The Secrecy Capacity of the Semi-deterministic ... - Semantic Scholar
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
The Secrecy Capacity of the Semi-deterministic Broadcast Channel Wei Kang
Nan Liu
School of Information Science and Engineering Southeast University, Nanjing, China 210096
Abstract-In this paper, we study secure communications over a two-user semi-deterministic broadcast channel, i.e., one of the receivers is connected to the transmitter through a deterministic channel. We consider the case where the deterministic receiver is also the eavesdropper for the other receiver's message. We derive the secrecy capacity region by showing that superposition encoding plus Gel'fand-Pinsker encoding is optimal. We find that due to the deterministic component of the channel, Gel'fandPinsker binning alone is enough to achieve perfect secrecy. We also compare our scheme with the capacity-achieving scheme of Marton for the semi-deterministic broadcast channel where there is no secrecy constraint. I. INTRODUCTION
Wireless communications is vulnerable to eavesdropping and jamming attacks because of its broadcast nature. Thus, communicating both reliably and securely over the wireless medium is of great significance. Secrecy capacity is a welladopted criterion for studying eavesdropping attacks, and is defined as the maximum number of bits that can be correctly transmitted to the intended receiver while the eavesdropper is essentially no better informed about the transmitted information after observing the received signal than it was before [1]. The secrecy capacity of a point-to-point communication with a degraded eavesdropper was found by Wyner in [2]. Later, Csiszar and Komer [3] removed the constraint that the eavesdropper is degraded and found an expression for the secrecy capacity in the more general case. Since then, many recent work have focused on characterizing the secrecy capacity region of multi-user wireless networks [4]-[24]. Due to the difficulty of finding capacity results in multi-user networks, secrecy capacity is often hard to obtain. In this paper, we study secure communications over a twouser semi-deterministic broadcast channel, i.e., one of the receivers is connected to the transmitter through a deterministic channel. We consider the case where the deterministic receiver is also the eavesdropper for the other receiver's message, see Figure 1. This is similar to [14]-[ 16], where the receivers of the broadcast channel are eavesdroppers of each other. Secure communications over a broadcast channel have also been studied by considering an external eavesdropper in addition to the receivers [17]-[20]. The converse technique we use in this work was introduced by Komer and Marton in [25], and was proven to be useful in the solution of several problems in multi-user information theory [25]-[29], including the secrecy capacity of the general single-user wire-tap channel [3] and the capacity region of 978-1-4244-4313-0/09/$25.00 ©2009 IEEE
the semi-deterministic broadcast channel [30]. We apply this technique to obtain the upper bound on the capacity region. The secrecy-capacity-achieving scheme consist of superposition encoding plus Gel'fand-Pinsker encoding. Superposition encoding is a technique typically used to reduce interference where part of the interference is encoded into the inner codebook that all receivers decode. In the scenario considered, since the deterministic receiver does not require its message to be secure, the message can be encoded using superposition code to reduce interference. Compared with the more general secrecy-achievable scheme proposed in [14, Section V.B], in the scenario considered, Gel' fand- Pinsker binning alone is enough to achieve perfect secrecy and random binning is not required. This is because the channel of the eavesdropping receiver is deterministic. Finally, we compare the secrecy-capacity-achieving scheme of this paper with the capacity-achieving scheme (no secrecy constraint) of Marton for the semi-deterministic broadcast channel [30]. We note that the comer point of the capacity region of Marton that coincide with the Gel'fand-Pinsker performance naturally satisfy the secrecy constraint considered in this paper. Our secrecy-capacity-achieving scheme is in fact a generalization of the scheme that achieves this comer point, i.e., it is a generalization of the Gel' fand- Pinsker encoding scheme. II. PROBLEM FORMULATION AND MAIN RESULTS
Consider a broadcast channel with transition probability
p(YI' Y2Ix). The input and output alphabets are X, YI and
Y2.
Let WI and W 2 be two independent messages uniformly distributed on {I, 2, ... ,MI } and {I, 2, ... , M 2 } , respectively. The aim of the transmitter is to send message Wi to Receiver i, i == 1, 2, while keeping WI secret from Receiver 2. An (M I , M 2 , n, En, 8n ) code for this channel consists of a sequence of encoding function (possibly random)
and two decoding functions
gf : Yf
~
{I, 2, ... ,Mi } ,
2767
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
i == 1,2,
(2)
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
Similarly, we have nR 2 ::; I(W2; y 2n)
x
n
::; H(y2
VV2
==
L H(YliIYli-l, Y2(i+l)) (12)
H(y1nIW1 )
nIW H(y2 1)
-
L
Pr [g~(1'in) -=I- wilWl =
W2 =
WI,
W2],
(3)
L H(YliIYli-l, Y2(i+l) , WI)
Define auxiliary random variables as TT Vi
Wl,W2
and information leakage
!n (H(Wl) -
H(Wlly2n )) = !I(Wl; y 2n ). n
(4)
A rate pair (R 1, R 2 ) is said to be achievable with secrecy if there exists a sequence of (2nR1, 2nR2, n, En, 6n ) codes such that En --* 0 and 6n --* 0 as n --* 00. The secrecy capacity region is the closure of the set of all achievable rate pairs. Due to the fact that the receivers do not coorporate, similar to the capacity results for broadcast channels, the capacity region depends on p(Yl' Y21x) only through the marginals p(Yllx) and p(Y2Ix). In this paper, we restrict ourselves to the case where the channel between X to Y2 is deterministic, i.e., p(Y2Ix2) is a matrix with elements being either 0 or 1. This correspond to the case where Receiver 2/eavesdropper sees a deterministic channel. The main result of this paper is the following theorem. Theorem 1: The secrecy capacity region of the broadcast channel p(Yl' Y21x) where Receiver 2 is the eavesdropper and sees a deterministic channel is {(R 1 , R 2) : R 1
::;
I(U; Y 1IV) - I(U; Y2IV),
where the mutual informations and entropies are calculated according to distribution p(v, U, X, Yl, Y2) == p(v, u)p(xIU)P(Yl' Y2Ix).
yi-l 1 , "\7n L 2(i+l)'
.
