I Introduction
In 1974, Ahlswede calculated the capacity of a channel with two senders and two receivers in a work [1] that proved highly influential for the MAC channel [2] and the interference channel [3]. We study the corresponding secrecy problem (Fig. 1), in which both transmitters send messages simultaneously to both receivers in the presence of an eavesdropper, and all senders, receivers, and eavesdropper are at different terminals. This problem is motivated in part by secure access of multiple users to data in a distributed cache, which is a multitransmitter (multipleaccess) multicast scenario [4, 5]. This problem is also equivalent to a compound twostate multipleaccess wiretap channel. It has been known [6] that problems involving compound channels have an equivalent multicast representation, in which the channel to each multicast receiver is equivalent to one of the states of the compound channel.
In recent years the study of strong and semantic secrecy has gained momentum [7, 8], motivated by its operational significance and enabled by the introduction and/or increased popularity of new achievability techniques such as resolvability [9, 10, 11] and output statistics of random binning (OSRB) [12]. Strong secrecy implies weak secrecy, reducing the motivation to study the latter when the former is tractable. That said, weak secrecy retains interest and utility because the codebook design techniques that are aimed at weak and strong secrecy can produce different achievable rate expressions, especially in complex networks. This work studies two different achievability methods, one of which yields weak secrecy and the other, strong secrecy. The achievable rate of the latter method is simplified by introducing a constraint that appears through the derivation of the secrecy region of the former.
These achievability techniques are related to two recent results in network information theory [13, 12]. First, the method of Chia and El Gamal [13] uses Marton coding and indirect decoding (also known as nonunique decoding) [14] to achieve an improved secrecy rate for the transmission of a common message to two receivers that may experience different channel statistics. In particular, [13, Lemma 1] gives an upper bound on the number of codewords that are typical with an eavesdropper’s received sequence. We extend the method of Chia and El Gamal to multiple transmitters, and introduce a corresponding twolevel Martontype coding with associated nonunique decoding.
The second method, OSRB [12] (see also [15]
for a related approach), analyzes channel coding problems by conversion to a related source coding problem, where it tests achievability by probability approximation rather than counting arguments on typical sets. A reverse conversion is needed to complete the analysis. OSRB is well suited for secrecy problems, which are also associated with probability approximation. OSRB encoding is purely by random binning and is enabled by (and named after) the following key result: applying two independent random binning schemes on the same set, the two bin indices are statistically independent as long as binning rates are sufficiently small. We extend the tools and techniques of OSRB to match the requirements of the twotransmitter multicast problem.
In addition to extending, modifying, and adapting these two techniques for a multitransmitter setting, our work showcases their relative merit and their relation to each other in a new context. This is independently of interest because the issue of the relative size of the achievability region provided by these two techniques has been broached [12], where it was shown that in one specific problem OSRB can provide a larger achievable rate region, but in a broader sense the question remains open and is of interest to the community.
Finally, outer bounds for degraded and nondegraded channels are derived and shown to be tight against inner bounds in some special cases. In addition, the extension of the method of Chia and El Gamal is utilized to highlight the minimal amount of randomness required to achieve secrecy rates of the multipleaccess wiretap channel, and that therein channel prefixing can be replaced with superposition, in a manner reminiscent of Watanabe and Oohama [16] for minimizing the randomness resources for secrecy encoding. Part of the results, including the proof of the outer bounds, are available in the conference version of this paper [17] and are not duplicated here in the interest of brevity.
A brief outline of the related literature is as follows. Multicasting with common information in the presence of an eavesdropper has been studied in [18, 19], deriving inner bounds on secrecy capacity, and in some special cases also deriving secrecy capacity region. Salehkalaibar et al. [18] studied a onereceiver, twoeavesdropper broadcast channel with three degraded message sets. Ekrem and Ulukus [19] studied the transmission of public and confidential messages to two legitimate users, in the presence of an eavesdropper. Benammar and Piantanida [20] calculated the secrecy capacity region of some classes of wiretap broadcast channels.
The MAC wiretap channel has been investigated in [21, 22, 23, 24, 25, 26, 27]. In [21], a discrete memoryless MAC with confidential messages has been studied that consists of a MAC with generalized feedback [28] where each user’s message must be kept confidential from the other. The multiple access wiretap channel [22, 23, 27] consists of a MAC with an additional channel output to an eavesdropper. In [22, 23], achievable rate regions for the secrecy capacity region have been derived. Secrecy in the interference channel and broadcast channel has been studied in [29], where inner and outer bounds for the broadcast channel with confidential messages and the interference channel with confidential messages have been compared.
This paper is organized as follows. Section II describes the notation and the system model. Section III presents a general inner bound on the secrecy capacity region under the weak secrecy regime. Section IV produces an outer bound for the degraded model and discusses its implications. Section V derives a general outer bound and provides an example where this outer bound is optimal. Section VI presents a general achievable rate region under the strong secrecy regime.
Ii Preliminaries
Throughout this paper, random variables are denoted by capital letters and their realizations by lower case letters. The set of
strongly jointly typical sequences of length , according to , is denoted by . For convenience in notation, whenever there is no danger of confusion, typicality will reference the random variables rather than the distribution, e.g., . The set of sequences for a fixed , when the fixed sequence is clear from the context, is denoted with the shorthand notation. Superscripts denote the dimension of a vector, e.g.,
. The integer set is denoted by , and indicates the set . The cardinality of a set is denoted by . We utilize the total variation between probability mass functions (pmfs), defined by . Also, following Cuff [30] we use the concept of random pmfs denoted by capital letters (e.g. ).Definition 1.
A code for the considered model (Fig. 1) consists of the following:

Two message sets , , from which independent messages and
are drawn uniformly distributed over their respective sets.

