ≤ I(X , X ; Y |X ) − I(X , X ; Z|X ). 1 2 1 2 r 1 2 r

       

,

      

PY,Z,Yr ,Xr ,X1 ,X2 (y, z, yr , xr , x1 , x2 , u) satisfies PY,Z,Yr ,Xr ,X1 ,X2 (y, z, yr , xr , x1 , x2 ) = PY,Z,Yr |Xr ,X1 ,X2 (y, z, yr |xr , x1 , x2 )PXr (xr )PX1 (x1 )PX2 (x2 ), and Rr is denoted by Rr = min{I(Xr ; Y ), I(Xr ; Z|X1 ), I(Xr ; Z|X2 )}. Proof: The achievable coding scheme is a combination of [17, Theorem 3] and [10], and the details about the proof are provided in Appendix B. Remark 2: There are some notes on Theorem 2, see the following. •

The region L1 is characterized under the condition that the channel from the relay to the legitimate receiver is less noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≥ I(Xr ; Z)). Then, in this case, the legitimate receiver is allowed to decode the relay codeword, and the wiretapper is not allowed to decode it. The rate of the relay is defined as Rr = min{I(Xr ; Y ), I(Xr ; Z|X1 ), I(Xr ; Z|X2 )}, and the relay codeword is viewed as pure noise for the wiretapper.

7



The region L2 is characterized under the condition that the channel from the relay to the legitimate receiver is more noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≤ I(Xr ; Z)). Then, in this case, both the legitimate receiver and the wiretapper are allowed to decode the relay codeword. The rate of the relay is defined as Rr = I(Xr ; Y ), and the relay codeword does not make any contribution to the security of the model of Figure 1.

The third step is to characterize the inner bound on the secrecy capacity region Rd by using a combination of Cover- Gamals compress and forward (CF) strategy [22] and the NF strategy provided in Theorem 2, i.e., in addition to the independent codewords, the relay also sends a quantized version of its noisy observations to the legitimate receiver. This noisy version of the relay’s observations helps the legitimate receiver in decoding the transmitters’ messages, while the independent codewords help in confusing the wiretapper. Theorem 3: (Inner bound 3: CF strategy) A single-letter characterization of the region Rd3 (Rd3 ⊆ Rd ) is as follows, Rd3 = L3

[

L4 ,

where L3 is given by

[

L3 =

P ˆr ,Xr ,X ,X : I(Xr ; Y ) ≥ I(X1 ; Z) Y,Z,Yr ,Y 1 2 ∗ − R∗ ≥ I(Y ; Y Rr1 r ˆr |Xr )

   (R1 , R2 ) :      R ≤ I(X ; Y, Yˆ |X , X ) − I(X , X ; Z) + R∗ , 1 1 r 2 r 1 r  ˆ  R2 ≤ I(X2 ; Y, Yr |X1 , Xr ) − I(X2 , Xr ; Z) + R∗ ,      R + R ≤ I(X , X ; Y, Yˆ |X ) − I(X , X , X ; Z) + R∗ . 1 2 1 2 r r 1 2 r

∗ Rr1 = min{I(Xr ; Z|X1 ), I(Xr ; Z|X2 ), I(Xr ; Y )}, and L4 is given by    (R1 , R2 ) :      R ≤ I(X ; Y, Yˆ |X , X ) − I(X ; Z|X ), [ 1 1 r 2 r 1 r L4 =  ˆ   R2 ≤ I(X2 ; Y, Yr |X1 , Xr ) − I(X2 ; Z|Xr ), P ˆr ,Xr ,X ,X : I(Xr ; Z) ≥ I(Xr ; Y )  Y,Z,Yr ,Y 1 2   ˆr |Xr ) I(Xr ; Y ) ≥ I(Yr ; Y  R + R ≤ I(X , X ; Y, Yˆ |X ) − I(X , X ; Z|X ). 1 2 1 2 r r 1 2 r

       

              

.

      

The joint probability PY,Z,Yr ,Yˆr ,Xr ,X1 ,X2 (y, z, yr , yˆr , xr , x1 , x2 ) satisfies PY,Z,Yr ,Yˆr ,Xr ,X1 ,X2 (y, z, yr , yˆr , xr , x1 , x2 ) = PYˆr |Yr ,Xr (ˆ yr |yr , xr )PY,Z,Yr |Xr ,X1 ,X2 (y, z, yr |xr , x1 , x2 )PXr (xr )PX1 (x1 )PX2 (x2 ). Proof: The achievable coding scheme is a combination of [17, Theorem 4] and [10], and the details about the proof are provided in Appendix C. Remark 3: There are some notes on Theorem 3, see the following. •

In L3 , the channel from the relay to the legitimate receiver is less noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≥ I(Xr ; Z)). Then, in this case, the legitimate receiver is allowed to decode the relay codeword, and the wiretapper is not allowed to decode it. Here note that R∗ is the rate of pure noise generated

,

8

∗ by the relay to confuse the wiretapper, while Rr1 − R∗ is the part of the rate allocated to send the compressed ∗ signal Yˆr to help the legitimate receiver. If R∗ = Rr1 , this scheme is exactly the same as the NF scheme. •

In L4 , the channel from the relay to the legitimate receiver is more noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≤ I(Xr ; Z)). Then, in this case, both the legitimate receiver and the wiretapper are allowed to decode the relay codeword. However, The relay can still help to enhance the security of the model of Figure 1 by sending the compressed signal Yˆr to the legitimate receiver. Thus, the region L4 is characterized by combining the L2 of Theorem 2 with the classical compress and forward (CF) strategy [22].

B. Outer bound on the secrecy capacity region of the degraded discrete memoryless MARC-WT Compared with the discrete memoryless model of Figure 1, the degraded discrete memoryless MARC-WT implies the existence of a Markov chain (X1 , X2 , Xr , Yr ) → Y → Z. The secrecy capacity region Rdd of the degraded discrete memoryless MARC-WT is a set composed of all achievable secrecy rate pairs (R1 , R2 ). An outer bound on Rdd is provided in the following Theorem 4. Theorem 4: (Outer bound) A single-letter characterization of the region Rddo (Rdd ⊆ Rddo ) is as follows, Rddo = {(R1 , R2 ) : R1 ≤ I(X1 , Xr ; Y |X2 , U ) − I(X1 ; Z|U ) R2 ≤ I(X2 , Xr ; Y |X1 , U ) − I(X2 ; Z|U ) R1 + R2 ≤ I(X1 , X2 , Xr ; Y |U ) − I(X1 , X2 ; Z|U )}

for some distribution PZ,Y,Yr ,Xr ,X1 ,X2 ,U (z, y, yr , xr , x1 , x2 , u) = PZ|Y (z|y)PY,Yr |X1 ,X2 ,Xr (y, yr |x1 , x2 , xr )PU,X1 ,X2 ,Xr (u, x1 , x2 , xr ). Proof: The details about the proof are provided in Appendix D. III. G AUSSIAN MULTIPLE - ACCESS RELAY WIRETAP CHANNEL In this section, we investigate the Gaussian multiple-access relay wiretap channel (GMARC-WT). The signal received at each node is given by Yr = X1 + X2 + Zr , Y = X1 + X2 + Xr + Z1 , Z = X1 + X2 + Xr + Z2 ,

(3.1)

9

where Zr ∼ N (0, Nr ), Z1 ∼ N (0, N1 ), Z2 ∼ N (0, N2 ), and they are independent, E[X12 ] ≤ P1 , E[X22 ] ≤ P2 , E[Xr2 ] ≤ Pr . The remainder of this section is organized as follows. Subsection III-A shows the achievable secrecy rate regions of GMARC-WT, and the numerical examples and discussions are given in Subsection III-B. A. Capacity results on GMARC-WT Theorem 5: The DF inner bound on the secrecy capacity region of the Gaussian case of Figure 1 is given by       (R , R ) : 1 2         P +γP P P +P +P +N 1 1 1  r 1 2 r 2 [  R1 ≤ min{ log(1 + 1 ), log(1 + 1 )} − , log 2 Nr 2 N1 2 P2 +Pr +N2 g1 R = . (3.2)   R ≤ min{ 1 log(1 + P2 ), 1 log(1 + P2 +(1−γ)Pr )} − 1 log P1 +P2 +Pr +N2 ,  2 0≤γ≤1    2 Nr 2 N1 2 P1 +Pr +N2        R + R ≤ min{ 1 log(1 + P1 +P2 ), 1 log(1 + P1 +P2 +Pr )} − 1 log P1 +P2 +Pr +N2 .  1

2

2

Nr

2

N1

2

Pr +N2

Proof: First, let Xr = V1 + V2 , where V1 ∼ N (0, γPr ) and V2 ∼ N (0, (1 − γ)Pr ). q 1 + X10 , where 0 ≤ α ≤ 1 and X10 ∼ N (0, αP1 ). Let X1 = (1−α)P γPr V1 q 2 Analogously, let X2 = (1−β)P (1−γ)Pr V2 + X20 , where 0 ≤ β ≤ 1 and X20 ∼ N (0, βP2 ). Here note that V1 , V2 , X10 and X20 are independent random variables. The region Rg1 is obtained by substituting the above definitions into Theorem 1, and maximizing α and β (the maximum of Rg1 is achieved when α = β = 1). Thus, the proof of Theorem 5 is completed.

