On The Achievable Rate Region of a New Wiretap Channel With Side Information

# On The Achievable Rate Region of a New Wiretap Channel With Side Information

Hamid G. Bafghi, Babak Seyfe, Mahtab Mirmohseni,M. Reza Aref
Electrical Engineering Department, Shahed University, Tehran, Iran.
ISSL Laboratory, Electrical Engineering Department, Sharif University of Technology, Tehran, Iran.
###### Abstract

A new applicable wiretap channel with separated side information is considered here which consist of a sender, a legitimate receiver and a wiretapper. In the considered scenario, the links from the transmitter to the legitimate receiver and the eavesdropper experience different conditions or channel states. So, the legitimate receiver and the wiretapper listen to the transmitted signal through the channels with different channel states which may have some correlation to each other. It is assumed that the transmitter knows the state of the main channel non-causally and uses this knowledge to encode its message. The state of the wiretap channel is not known anywhere. An achievable equivocation rate region is derived for this model and is compared to the existing works. In some special cases, the results are extended to the Gaussian wiretap channel.

Equivocation rate, secrecy capacity, side information, wiretap channel, perfect secrecy.

## I Introduction

Secure communication from an information theoretic perspective was first studied by Shannon in his famous paper [1], where a noiseless channel model was assumed with an eavesdropper which has an identical copy of the encrypted message as a legitimate receiver, and the sufficient and necessary condition for perfect secrecy using information theoretic concepts were established. In the Shannon’s model, a source message  is encrypted to a ciphertext  by a key  shared by the transmitter and the receiver. An eavesdropper, which knows the family of encryption functions, i.e., keys and the probability of choosing the keys, may intercept the ciphertext . The system is considered to be perfectly secure if the a posteriori probabilities of  for all  would be equal to the a priori probabilities, i.e., . Alternatively, Shannon proved that the perfect secrecy can be achieved only when the secret key is at least as long as the plaintext message or more precisely, when .

The wiretap channel was first introduced and studied by Wyner in his fundamental paper [2] which is the most basic physical layer model explains the communication security’s problems. In his model, the transmitter wishes to transmit a source signal, i.e., a confidential message, to a legitimate receiver in a way that this message be kept secret from an eavesdropper. In this model illustrated in Fig. 1, despite of the Shannon’s model, it is assumed that the channel to the eavesdropper is a physically degraded version of the channel to the legitimate receiver. In other words, the channel’s output at the eavesdropper may be a noisy version of the channel output at the legitimate receiver. On the other hand, the transmitter communicates to the intended receiver through the main channel which may be noisy or noiseless, but the wiretapper receives a noisy copy of the message through a wiretap channel which is a cascade of the main channel. In addition, Wyner [2] assumed that the eavesdropper knows the transmitter’s encoding-decoding scheme. So, the objective is maximizing the rate of reliable communication such that the wiretapper realizes as little as possible about the source output. The information leakage was measured by equivocation rate as , where  and  are represented the message set and the channel output at the wiretapper, respectively. Eavesdropper is assumed to be a passive receiver which does not transmit any signal over the channel. Furthermore, Wyner [2] proposed a basic principle coding strategy to achieve secure communication for wiretap channels which is based on the fact that the eavesdropper is not able to decode any information more than it’s channel capacity.

Csiszár and Körner generalized the Wyner’s wiretap channel [3]. In their model, it is assumed that the wiretap channel’s output is not necessarily a degraded version of the legitimate receiver’s one. They showed that the secrecy capacity can be expressed as , where  and  are the channel input, the channel output in the legitimate receiver and the channel output at the wiretapper, respectively. Moreover, the maximization is over all random variables  in joint distribution with  and  such that  forms a Markov Chain.

Using the channel state information in communication channel models was introduced by Shannon in his landmark paper [4], where he assumed the availability of Channel Side Information at the Transmitter (CSIT). Gel’fand and Pinsker in their essential work [5] proved that the capacity of the state-dependent discrete memoryless channel with non-causally CSIT is given by , where the maximum is taken over all input distribution  with a finite alphabet auxiliary random variable .