'l
== 1 , 2 ,_ .. , n.
(14)
Further define Q to be an auxiliary random variable that is independent of everything else and uniform on the set {1,2,··· ,n}, and
== X ==
(VQ, Q),
V
X Q,
Y1
U
==
(V, WI),
== Y1Q,
Y2
== Y2Q-
(15)
It is straightforward to check that the random variables thus defined satisfy (6). Thus, from (12) and (13), we have
!n (H(Yr) - H(y2n ) ) = H(YllV) - H(Y2 1V), (16) !n (H(yrIWl) - H(y2nIWl)) = H(YlIU) - H(Y2IU). (17)
From (16) and (17), there exist two real numbers II and 12 such that
+ ''fl,
(18)
!H(y2n ) = H(Y2 1V) + /'1,
(19)
!H(YrIWl) = H(YlIU)
+ /'2,
(20)
!H(y2nIWl) = H(Y2IU)
+ /'2,
(21)
!H(Yr) = H(YllV) n n
n
o ::; II
::; min(I(V; Y1 ) , I(V; Y2))
(22)
due to the fact that H(y1n) ::; nH(Y1 ) , H(y2n) ::; nH(Y2) and
(6)
H(y1n)
Throughout the paper, we use the following shorthand
. 6 . 6 .
for random vectors: K~ K i + 1 , K i +2 , · · · .tc;
==
n where II satisfies
p(v,u)p(xlu)
== K 1 , K 2 , ... .K, and Ki+l ==
n
n
i=1
i=1
==
L H(YliIYli-l) 2: L H(YliIYli-l, Y2(i+l))
==
nH(Y1IV).
(23)
We calculate the information leakage,
III. CONVERSE
bn = !I(Wl; y 2n )
== H(W1 ) == I(W1 ; YIn) + H(W1Iy1n) ::; I(W1 ; YIn) + nc., == H(y n) - H(y nIW 1
1
1)
+ ne«.
(24)
n
We start the converse with Fano's inequality [31], nR 1
==
- H(Y2iIYli-l, Y2(i+l) , WI). (13)
i=I,2
U
n
i=1
== max
bn =
(11)
i=1
with probability of error
2
+ nEn .
n
H(y1n) - H(y2n)
Fig. 1. Secure communications over a semi-deterministic broadcast channel
1M Ml
(10)
Applying the technique [32, page 314, eqn (3.34)], we obtain
WI secret
En
)
+ nEn
(7)
=
(8)
== ==
(9)
!n (H(y2n ) -
H(y2nIWl))
+ II - H(Y2IU) I(U; Y 2 IV ) + II -,2, H(Y2IV)
2768
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
-,2
(25)
(26) (27)
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
where (26) follows from (19) and (21), and (27) follows from the fact that the random variables satisfy (6). Thus, from (9), (18) and (20), we have
R 1 :S H(YIIV)
+ II -
H(Y1IU)
+ En + bn ,
-,2
== I(U; Y1IV) - I(U; Y2IV) + En
(28) (29)
where (29) follows from (27). From (11) and (19), we have
R 2 :S H(Y2IV)
+ II + En
:S H(Y2IV) +min(I(V;Y1),I(V;Y2)) +En ,
(30) (31)
where (31) follows from (22). Hence, if a sequence of codes satisfies that as n goes to infinity, both probability of error and information leakage goes to zero, i.e., En ~ 0 and bn ~ 0, the rate of the codes must satisfy R 1 :SI(U;Y1IV)-I(U;Y2IV)
(32)
R 2 :S H(Y2IV)
(33)
+ min(I(V; Y1 ) , I(V; Y2))
for some p(v, u)p(xlu). Thus, we have proven the converse part of Theorem 1. Remark: The above converse result holds for any broadcast channel P(Yl, Y21 x), where Receiver 2 is the eavesdropper for Receiver 1's message. It is not restricted to the semideterministic broadcast channel where the channel from X to Y2 is deterministic.
IV.