Theorem 6: Then, the NF inner bound on the secrecy capacity region of the Gaussian case of Figure 1 is given by Rg2 = G 1

[

G2,

where G 1 is given by    (R1 , R2 ) :     [  R1 ≤ 1 log(1 + P1 ) − 1 log(1 + P1 +Pr ) + Rr , 2 N1 2 P2 +N2 G1 = P2 P2 +Pr 1 1   R ≤ log(1 + ) − log(1 + 2 N1 ≤N2  2 N1 2 P1 +N2 ) + Rr ,     R + R ≤ 1 log(1 + P1 +P2 ) − 1 log(1 + P1 +P2 +Pr ) + R . 1 2 r 2 N1 2 N2 Rr = min{ 12 log(1 +

Pr 1 P1 +P2 +N1 ), 2

G2 =

r ), 21 log(1 + log(1 + P2P+N 2    (R1 , R2 ) :     R ≤ 1 log(1 + P1 ) − [  1

N1 ≥N2

Proof:

      

Pr P1 +N2 )},

and G 2 is given by        P1 1  log(1 + ), 2 N1 2 P2 +N2 . P2 P2 1   ) − log(1 + ), R2 ≤ 12 log(1 + N  2 P1 +N2 1    P1 +P2 1  2 R1 + R2 ≤ 21 log(1 + P1N+P ) − log(1 + ). 2 N2 1

              

,

10

Here note that N1 ≤ N2 implies I(Xr ; Y ) ≥ I(Xr ; Z). The region G 1 is obtained by substituting X1 ∼ N (0, P1 ), X2 ∼ N (0, P2 ) and Xr ∼ N (0, Pr ) into the region L1 of Theorem 2, and using the fact that X1 , X2 and Xr are independent random variables. Analogously, N1 ≥ N2 implies I(Xr ; Y ) ≤ I(Xr ; Z). The region G 2 is obtained by substituting X1 ∼ N (0, P1 ), X2 ∼ N (0, P2 ) and Xr ∼ N (0, Pr ) into the region L2 of Theorem 2, and using the fact that X1 , X2 and Xr are independent random variables. Thus, the proof of Theorem 6 is completed.

Theorem 7: Next, the CF inner bound on the secrecy capacity region of the Gaussian case of Figure 1 is given by Rg3 = G 3

[

G4,

where G 3 is given by    (R1 , R2 ) :     [  R1 ≤ 1 log(1 + P1 (Q+N1 +Nr ) ) − 1 log(1 + P1 +Pr ) + R∗ , 2 N1 (Nr +Q) 2 P2 +N2 G3 = P2 (Q+N1 +Nr ) +Pr 1 1  ) + R∗ , R2 ≤ 2 log(1 + N1 (Nr +Q) ) − 2 log(1 + PP12+N N1 ≤N2   2     R + R ≤ 1 log(1 + (P1 +P2 )(Q+N1 +Nr ) ) − 1 log(1 + P1 +P2 +Pr ) + R∗ . 1 2 2 N1 (Nr +Q) 2 N2 R∗ satisfies 0 ≤ R∗ = min{ 12 log(1 +

Pr 1 P1 +P2 +N1 ), 2

log(1 +

Pr 1 P2 +N2 ), 2

log(1 +

Pr P1 +N2 )}



1 2

log(1 +

       

,

       P1 +P2 +Nr ), Q

and G 4 is given by    (R1 , R2 ) :     1 +Nr )  1 [ R1 ≤ 12 log(1 + P1N(Q+N ) − 12 log(1 + P2P+N ), 1 (Nr +Q) 2 G4 = P (Q+N +N ) P2 1 1 r  R ≤ 1 log(1 + 2 2 N1 ≥N2   2 N1 (Nr +Q) ) − 2 log(1 + P1 +N2 ),     R + R ≤ 1 log(1 + (P1 +P2 )(Q+N1 +Nr ) ) − 1 log(1 + 1 2 2 N1 (Nr +Q) 2 here Q satisfies Q ≥

       

,

      P1 +P2  ). N2

(P1 +P2 )2 +(P1 +P2 )(Nr +N1 )+Nr N1 . Pr

Proof: Here note that N1 ≤ N2 implies I(Xr ; Y ) ≥ I(Xr ; Z). The region G 3 is obtained by substituting X1 ∼ N (0, P1 ), X2 ∼ N (0, P2 ), Xr ∼ N (0, Pr ), Yˆr = Yr + ZQ and ZQ ∼ N (0, Q) into the region L3 of Theorem 3, and using the fact that X1 , X2 and Xr are independent random variables. Analogously, N1 ≥ N2 implies I(Xr ; Y ) ≤ I(Xr ; Z). The region G 4 is obtained by substituting X1 ∼ N (0, P1 ), X2 ∼ N (0, P2 ), Xr ∼ N (0, Pr ), Yˆr = Yr + ZQ and ZQ ∼ N (0, Q) into the region L4 of Theorem 3, and using the fact that X1 , X2 and Xr are independent random variables. Thus, the proof of Theorem 7 is completed. Theorem 8: Finally, remember that [10] provides an achievable secrecy rate region RGi of the Gaussian multiple-

11

access wiretap channel (GMAC-WT), and it is given by    (R1 , R2 ) :     P1  1 ) − 12 log(1 + N2P+P ) R1 ≤ 12 log(1 + N 1 2 RGi = P2  2  R2 ≤ 12 log(1 + N ) − 12 log(1 + N2P+P )  1 1     R + R ≤ 1 log(1 + P1 +P2 ) − 1 log(1 + 1

2

2

N1

2

       

.

      P1 +P2  ) N2

Proof: The proof is in [10], and it is omitted here.

B. Numerical Examples and Discussions Letting P1 = 5, P2 = 6, Pr = 20, N1 = 2, N2 = 14 and Q = 200, the following Figure 2, 3 and 4 show the achievable secrecy rate regions of the GMARC-WT and the achievable secrecy rate region of the GMAC-WT for different values of Nr . Compared with the achievable secrecy rate region RGi of GMAC-WT, it is easy to see that the NF (Rg2 ) and CF (Rg3 ) strategies help to enhance RGi (no relay). However, for the DF strategy (Rg1 ), we find that when Nr is much larger than N1 , the DF region Rg1 is even smaller than RGi , i.e., the relay makes the things even worse. When Nr is close to N1 (still larger than N1 ), the DF region Rg1 is larger than RGi , but it is still smaller than the NF and CF regions. When Nr is smaller than N1 , as we can see in Figure 4, the DF region performs the best! In addition, when Q → ∞, the CF region Rg3 is exactly the same as the NF region Rg2 .

Fig. 2: The achievable secrecy rate regions of GMARC-WT and GMAC-WT for Nr = 5

12

Fig. 3: The achievable secrecy rate regions of GMARC-WT and GMAC-WT for Nr = 2.3

Fig. 4: The achievable secrecy rate regions of GMARC-WT and GMAC-WT for Nr = 1.8

IV. C ONCLUSION In this paper, first, we provide three inner bounds on the secrecy capacity region (achievable secrecy rate regions) of the discrete memoryless model of Figure 1. The decode-forward (DF), noise-forward (NF), and compress-forward (CF) relay strategies are used in the construction of these inner bounds. Second, we investigate the degraded discrete memoryless MARC-WT, and present an outer bound on the secrecy capacity region of this degraded case. Finally,

13

we study the Gaussian model of Figure 1, and find that the NF and CF strategies help to enhance Tekin-Yener’s achievable secrecy rate region of Gaussian MAC-WT. Moreover, we find that if the channel from the transmitters to the relay is less noisy than the channels from the transmitters to the legitimate receiver and the wiretapper, the DF strategy performs even better than the NF and CF strategies. ACKNOWLEDGEMENT The authors would like to thank Professor Ning Cai for his valuable suggestions to improve this paper. This work was supported by a sub-project in National Basic Research Program of China under Grant 2012CB316100 on Broadband Mobile Communications at High Speeds, and the National Natural Science Foundation of China under Grant 61301121. A PPENDIX A P ROOF OF T HEOREM 1 We only need to prove that the pair (R1 = min{I(X1 ; Yr |Xr , X2 , V1 , V2 ), I(X1 , Xr ; Y |X2 , V2 )} − I(X1 ; Z), R2 = min{I(X2 ; Yr |Xr , V1 , V2 ), I(X2 , V2 ; Y )} − I(X2 ; Z|X1 )) is achievable, and the achievability proof for (R1 = min{I(X1 ; Yr |Xr , V1 , V2 ), I(X1 , V1 ; Y )}−I(X1 ; Z|X2 ), R2 = min{I(X2 ; Yr |Xr , X1 , V1 , V2 ), I(X2 , Xr ; Y |X1 , V1 )} − I(X2 ; Z)) follows by symmetry. The coding scheme combines the decode-and-forward (DF) strategy of MARC [20], random binning, superposition coding, and block Markov coding techniques, see the followings. First, define the messages W1 and W2 taken values in the alphabets W1 and W2 , respectively, where W1 = {1, 2, ..., 2N R1 }, W2 = {1, 2, ..., 2N R2 }. Here note that R1 and R2 satisfy R1 = min{I(X1 ; Yr |Xr , X2 , V1 , V2 ), I(X1 , Xr ; Y |X2 , V2 )} − I(X1 ; Z),

(A1)

R2 = min{I(X2 ; Yr |Xr , V1 , V2 ), I(X2 , V2 ; Y )} − I(X2 ; Z|X1 ).

(A2)

and

Code Construction: Fix the joint probability mass function PY,Z,Yr |Xr ,X1 ,X2 (y, z, yr |xr , x1 , x2 )PXr |V1 ,V2 (xr |v1 , v2 ) PX1 |V1 (x1 |v1 )PX2 |V2 (x2 |v2 )PV1 (v1 )PV2 (v2 ). For arbitrary  > 0, define R1∗ = I(X1 ; Z) − ,

(A3)

R2∗ = I(X2 ; Z|X1 ) − ,

(A4)

Rr1 = I(V1 , Xr ; Y |X2 , V2 ) − ,

(A5)

Rr2 = I(V2 ; Y ) − .

(A6)

14

Relay Code-books Construction: •

Generate at random 2N Rr1 i.i.d. sequences v1N according to PV1N (v1N ) =

QN

i=1

PV1 (v1,i ). Index them as

v1N (s1 ), where s1 ∈ [1, 2N Rr1 ]. Analogously, generate at random 2N Rr2 i.i.d. sequences v2N according to PV2N (v2N ) =

QN

i=1

PV2 (v2,i ). Index

them as v2N (s2 ), where s2 ∈ [1, 2N Rr2 ]. N N N Generate at random 2N (Rr1 +Rr2 ) i.i.d. sequences xN r according to PXrN |V1N ,V2N (xr |v1 , v2 ) =

QN

i=1

PXr,i (v1,i , v2,i ).