Costa in his well known paper named Writing on Dirty Paper, extended this result to the Gaussian channel and showed that for this channel, interference did not affect the capacity [6]. He chose  and maximized the Gel’fand and Pinsker’s capacity over all quantity of  and proved that for this value of , the capacity of the channel reduces to the channel without states. The dirty paper channel was extended to the basic Gaussian wiretap channel with side information by Mitrpant and et al. [7], in which an achievable and upper bound for this channel has been introduced.

Chen and Vinck investigated Wyner’s wiretap channel with side information [8] (Fig. 2). Their results are based on the previous wiretap channel’s results in [2][3][7] and the discrete memoryless channel with state information [5]. They gave an achievable rate region which is established using a combination of the Gel’fand-Pinsker coding and the Wyner’s wiretap coding. They extended their results to the Gaussian wiretap channel with side information using the same technique like dirty paper channel [8].

Furthermore, there were some different works on the wiretap channel with and without side information. The work [10] studied the two way wiretap channel. The Gaussian wiretap channel with m-pam inputs was considered in [11] and the secrecy capacity of the Gaussian MIMO multi-receiver wiretap channel was investigated by [12]. Liu et al. in [9], studied the two-sided channel state problem in the discrete memoryless wiretap channel, where as shown in Fig. 3, the information of the two-sided channel states are available at the transmitter and the main receiver, respectively. In addition, in their scenario the wiretap channel is not necessarily a degraded version of the main channel. An achievable rate equivocation region for this general case is given in [9]. Khisti et. al., considered the secret-key agreement problem in the wiretap channel [13][14]. In their model, the transmitter communicates to the legitimate receiver and the eavesdropper over a discrete memoryless wiretap channel with a memoryless state sequence. The transmitter and the legitimate receiver generate a shared secret key that remains secret from the eavesdropper. The results are comparable to the wiretap channel introduced by [8]. Recently, an improved lower bound for the wiretap channel with causal state information at the transmitter and receiver has been reported in [15], where the achievability of the rate region is proved using block Markov coding, Shannon strategy, and key generation from the common state information [4]. The state sequence available at the end of each block, is used to generate a key which is used to enhance the transmission rate of the confidential message in the following block.

In this paper, we introduce a new wiretap channel model with side information, in which the wiretapper’s messages is not a degraded version of the legitimate receiver’s one. On the other hand, the transmitter sends its message through the main and the wiretap channels. So, the receiver and the wiretapper listen to the sent message from the separated channels with different characteristics, i.e., different channel states. This model is a general case of Chen–Vinck [8] and Wyner wiretap channel [2] and reduces to these channels in special cases. We extend our model to the Gaussian wiretap channel where the states of the main and wiretapper channels are different with some correlation coefficients. In the Gaussian case, if the correlation coefficients are equal to one, our channel reduces to Chen–Vinck’s channel. The proposed channel is illustrated in Fig. 4.

The rest of the paper is organized as follows. In Section II, the channel model is introduced. The main results are presented in Section III. In Section IV, the proof of the main results are given. In Section V, the results are extended to the Gaussian case and the paper is concluded in the last section.

## Ii Channel Model and Preliminaries

First, we clear our notation in this paper. Let  be a finite set. Denote its cardinality by . If we consider , the members of  will be written as , where subscripted letters denote the components and superscripted letters denote the vector. A similar convention applies to random vectors and random variables, which are denoted by uppercase letters.

Consider the situation shown in Fig. 4. Assume that the state information of the main channel, i.e., the channel from the transmitter to the legitimate receiver, is known at the encoder non-causally but the state of the wiretapper’s channel is unknown and the channels’ states, i.e.  , are independent and identically distributed (i.i.d), but  and  are correlated. The transmitter sends the message  to the legitimate receiver in  channel uses. Based on the  and , the encoder generates the codeword  and transmits it on the main and the wiretap channels. The decoder at the legitimate receiver makes an estimation of the transmitted message  based on the received message . The corresponding output at the wiretapper is . The channels are memoryless, i.e.,

 p(yN|xN,vN)=N∏i=1p(yi|xi,vi) (1) p(zN|xN,vN)=N∏i=1p(zi|xi,vi) (2)

Assume that  is uniformly distributed on , so . The average probability of error  is given by

 Pe=1MM∑i=1Pr(^Sk(YN)≠i|Sk=i) (3)

We define the rate of the transmission to the intended receiver to be

 R=logMN (4)

and the fractional equivocation wiretapper to be

 d=H(Sk|ZN)H(Sk) (5)

Obviously, we have .

