Strong Secrecy and Stealth for Broadcast Channels with Confidential Messages
Abstract
This paper extends the weak secrecy results of Liu et al. for broadcast channels with two confidential messages to strong secrecy. Our results are based on an extension of the techniques developed by Hou and Kramer on bounding KullbackLeibler divergence in context of resolvability and effective secrecy.
Information theoretic security, resolvability, strong secrecy, broadcast channel.
I Introduction
Based on the pioneering work of Shannon [1], Wyner [2] determined the secrecy capacity of a class of wiretap channels. Wyner’s work has been generalized by Csiszár and Körner [3] to the nondegraded broadcast channel with a single confidential message for one user and a common message intended for both users. The confidential message has to be kept secret from the other user, while both of them decode the common message. A variant of Csiszár and Körner’s model with two confidential messages and no common message was first studied by Liu et al. in [4] for a discrete memoryless channel and later for the Gaussian case in [5]. An inner and outer bound on the secrecy region can be found in [4].
The secrecy criterion used in [2, 3, 4], is the normalized mutual information between the message and the output distribution of the user regarded as the eavesdropper. This security criterion, called weak secrecy, delivers a very restricted security against eavesdropping attacks as was shown by Maurer in [6]. An unnormalized definition of secrecy, called strong secrecy, was proposed in [6] and large parts of previous work was extended from weak to strong secrecy (e.g. [6], [7], [8], and, etc.). In this paper we extend the inner bound of [4] from weak to strong secrecy. Along the proof we extend the method of Hou and Kramer [9] based on even stronger notion of effective secrecy to this scenario. More precisely we prove, in addition to strong secrecy, a stealthy communication (i.e. the presence of meaningful communication is hidden) is possible.
Ia Notation
We use capital letters for random variables (RV). If is a RV then is used to refer to an observation of . Sets are denoted by and stands for the set of probability distributions defined on the (finite set) . For the RVs with values in we write if they form a Markov chain. The symbol stands for . The mutual information between the RV’s and is denoted by , while and are entropy of and conditional entropy of given , respectively. Probability mass function of is or in short while probability of an event is denoted by . KullbackLeibler divergence of two probability distributions defined on set is given by,
(1) 
where means that whenever . The typical set of sequences for RV and is denoted by as defined in [10]. We will freely use the properties of typical sets from [10].
Ii System Model
We consider a broadcast scenario consisting of a sender (S) and two receivers. We assume that all channels are discrete memoryless with finite input alphabet , and finite output alphabets and . The conditional probability distribution governing the discrete memoryless broadcast channel (DMBCC) is given by
(2) 
where, , , and .
The stochastic encoder at the sender is defined to be,
(3) 
with,
(4) 
where and are the message sets for receiver 1 and 2, respectively. The decoder at the th node, , is defined as
(5) 
Definition 1 (Strong Secrecy [6])
For every there is a nonnegative integer such that for all ,
(6)  
(7) 
where the RVs and are distributed uniformly over and , respectively and the mutual information values are computed with respect to the distribution
with the stochastic encoder given in (3).
The probability of error at each node is
Definition 2
Remark 1
The above definition provides a strong condition on security. More details are given in section IIIC where we show that even stronger notion of secrecy based on stealth can be achieved.
Iii Strong Secrecy for Broadcast Channels
In this section we present an achievable secure rate region with strong secrecy criterion for a DMBCC. The following theorem summarizes our results:
Theorem 1
The rate pair () is achievable, in the sense of Definition 2, for DMBCC with confidential messages and strong secrecy criterion, if
where the information quantities are computed with respect to some probability distributions such that Markov chain condition holds and and are connected via the given broadcast channel. The auxiliary RVs and take values in finite sets and . ^{1}^{1}1The cardinalities of can be bounded by the AhlswedeKötner technique. We shall provide this in the journal version of this manuscript
Proof:
The proof, which consists of two parts, achievability and secrecy, unfolds in the following subsections. The achievablity proof is based on techniques developed in [11, 12] and extends those devoted to secrecy developed in [9] for the wiretap channel to the present setting.
Iiia Coding scheme
Remark 2
For each , and , , we draw independently sequences according to
.
Let . For and find a pair such that
If there is no such a pair choose . Then select a sequence with
Encoding
To transmit select uniformly at random a pair and send .
Decoding
Upon receiving decoder, , declares is sent if it is unique pair such that
(8) 
IiiB Error Analysis
The error analysis is carried out using standard arguments. Using the mutual covering lemma, packing lemma, and the properties of the typical sequences (cf. for example [10]) we obtain
(9) 
and
exponentially fast.
From (9) we have
(10) 
and by symmetry,
(11) 
The bounds on and are derived in the following subsection.
IiiC Strong Secrecy Criterion
Remark 3
Before we further continue, we define a deterministic function on pairs that returns a pair () such that
(12) 
In the case that there are many such pairs, we choose one arbitrarily. However, if there are no such pairs, the function returns (1,1). From now on, we denote the codeword pairs simply based on selection function .
We extend the framework in [15, 9] to find a condition that bounds
(13) 
where the left hand side is known as the effective secrecy, is arbitrarily small and
and further is distribution of given while no meaningful message is transmitted for ,
(14) 
and finally, is distribution of . We can further expand (13) as
(15) 
in we used that .
Remark 4
Based on chain rule for informational divergence we have,
(16)  
where, according to the definition of in (1), the first term above equals to zero, thus we proceed with bounding . The following lemma provides an upperbound on , which is useful for the rest of the proof.
Lemma 1
For probability distributions and , defined on a finite set , with , we have,
(17) 
where, .
Taking expectation with respect to of yields,
(18)  
(19) 
for all sufficiently large , where is an indicator function and we apply lemma 1 in (18). The last inequality comes from the mutual covering lemma (cf. [10] for example), where is a constant independent of . With (16) and (19), therefore, we have for all sufficiently large
(20)  
Hence, in the following we focus on bounding the first term in the right hand side of (20).
We take the expectation over the , , and ; we obtain
(21)  
(22) 
where, in (21) we used Jensen’s inequality applied to the part of the expectation over for . ^{2}^{2}2A detailed proof of this derivation is due to journal version of this work.
Before proceeding with the bounds on the informational divergence, we introduce the following lemma.
Lemma 2
Let be a probability distribution on . For and distribution
(23) 
it holds for that
(24) 
with and .
Proof:
According to Lemma 2.6 in [13] we have for all ,
(25) 
where,

denotes the empirical distribution or type of the sequence pair

is the empirical distribution generated by the sequence

the distribution is the joint distribution computed with respect to and
Uniform continuity of the entropy (Lemma 2.7 in [13]), , and the fact that , yield
(26) 
where, with . Moreover,
(27) 
with and .
Inequality (27) can be seen as follows: In a first step we show that
. To this end we assume
Then either and then automatically. Or and then
(28)  
which, again, implies by definition of typical sequences, and thus . Since we have
(29)  
and applying again the uniform continuity of entropy along with the properties of
typical sequences we obtain (27).
To proceed with the proof we need to show,
(30) 
This inequality can be derived as follows,
(31)  
(32) 
where, (31) is by the LogSumInequality (Lemma 3.1 in [13]).
The expression (22) can be split up as follows: (Recall that the expectation is taken over those codewords with
where,