N Rr1 Index them as xN ] and s2 ∈ [1, 2N Rr2 ]. r (s1 , s2 ), where s1 ∈ [1, 2

Transmitters’ Code-books Construction: ∗





∗ N R1 Generate at random 2N (R1 +R1 ) i.i.d. sequences xN ], w1∗ ∈ [1, 2N R1 ], s1 ∈ [1, 2N Rr1 ]) 1 (w1 , w1 |s1 ) (w1 ∈ [1, 2 QN ∗ N Rr1 according to i=1 PX1 |V1 (x1,i |v1,i ). In addition, partition these 2N (R1 +R1 ) i.i.d. sequences xN 1 into 2 ∗

bins. These bins are denoted as {a1 , a2 , ..., a2N Rr1 }, where ai (1 ≤ i ≤ 2N Rr1 ) contains 2N (R1 +R1 −Rr1 ) ∗ N ∗ sequences about xN 1 . Note that here for given w1 , w1 and s1 , the index of the bin which x1 (w1 , w1 |s1

belongs to, is totally determined. ∗





∗ N R2 ], w2∗ ∈ [1, 2N R2 ], s2 ∈ Analogously, generate at random 2N (R2 +R2 ) i.i.d. sequences xN 2 (w2 , w2 |s2 ) (w2 ∈ [1, 2 QN ∗ [1, 2N Rr2 ]) according to i=1 PX2 |V2 (x2,i |v2,i ). In addition, partition these 2N (R2 +R2 ) i.i.d. sequences xN 2 into ∗

2N Rr2 bins. These bins are denoted as {b1 , b2 , ..., b2N Rr2 }, where bi (1 ≤ i ≤ 2N Rr2 ) contains 2N (R2 +R2 −Rr2 ) ∗ N ∗ sequences about xN 2 . Note that here for given w2 , w2 and s2 , the index of the bin which x2 (w2 , w2 |s2 belongs

to, is totally determined. Encoding: Encoding involves the mapping of message indices to channel inputs, which are facilitated by the sequences generated above. We exploit the block Markov coding scheme, as argued in [22], the loss induced by this scheme is negligible as the number of blocks n → ∞. For block i (1 ≤ i ≤ n), encoding proceeds as follows. First, for convenience, the messages w1 , w1∗ , w2 , w2∗ , s1 and s2 transmitted in the i-th block are denoted by w1,i , ∗ ∗ w1,i , w2,i , w2,i , s1,i and s2,i , respectively. •

(Channel encoders) ∗

∗ 1) The message w1,i (1 ≤ i ≤ n) is randomly chosen from the set {1, 2, ..., 2N R1 }. The transmitter 1 (encoder N ∗ ∗ 1) sends xN 1 (w1,1 , w1,1 |1) at the first block (s1,1 = 1), x1 (w1,i , w1,i |s1,i ) from block 2 ≤ i ≤ n − 1, and ∗ xN 1 (1, 1|s1,n ) at block n (w1,n = w1,n = 1). ∗

∗ 2) The message w2,i (1 ≤ i ≤ n) is randomly chosen from the set {1, 2, ..., 2N R2 }. The transmitter 2 (encoder ∗ N ∗ 2) sends xN 2 (w2,1 , w2,1 |1) at the first block (s2,1 = 1), x2 (w2,i , w2,i |s2,i ) from block 2 ≤ i ≤ n − 1, and ∗ xN 2 (1, 1|s2,n ) at block n (w2,n = w2,n = 1). •

(Relay encoder) N s2,i ), xN s1,i , sˆ2,i )) from block s1,i ), v2N (ˆ The relay sends (v1N (1), v2N (1), xN r (1, 1)) at the first block, and (v1 (ˆ r (ˆ

2 ≤ i ≤ n. Decoding: Decoding proceeds as follows. 1) (At the relay) At the end of block i (1 ≤ i ≤ n), the relay already has an estimation of the s1,i and s2,i

15

(denoted by sˆ1,i and sˆ2,i , respectively), and will declare that it receives sˆ2,i+1 if this is the only triple such that ∗ (xN ˆ2,i , w ˆ2,i |ˆ s2,i ), xN s1,i , sˆ2,i ), yrN (i)) are jointly typical. Here note that yrN (i) indicates the output sequence r (ˆ 2 (w ∗ yrN in block i. sˆ2,i+1 is the index of the bin which xN ˆ2,i , w ˆ2,i |ˆ s2,i ) belongs to, and it will be used in the i + 1-th 2 (w

block. Based on the AEP, the probability P r{ˆ s2,i+1 = s2,i+1 } goes to 1 if (a)

R2 + R2∗ ≤ I(X2 ; Yr |Xr ) = I(X2 ; Yr |Xr , V1 , V2 ),

(A7)

where (a) is from the Markov chains (V1 , V2 ) → Xr → Yr and (V1 , V2 ) → (X2 , Xr ) → Yr . ∗ After the relay successfully decodes w ˆ2,i , w ˆ2,i and the corresponding sˆ2,i+1 , he tries to find a unique codeword ∗ ∗ ∗ |ˆ s2,i ), xN s1,i , sˆ2,i ), yrN (i)) are jointly typical. Here |ˆ s1,i ), xN ˆ2,i , w ˆ2,i |ˆ s1,i ) such that (xN ˆ1,i , w ˆ1,i xN ˆ1,i , w ˆ1,i r (ˆ 2 (w 1 (w 1 (w ∗ sˆ1,i+1 is the index of the bin which xN ˆ1,i , w ˆ1,i |ˆ s1,i ) belongs to, and it will be used in the i + 1-th block. Based 1 (w

on the AEP, the probability P r{ˆ s1,i+1 = s1,i+1 } goes to 1 if (b)

R1 + R1∗ ≤ I(X1 ; Yr |Xr , X2 ) = I(X1 ; Yr |Xr , X2 , V1 , V2 ),

(A8)

where (b) is from the Markov chains (V1 , V2 ) → (X2 , Xr ) → Yr and (V1 , V2 ) → (X1 , X2 , Xr ) → Yr . 2) (At the legitimate receiver) •

The legitimate receiver decodes from the last block, i.e., block n. Suppose that at the end of block n, the legitimate receiver will declare that sˇ2,n is received if (v2N (ˇ s2,n ), y N (n)) jointly typical. Based on the AEP, the probability P r{ˇ s2,n = s2,n } goes to 1 if Rr2 ≤ I(V2 ; Y ).

(A9)

After getting sˇ2,n , the legitimate receiver can get an estimation of s2,i (1 ≤ i ≤ n − 1) in a similar way. •

∗ After decoding sˇ2,i and sˇ2,i+1 (1 ≤ i ≤ n), the legitimate receiver tries to find a xN ˇ2,i , w ˇ2,i |ˇ s2,i ) such that 2 (w ∗ ∗ (xN ˇ2,i , w ˇ2,i |ˇ s2,i ), v2N (ˇ s2,i ), y N (i)) are jointly typical. Based on the AEP, the probability P r{(w ˇ2,i , w ˇ2,i )= 2 (w ∗ (w2,i , w2,i )} goes to 1 if

R2 + R2∗ − Rr2 ≤ I(X2 ; Y |V2 ). •

(A10)

∗ After decoding sˇ2,i , w ˇ2,i and w ˇ2,i (1 ≤ i ≤ n), the legitimate receiver tries to find v1N (ˇ s1,i ) and xN s1,i , sˇ2,i ) r (ˇ ∗ such that (v1N (ˇ s1,i ), xN s1,i , sˇ2,i ), xN ˇ2,i , w ˇ2,i |ˇ s2,i ), v2N (ˇ s2,i ), y N (i)) are jointly typical. Based on the AEP, r (ˇ 2 (w

the probability P r{ˇ s1,i = s1,i } goes to 1 if (c)

Rr1 ≤ I(V1 , Xr ; Y |X2 , V2 ) = I(Xr ; Y |X2 , V2 ),

(A11)

where (c) is from the Markov chain V1 → (X2 , V2 , Xr ) → Y . •

∗ ∗ After decoding sˇ2,i , w ˇ2,i , w ˇ2,i , sˇ1,i and sˇ1,i+1 (1 ≤ i ≤ n), the legitimate receiver tries to find a xN ˇ1,i , w ˇ1,i |ˇ s1,i ) 1 (w ∗ ∗ such that (xN ˇ1,i , w ˇ1,i |ˇ s1,i ), v1N (ˇ s1,i ), xN s1,i , sˇ2,i ), xN ˇ2,i , w ˇ2,i |ˇ s2,i ), v2N (ˇ s2,i ), y N (i)) are jointly typical. r (ˇ 1 (w 2 (w ∗ ∗ Based on the AEP, the probability P r{(w ˇ1,i , w ˇ1,i ) = (w1,i , w1,i )} goes to 1 if (d)

R1 + R1∗ − Rr1 ≤ I(X1 ; Y |V1 , X2 , V2 , Xr ) = I(X1 ; Y |X2 , V2 , Xr ), where (d) is from the Markov chains V1 → (X2 , V2 , Xr ) → Y and V1 → (X1 , X2 , V2 , Xr ) → Y .

(A12)

16

TABLE I: Decode-and-forward strategy for the model of Figure 1

The following Table I shows the transmitted codewords in the first three blocks. By using (A1), (A2), (A3), (A4), (A5), (A6), (A7), (A8), (A9), (A10), (A11) and (A12), it is easy to check that Pe ≤ . It remains to show that limN →∞ ∆ ≥ R1 + R2 , see the followings. Equivocation Analysis:

lim ∆

N →∞

1 H(W1 , W2 |Z N ) N 1 = lim (H(W1 |Z N ) + H(W2 |W1 , Z N )). N →∞ N

=

lim

N →∞

(A13)

The first term in (A13) is bounded as follows.

lim

N →∞

1 H(W1 |Z N ) N

= = (a)

=

=

1 (H(W1 , Z N ) − H(Z N )) N 1 lim (H(W1 , Z N , X1N ) − H(X1N |W1 , Z N ) − H(Z N )) N →∞ N 1 (H(Z N |X1N ) + H(X1N ) − H(X1N |W1 , Z N ) − H(Z N )) lim N →∞ N 1 (H(X1N ) − I(X1N ; Z N ) − H(X1N |W1 , Z N )), lim N →∞ N lim

N →∞

(A14)

where (a) follows from W1 → X1N → Z N and H(W1 |X1N ) = 0. N Consider the first term in (A14), the code-book generation of xN 1 shows that the total number of x1 is ∗

2N (R1 +R1 ) = 2N (min{I(X1 ;Yr |Xr ,X2 ,V1 ,V2 ),I(X1 ,Xr ;Y |X2 ,V2 )}−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have lim

