## No full-text available

To read the full-text of this research,

you can request a copy directly from the authors.

We study the state-dependent (SD) wiretap channel (WTC) with non-causal channel state information (CSI) at the encoder. This model subsumes all other instances of CSI availability as special cases, and calls for an efficient utilization of the state sequence both for reliability and security purposes. A lower bound on the secrecy-capacity, that improves upon the previously best known result by Chen and Han Vinck, is derived based on a novel superposition coding scheme. An example in which the proposed scheme achieves strictly higher rates is provided. Specializing the lower bound to the case where CSI is also available to the decoder reveals that the lower bound is at least as good as the achievable formula by Chia and El-Gamal, which is already known to outperform the adaptation of the Chen and Han Vinck code to the encoder and decoder CSI scenario. Our achievability gives rise to the exact secrecy-capacity characterization of a class of SD-WTCs that decompose into a product of two WTCs, one is independent of the state and the other one depends only on it. The results are derived under the strict semantic-security metric that requires negligible information leakage for all message distributions. The proof of achievability relies on a stronger version of the soft-covering lemma for superposition codes.

To read the full-text of this research,

you can request a copy directly from the authors.

... In this work we study the problem of secure communication over a fully quantum Gel'fand-Pinsker channel. The best known achievability rate for this channel model in the classical case was proven by Goldfeld, Cuff and Permuter in [1]. We generalize the result of [1]. ...

... In [1] Goldfeld, Cuff and Permuter revisit this communication problem when the channel state side information is causally available at the encoder. The authors motivate this model by noting that having information about the extra randomness S (the channel state parameter) of the channel may help in secure transmission. ...

... To obtain their results, the authors prove what they call a superposition covering lemma. Although the papers [1,10,11] call the approximation of the output distribution a covering lemma, this type of approximation was studied with the name of channel resovability in the earlier papers [13,14,15,6]. ...

In this work we study the problem of secure communication over a fully quantum Gel'fand-Pinsker channel. The best known achievability rate for this channel model in the classical case was proven by Goldfeld, Cuff and Permuter in [Goldfeld, Cuff, Permuter, 2016]. We generalize the result of [Goldfeld, Cuff, Permuter, 2016]. One key feature of the results obtained in this work is that all the bounds obtained are in terms of error exponent. We obtain our achievability result via the technique of simultaneous pinching. This in turn allows us to show the existence of a simultaneous decoder. Further, to obtain our encoding technique and to prove the security feature of our coding scheme we prove a bivariate classical-quantum channel resolvability lemma and a conditional classical-quantum channel resolvability lemma. As a by product of the achievability result obtained in this work, we also obtain an achievable rate for a fully quantum Gel'fand-Pinsker channel in the absence of Eve. The form of this achievable rate matches with its classical counterpart. The Gel'fand-Pinsker channel model had earlier only been studied for the classical-quantum case and in the case where Alice (the sender) and Bob (the receiver) have shared entanglement between them.

... Thus, showing that there exist B n ∈ B n and γ 1 > 0 such that max m∈Mn θ(m, B n ) ≤ e −nγ1 for large enough n, is sufficient (by (30) and (31) The existence of such a B n is implied by the following lemma. The lemma restates the outcome of the secrecy analysis from [13], providing a double-exponential bound on the probability of an exponentially small deviation of max m∈Mn θ(m, B n ) from zero. ...

... Lemma 12 follows from the proof of Lemma 4 in [13], which is a stronger version of the superposition softcovering lemma [55]. The double-exponential bound in (33) is an implication of Chernoff bound applied to the collection of an exponential number of i.i.d. ...

... At the end of this process, we deduce the existence of a single codebook B n that satisfies (5) and (11). Note that the selection lemma of [56] or [13] is not applicable here as the RHS of (34a) is a constant which does not vanish to zero as required by the lemma. ...

In many information-theoretic communication problems, adding an input cost constraint to the operational setup amounts to restricting the optimization domain in the capacity formula. This paper shows that, in contrast to common belief, such a simple modification does not hold for the cost-constrained (CC) wiretap channel (WTC). The secrecy-capacity of the discrete memoryless (DM) WTC without cost constraints is described by a single auxiliary random variable. For the CC DM-WTC, however, we show that two auxiliaries are necessary to achieve capacity. Specifically, we first derive the secrecy-capacity formula, proving the direct part via superposition coding. Then, we provide an example of a CC DM-WTC whose secrecy-capacity cannot be achieved using a single auxiliary. This establishes the fundamental role of superposition coding over CC WTCs.

... Prabhakaran et al. [7] studied an achievable tradeoff between SM and SK rates over the WC with noncausal CSI, deriving a benchmark inner bound on the SM-SK capacity region under the weak secrecy criterion. Goldfeld et al. [20] substantially improved their result by explicitly using a superposition coding. ...