Stochastic encoders , , which are specified by conditional probability matrices , where , are channel inputs and private messages, respectively, and . Here, is the probability of the encoder producing the codeword for the message .

A decoding function that assigns to received sequence .

A decoding function that assigns to received sequence .
The probability of error is given by:
(1) 
Definition 2 ([31]).
A rate pair is said to be achievable under weak secrecy if there exists a sequence of codes with , so that and
(2) 
Definition 3.
A rate pair is said to be achievable under strong secrecy if there exists a sequence of codes with , so that and
(3) 
Definition 4.
indicates . For two random pmfs [30], indicates .
Iii Achievable Rate Region for the Weak Secrecy Regime
We start with a lemma that fits Marton coding with indirect decoding in a MAC structure and produces an entropy bound needed in the secrecy analysis. Its basic idea can be highlighted as follows: given , if we independently produce random codevectors , we will have approximately jointly typical pairs, i.e., the “excess” rate will determine the number of jointly typical pairs. This lemma extends the basic idea of excess rate to multiple codebooks, multiple conditioning, and furthermore, a generalization is made from a counting argument to the entropy of the index of the codebook, which is essential for secrecy analysis.
Lemma 1.
Consider random variables distributed according to . Draw random sequences according to . Conditioned on , draw i.i.d. copies of according to , denoted . Similarly, conditioned on , draw i.i.d. copies of according to , denoted . Let and be random variables with arbitrary pmf. If
for a positive and if for an arbitrary sequence ,
there exists a positive , such that for sufficiently large
(4) 
where .
The proof is provided in Appendix A.
This result is related to, and contains, [13, Lemma 1]. In particular, [13] considers a singleinput channel and explores the properties of codebooks driven by this input, while observing an output . In contrast, this paper’s Lemma 1 develops a corresponding result for a multipleaccess channel with respect to , motivated by the twotransmitters present in the model of this paper. This accounts for the new features of our Lemma 1, namely three rate constraints instead of one, as well as monitoring the entropy of two index random variables instead of one. Furthermore, the present result has one additional layer of conditioning to allow for indirect decoding of multiple confidential messages in the sequel, while in [13] only one confidential message is decoded.
Remark 1.
In addition to enabling the main results of this paper, Lemma 1 also has broader implications on the necessity of prefixing in multitransmitter secrecy problems [32] and deriving the minimum amount of randomness needed to achieve secrecy. Csiszár and Körner introduced prefixing in [33] to expand the achievable rate region of the nondegraded broadcast channel with confidential messages, a technique that was subsequently used in essentially the same manner in multitransmitter settings. Subsequently, Chia and El Gamal showed that in a singletransmitter wiretap channel, prefixing can be replaced with superposition coding [13]. Appendix B extends this concept to a multitransmitter setting and presents an achievability technique for the multiple access wiretap channel that utilizes minimal randomness and matches the best known achievable rates without prefixing.
Theorem 1.
An inner bound on the secrecy capacity region of the twotransmitter tworeceiver channel with confidential messages is given by the set of nonnegative rate pairs such that
(5)  
(6)  
(7)  
(8)  
(9)  
(10)  
(11)  
(12) 
for some
(13) 
such that
(14) 
The proof uses superposition coding, Wyner’s wiretap coding, Marton coding, as well as indirect decoding.
This result recovers several known earlier results:
Remark 2.
By doing some algebraic manipulation we can show that the constraint in (14) holds only if
(15) 
Corollary 1.
An inner bound on the secrecy capacity region of degraded twotransmitter tworeceiver channel with confidential messages (Definition 5) is given by the set of nonnegative rate pairs such that
(16) 
for some
(17) 
Proof.
The proof follows from Theorem 1 by setting and and considering the fact that the channel is degraded. ∎
Iv An Outer Bound for the Degraded Model
We develop an outer bound for the degraded version of the model and show an example where it meets the inner bound (Theorem 1).
Definition 5.
The degraded twotransmitter tworeceiver channel with confidential messages obeys:
(18) 
Theorem 2.
The secrecy capacity region for the degraded twotransmitter tworeceiver channel with confidential messages is included in the set of rate pairs satisfying
(19)  
(20)  
(21) 
for some joint distribution
(22) 
Proof.
The proof is provided by the authors in [17, Section IV] and is omitted here for brevity. ∎
Example (Degraded Switch Model): We consider an example of the twotransmitter tworeceiver channel where the first legitimate receiver has access to the noisy version of each of the two transmitted values in a timesharing (switched) manner, without interference from the other transmitter (Fig. 4). The second legitimate receiver has access to a noisy version of the first receiver, and the eavesdropper has access to a noisy version of the second receiver. The switch channel state information is made available to all terminals. In this model the channel outputs are as follows:
(23)  
(24)  
(25) 
This model consists of a channel with states that are causally available at both the encoders and decoders.