N →∞

1 H(X1N ) ≥ min{I(X1 ; Yr |Xr , X2 , V1 , V2 ), I(X1 , Xr ; Y |X2 , V2 )}. N

(A15)

For the second term in (A14), using the same approach as that in [4, Lemma 3], we get lim

N →∞

1 I(X1N ; Z N ) ≤ I(X1 ; Z). N

(A16)

Now, we consider the last term of (A14). Given Z N and W1 , the total number of possible codewords of xN 1 is

17



2N R1 = 2N (I(X1 ;Z)−) ( → 0 as N → ∞). By using the Fano’s inequality, we have lim

N →∞

1 H(X1N |W1 , Z N ) = 0. N

(A17)

Substituting (A15), (A16) and (A17) into (A14), we have 1 H(W1 |Z N ) ≥ min{I(X1 ; Yr |Xr , X2 , V1 , V2 ), I(X1 , Xr ; Y |X2 , V2 )} − I(X1 ; Z) = R1 . N →∞ N lim

(A18)

The second term in (A13) is bounded as follows.

lim

N →∞

1 H(W2 |W1 , Z N ) N

≥ (1)

=

= = (2)

=

1 H(W2 |W1 , Z N , X1N ) N 1 lim H(W2 |Z N , X1N ) N →∞ N 1 (H(W2 , Z N , X1N ) − H(Z N , X1N )) lim N →∞ N 1 lim (H(W2 , Z N , X1N , X2N ) − H(X2N |W2 , Z N , X1N ) − H(Z N , X1N )) N →∞ N 1 lim (H(Z N |X1N , X2N ) + H(X1N ) + H(X2N ) N →∞ N lim

N →∞

−H(X2N |W2 , Z N , X1N ) − H(Z N |X1N ) − H(X1N )) =

1 (H(X2N ) − I(X2N ; Z N |X1N ) − H(X2N |W2 , Z N , X1N )), N →∞ N lim

(A19)

where (1) is from the Markov chain W1 → (Z N , X1N ) → W2 , and (2) is from the Markov chain W2 → (X1N , X2N ) → Z N . N Consider the first term in (A19), the code-book generation of xN 2 shows that the total number of x2 is ∗

2N (R2 +R2 ) = 2N (min{I(X2 ;Yr |Xr ,V1 ,V2 ),I(X2 ,V2 ;Y )}−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have lim

N →∞

1 H(X2N ) ≥ min{I(X2 ; Yr |Xr , V1 , V2 ), I(X2 , V2 ; Y )}. N

(A20)

For the second term in (A19), using the same approach as that in [4, Lemma 3], we get lim

N →∞

1 I(X2N ; Z N |X1N ) ≤ I(X2 ; Z|X1 ). N

(A21)

Now, we consider the last term of (A19). Given Z N , X1N and W2 , the total number of possible codewords of ∗

N R2 xN = 2I(X2 ;Z|X1 )− ( → 0 as N → ∞). By using the Fano’s inequality, we have 2 is 2

lim

N →∞

1 H(X2N |W2 , Z N , X1N ) = 0. N

(A22)

Substituting (A20), (A21) and (A22) into (A19), we have lim

N →∞

1 H(W2 |W1 , Z N ) ≥ min{I(X2 ; Yr |Xr , V1 , V2 ), I(X2 , V2 ; Y )} − I(X2 ; Z|X1 ) = R2 . N

Substituting (A18) and (A23) into (A13), limN →∞ ∆ ≥ R1 + R2 is proved. The proof of Theorem 1 is completed.

(A23)

18

A PPENDIX B P ROOF OF T HEOREM 2 Theorem 2 is proved by the following two cases. •

(Case 1) If the channel from the relay to the legitimate receiver is less noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≥ I(Xr ; Z)), we allow the legitimate receiver to decode xN r , and the wiretapper can not decode it. For case 1, it is sufficient to show that the pair (R1 , R2 ) ∈ L1 with the condition R1 = I(X1 ; Y |X2 , Xr ) − I(X1 , Xr ; Z) + Rr , R2 = I(X2 ; Y |Xr ) − I(X2 ; Z|X1 , Xr )

(A24)

is achievable. The achievability proof of (R1 = I(X1 ; Y |Xr ) − I(X1 ; Z|X2 , Xr ), R2 = I(X2 ; Y |X1 , Xr ) − I(X2 , Xr ; Z) + Rr ) follows by symmetry. •

(Case 2) If the channel from the relay to the legitimate receiver is more noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≤ I(Xr ; Z)), we allow both the receivers to decode xN r . For case 2, it is sufficient to show that the pair (R1 , R2 ) ∈ L2 with the condition R1 = I(X1 ; Y |X2 , Xr ) − I(X1 ; Z|Xr ), R2 = I(X2 ; Y |Xr ) − I(X2 ; Z|X1 , Xr )

(A25)

is achievable. The achievability proof of (R1 = I(X1 ; Y |Xr ) − I(X1 ; Z|X2 , Xr ), R2 = I(X2 ; Y |X1 , Xr ) − I(X2 ; Z|Xr )) follows by symmetry. Fix the joint probability mass function PY,Z,Yr |Xr ,X1 ,X2 (y, z, yr |xr , x1 , x2 )PXr (xr )PX1 (x1 )PX2 (x2 ). Define the messages W1 , W2 taken values in the alphabets W1 , W2 , respectively, where W1 = {1, 2, ..., 2N R1 }, W2 = {1, 2, ..., 2N R2 }. Code-book Construction for the Two Cases: •

Code-book construction for case 1: – First, generate at random 2N (Rr −) ( → 0 as N → ∞) i.i.d. sequences at the relay node each drawn QN N N (Rr −) according to PXrN (xN ], where r )= i=1 PXr (xr,i ), index them as xr (a), a ∈ [1, 2 Rr = min{I(Xr ; Z|X1 ), I(Xr ; Z|X2 ), I(Xr ; Y )}.

(A26)

Rr ≥ I(X1 ; Z).

(A27)

Here note that

N R2 – Second, generate 2N (I(X2 ;Y |Xr )−) i.i.d. codewords xN 2 according to PX2 (x2 ), and divide them into 2

bins. Each bin contains 2N (I(X2 ;Y |Xr )−−R2 ) codewords, where I(X2 ; Y |Xr ) −  − R2 = I(X2 ; Z|X1 , Xr ) − .

(A28)

– Third, generate 2N (I(X1 ;Y |X2 ,Xr )−) i.i.d. codewords xN 1 according to PX1 (x1 ), and divide them into 2N R1 bins. Each bin contains 2N (I(X1 ;Y |X2 ,Xr )−−R1 ) codewords.

19



Code-book Construction for case 2: – Generate at random 2N (Rr −) ( → 0 as N → ∞) i.i.d. sequences at the relay node each drawn according QN N N (Rr −) to PXrN (xN ], where r )= i=1 PXr (xr,i ), index them as xr (a), a ∈ [1, 2 Rr = I(Xr ; Y ) ≤ I(X1 ; Z).

(A29)

N R2 – Second, generate 2N (I(X2 ;Y |Xr )−) i.i.d. codewords xN 2 according to PX2 (x2 ), and divide them into 2

bins. Each bin contains 2N (I(X2 ;Y |Xr )−−R2 ) codewords, where I(X2 ; Y |Xr ) −  − R2 = I(X2 ; Z|X1 , Xr ) − .

(A30)

– Third, generate 2N (I(X1 ;Y |X2 ,Xr )−) i.i.d. codewords xN 1 according to PX1 (x1 ), and divide them into 2N R1 bins. Each bin contains 2N (I(X1 ;Y |X2 ,Xr )−−R1 ) codewords, where I(X1 ; Y |X2 , Xr ) −  − R1 = I(X1 ; Z|Xr ) − .

(A31)

Encoding for both cases: N (Rr −) ], and sends xN The relay uniformly picks a codeword xN r (a). r (a) from [1, 2

For a given confidential message w2 , randomly choose a codeword xN 2 in bin w2 to transmit. Similarly, for a given confidential message w1 , randomly choose a codeword xN 1 in bin w1 to transmit. Decoding for both cases: a), y N ) are jointly typical. If there exists a unique a) such that (xN For a given y N , try to find a sequence xN r (ˆ r (ˆ sequence with the index a ˆ, put out the corresponding a ˆ, else declare a decoding error. Based on the AEP and (A26) (or (A29)), the probability P r{ˆ a = a} goes to 1. After decoding a ˆ, the legitimate receiver tries to find a sequence xN ˆ2 ) such that (xN ˆ2 ), xN a), y N ) are r (ˆ 2 (w 2 (w jointly typical. If there exists a unique sequence with the index w ˆ2 , put out the corresponding w ˆ2 , else declare a decoding error. Based on the AEP and the construction of xN ˆ2 = w2 } goes 2 for both cases, the probability P r{w to 1. a), y N ) Finally, after decoding a ˆ and w ˆ2 , the legitimate receiver tries to find a sequence xN ˆ1 ) such that (xN ˆ1 ), xN ˆ2 ), xN r (ˆ 1 (w 1 (w 2 (w are jointly typical. If there exists a unique sequence with the index w ˆ1 , put out the corresponding w ˆ1 , else declare ˆ1 = w1 } goes a decoding error. Based on the AEP and the construction of xN 1 for both cases, the probability P r{w to 1. Pe ≤  is easy to be checked by using the above encoding-decoding schemes. Now, it remains to prove limN →∞ ∆ ≥ R1 + R2 for both cases, see the followings. Equivocation Analysis: Proof of limN →∞ ∆ ≥ R1 + R2 for case 1:

lim ∆

N →∞

1 H(W1 , W2 |Z N ) N 1 = lim (H(W1 |Z N ) + H(W2 |W1 , Z N )). N →∞ N

=

lim

N →∞

(A32)

20

The first term in (A32) is bounded as follows.