ACHIEVABILITY
It suffices to show that rate pair (I(U; Y1IV) - I(U; Y2IV), H(Y2IV) + min(I(V; Y1 ) , I(V; Y2))) is achievable with secrecy. We show this through the following encoding/decoding scheme, which uses superposition encoding and Gel'fandPinsker encoding. Due to space limitations and the fact that there are no new achievability techniques proposed, we omit the detailed probability of error calculation. Fix a distribution p(v, u)p(xlu). Codebook generation: Generate 2n "( many u" sequences in an i.i.d. fashion according to p(v ). This is denoted as the inner codebook. For each u" sequence, generate two outer codebooks: Outer codebook 1 associated with u": for each u" sequence, generate 2n (R 1 + I (U ;Y 2 IV ) ) many u" sequences. Randomly partition these sequences in 2n R 1 many bins. Outer codebook 2 assoicated with u": for each u" sequence, generate 2n H (Y 2 /V ) many Y2: sequences in a conditional i.i.d. fashion using p(Y2Iv). Encoding: The encoder splits message W 2 into two parts, W 2a and W 2b, of rates I and H(Y2IV), respectively. Suppose W 2a == W2a and W 2b == W2b, the transmitter finds the W2a -th codeword in the inner codebook, denoted as ii": It then finds the w2b-th outer codeword from Outer codebook 2 associated with ii": Denote this sequence Y2:. Let WI == WI. The transmitter looks at the WI-th bin of Outer codebook 1 associated with ii", Among the codewords in this bin, it finds the codeword that is jointly typical with Y2: conditioned on vn and denote this as ii": Since there are
approximately 2n I (U ;Y 2 /V ) many codewords in each bin, the probability that there exists at least one that is jointly typical with Y2: conditioned on vn goes to one as n goes to infinity. Obtain x" sequence by generating it i.i.d. conditioned on (Y2:,u n ) according to p(XIY2,U). Input x" through the channel. Decoding and performance analysis: Receiver 1 first decode vn sequence by joint typicality, i.e., finding the codeword in the inner codebook that is jointly typical with the received signal Yl' This can be done with negligible probability of error as long as (34) It then decodes u" by finding the codeword, denoted as un, of the Outer codebook 1 associated with vn that is jointly typical with Yl conditioned on ii": This can be done with negligible probability of error as long as
Then, it outputs the index of the bin that ii" belongs to as the value of message WI. Receiver 2, due to the deterministic nature of p(Y2Ix), will receive Y2: with no error. It finds the same sequence in one of the Outer codebook 2s. This Outer codebook 2 will be associated with i]n. It decode W 2a as the index of i]n sequence in the inner codebook and W 2b as the index of Y2: in the Outer codebook 2 associated with vn . The probability of error is zero as long as the Y2: sequences in all of the Outer codebook 2s are different and typical, which happens with probability approaching one as long as (36) is satisfied. Since rate pair (I(U;Y1IV) - I(U;Y2IV),H(Y2IV) + min(I(V; Y1 ) , I(V; Y2))) satisfy (34)-(36), the probability of error averaged over all codebooks is small. Therefore, we conclude that there exists a deterministic code, denoted with rate (I(U;Y1IV) - I(U;Y2IV),H(Y2IV) + as min(I(V; Y1 ) , I(V; Y2))) and small probability of error. Now, we show that the secrecy constraint for is also satisfied, i.e., bn ~ O. For en,
en,
en
(37) Due to the deterministic nature of p(Y2Ix), the received y 2n is exactly the same as the y 2n the transmitter generated, and therefore, it is a function of only W 2. Since W 2 and WI are independent, it follows that y 2n and WI are independent. Hence, I(W1 ; Y2 ) == 0, which means bn == 0 for any n. Thus, we have proven rate pair (I(U;Y1IV) - I(U;Y2IV), H(Y2IV) + min(I(V;Y1),I(V;Y2))) is achievable with secrecy. Hence, we have proved the achievability part of Theorem 1.
2769
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
V.
DISCUSSION
We compare the secrecy-capacity-achieving scheme of this paper to the secrecy-achievable scheme of [14, Section V.B]. The first difference is that we rate-split Receiver 2/eavesdropper's message W 2 into two parts and encode one part into the inner codebook that both receivers decode. This superposition encoding scheme can be performed because in our paper, there is no secrecy requirement on W 2 , while in [14], both receivers are eavesdroppers of each other and therefore, superposition encoding can not be done without compromising secrecy. The second difference is that instead of using double-binning [14, Section V.B], which is composed of random-binning and Gel 'fand-Pinsker binning, Gel 'fand-Pinsker binning alone is enough to achieve perfect secrecy in the scenario considered here. This is due to the deterministic nature of the channel of the eavesdropping receiver. We now compare the secrecy-capacity-achieving scheme proposed in this paper with the capacity-achieving scheme of Marton [30] when there is no secrecy constraint. When there is no secrecy constraint on the communication, the capacity region of a semi-deterministic broadcast channel is [30]
U
{(R 1 , R 2)IR 1
::;
I(U; Y1 ) , R 2 < H(Y2 )
+ R2
::;
H(Y2 IU) + I(U; Y1 ) } .
p(u)p(xlu)
R1
(38)
For each fixed distribution p(u )p( x Iu), the region is a pentagon. The two comer points are Point A : and Point B :
(I(U; Y1 ) - I(U; Y2 ) , H(Y2 ) ) (I(U; Y1 ) , H(Y2 IU)).
By setting V == ¢ in the secrecy capacity region described in Theorem 1, we see that Point A is achievable even with the secrecy constraint. In fact, we show in Theorem 1 that in order to achieve the entire secrecy capacity region, all we need to do is to generalize the achievability scheme, i.e., the Gel'fandPinsker encoding, of Point A, to superposition encoding and conditional Gel' fand-Pinsker encoding. VI.
CONCLUSIONS
In this paper, we characterize the secrecy capacity region of a two-user semi-deterministic broadcast channel, where the deterministic receiver is also the eavesdropper for the other receiver's message. We fully utilize the fact that the channel between the eavesdropping receiver and the transmitter is deterministic and show that superposition encoding plus Gel' fand-Pinsker encoding is optimal. The secrecy capacity remains open for the case where the non-deterministic receiver is the eavesdropper of the message of the deterministic receiver. In this case, it is much harder to utilize the fact that the channel to one of the receivers is deterministic. REFERENCES [1] S. K. Leung- Yan-Cheong and M. E. Hellman. The Gaussian wire-tap channel. IEEE Trans. on Information Theory, 24(4):451-456, July 1978. [2] A. D. Wyner. The wire-tap channel. Bell Syst. Tech. J, 54(8):2-10, October 1975.