## Iii Main Results: outer and inner bounds

Like [8], we say that the pair  is achievable, if for all , there exists an encoder-decoder pair such that

 R≥R∗−ϵ,d≥d∗−ϵ,Pe≤ϵ. (6)

Definition 1: The secrecy capacity  is the maximum  such that  is achievable.

Definition 2: We denote

 RU1=I(U;Y)−max{I(U;V1,V2),I(U;Z)} (7) RU2=I(U;Y)−I(U;V1,V2) (8) dU2=RU1RU2=I(U;Y)−max{I(U;V1,V2),I(U;Z)}I(U;Y)−I(U;V1,V2) (9)

where  is an auxiliary random variable such that  forms a Markov chain. Now, consider the following result:

Theorem 1: For the discrete memoryless channel with side information shown in Fig. 4, we denote  as the set of points  with  and . Let

 R′U≜{(R′,d′):0≤R′≤R,0≤d′≤d,(R,d)∈RU}. (10)

Then the set , defined as following, is achievable:

 R=⋃U→(X,V1,V2)→(Y,Z)R′U. (11)

The region is achievable if we limit the cardinality of  by the constraint .

###### Proof.

The proof of the theorem is relegated to the next Section. The constraint is implied by lemma 3 of [16]. ∎

Remark 1: The point  in  with   is of considerable interest. These situations correspond to the perfect secrecy situation, defined as

 Rs=maxU→(X,V1,V2)→(Y,Z)RU1 (12)

The following theorem bounds the secrecy capacity of the proposed wiretap channel with the side information.

Theorem 2: For the discrete memoryless wiretap channel with side information, shown in Fig. 4, we have

 Rs≤Cs≤min{CM,maxU→(X,V1,V2)→(Y,Z)[I(U;Y)−I(U;Z)]} (13)

where  is the capacity of the main channel.

###### Proof.

From Theorem 1, we have  and from the result by Csiszár and Körner [3] we have . This completes the proof. ∎

## Iv The Proof of Theorem 1

In this Section, we prove the achievability of the region . We prove that the rate equivocation pairs  and  are achievable and then by implying time–sharing, achievability of the region  is proved.

### Iv-a (Ru1, 1) is Achievable

First we construct random codebooks by the following generation steps:

#### Iv-A1 Codebook Generation

.

a. Generate  i.i.d sequences , according to the distribution .

b. Partition these  sequences into  bins where . Index each bin by . Thus each bin contains sequences.

c. Distribute sequences randomly into subbin such that every subbin contains sequences. Then index each subbin which contains  by

 w∈{1,2,…2N[max{I(U;V1,V2),I(U;Z)}−I(U;Z)+ϵUV1V2Z+ϵUZ]}.

#### Iv-A2 Encoding

To transmit message  thorough the main channel with interference , the transmitter finds -th bin of the sequence  such that . We use  to denote the strong typical set based on the distribution , otherwise choose . The transmitter sends the associated jointly typical  generated according to

#### Iv-A3 Decoding

The intended receiver receives  according to the distribution . Then it looks for the unique sequence  such that  and the index of the bin containing  is declared as the transmitted message.

#### Iv-A4 Wiretapper

The wiretapper receives a sequence  according to .

Now, we prove that  is achievable. As the first step we should prove that , as . Our encoding-decoding strategy is similar to the one used in [8] and it is easy to show that the information rate  in the main channel is achievable. For more detail see Appendix A in [8]. As the second step, we should prove that , as . In this step, we consider the uncertainty of the message to the wiretapper. So we have