1 H(W1 |Z N ) N →∞ N lim

= = (a)

=

=

1 (H(W1 , Z N ) − H(Z N )) N →∞ N 1 lim (H(W1 , Z N , X1N , XrN ) − H(X1N , XrN |W1 , Z N ) − H(Z N )) N →∞ N 1 (H(Z N |X1N , XrN ) + H(X1N ) + H(XrN ) − H(X1N , XrN |W1 , Z N ) − H(Z N )) lim N →∞ N 1 (H(X1N ) + H(XrN ) − I(X1N , XrN ; Z N ) − H(X1N , XrN |W1 , Z N )), lim (A33) N →∞ N lim

where (a) follows from W1 → (X1N , XrN ) → Z N , H(W1 |X1N ) = 0 and the fact that X1N is independent of XrN . N Consider the first term in (A33), the code-book generation of xN 1 shows that the total number of x1 is

2N (I(X1 ;Y |X2 ,Xr )−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have lim

N →∞

1 H(X1N ) ≥ I(X1 ; Y |X2 , Xr ). N

(A34)

For the second term in (A33), the code-book generation of xN r guarantees that lim

N →∞

1 H(XrN ) ≥ Rr . N

(A35)

For the third term in (A33), using the same approach as that in [4, Lemma 3], we get lim

N →∞

1 I(X1N , XrN ; Z N ) ≤ I(X1 , Xr ; Z). N

(A36)

Now, we consider the last term of (A33). Given w1 , the wiretapper can do joint decoding. Specifically, given z N and w1 , 1 H(X1N , XrN |W1 , Z N ) = 0, N →∞ N lim

(A37)

is guaranteed if Rr ≤ I(Xr ; Z|X1 ) and Rr ≥ I(Xr ; Z), and this is from the properties of AEP (similar argument is used in the proof of [17, Theorem 3]). By using (A26) and (A27), (A37) is obtained. Substituting (A34), (A35), (A36) and (A37) into (A33), we have lim

N →∞

1 H(W1 |Z N ) ≥ I(X1 ; Y |X2 , Xr ) + Rr − I(X1 , Xr ; Z) = R1 . N

The second term in (A32) is bounded as follows.

(A38)

21

lim

N →∞

1 H(W2 |W1 , Z N ) N

≥ (1)

=

= = (2)

=

1 H(W2 |W1 , Z N , X1N , XrN ) N 1 lim H(W2 |Z N , X1N , XrN ) N →∞ N 1 lim (H(W2 , Z N , X1N , XrN ) − H(Z N , X1N , XrN )) N →∞ N 1 lim (H(W2 , Z N , X1N , XrN , X2N ) − H(X2N |W2 , Z N , X1N , XrN ) − H(Z N , X1N , XrN )) N →∞ N 1 (H(Z N |X1N , X2N , XrN ) + H(XrN ) + H(X1N ) + H(X2N ) lim N →∞ N lim

N →∞

−H(X2N |W2 , Z N , X1N , XrN ) − H(Z N |X1N , XrN ) − H(X1N ) − H(XrN )) =

1 (H(X2N ) − I(X2N ; Z N |X1N , XrN ) − H(X2N |W2 , Z N , X1N , XrN )), N →∞ N lim

(A39)

where (1) is from the Markov chain W1 → (Z N , X1N , XrN ) → W2 , and (2) is from the Markov chain W2 → (X1N , X2N , XrN ) → Z N , H(W2 |X2N ) = 0, and the fact that X1N , X2N and XrN are independent. N Consider the first term in (A39), the code-book generation of xN 2 shows that the total number of x2 is

2N (I(X2 ;Y |Xr )−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have lim

N →∞

1 H(X2N ) ≥ I(X2 ; Y |Xr ). N

(A40)

For the second term in (A39), using the same approach as that in [4, Lemma 3], we get 1 I(X2N ; Z N |X1N , XrN ) ≤ I(X2 ; Z|X1 , Xr ). N →∞ N lim

(A41)

Now, we consider the last term of (A39). Given Z N , X1N , XrN and W2 , the total number of possible codewords N (I(X2 ;Y |Xr )−−R2 ) of xN ( → 0 as N → ∞). By using the Fano’s inequality and (A28), we have 2 is 2

lim

N →∞

1 H(X2N |W2 , Z N , X1N , XrN ) = 0. N

(A42)

Substituting (A40), (A41) and (A42) into (A39), we have 1 H(W2 |W1 , Z N ) ≥ I(X2 ; Y |Xr ) − I(X2 ; Z|X1 , Xr ) = R2 . N →∞ N lim

(A43)

Substituting (A38) and (A43) into (A32), limN →∞ ∆ ≥ R1 + R2 for case 1 is proved. Proof of limN →∞ ∆ ≥ R1 + R2 for case 2:

lim ∆

N →∞

1 H(W1 , W2 |Z N ) N 1 = lim (H(W1 |Z N ) + H(W2 |W1 , Z N )). N →∞ N

=

lim

N →∞

The first term in (A44) is bounded as follows.

(A44)

22

lim

N →∞

1 H(W1 |Z N ) N

≥ = = (a)

=

1 H(W1 |Z N , XrN ) N 1 lim (H(W1 , Z N , XrN ) − H(Z N , XrN )) N →∞ N 1 lim (H(W1 , Z N , X1N , XrN ) − H(X1N |W1 , Z N , XrN ) − H(Z N , XrN )) N →∞ N 1 lim (H(Z N |X1N , XrN ) + H(X1N ) + H(XrN ) − H(X1N |W1 , Z N , XrN ) N →∞ N lim

N →∞

−H(Z N |XrN ) − H(XrN )) =

lim

N →∞

1 (H(X1N ) − I(X1N ; Z N |XrN ) − H(X1N |W1 , Z N , XrN )), N

(A45)

where (a) follows from W1 → (X1N , XrN ) → Z N , H(W1 |X1N ) = 0 and the fact that X1N is independent of XrN . N Consider the first term in (A45), the code-book generation of xN 1 shows that the total number of x1 is

2N (I(X1 ;Y |X2 ,Xr )−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have lim

N →∞

1 H(X1N ) ≥ I(X1 ; Y |X2 , Xr ). N

(A46)

For the second term in (A45), using the same approach as that in [4, Lemma 3], we get 1 I(X1N ; Z N |XrN ) ≤ I(X1 ; Z|Xr ). N →∞ N lim

(A47)

Now, we consider the last term of (A45). Given Z N , XrN and W1 , the total number of possible codewords of N (I(X1 ;Y |X2 ,Xr )−−R1 ) xN ( → 0 as N → ∞). By using the Fano’s inequality and (A31), we have 1 is 2

lim

N →∞

1 H(X1N |W1 , Z N , XrN ) = 0. N

(A48)

Substituting (A46), (A47) and (A48) into (A45), we have lim

N →∞

1 H(W1 |Z N ) ≥ I(X1 ; Y |X2 , Xr ) − I(X1 ; Z|Xr ) = R1 . N

(A49)

The second term in (A44) is bounded the same as that for case 1, and thus, we have 1 H(W2 |W1 , Z N ) ≥ I(X2 ; Y |Xr ) − I(X2 ; Z|X1 , Xr ) = R2 . N →∞ N lim

(A50)

The proof is omitted here. Substituting (A49) and (A50) into (A44), limN →∞ ∆ ≥ R1 + R2 for case 2 is proved. The proof of Theorem 2 is completed. A PPENDIX C P ROOF OF T HEOREM 3 Theorem 3 is proved by the following two cases. •

(Case 1) If the channel from the relay to the legitimate receiver is less noisy than the channel from the relay to the wiretapper (I(Xr ; Y ) ≥ I(Xr ; Z)), we allow the legitimate receiver to decode xN r , and the wiretapper can not decode it.

23

For case 1, it is sufficient to show that the pair (R1 , R2 ) ∈ L3 with the condition R1 = I(X1 ; Y, Yˆr |X2 , Xr ) − I(X1 , Xr ; Z) + R∗ , R2 = I(X2 ; Y, Yˆr |Xr ) − I(X2 ; Z|X1 , Xr )

(A51)

is achievable. The achievability proof of (R1 = I(X1 ; Y, Yˆr |Xr )−I(X1 ; Z|X2 , Xr ), R2 = I(X2 ; Y, Yˆr |X1 , Xr )− I(X2 , Xr ; Z) + R∗ ) follows by symmetry. Here note that R∗ satisfies min{I(Xr ; Z|X1 ), I(Xr ; Z|X2 ), I(Xr ; Y )} − R∗ ≥ I(Yr ; Yˆr |Xr ). •

(A52)

(Case 2) If the channel from the relay to the legitimate receiver is more noisy than the channel from the relay to the wiretapper (I(Yr ; Yˆr |Xr ) ≤ I(Xr ; Y ) ≤ I(Xr ; Z)), we allow both the receivers to decode xN r . For case 2, it is sufficient to show that the pair (R1 , R2 ) ∈ L4 with the condition R1 = I(X1 ; Y, Yˆr |X2 , Xr ) − I(X1 ; Z|Xr ), R2 = I(X2 ; Y, Yˆr |Xr ) − I(X2 ; Z|X1 , Xr )

(A53)

is achievable. The achievability proof of (R1 = I(X1 ; Y, Yˆr |Xr )−I(X1 ; Z|X2 , Xr ), R2 = I(X2 ; Y, Yˆr |X1 , Xr )− I(X2 ; Z|Xr )) follows by symmetry. Fix the joint probability mass function PYˆr |Yr ,Xr (ˆ yr |yr , xr )PY,Z,Yr |Xr ,X1 ,X2 (y, z, yr |xr , x1 , x2 )PXr (xr )PX1 (x1 )PX2 (x2 ). Define the messages W1 , W2 taken values in the alphabets W1 , W2 , respectively, where W1 = {1, 2, ..., 2N R1 }, W2 = {1, 2, ..., 2N R2 }. Code-book Construction for the Two Cases: •

Code-book construction for case 1: ∗

– First, generate at random 2N (Rr1 −) ( → 0 as N → ∞) i.i.d. sequences xN r at the relay node each drawn Q ∗ N N N (Rr1 −) according to PXrN (xN ], where r )= i=1 PXr (xr,i ), index them as xr (a), a ∈ [1, 2 ∗ Rr1 = min{I(Xr ; Z|X1 ), I(Xr ; Z|X2 ), I(Xr ; Y )}.

(A54)

∗ Rr1 ≥ I(X1 ; Z).