[3] I. Csiszar and J. Komer. Broadcast channels with confidential messages. IEEE Trans. on Information Theory, 24(3):339-348, May 1978. [4] Y. Liang and H. V. Poor. Generalized multiple access channels with confidential messages. IEEE Trans. on Information Theory, 54(3):9761002, March 2008. [5] E. Tekin and A. Yener. The Gaussian multiple access wire-tap channel. Submitted to IEEE Trans. on Information Theory, May 2006. [6] E. Tekin and A. Yener. The general Gaussian multiple access and twoway wire-tap channels: Achievable rates and cooperative jamming. IEEE Trans. on Information Theory, 54(6):2735-2751, June 2008. [7] X. Tang, R. Liu, P. Spasojevic, and H. V. Poor. Multiple access channels with generalized feedback and confidential messages. In IEEE Information Theory Workshop on Frontiers in Coding Theory, Lake Tahoe, CA, September 2007. [8] Y. Liang, A. Somekh-Baruch, H. V. Poor, S. Shamai (Shitz), and S. Verdu. Capacity of cognitive interference channels with and without secrecy. Submitted to IEEE Trans. on Information Theory, December 2007. [9] L. Lai and H. EI Gamal. The relay-eavesdropper channel: Cooperation for secrecy. IEEE Trans. on Information Theory, 54(9):4005-4019, September 2008. [10] Y. Oohama. Relay channels with confidential messages. Submitted to IEEE Trans. on Information Theory. [11] E. Ekrem and S. Ulukus. Effects of cooperation on the secrecy of multiple access channels with generalized feedback. In Conference on Information Sciences and Systems, March 2008. [12] E. Ekrem and S. Ulukus. On the secrecy of multiple access wiretap channel. In 46th Annual Allerton Conference on Communications, Control and Computing, September 2008. [13] E. Ekrem and S. Ulukus. Secrecy in cooperative relay broadcast channels. Submitted to IEEE Trans. on Information Theory, October 2008. [14] R. Liu, I. Marie, P. Spasojevic, and R. D. Yates. Discrete memoryless interference and broadcast channels with confidential messages: Secrecy rate regions. IEEE Trans. on Information Theory, 54(6):2493-2507, June 2008. [15] R. Liu and H. V. Poor. Secrecy capacity region of a multi-antenna Gaussian broadcast channel with condential messages. Submitted to IEEE Trans. Information Theory, September 2007. [16] J. Xu, Y. Cao, and B. Chen. Capacity bounds for broadcast channels with confidential messages. Submitted to IEEE Trans. on Information Theory, May 2008. [17] A. Khisti, A. Tchamkerten, and G. W. Womell. Secure broadcasting over fading channels. IEEE Trans. on Information Theory, 54(6):2453-2469, June 2008. [18] E. Ekrem and S. Ulukus. Secrecy capacity of a class of broadcast channels with an eavesdropper. Submitted to EURASIP Journal on Wireless Communications and Networking, Special Isssue on Wireless Physical Layer Security, November 2008. [19] G. Bagherikaram, A. S. Motahari, and A. K. Khandani. The secrecy rate region of the broadcast channel. available online: arxiv.org/pdj/0806.4200. [20] Li-Chia Choo and Kai-Kit Wong. The K-receiver broadcast channel with confidential messages. Submitted to IEEE Trans. on Information Theory. [21] M. Yuksel and E. Erkip. The relay channel with a wire-tapper. In 41st Annual Conference on Information Sciences and Systems, March 2007. [22] X. He and A. Yener. Cooperation with an untrusted relay: A secrecy perspective. Submitted to IEEE Trans. on Information Theory, October 2008. [23] X. He and A. Yener. On the equivocation region of relay channels with orthogonal components. In Asilomar Conference on Signals, Systems, and Computers, Pacific Grove, CA, November 2007. [24] X. Tang, R. Liu, P. Spasojevic, and H. V. Poor. The Gaussian wiretap channel with a helping interferer. In IEEE International Symposium on Information Theory, Toronto, Canada, July 2008. [25] J. Komer and K. Marton. Images of a set via two channels and their role in multi-user communication. IEEE Trans. on Information Theory, 23(6):751-761, Nov. 1977. [26] J. Komer and K. Marton. General broadcast channels with degraded message sets. IEEE Trans. on Information Theory, 23( 1):60-64, Jan. 1977. [27] S. I. Gelfand and M. S. Pinsker. Coding for channel with random parameters. Probl. Contr. and Inform. Theory, 9(1):19-31, 1980.
2770
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009 [28] R. Ahlswede and N. Cai. General Theory of Information Transfer and Combinatorics, Lecture Notes in Computer Science, Vol. 4123, chapter Codes with the identifiable parent property and the multiple-access channel, pages 249-257. Springer Verlag, 2006. [29] N. Liu and A. Goldsmith. Superposition encoding and partial decoding is optimal for a class of Z-interference channels. In IEEE International Symposium on Information Theory, Toronto, CA, July 2008. [30] K. Marton. A coding theorem for the discrete memoryless broadcast channel. IEEE Trans. on Information Theory, 25:306-311, May 1979. [31] T. M. Cover and 1. A. Thomas. Elements of Information Theory. WileyInterscience, 1991. [32] 1. Csiszar and 1. Komer. Information Theory: Coding Theorems for Discrete Memoryless Systems. Academic Press, 1981.