 H(Sk|ZN) =H(Sk,ZN)−H(ZN) =H(Sk,ZN,W)−H(W|Sk,ZN)−H(ZN) =H(Sk,ZN,W,UN)−H(UN|Sk,ZN,W)−H(W|Sk,ZN)−H(ZN) =H(Sk,W|ZN,UN)+H(UN,ZN)−H(UN|Sk,ZN,W)−H(W|Sk,ZN)−H(ZN) ≥(a)H(UN|ZN)−H(UN|Sk,ZN,W)−H(W|Sk,ZN) ≥(b)H(UN|ZN)−H(UN|Sk,ZN,W)−log|W|−H(UN|YN) =(c)N[I(U;Y)−I(U;Z)]−H(UN|Sk,ZN,W) −N[max{I(U;V1,V2),I(U;Z)}−I(U;Z)+ϵUV1V2Z+ϵUZ] =NRU1−H(UN|Sk,ZN,W)−N[ϵUV1V2Z+ϵUZ]

where

follows from the fact that ;

is because of the fact that  and

follows from the fact that  and

 log|W|=N[max{I(U;V1,V2),I(U;Z)}−I(U;Z)+ϵUV1V2Z+ϵUZ].

To compute the second term in (IV-A4), we should bound the entropy of the codeword conditioned on the bin , subbin  and the wiretapper’s received signal . We consider the subbin  in bin  as a codebook,  in the codebook as the input message and  as the result of passing  through the wiretap channel. From , the decoder estimates the sent message . Let  be the decoder and the estimate be . Define the probability of error

 PSB=Pr{^UN≠UN}. (15)

By Fano’s inequality [17], we have

 H(UN|Sk=j,W=w,ZN)≤h(PSB)+PSBN[I(U;Z)−ϵUZ]. (16)

Hence

 H(UN|Sk,W,ZN)≤h(PSB)+PSBN[I(U;Z)−ϵUZ]. (17)

Now, we should prove that for arbitrary . The proof is similar to the one in [8]. Thus, we have bounded  for given arbitrary small  and .

Combining (5), (IV-A4), (17) and the bound on  we have

 d≥1−ϵUZ−ϵUY−h(λ)/N+λ[I(U;Z)−ϵUZ]RU1−ϵUY−ϵUV1V2Z. (18)

Thus we derive that , as .

### Iv-B (RU2,dU2) is Achievable

From the (7)- (9), it is derived that if , then the equivocation rate pair  is equal with . So, we should prove that if , then  is achievable. In this case, when , we have

 RU2=I(U;Y)−I(U;V1,V2) (19) dU2=I(U;Y)−I(U;Z)I(U;Y)−I(U;V1,V2) (20)

Now we introduce the encoding and decoding strategy.

#### Iv-B1 Codebook Generation

.

a. Generate  i.i.d sequences , according to the distribution .

b. Partition these sequences into  bins where . Index each bin by . Thus each bin contains  sequences.

c. Distribute  sequences randomly into  subbins such that every subbin contains  sequences. Then index each subbin containing  by .

#### Iv-B2 Encoding

To transmit message  thorough the main channel with interference , transmitter finds bin  for a sequence  such that , otherwise choose .

#### Iv-B3 Decoding

The intended receiver receives  according to the distribution . Then the receiver looks for the unique sequence  such that  and the index bin of the bin containing  declares as the message index.

#### Iv-B4 Wiretapper

The wiretapper receives a sequence  according to .

To prove that  is achievable, first we should prove that , as . The proof is similar to the one in Section IV-A. Then we should prove that , as . For this purpose we can follow the strategy in Section IV-A. So we have

 H(Sk|ZN) (21) ≥N[I(U;Y)−I(U;Z)]−H(UN|Sk,ZN)

and for the second term in (21) like (15) – (17) we have

 H(UN|Sk,W,ZN)≤h(PSB)+PSBN[I(U;Z)−ϵUZ]. (22)

So, combining the above results, we have

 d≥RU2RU2−ϵUY−ϵUV1V2dU2−h(λ)/N+λ[I(U;V1,V2)]+ϵUV1V2RU2−ϵUY−ϵUV1V2. (23)

Thus we have , as .

## V A New Gaussian Wiretap Channel

In this Section we extend Theorem 1 to the Gaussian case like the approach taken in [8], using the same auxiliary random variable . For the new Gaussian wiretap channel shown in Fig. 5, we have the following results based on Theorem 1.