(A55)

Here note that







N (Rr1 −) For each xN ]), generate at random 2N (Rr1 −−R ) i.i.d. yˆrN according to PYˆ N |X N (ˆ yrN |xN r (a) (a ∈ [1, 2 r )= r r QN ∗ ∗ ∗ N N N (Rr1 −−R ) N (Rr1 −) yr,i |xr,i ). Label these yˆr as yˆr (m, a), m ∈ [1, 2 ], a ∈ [1, 2 ]. Equally i=1 PYˆr |Xr (ˆ ∗



N (Rr1 −−R divide 2N (Rr1 −) sequences of xN r into 2



)



bins, hence there are 2N R sequences of xN r at

each bin. ˆ

– Second, generate 2N (I(X2 ;Y,Yr |Xr )−) i.i.d. codewords xN 2 according to PX2 (x2 ), and divide them into ˆ

2N R2 bins. Each bin contains 2N (I(X2 ;Y,Yr |Xr )−−R2 ) codewords, where I(X2 ; Y, Yˆr |Xr ) −  − R2 = I(X2 ; Z|X1 , Xr ) − . ˆ

– Third, generate 2N (I(X1 ;Y,Yr |X2 ,Xr )−+R



∗ −Rr1 )

(A56)

i.i.d. codewords xN 1 according to PX1 (x1 ), and divide ˆ

them into 2N R1 bins. Each bin contains 2N (I(X1 ;Y,Yr |X2 ,Xr )−+R



∗ −Rr1 −R1 )

codewords. Here note that

24

∗ from (A52) and (A54), we know that R∗ ≤ Rr1 , and thus, we have ∗ I(X1 ; Y, Yˆr |X2 , Xr ) −  + R∗ − Rr1 ≤ I(X1 ; Y, Yˆr |X2 , Xr ) − .

(A57)

In addition, by using R1 = I(X1 ; Y, Yˆr |X2 , Xr ) − I(X1 , Xr ; Z) + R∗ , the codewords xN 1 in each bin is upper bounded by ∗ I(X1 ; Y, Yˆr |X2 , Xr ) −  + R∗ − Rr1 − R1 ∗ I(X1 ; Y, Yˆr |X2 , Xr ) −  + R∗ − Rr1

=

−(I(X1 ; Y, Yˆr |X2 , Xr ) − I(X1 , Xr ; Z) + R∗ ) ∗ I(X1 , Xr ; Z) − Rr1 −

= (a)



I(X1 , Xr ; Z) − I(Xr ; Z) − 

=

I(X1 ; Z|Xr ) − ,

(A58)

where (a) is from (A55). •

Code-book Construction for case 2: ∗

– First, generate at random 2N (Rr2 −) ( → 0 as N → ∞) i.i.d. sequences xN r at the relay node each drawn QN ∗ N N according to PXrN (xr ) = i=1 PXr (xr,i ), index them as xr (a), a ∈ [1, 2N (Rr2 −) ], where ∗ Rr2 = I(Xr ; Y ) ≤ I(X1 ; Z). ∗

(A59)



N (Rr2 −) yrN |xN ]), generate at random 2N (Rr2 −) i.i.d. yˆrN according to PYˆ N |X N (ˆ For each xN r )= r (a) (a ∈ [1, 2 r r QN ∗ yr,i |xr,i ). Label these yˆrN as yˆrN (a), a ∈ [1, 2N (Rr2 −) ]. i=1 PYˆr |Xr (ˆ ˆ

– Second, generate 2N (I(X2 ;Y,Yr |Xr )−) i.i.d. codewords xN 2 according to PX2 (x2 ), and divide them into ˆ

2N R2 bins. Each bin contains 2N (I(X2 ;Y,Yr |Xr )−−R2 ) codewords, where I(X2 ; Y, Yˆr |Xr ) −  − R2 = I(X2 ; Z|X1 , Xr ) − .

(A60)

ˆ

– Third, generate 2N (I(X1 ;Y,Yr |X2 ,Xr )−) i.i.d. codewords xN 1 according to PX1 (x1 ), and divide them into ˆ

2N R1 bins. Each bin contains 2N (I(X1 ;Y,Yr |X2 ,Xr )−−R1 ) codewords, where I(X1 ; Y, Yˆr |X2 , Xr ) −  − R1 = I(X1 ; Z|Xr ) − .

(A61)

Encoding: Encoding involves the mapping of message indices to channel inputs, which are facilitated by the sequences generated above. We exploit the block Markov coding scheme, as argued in [22], the loss induced by this scheme is negligible as the number of blocks n → ∞. For block i (1 ≤ i ≤ n), encoding proceeds as follows. First, for convenience, the messages w1 and w2 transmitted in the i-th block are denoted by w1,i and w2,i , respectively. yrN (i) and yˆrN (i) are the yrN and yˆrN for the i-th block, respectively. •

Encoding for case 1:

25

N At the end of block i (2 ≤ i ≤ n), assume that (xN ˆrN (mi , ai )) are jointly typical, then we choose r (ai ), yr (i), y

ai+1 uniformly from bin mi , and the relay sends xN r (ai+1 ) at block i + 1. In the first block, the relay sends xN r (1). For a given confidential message w2 , randomly choose a codeword xN 2 in bin w2 to transmit. Similarly, for a given confidential message w1 , randomly choose a codeword xN 1 in bin w1 to transmit. •

Encoding for case 2: ∗

In block i (1 ≤ i ≤ n), the relay randomly choose an index ai from [1, 2N (Rr2 −) ], and sends xN r (ai ) and yˆrN (ai ). For a given confidential message w2 , randomly choose a codeword xN 2 in bin w2 to transmit. Similarly, for a given confidential message w1 , randomly choose a codeword xN 1 in bin w1 to transmit. Decoding: •

Decoding for case 1: (At the relay) At the end of block i, the relay already has ai , it then decides mi by choosing mi such that N ˆrN (mi , ai )) are jointly typical. There exists such mi , if (xN r (ai ), yr (i), y ∗ Rr1 − R∗ ≥ I(Yr ; Yˆr |Xr ),

(A62)

and N is sufficiently large. Choose ai+1 uniformly from bin mi . (At the legitimate receiver) The legitimate receiver does backward decoding. The decoding process starts at the last block n, the legitimate receiver decodes an by choosing unique a ˇn such that (xN an ), y N (n)) are r (ˇ ∗ jointly typical. Since Rr1 satisfies (A54), the probability P r{ˇ an = an } goes to 1 for sufficiently large N .

Next, the legitimate receiver moves to the block n−1. Now it already has a ˇn , hence we also have m ˇ n−1 = f (ˇ an ) (here f is a deterministic function, which means that m ˇ n−1 can be determined by a ˇn ). It first declares that a ˇn−1 is received, if a ˇn−1 is the unique one such that (xN an−1 ), y N (n − 1)) are joint typical. If (A54) r (ˇ is satisfied, a ˇn−1 = an−1 with high probability. After knowing a ˇn−1 , the destination gets an estimation of an−1 )) are w2,n−1 by picking the unique w ˇ2,n−1 such that (xN ˇ2,n−1 ), yˆrN (m ˇ n−1 , a ˇn−1 ), y N (n − 1), xN r (ˇ 2 (w jointly typical. We will have w ˇ2,n−1 = w2,n−1 with high probability, if the codewords of xN 2 is upper bounded ˆ

by 2N I(X2 ;Y,Yr |Xr ) and N is sufficiently large. After decoding w ˇ2,n−1 , the legitimate receiver tries to find a quintuple such that ˇ2,n−1 ), yˆrN (m ˇ n−1 , a ˇn−1 ), y N (n−1), xN an−1 )) are jointly typical. Based on the AEP, the (xN ˇ1,n−1 ), xN r (ˇ 1 (w 2 (w ˆ

N I(X1 ;Y,Yr |X2 ,Xr ) probability P r{w ˇ1,n−1 = w1,n−1 } goes to 1 if the codewords of xN 1 is upper bounded by 2

and N is sufficiently large. The decoding scheme of the legitimate receiver in block i (1 ≤ i ≤ n − 2) is similar to that in block n − 1, and we omit it here. •

Decoding for case 2: (At the relay) The relay does not need to decode any codeword. (At the legitimate receiver) In block i (1 ≤ i ≤ n), the legitimate receiver decodes ai by choosing unique a ˇi

26

∗ such that (xN ai ), y N (i)) are jointly typical. Since Rr2 satisfies (A59), the probability P r{ˇ ai = ai } goes to r (ˇ

1 for sufficiently large N . Now since the legitimate receiver has a ˇi , he also knows yˆrN (ˇ ai ). Then he gets an estimation of w2,i by picking the unique w ˇ2,i such that (xN ˇ2,i ), yˆrN (ˇ ai ), y N (i), xN ai )) are jointly typical. We will have w ˇ2,i = w2,i with r (ˇ 2 (w ˆ

N I(X2 ;Y,Yr |Xr ) high probability, if the codewords of xN and N is sufficiently large. 2 is upper bounded by 2

After decoding w ˇ2,i , the legitimate receiver tries to find a quintuple such that (xN ˇ1,i ), xN ˇ2,i ), yˆrN (ˇ ai ), y N (i), xN ai )) are jointly typical. Based on the AEP, the probability P r{w ˇ1,i = r (ˇ 1 (w 2 (w ˆ

N I(X1 ;Y,Yr |X2 ,Xr ) w1,i } goes to 1 if the codewords of xN and N is sufficiently large. 1 is upper bounded by 2

Pe ≤  is easy to be checked by using the above encoding-decoding schemes. Now, it remains to prove limN →∞ ∆ ≥ R1 + R2 for both cases, see the followings. Equivocation Analysis: Proof of limN →∞ ∆ ≥ R1 + R2 for case 1:

lim ∆

N →∞

1 H(W1 , W2 |Z N ) N →∞ N 1 = lim (H(W1 |Z N ) + H(W2 |W1 , Z N )). N →∞ N

=

lim

(A63)

The first term in (A63) is bounded as follows.