2771
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
The Secrecy Capacity of the Semi-deterministic Broadcast Channel Wei Kang
Nan Liu
School of Information Science and Engineering Southeast University, Nanjing, China 210096
Abstract-In this paper, we study secure communications over a two-user semi-deterministic broadcast channel, i.e., one of the receivers is connected to the transmitter through a deterministic channel. We consider the case where the deterministic receiver is also the eavesdropper for the other receiver's message. We derive the secrecy capacity region by showing that superposition encoding plus Gel'fand-Pinsker encoding is optimal. We find that due to the deterministic component of the channel, Gel'fandPinsker binning alone is enough to achieve perfect secrecy. We also compare our scheme with the capacity-achieving scheme of Marton for the semi-deterministic broadcast channel where there is no secrecy constraint. I. INTRODUCTION
Wireless communications is vulnerable to eavesdropping and jamming attacks because of its broadcast nature. Thus, communicating both reliably and securely over the wireless medium is of great significance. Secrecy capacity is a welladopted criterion for studying eavesdropping attacks, and is defined as the maximum number of bits that can be correctly transmitted to the intended receiver while the eavesdropper is essentially no better informed about the transmitted information after observing the received signal than it was before [1]. The secrecy capacity of a point-to-point communication with a degraded eavesdropper was found by Wyner in [2]. Later, Csiszar and Komer [3] removed the constraint that the eavesdropper is degraded and found an expression for the secrecy capacity in the more general case. Since then, many recent work have focused on characterizing the secrecy capacity region of multi-user wireless networks [4]-[24]. Due to the difficulty of finding capacity results in multi-user networks, secrecy capacity is often hard to obtain. In this paper, we study secure communications over a twouser semi-deterministic broadcast channel, i.e., one of the receivers is connected to the transmitter through a deterministic channel. We consider the case where the deterministic receiver is also the eavesdropper for the other receiver's message, see Figure 1. This is similar to [14]-[ 16], where the receivers of the broadcast channel are eavesdroppers of each other. Secure communications over a broadcast channel have also been studied by considering an external eavesdropper in addition to the receivers [17]-[20]. The converse technique we use in this work was introduced by Komer and Marton in [25], and was proven to be useful in the solution of several problems in multi-user information theory [25]-[29], including the secrecy capacity of the general single-user wire-tap channel [3] and the capacity region of 978-1-4244-4313-0/09/$25.00 ©2009 IEEE
the semi-deterministic broadcast channel [30]. We apply this technique to obtain the upper bound on the capacity region. The secrecy-capacity-achieving scheme consist of superposition encoding plus Gel'fand-Pinsker encoding. Superposition encoding is a technique typically used to reduce interference where part of the interference is encoded into the inner codebook that all receivers decode. In the scenario considered, since the deterministic receiver does not require its message to be secure, the message can be encoded using superposition code to reduce interference. Compared with the more general secrecy-achievable scheme proposed in [14, Section V.B], in the scenario considered, Gel' fand- Pinsker binning alone is enough to achieve perfect secrecy and random binning is not required. This is because the channel of the eavesdropping receiver is deterministic. Finally, we compare the secrecy-capacity-achieving scheme of this paper with the capacity-achieving scheme (no secrecy constraint) of Marton for the semi-deterministic broadcast channel [30]. We note that the comer point of the capacity region of Marton that coincide with the Gel'fand-Pinsker performance naturally satisfy the secrecy constraint considered in this paper. Our secrecy-capacity-achieving scheme is in fact a generalization of the scheme that achieves this comer point, i.e., it is a generalization of the Gel' fand- Pinsker encoding scheme. II. PROBLEM FORMULATION AND MAIN RESULTS
Consider a broadcast channel with transition probability
p(YI' Y2Ix). The input and output alphabets are X, YI and
Y2.
Let WI and W 2 be two independent messages uniformly distributed on {I, 2, ... ,MI } and {I, 2, ... , M 2 } , respectively. The aim of the transmitter is to send message Wi to Receiver i, i == 1, 2, while keeping WI secret from Receiver 2. An (M I , M 2 , n, En, 8n ) code for this channel consists of a sequence of encoding function (possibly random)
and two decoding functions
gf : Yf
~
{I, 2, ... ,Mi } ,
2767
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
i == 1,2,
(2)
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
Similarly, we have nR 2 ::; I(W2; y 2n)
x
n
::; H(y2
VV2
==
L H(YliIYli-l, Y2(i+l)) (12)
H(y1nIW1 )
nIW H(y2 1)
-
L
Pr [g~(1'in) -=I- wilWl =
W2 =
WI,
W2],
(3)
L H(YliIYli-l, Y2(i+l) , WI)
Define auxiliary random variables as TT Vi
Wl,W2
and information leakage
!n (H(Wl) -
H(Wlly2n )) = !I(Wl; y 2n ). n
(4)
A rate pair (R 1, R 2 ) is said to be achievable with secrecy if there exists a sequence of (2nR1, 2nR2, n, En, 6n ) codes such that En --* 0 and 6n --* 0 as n --* 00. The secrecy capacity region is the closure of the set of all achievable rate pairs. Due to the fact that the receivers do not coorporate, similar to the capacity results for broadcast channels, the capacity region depends on p(Yl' Y21x) only through the marginals p(Yllx) and p(Y2Ix). In this paper, we restrict ourselves to the case where the channel between X to Y2 is deterministic, i.e., p(Y2Ix2) is a matrix with elements being either 0 or 1. This correspond to the case where Receiver 2/eavesdropper sees a deterministic channel. The main result of this paper is the following theorem. Theorem 1: The secrecy capacity region of the broadcast channel p(Yl' Y21x) where Receiver 2 is the eavesdropper and sees a deterministic channel is {(R 1 , R 2) : R 1
::;
I(U; Y 1IV) - I(U; Y2IV),
where the mutual informations and entropies are calculated according to distribution p(v, U, X, Yl, Y2) == p(v, u)p(xIU)P(Yl' Y2Ix).
yi-l 1 , "\7n L 2(i+l)'
.