Theorem 3: (Theorem 1 in Gaussian case For the Gaussian wiretap channel shown in Fig. 5) Using the auxiliary random variable , where  is a real number and  is the correlation coefficient of  and , we denote  as the set of points  with , where  and  are defined in (7) and (8). By defining

 R′U≜{(R′,d′):0≤R′≤R,0≤d′≤d,(R,d)∈RU}, (24)

the set , defined as follows, is achievable:

 R=⋃U=X+αV1,α∈RR′U. (25)
###### Proof.

The proof is similar to the proof of Theorem 1. We only need to show that  is achievable for the specified  and . Assuming transmitter has the power constraint , the side information in the main channel satisfies , the wiretap channel has the side information, satisfying  and  represent the correlation coefficient between  and  and  (see Appendix A), we use some modification in the proof of  as follows.

In the codebook generation, sequence  are generated according to , where  for all . In the encoding process, . The intended receiver observes  and the wiretapper observes . As a source constraint, we should introduce potential error , which represents in the encoding process and  does not satisfy the power constraint.

Then, provided that there is at least one sequence  jointly typical with , the probability of error  tends to zero. Therefore, the modifications do not influence the achievability proof of . Assuming  is arbitrarily small, since . ∎

Now, we calculate  and , with respect to . We have

 I(U;Y) (26) =12log[(P+α2Q1+2αρXV1√PQ1)(P+Q1+N1+2ρXV1√PQ1)(P+α2Q1+2αρXV1√PQ1)(P+Q1+N1+2ρXV1√PQ1)−(P+αQ1+(α+1)ρXV1√PQ1)2] I(U;V1,V2)=12log[(1−ρ2V1V2)(P+α2Q1+2αρXV1√PQ1)P(1−ρ2XV1−ρ2XV2−ρ2V1V2+2ρXV1ρXV2ρV1V2)] I(U;Z) =12log[(P+α2Q1+2αρXV1√PQ1)(P+Q2+N2+2ρXV2√PQ2)(P+α2Q1+2αρXV1√PQ1)(P+Q2+N2+2ρXV2√PQ2)−(P+ρXV2√PQ2+αρXV1√PQ1+αρV1V2√Q1Q2)2]

Then, we introduce Leakage Function  which is defined as . Thus, we have

 ΔI(α)=I(U;Z)−I(U;V1V2) (29) =12log[P(P+Q2+N2+2ρXV2√PQ2)(1−ρ2XV1−ρ2XV2−ρ2V1V2+2ρXV1ρXV2ρV1V2)(P+α2Q1+2αρXV1√PQ1)(P+Q2+N2+2ρXV2√PQ2)−(P+ρXV2√PQ2+αρXV1√PQ1+αρV1V2√Q1Q2)2]

Hence

 ΔI(0)=12log[(P+Q2+N2+2ρXV2√PQ2)(1−ρ2XV1−ρ2XV2−ρ2V1V2+2ρXV1ρXV2ρV1V2)Q2(1−ρ2XV2)+N2+2ρXV2√PQ2]>0 (30)

and we can find two points  and  in which

 ΔI(α0)=ΔI(α−0)=0. (31)

Furthermore, there is a point  in which  is maximized, i.e.,

 α∗=−(ρXV1√PQ1+ρV1V2√Q1Q2)(P+ρXV2√PQ1)−ρXV1√PQ1(P+N2+Q2+2ρXV2√PQ2)(ρXV1√PQ1+ρV1V2√Q1Q2)2−2Q1(P+N2+Q2+2ρXV2√PQ2) (32)

where

 maxΔI(α)=ΔI(α∗) (33)

Now, we want to study the leakage function. So, denote  and . Because of the complexity of the results, we consider two special cases.

### V-a Case I

As the first condition, we assume that  and . In this case our model reduces to the channel introduced [8] and we have

 R(α)=12log[P(P+Q+N1)(P+α2Q)(P+Q+N1)−(P+αQ)2] (34)

which is maximized by  as described in [7] and achieves , in which  is the maximum rate of the main channel. It can be found easily that  is an increasing function with respect to  as , a decreasing function with respect to  as .

Similarly, the rate  has two extremum points in  and  and it can be shown that  is a decreasing function with respect to  as