1 H(W1 |Z N ) N →∞ N lim

= = (a)

=

=

1 (H(W1 , Z N ) − H(Z N )) N →∞ N 1 lim (H(W1 , Z N , X1N , XrN ) − H(X1N , XrN |W1 , Z N ) − H(Z N )) N →∞ N 1 (H(Z N |X1N , XrN ) + H(X1N ) + H(XrN ) − H(X1N , XrN |W1 , Z N ) − H(Z N )) lim N →∞ N 1 (H(X1N ) + H(XrN ) − I(X1N , XrN ; Z N ) − H(X1N , XrN |W1 , Z N )), (A64) lim N →∞ N lim

where (a) follows from W1 → (X1N , XrN ) → Z N , H(W1 |X1N ) = 0 and the fact that X1N is independent of XrN . N Consider the first term in (A64), the code-book generation of xN 1 shows that the total number of x1 is upper

bounded by (A58). Thus, using the same approach as that in [8, Lemma 3], we have 1 ∗ H(X1N ) ≥ I(X1 ; Y, Yˆr |X2 , Xr ) + R∗ − Rr1 . N →∞ N lim

(A65)

For the second term in (A64), the code-book generation of xN r and [8, Lemma 3] guarantee that lim

N →∞

1 ∗ H(XrN ) ≥ Rr1 . N

(A66)

For the third term in (A64), using the same approach as that in [4, Lemma 3], we get lim

N →∞

1 I(X1N , XrN ; Z N ) ≤ I(X1 , Xr ; Z). N

(A67)

27

Now, we consider the last term of (A64). Given w1 , the wiretapper can do joint decoding. Specifically, given z N and w1 , lim

N →∞

1 H(X1N , XrN |W1 , Z N ) = 0, N

(A68)

∗ is guaranteed if Rr ≤ I(Xr ; Z|X1 ) and I(X1 ; Y, Yˆr |X2 , Xr ) −  + R∗ − Rr1 − R1 ≤ I(X1 ; Z|Xr ), and this is

from the properties of AEP (similar argument is used in the proof of [17, Theorem 3]). By using (A54) and (A58), (A68) is obtained. Substituting (A65), (A66), (A67) and (A68) into (A64), we have lim

N →∞

1 H(W1 |Z N ) ≥ I(X1 ; Y, Yˆr |X2 , Xr ) + R∗ − I(X1 , Xr ; Z) = R1 . N

(A69)

The second term in (A63) is bounded as follows.

1 H(W2 |W1 , Z N ) N →∞ N lim

≥ (1)

=

= = (2)

=

1 H(W2 |W1 , Z N , X1N , XrN ) N →∞ N 1 lim H(W2 |Z N , X1N , XrN ) N →∞ N 1 lim (H(W2 , Z N , X1N , XrN ) − H(Z N , X1N , XrN )) N →∞ N 1 lim (H(W2 , Z N , X1N , XrN , X2N ) − H(X2N |W2 , Z N , X1N , XrN ) − H(Z N , X1N , XrN )) N →∞ N 1 (H(Z N |X1N , X2N , XrN ) + H(XrN ) + H(X1N ) + H(X2N ) lim N →∞ N lim

−H(X2N |W2 , Z N , X1N , XrN ) − H(Z N |X1N , XrN ) − H(X1N ) − H(XrN )) =

lim

N →∞

1 (H(X2N ) − I(X2N ; Z N |X1N , XrN ) − H(X2N |W2 , Z N , X1N , XrN )), N

(A70)

where (1) is from the Markov chain W1 → (Z N , X1N , XrN ) → W2 , and (2) is from the Markov chain W2 → (X1N , X2N , XrN ) → Z N , H(W2 |X2N ) = 0, and the fact that X1N , X2N and XrN are independent. N Consider the first term in (A70), the code-book generation of xN 2 shows that the total number of x2 is ˆ

2N (I(X2 ;Y,Yr |Xr )−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have 1 H(X2N ) ≥ I(X2 ; Y, Yˆr |Xr ). N →∞ N lim

(A71)

For the second term in (A70), using the same approach as that in [4, Lemma 3], we get lim

N →∞

1 I(X2N ; Z N |X1N , XrN ) ≤ I(X2 ; Z|X1 , Xr ). N

(A72)

Now, we consider the last term of (A70). Given Z N , X1N , XrN and W2 , the total number of possible codewords ˆ

N (I(X2 ;Y,Yr |Xr )−−R2 ) ( → 0 as N → ∞). By using the Fano’s inequality and (A56), we have of xN 2 is 2

lim

N →∞

1 H(X2N |W2 , Z N , X1N , XrN ) = 0. N

(A73)

Substituting (A71), (A72) and (A73) into (A70), we have lim

N →∞

1 H(W2 |W1 , Z N ) ≥ I(X2 ; Y, Yˆr |Xr ) − I(X2 ; Z|X1 , Xr ) = R2 . N

(A74)

28

Substituting (A69) and (A74) into (A63), limN →∞ ∆ ≥ R1 + R2 for case 1 is proved. Proof of limN →∞ ∆ ≥ R1 + R2 for case 2:

1 H(W1 , W2 |Z N ) N 1 = lim (H(W1 |Z N ) + H(W2 |W1 , Z N )). N →∞ N

lim ∆

=

N →∞

lim

N →∞

(A75)

The first term in (A75) is bounded as follows.

lim

N →∞

1 H(W1 |Z N ) N

≥ = = (a)

=

1 H(W1 |Z N , XrN ) N 1 lim (H(W1 , Z N , XrN ) − H(Z N , XrN )) N →∞ N 1 (H(W1 , Z N , X1N , XrN ) − H(X1N |W1 , Z N , XrN ) − H(Z N , XrN )) lim N →∞ N 1 lim (H(Z N |X1N , XrN ) + H(X1N ) + H(XrN ) − H(X1N |W1 , Z N , XrN ) N →∞ N lim

N →∞

−H(Z N |XrN ) − H(XrN )) =

lim

N →∞

1 (H(X1N ) − I(X1N ; Z N |XrN ) − H(X1N |W1 , Z N , XrN )), N

(A76)

where (a) follows from W1 → (X1N , XrN ) → Z N , H(W1 |X1N ) = 0 and the fact that X1N is independent of XrN . N Consider the first term in (A76), the code-book generation of xN 1 shows that the total number of x1 is ˆ

2N (I(X1 ;Y,Yr |X2 ,Xr )−) ( → 0 as N → ∞). Thus, using the same approach as that in [8, Lemma 3], we have lim

N →∞

1 H(X1N ) ≥ I(X1 ; Y, Yˆr |X2 , Xr ). N

(A77)

For the second term in (A76), using the same approach as that in [4, Lemma 3], we get lim

N →∞

1 I(X1N ; Z N |XrN ) ≤ I(X1 ; Z|Xr ). N

(A78)

Now, we consider the last term of (A76). Given Z N , XrN and W1 , the total number of possible codewords of ˆ

N (I(X1 ;Y,Yr |X2 ,Xr )−−R1 ) xN ( → 0 as N → ∞). By using the Fano’s inequality and (A61), we have 1 is 2

1 H(X1N |W1 , Z N , XrN ) = 0. N →∞ N lim

(A79)

Substituting (A77), (A78) and (A79) into (A76), we have lim

N →∞

1 H(W1 |Z N ) ≥ I(X1 ; Y, Yˆr |X2 , Xr ) − I(X1 ; Z|Xr ) = R1 . N

(A80)

The second term in (A75) is bounded the same as that for case 1, and thus, we have lim

N →∞

1 H(W2 |W1 , Z N ) ≥ I(X2 ; Y, Yˆr |Xr ) − I(X2 ; Z|X1 , Xr ) = R2 . N

The proof is omitted here. Substituting (A80) and (A81) into (A75), limN →∞ ∆ ≥ R1 + R2 for case 2 is proved. The proof of Theorem 3 is completed.

(A81)

29

A PPENDIX D P ROOF OF T HEOREM 4 In this section, we prove Theorem 4: all the achievable secrecy pairs (R1 , R2 ) of the degraded discrete memoryless MARC-WT are contained in the set Rddo . We will prove the inequalities of Theorem 4 in the remainder of this section. (Proof of R1 ≤ I(X1 , Xr ; Y |X2 , U ) − I(X1 ; Z|U )):

1 H(W1 ) N

(1)

=

= (2)

≤ ≤ (3)

=

= ≤ (4)

=

= (5)

=

= ≤ =

1 H(W1 |Z N ) N 1 (H(W1 |Z N ) − H(W1 |Z N , W2 , Y N ) + H(W1 |Z N , W2 , Y N )) N 1 (I(W1 ; W2 , Y N |Z N ) + δ(Pe )) N 1 (H(W1 |Z N ) − H(W1 |Z N , W2 , Y N , X2N ) + δ(Pe )) N 1 (H(W1 |Z N ) − H(W1 |Z N , Y N , X2N ) + δ(Pe )) N 1 (I(W1 ; Y N , X2N |Z N ) + δ(Pe )) N 1 (H(Y N , X2N |Z N ) − H(Y N , X2N |Z N , W1 , X1N ) + δ(Pe )) N 1 (H(Y N , X2N |Z N ) − H(Y N , X2N |Z N , X1N ) + δ(Pe )) N 1 (I(Y N , X2N ; X1N |Z N ) + δ(Pe )) N 1 (H(X1N |Z N ) − H(X1N |Z N , Y N , X2N ) − H(X1N ) + H(X1N |X2N ) + δ(Pe )) N 1 (I(X1N ; Y N |X2N ) − I(X1N ; Z N ) + δ(Pe )) N 1 (I(X1N , XrN ; Y N |X2N ) − I(X1N ; Z N ) + δ(Pe )) N N 1 X δ(Pe ) (H(Yi |Y i−1 , X2N ) − H(Yi |X1,i , X2,i , Xr,i ) − H(Zi |Z i−1 ) + H(Zi |Z i−1 , X1N )) + N i=1 N

=

N 1 X δ(Pe ) (H(Yi |Y i−1 , X2N , Z i−1 ) − H(Yi |X1,i , X2,i , Xr,i , Z i−1 ) − H(Zi |Z i−1 ) + H(Zi |Z i−1 , X1N )) + N i=1 N



N 1 X δ(Pe ) (H(Yi |X2,i , Z i−1 ) − H(Yi |X1,i , X2,i , Xr,i , Z i−1 ) − H(Zi |Z i−1 ) + H(Zi |Z i−1 , X1,i )) + N i=1 N

(6)

(7)

=

N 1 X (H(Yi |X2,i , Z i−1 , J = i) − H(Yi |X1,i , X2,i , Xr,i , Z i−1 , J = i) − H(Zi |Z i−1 , J = i) N i=1

+H(Zi |Z i−1 , X1,i , J = i)) + (8)

=

(9)