'l
== 1 , 2 ,_ .. , n.
(14)
Further define Q to be an auxiliary random variable that is independent of everything else and uniform on the set {1,2,··· ,n}, and
== X ==
(VQ, Q),
V
X Q,
Y1
U
==
(V, WI),
== Y1Q,
Y2
== Y2Q-
(15)
It is straightforward to check that the random variables thus defined satisfy (6). Thus, from (12) and (13), we have
!n (H(Yr) - H(y2n ) ) = H(YllV) - H(Y2 1V), (16) !n (H(yrIWl) - H(y2nIWl)) = H(YlIU) - H(Y2IU). (17)
From (16) and (17), there exist two real numbers II and 12 such that
+ ''fl,
(18)
!H(y2n ) = H(Y2 1V) + /'1,
(19)
!H(YrIWl) = H(YlIU)
+ /'2,
(20)
!H(y2nIWl) = H(Y2IU)
+ /'2,
(21)
!H(Yr) = H(YllV) n n
n
o ::; II
::; min(I(V; Y1 ) , I(V; Y2))
(22)
due to the fact that H(y1n) ::; nH(Y1 ) , H(y2n) ::; nH(Y2) and
(6)
H(y1n)
Throughout the paper, we use the following shorthand
. 6 . 6 .
for random vectors: K~ K i + 1 , K i +2 , · · · .tc;
==
n where II satisfies
p(v,u)p(xlu)
== K 1 , K 2 , ... .K, and Ki+l ==
n
n
i=1
i=1
==
L H(YliIYli-l) 2: L H(YliIYli-l, Y2(i+l))
==
nH(Y1IV).
(23)
We calculate the information leakage,
III. CONVERSE
bn = !I(Wl; y 2n )
== H(W1 ) == I(W1 ; YIn) + H(W1Iy1n) ::; I(W1 ; YIn) + nc., == H(y n) - H(y nIW 1
1
1)
+ ne«.
(24)
n
We start the converse with Fano's inequality [31], nR 1
==
- H(Y2iIYli-l, Y2(i+l) , WI). (13)
i=I,2
U
n
i=1
== max
bn =
(11)
i=1
with probability of error
2
+ nEn .
n
H(y1n) - H(y2n)
Fig. 1. Secure communications over a semi-deterministic broadcast channel
1M Ml
(10)
Applying the technique [32, page 314, eqn (3.34)], we obtain
WI secret
En
)
+ nEn
(7)
=
(8)
== ==
(9)
!n (H(y2n ) -
H(y2nIWl))
+ II - H(Y2IU) I(U; Y 2 IV ) + II -,2, H(Y2IV)
2768
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
-,2
(25)
(26) (27)
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
where (26) follows from (19) and (21), and (27) follows from the fact that the random variables satisfy (6). Thus, from (9), (18) and (20), we have
R 1 :S H(YIIV)
+ II -
H(Y1IU)
+ En + bn ,
-,2
== I(U; Y1IV) - I(U; Y2IV) + En
(28) (29)
where (29) follows from (27). From (11) and (19), we have
R 2 :S H(Y2IV)
+ II + En
:S H(Y2IV) +min(I(V;Y1),I(V;Y2)) +En ,
(30) (31)
where (31) follows from (22). Hence, if a sequence of codes satisfies that as n goes to infinity, both probability of error and information leakage goes to zero, i.e., En ~ 0 and bn ~ 0, the rate of the codes must satisfy R 1 :SI(U;Y1IV)-I(U;Y2IV)
(32)
R 2 :S H(Y2IV)
(33)
+ min(I(V; Y1 ) , I(V; Y2))
for some p(v, u)p(xlu). Thus, we have proven the converse part of Theorem 1. Remark: The above converse result holds for any broadcast channel P(Yl, Y21 x), where Receiver 2 is the eavesdropper for Receiver 1's message. It is not restricted to the semideterministic broadcast channel where the channel from X to Y2 is deterministic.
IV.