The statistics of the channel, conditioned on the switch state, are expressed as follows:
(26) 
The switch model describes, e.g., frequency hopping over two frequencies [29]. The state (switch) is a binary random variable that chooses between listening to the Transmitter 1, with probability , and listening to the Transmitter 2, with probability , independently at each time slot. We further assume the state is i.i.d. across time.
(27) 
where is the indicator function.
Theorem 3.
The secrecy capacity region for the degraded switch twotransmitter tworeceiver channel with confidential messages, is given by the set of rate pairs satisfying
(28)  
(29)  
(30) 
for some joint distribution
(31) 
Proof.
The proof is available in [17, Section IV]. ∎
V A General Outer Bound
We now develop a general outer bound for the model of Fig. 1 and show an example in which it meets the inner bound (Theorem 1).
Theorem 4.
The secrecy capacity region for the twotransmitter tworeceiver channel with confidential messages is included in the set of rate pairs satisfying
(32)  
(33)  
(34) 
for some joint distribution
(35) 
Proof.
The proof is available in [17, Section V]. ∎
Example (Noiseless Switch Model):
We consider an example of the twotransmitter tworeceiver channel in which the legitimate receivers as well as eavesdropper have access to the noiseless version of each of the two transmitted values in a timesharing (switched) manner, without interference from the other transmitter (Fig. 5). This corresponds to a situation in which transmitters operate on different spectral bands, while the receiving terminals have the capability of operating on one adaptable (timevarying) band [29]. Here, it is assumed that both legitimate receivers operate according to a common random switch that is connected to Transmitter 1 with probability and to Transmitter 2 with probability , and the eavesdropper operates according to another random switch that is connected to Transmitter 1 with probability and to Transmitter 2 with probability . Aside from the switches, the channel is noiseless. Both receivers and the eavesdropper have access to their own switch state information. Therefore the channel outputs are considered as follows
(36)  
(37)  
(38) 
Since , we also have .
Theorem 5.
The secrecy capacity region for the noiseless switch twotransmitter tworeceiver channel with confidential messages is given by the set of rate pairs satisfying
(39)  
(40) 
Proof.
The proof is available in [17, Section V]. ∎
Remark 3.
The capacity region in Theorem 5 shows that transmitters can securely communicate to receivers as long as .
Vi Strong Secrecy
Theorem 6.
Remark 4.
It is customary to simplify the rate region constraints via the FourierMotzkin method [35] to eliminate rate variables not associated with external messages; however, in the interest of brevity we omit the 291 inequalities resulting from FourierMotzkin elimination. Subsequently, a subset of this achievable rate region will be presented that enjoys a much simpler expression.
Proof.
The achievability proof is inspired by [12, 36], and is based on solving the dual secret key agreement problem in the socalled source model that includes shared randomness at all terminals (see Fig. 6). In this dual model, rate constraints are derived so that the input and output distributions of the dual model approximate that of the original model while satisfying reliability and secrecy conditions in the dual model. The probability approximation then guarantees that reliability and secrecy conditions can be achieved in the original model. Finally, it is shown that there exists one realization of shared randomness for which the above mentioned are valid, thus removing the necessity for common randomness.
We begin by developing the encoding and decoding strategies for the source model and the original model, and derive and compare the joint probability distributions arising from these two strategies.
We begin with the multiterminal secret key agreement problem in the source model as depicted in Fig. 6. Let be i.i.d. and distributed according to
(42) 
Random Binning:

To each and every , uniformly and independently assign two random bin indices and .

To each pair for uniformly and independently assign random bin index .

To each uniformly and independently assign two random bin indices and .

To each pair for uniformly and independently assign random bin index .

The random variables representing bin indices are:
(43) 
Decoder 1 is a SlepianWolf decoder observing , and producing and , thus declaring and
to be the estimate of the pair
. 
Decoder 2 is a SlepianWolf decoder observing , and producing and , thus declaring the bin indices and as the estimate of the pair .
To condense the notation, we define the following variables:
(44)  
(45) 
Then, the random pmf induced by random binning is as follows:
(46) 
denotes the pmf of the output of the SlepianWolf decoder, which is a random pmf. Here and are omitted because they are functions of other random variables.
We now return to the original problem, represented by Fig. 1, except that, in addition, a genie provides all terminals with a shared randomness described by , whose distribution will be clarified in the sequel. In this augmented model:

The messages are mutually independent and uniformly distributed with rates respectively. Also, shared randomness are uniformly distributed over and , independent of each other, and of

Encoder 1 and 2 are stochastic encoders producing codewords
Comments
There are no comments yet.