=

δ(Pe ) N

H(YJ |X2,J , Z J−1 , J) − H(YJ |X1,J , X2,J , Xr,J , Z J−1 , J) − H(ZJ |Z J−1 , J) + H(ZJ |Z J−1 , X1,J , J) + I(X1 , Xr ; Y |X2 , U ) − I(X1 ; Z|U ) +

δ(Pe ) , N

δ(Pe ) N (A82)

30

where (1) is from the definition of the perfect secrecy, (2) is from the Fanos inequality, (3) is from H(W2 |X2N ) = 0, (4) is from H(W1 |X1N ) = 0, (5) is from the Markov chain X1N → (X2N , Y N ) → Z N and the fact that X1N is independent of X2N , (6) is from the Markov chains Yi → (Y i−1 , X2N ) → Z i−1 and Yi → (X1,i , X2,i , Xr,i ) → Z i−1 , (7) is from J is a random variable (uniformly distributed over {1, 2, ..., N }), and it is independent of X1N , X2N , XrN , Y N and Z N , (8) is from J is uniformly distributed over {1, 2, ..., N }, and (9) is from the definitions that X1 , X1,J , X2 , X2,J , Xr , Xr,J , Y , YJ , Z , ZJ and U , (Z J−1 , J). By using Pe ≤ ,  → 0 as N → ∞, limN →∞

H(W1 ) N

= R1 and (A82), it is easy to see that R1 ≤

I(X1 , Xr ; Y |X2 , U ) − I(X1 ; Z|U ). (Proof of R2 ≤ I(X2 , Xr ; Y |X1 , U ) − I(X2 ; Z|U )): The proof is analogous to the proof of R1 ≤ I(X1 , Xr ; Y |X2 , U ) − I(X1 ; Z|U ), and it is omitted here. Proof of R1 + R2 ≤ I(X1 , X2 , Xr ; Y |U ) − I(X1 , X2 ; Z|U ):

lim ∆

N →∞

= (1)

≤ ≤ (2)

=

= ≤ (3)

=

1 H(W1 , W2 |Z N ) N →∞ N 1 lim (H(W1 , W2 |Z N ) + δ(Pe ) − H(W1 , W2 |Y N , Z N )) N →∞ N 1 lim (H(Y N |Z N ) − H(Y N |Z N , W1 , W2 , X1N , X2N ) + δ(Pe )) N →∞ N 1 (H(Y N |Z N ) − H(Y N |Z N , X1N , X2N ) + δ(Pe )) lim N →∞ N 1 lim (I(X1N , X2N ; Y N ) − I(X1N , X2N ; Z N ) + δ(Pe )) N →∞ N 1 lim (I(X1N , X2N , XrN ; Y N ) − I(X1N , X2N ; Z N ) + δ(Pe )) N →∞ N N δ(Pe ) 1 X (H(Yi |Y i−1 ) − H(Yi |X1,i , X2,i , Xr,i , Z i−1 ) − H(Zi |Z i−1 ) + H(Zi |X1,i , X2,i , Z i−1 )) + ) lim ( N →∞ N N i=1 lim

lim (

N 1 X δ(Pe ) ) (H(Yi |Z i−1 ) − H(Yi |X1,i , X2,i , Xr,i , Z i−1 ) − H(Zi |Z i−1 ) + H(Zi |X1,i , X2,i , Z i−1 )) + N i=1 N

lim (

N 1 X (H(Yi |Z i−1 , J = i) − H(Yi |X1,i , X2,i , Xr,i , Z i−1 , J = i) N i=1

(4)

≤ (5)

=

N →∞

N →∞

−H(Zi |Z i−1 , J = i) + H(Zi |X1,i , X2,i , Z i−1 , J = i)) + (6)

=

lim (H(YJ |Z J−1 , J) − H(YJ |X1,J , X2,J , Xr,J , Z J−1 , J)

N →∞

−H(ZJ |Z J−1 , J) + H(ZJ |X1,J , X2,J , Z J−1 , J) + (7)

=

δ(Pe ) ) N

δ(Pe ) ) N

I(X1 , X2 , Xr ; Y |U ) − I(X1 , X2 ; Z|U ),

where (1) is from the Fanos inequality, (2) is from (W1 , W2 ) → (X1N , X2N , Z N ) → Y N , (3) is from Yi → (X1,i , X2,i , Xr,i ) → Z i−1 , (4) is from Yi → Y i−1 → Z i−1 , (5) is from J is a random variable (uniformly distributed over {1, 2, ..., N }), and it is independent of X1N , X2N , XrN , Y N and Z N , (6) is from J is uniformly

(A83)

31

distributed over {1, 2, ..., N }, and (7) is from the definitions that X1 , X1,J , X2 , X2,J , Xr , Xr,J , Y , YJ , Z , ZJ and U , (Z J−1 , J), and the fact that Pe → 0 as N → ∞. By using limN →∞ ∆ ≥ R1 + R2 and (A83), it is easy to see that R1 + R2 ≤ I(X1 , X2 , Xr ; Y |U ) − I(X1 , X2 ; Z|U ). The proof of Theorem 4 is completed. R EFERENCES [1] C. E. Shannon, “Communication theory of secrecy systems,” The Bell System Technical Journal, vol. 28, pp. 656-714, 1949. [2] A. D. Wyner, “The wire-tap channel,” The Bell System Technical Journal, vol. 54, no. 8, pp. 1355-1387, 1975. [3] S. K. Leung-Yan-Cheong, M. E. Hellman, “The Gaussian wire-tap channel,” IEEE Trans Inf Theory, vol. IT-24, no. 4, pp. 451-456, July 1978. [4] I. Csisz´ ar and J. K¨orner, “Broadcast channels with confidential messages,” IEEE Trans Inf Theory, vol. IT-24, no. 3, pp. 339-348, May 1978. [5] J. K¨orner and K. Marton, “General broadcast channels with degraded message sets,” IEEE Trans Inf Theory, vol. IT-23, no. 1, pp. 60-64, January 1977. [6] R. Liu, I. Maric, P. Spasojevic and R.D Yates, “Discrete memoryless interference and broadcast channels with confidential messages: secrecy rate regions,” IEEE Trans Inf Theory, vol. IT-54, no. 6, pp. 2493-2507, Jun. 2008. [7] J. Xu, Y. Cao, and B. Chen, “Capacity bounds for broadcast channels with confidential messages,” IEEE Trans Inf Theory, vol. IT-55, no. 6, pp. 4529-4542. 2009. [8] Y. Liang and H. V. Poor, “Multiple-access channels with confidential messages,” IEEE Trans Inf Theory, vol. IT-54, no. 3, pp. 976-1002, Mar. 2008. [9] E. Tekin and A. Yener, “The Gaussian multiple access wire-tap channel,” IEEE Trans Inf Theory, vol. IT-54, no. 12, pp. 5747-5755, Dec. 2008. [10] E. Tekin and A. Yener, “The general Gaussian multiple access and two-way wire-tap channels: Achievable rates and cooperative jamming,” IEEE Trans Inf Theory, vol. IT-54, no. 6, pp. 2735-2751, June 2008. [11] E. Ekrem and S. Ulukus, “On the secrecy of multiple access wiretap channel,” in Proc. Annual Allerton Conf. on Communications, Control and Computing, Monticello, IL, Sept. 2008. [12] Raef Bassily and Sennur Ulukus, “A New Achievable Ergodic Secrecy Rate Region for the Fading Multiple Access Wiretap Channel,” in Proc. Annual Allerton Conf. on Communications, Control and Computing, Monticello, IL, Sept. 2009. [13] Moritz Wiese and Holger Boche, “An Achievable Region for the Wiretap Multiple-Access Channel with Common Message,” Proceedings of 2012 IEEE International Symposium on Information Theory, 2012. [14] Xiang He, Ashish Khisti, and Aylin Yener, “MIMO Multiple Access Channel With an Arbitrarily Varying Eavesdropper: Secrecy Degrees of Freedom,” IEEE Trans Inf Theory, vol. IT-59, no. 8, pp. 4733-4745, 2013. [15] Peng Xu, Zhiguo Ding, and Xuchu Dai, “Rate Regions for Multiple Access Channel With Conference and Secrecy Constraints,” IEEE Trans Inf Forensics and Security, vol. 8, no. 12, pp. 1961-1974, 2013. [16] Y. Liang, A. Somekh-Baruch, H. V. Poor, S. Shamai, and S. Verdu, “Capacity of cognitive interference channels with and without secrecy,” IEEE Trans Inf Theory, vol. IT-55, pp. 604-619, 2009. [17] L. Lai and H. El Gamal, “The relay-eavesdropper channel: cooperation for secrecy,” IEEE Trans Inf Theory, vol. IT-54, no. 9, pp. 4005C4019, Sep. 2008. [18] Y. Oohama, “Coding for relay channels with confidential messages,” in Proceedings of IEEE Information Theory Workshop, Australia, 2001. [19] E. Ekrem and S. Ulukus, “Secrecy in cooperative relay broadcast channels,” IEEE Trans Inf Theory, vol. IT-57, pp. 137-155, 2011. [20] G. Kramer, M. Gastpar and P. Gupta, “Cooperative strategies and capacity theorems for relay networks,” IEEE Trans Inf Theory, vol. IT-51, pp. 3037-3063, 2005. [21] Y. Liang, H. V. Poor and S. Shamai, “Secure communication over fading channels,” IEEE Trans Inf Theory, vol. IT-54, pp. 2470-2492, 2008.

32

[22] T. M. Cover and A. El Gamal, “Capacity theorems for the relay channel,” IEEE Trans Inf Theory, vol. IT-25, pp. 572-584, 1979. [23] K. Marton, “A coding theorem for the discrete memoryless broadcast channel,” IEEE Trans Inf Theory, vol. IT-25, pp. 306-311, 1979. [24] A. A. El Gamal and E. C. van der Meulen, “A proof of Martons coding theorems for the discrete memoryless broadcast channel,” IEEE Trans Inf Theory, vol. IT-27, pp. 120-122, 1981. [25] L. Sankaranarayanan , G. Kramer and N. B. Mandayam, “Capacity theorems for the multiple-access relay channel,” Proceedings of Allerton Conference on Communications, Control and Computing, 2004. [26] X. Tang, R. Liu, P. P. Spasojevic and H. V. Poor, “Interference assisted secret communication,” IEEE Trans Inf Theory, vol. IT-57, pp. 3153-3167, 2011.

Recommend Documents