ACHIEVABILITY
It suffices to show that rate pair (I(U; Y1IV) - I(U; Y2IV), H(Y2IV) + min(I(V; Y1 ) , I(V; Y2))) is achievable with secrecy. We show this through the following encoding/decoding scheme, which uses superposition encoding and Gel'fandPinsker encoding. Due to space limitations and the fact that there are no new achievability techniques proposed, we omit the detailed probability of error calculation. Fix a distribution p(v, u)p(xlu). Codebook generation: Generate 2n "( many u" sequences in an i.i.d. fashion according to p(v ). This is denoted as the inner codebook. For each u" sequence, generate two outer codebooks: Outer codebook 1 associated with u": for each u" sequence, generate 2n (R 1 + I (U ;Y 2 IV ) ) many u" sequences. Randomly partition these sequences in 2n R 1 many bins. Outer codebook 2 assoicated with u": for each u" sequence, generate 2n H (Y 2 /V ) many Y2: sequences in a conditional i.i.d. fashion using p(Y2Iv). Encoding: The encoder splits message W 2 into two parts, W 2a and W 2b, of rates I and H(Y2IV), respectively. Suppose W 2a == W2a and W 2b == W2b, the transmitter finds the W2a -th codeword in the inner codebook, denoted as ii": It then finds the w2b-th outer codeword from Outer codebook 2 associated with ii": Denote this sequence Y2:. Let WI == WI. The transmitter looks at the WI-th bin of Outer codebook 1 associated with ii", Among the codewords in this bin, it finds the codeword that is jointly typical with Y2: conditioned on vn and denote this as ii": Since there are
approximately 2n I (U ;Y 2 /V ) many codewords in each bin, the probability that there exists at least one that is jointly typical with Y2: conditioned on vn goes to one as n goes to infinity. Obtain x" sequence by generating it i.i.d. conditioned on (Y2:,u n ) according to p(XIY2,U). Input x" through the channel. Decoding and performance analysis: Receiver 1 first decode vn sequence by joint typicality, i.e., finding the codeword in the inner codebook that is jointly typical with the received signal Yl' This can be done with negligible probability of error as long as (34) It then decodes u" by finding the codeword, denoted as un, of the Outer codebook 1 associated with vn that is jointly typical with Yl conditioned on ii": This can be done with negligible probability of error as long as
Then, it outputs the index of the bin that ii" belongs to as the value of message WI. Receiver 2, due to the deterministic nature of p(Y2Ix), will receive Y2: with no error. It finds the same sequence in one of the Outer codebook 2s. This Outer codebook 2 will be associated with i]n. It decode W 2a as the index of i]n sequence in the inner codebook and W 2b as the index of Y2: in the Outer codebook 2 associated with vn . The probability of error is zero as long as the Y2: sequences in all of the Outer codebook 2s are different and typical, which happens with probability approaching one as long as (36) is satisfied. Since rate pair (I(U;Y1IV) - I(U;Y2IV),H(Y2IV) + min(I(V; Y1 ) , I(V; Y2))) satisfy (34)-(36), the probability of error averaged over all codebooks is small. Therefore, we conclude that there exists a deterministic code, denoted with rate (I(U;Y1IV) - I(U;Y2IV),H(Y2IV) + as min(I(V; Y1 ) , I(V; Y2))) and small probability of error. Now, we show that the secrecy constraint for is also satisfied, i.e., bn ~ O. For en,
en,
en
(37) Due to the deterministic nature of p(Y2Ix), the received y 2n is exactly the same as the y 2n the transmitter generated, and therefore, it is a function of only W 2. Since W 2 and WI are independent, it follows that y 2n and WI are independent. Hence, I(W1 ; Y2 ) == 0, which means bn == 0 for any n. Thus, we have proven rate pair (I(U;Y1IV) - I(U;Y2IV), H(Y2IV) + min(I(V;Y1),I(V;Y2))) is achievable with secrecy. Hence, we have proved the achievability part of Theorem 1.
2769
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009
V.
DISCUSSION
We compare the secrecy-capacity-achieving scheme of this paper to the secrecy-achievable scheme of [14, Section V.B]. The first difference is that we rate-split Receiver 2/eavesdropper's message W 2 into two parts and encode one part into the inner codebook that both receivers decode. This superposition encoding scheme can be performed because in our paper, there is no secrecy requirement on W 2 , while in [14], both receivers are eavesdroppers of each other and therefore, superposition encoding can not be done without compromising secrecy. The second difference is that instead of using double-binning [14, Section V.B], which is composed of random-binning and Gel 'fand-Pinsker binning, Gel 'fand-Pinsker binning alone is enough to achieve perfect secrecy in the scenario considered here. This is due to the deterministic nature of the channel of the eavesdropping receiver. We now compare the secrecy-capacity-achieving scheme proposed in this paper with the capacity-achieving scheme of Marton [30] when there is no secrecy constraint. When there is no secrecy constraint on the communication, the capacity region of a semi-deterministic broadcast channel is [30]
U
{(R 1 , R 2)IR 1
::;
I(U; Y1 ) , R 2 < H(Y2 )
+ R2
::;
H(Y2 IU) + I(U; Y1 ) } .
p(u)p(xlu)
R1
(38)
For each fixed distribution p(u )p( x Iu), the region is a pentagon. The two comer points are Point A : and Point B :
(I(U; Y1 ) - I(U; Y2 ) , H(Y2 ) ) (I(U; Y1 ) , H(Y2 IU)).
By setting V == ¢ in the secrecy capacity region described in Theorem 1, we see that Point A is achievable even with the secrecy constraint. In fact, we show in Theorem 1 that in order to achieve the entire secrecy capacity region, all we need to do is to generalize the achievability scheme, i.e., the Gel'fandPinsker encoding, of Point A, to superposition encoding and conditional Gel' fand-Pinsker encoding. VI.
CONCLUSIONS
In this paper, we characterize the secrecy capacity region of a two-user semi-deterministic broadcast channel, where the deterministic receiver is also the eavesdropper for the other receiver's message. We fully utilize the fact that the channel between the eavesdropping receiver and the transmitter is deterministic and show that superposition encoding plus Gel' fand-Pinsker encoding is optimal. The secrecy capacity remains open for the case where the non-deterministic receiver is the eavesdropper of the message of the deterministic receiver. In this case, it is much harder to utilize the fact that the channel to one of the receivers is deterministic. REFERENCES [1] S. K. Leung- Yan-Cheong and M. E. Hellman. The Gaussian wire-tap channel. IEEE Trans. on Information Theory, 24(4):451-456, July 1978. [2] A. D. Wyner. The wire-tap channel. Bell Syst. Tech. J, 54(8):2-10, October 1975.
[3] I. Csiszar and J. Komer. Broadcast channels with confidential messages. IEEE Trans. on Information Theory, 24(3):339-348, May 1978. [4] Y. Liang and H. V. Poor. Generalized multiple access channels with confidential messages. IEEE Trans. on Information Theory, 54(3):9761002, March 2008. [5] E. Tekin and A. Yener. The Gaussian multiple access wire-tap channel. Submitted to IEEE Trans. on Information Theory, May 2006. [6] E. Tekin and A. Yener. The general Gaussian multiple access and twoway wire-tap channels: Achievable rates and cooperative jamming. IEEE Trans. on Information Theory, 54(6):2735-2751, June 2008. [7] X. Tang, R. Liu, P. Spasojevic, and H. V. Poor. Multiple access channels with generalized feedback and confidential messages. In IEEE Information Theory Workshop on Frontiers in Coding Theory, Lake Tahoe, CA, September 2007. [8] Y. Liang, A. Somekh-Baruch, H. V. Poor, S. Shamai (Shitz), and S. Verdu. Capacity of cognitive interference channels with and without secrecy. Submitted to IEEE Trans. on Information Theory, December 2007. [9] L. Lai and H. EI Gamal. The relay-eavesdropper channel: Cooperation for secrecy. IEEE Trans. on Information Theory, 54(9):4005-4019, September 2008. [10] Y. Oohama. Relay channels with confidential messages. Submitted to IEEE Trans. on Information Theory. [11] E. Ekrem and S. Ulukus. Effects of cooperation on the secrecy of multiple access channels with generalized feedback. In Conference on Information Sciences and Systems, March 2008. [12] E. Ekrem and S. Ulukus. On the secrecy of multiple access wiretap channel. In 46th Annual Allerton Conference on Communications, Control and Computing, September 2008. [13] E. Ekrem and S. Ulukus. Secrecy in cooperative relay broadcast channels. Submitted to IEEE Trans. on Information Theory, October 2008. [14] R. Liu, I. Marie, P. Spasojevic, and R. D. Yates. Discrete memoryless interference and broadcast channels with confidential messages: Secrecy rate regions. IEEE Trans. on Information Theory, 54(6):2493-2507, June 2008. [15] R. Liu and H. V. Poor. Secrecy capacity region of a multi-antenna Gaussian broadcast channel with condential messages. Submitted to IEEE Trans. Information Theory, September 2007. [16] J. Xu, Y. Cao, and B. Chen. Capacity bounds for broadcast channels with confidential messages. Submitted to IEEE Trans. on Information Theory, May 2008. [17] A. Khisti, A. Tchamkerten, and G. W. Womell. Secure broadcasting over fading channels. IEEE Trans. on Information Theory, 54(6):2453-2469, June 2008. [18] E. Ekrem and S. Ulukus. Secrecy capacity of a class of broadcast channels with an eavesdropper. Submitted to EURASIP Journal on Wireless Communications and Networking, Special Isssue on Wireless Physical Layer Security, November 2008. [19] G. Bagherikaram, A. S. Motahari, and A. K. Khandani. The secrecy rate region of the broadcast channel. available online: arxiv.org/pdj/0806.4200. [20] Li-Chia Choo and Kai-Kit Wong. The K-receiver broadcast channel with confidential messages. Submitted to IEEE Trans. on Information Theory. [21] M. Yuksel and E. Erkip. The relay channel with a wire-tapper. In 41st Annual Conference on Information Sciences and Systems, March 2007. [22] X. He and A. Yener. Cooperation with an untrusted relay: A secrecy perspective. Submitted to IEEE Trans. on Information Theory, October 2008. [23] X. He and A. Yener. On the equivocation region of relay channels with orthogonal components. In Asilomar Conference on Signals, Systems, and Computers, Pacific Grove, CA, November 2007. [24] X. Tang, R. Liu, P. Spasojevic, and H. V. Poor. The Gaussian wiretap channel with a helping interferer. In IEEE International Symposium on Information Theory, Toronto, Canada, July 2008. [25] J. Komer and K. Marton. Images of a set via two channels and their role in multi-user communication. IEEE Trans. on Information Theory, 23(6):751-761, Nov. 1977. [26] J. Komer and K. Marton. General broadcast channels with degraded message sets. IEEE Trans. on Information Theory, 23( 1):60-64, Jan. 1977. [27] S. I. Gelfand and M. S. Pinsker. Coding for channel with random parameters. Probl. Contr. and Inform. Theory, 9(1):19-31, 1980.
2770
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
ISIT 2009, Seoul, Korea, June 28 - July 3, 2009 [28] R. Ahlswede and N. Cai. General Theory of Information Transfer and Combinatorics, Lecture Notes in Computer Science, Vol. 4123, chapter Codes with the identifiable parent property and the multiple-access channel, pages 249-257. Springer Verlag, 2006. [29] N. Liu and A. Goldsmith. Superposition encoding and partial decoding is optimal for a class of Z-interference channels. In IEEE International Symposium on Information Theory, Toronto, CA, July 2008. [30] K. Marton. A coding theorem for the discrete memoryless broadcast channel. IEEE Trans. on Information Theory, 25:306-311, May 1979. [31] T. M. Cover and 1. A. Thomas. Elements of Information Theory. WileyInterscience, 1991. [32] 1. Csiszar and 1. Komer. Information Theory: Coding Theorems for Discrete Memoryless Systems. Academic Press, 1981.
2771
Authorized licensed use limited to: Nanjing Southeast University. Downloaded on December 23, 2009 at 20:35 from IEEE Xplore. Restrictions apply.