... Recently, based on [20], Bunin et al. [21], [22] provided a unifiying formula for inner bounds on the SM-SK capacity region under the semantic secrecy (SS) criterion for WCs with non-causal CSI at Alice, from which all the previous results can be derived. Thus, [21], [22] are regarded currently as establishing the best known achievable rate pairs with non-causal CSI at Alice. ...

... Cuff [19]) * on the basis of two layered superposition coding scheme (cf. [14], [20]), which makes it possible to guarantee the semantically secure (SS) information transmission. This is one of the strongest ones among various security criteria. ...

The coding problem for wiretap channels with causal channel state information (CSI) available at the encoder (Alice) and/or the decoder (Bob) is studied. We are concerned here particularily with the problem of achievable secret-message secret-key rate pairs under the semantic security criterion. Our main result extends all the previous results on achievable rates as given by Chia and El Gamal [10], Fujita [11], and Han and Sasaki [23]. In order to do this, we first derive a unifying theorem (Theorem 2) with causal CSI at Alice, which follows immediately by leveraging the unifying seminal theorem for wiretap channels with non-causal CSI at Alice as recently established by Bunin et al. [22]. The only thing to do here is just to re-interpret the latter non-causal one in a causal manner. A prominent feature of this approach is that we are able to dispense with the block-Markov encoding scheme as used in the previous works. Also, the exact secret-message key capacity region for wiretap channels with non-causal CSI at both Alice and Bob is given.

... Remark 4. We note that our scheme for the case with noncausal CSI at the transmitter is similar to that in [21] for wiretap channels with noncausal CSI at the transmitter under the semantic-security metric requiring negligible information leakage for all message distributions. The coding scheme in [21] incorporates superposition coding; the inner codebook is for a random index and the outer codebook is for the message and another random index. ...

... Remark 4. We note that our scheme for the case with noncausal CSI at the transmitter is similar to that in [21] for wiretap channels with noncausal CSI at the transmitter under the semantic-security metric requiring negligible information leakage for all message distributions. The coding scheme in [21] incorporates superposition coding; the inner codebook is for a random index and the outer codebook is for the message and another random index. To compare that scheme with ours, let us consider the special case of the scheme in [21] where the rate of the inner codebook is set to zero and let R and R denote the rates of the message and the random index in the outer codebook. ...

... The coding scheme in [21] incorporates superposition coding; the inner codebook is for a random index and the outer codebook is for the message and another random index. To compare that scheme with ours, let us consider the special case of the scheme in [21] where the rate of the inner codebook is set to zero and let R and R denote the rates of the message and the random index in the outer codebook. For our scheme, let us consider the special case of R K = 0 and sufficiently large B, i.e., no secret key and no input cost constraint. ...

We consider the problem of covert communication over a state-dependent channel, where the transmitter has causal or noncausal knowledge of the channel states. Here, "covert" means that a warden on the channel should observe similar statistics when the transmitter is sending a message and when it is not. When a sufficiently long secret key is shared between the transmitter and the receiver, we derive closed-form formulas for the maximum achievable covert communication rate ("covert capacity") for discrete memoryless channels and, when the transmitter's channel-state information (CSI) is noncausal, for additive white Gaussian noise (AWGN) channels. For certain channel models, including the AWGN channel, we show that the covert capacity is positive with CSI at the transmitter, but is zero without CSI. We also derive lower bounds on the rate of the secret key that is needed for the transmitter and the receiver to achieve the covert capacity.

... The scenario where there is only a SM was studied in [20], where an achievable SM rate formula was established. This result was improved in [21] based on a novel superposition coding scheme 1 . SK agreement over the GP-WTC was the focus of [24], and, more recently, of [25] (see also references therein). ...

... We propose a superposition coding scheme for the combined model that subsumes all the aforementioned achievability results as special cases. Specifically, [20], [21], [24]- [26], as well as all the other existing inner bounds (on SM transmission, SK agreement or both) that are known to the authors, are captured. Furthermore, our inner bound is shown to achieve strictly higher rates than each of these previous results. ...

... The coding scheme used herein is an extension of the scheme in [21]. Namely, an over-populated superposition codebook that encodes the entire confidential message in its outer layer is utilized. ...

We study the trade-off between secret message (SM) and secret key (SK) rates, simultaneously achievable over a state-dependent (SD) wiretap channel (WTC) with non-causal channel state information (CSI) at the encoder. This model subsumes other instances of CSI availability as special cases, and calls for efficient utilization of the state sequence for both reliability and security purposes. An inner bound on the semantic-security (SS) SM-SK capacity region is derived based on a superposition coding scheme inspired by a past work of the authors. The region is shown to attain capacity for a certain class of SD-WTCs. SS is established by virtue of two versions of the strong soft-covering lemma. The derived region yields an improvement upon the previously best known SM-SK trade-off result reported by Prabhakaran
et al.
, and, to the best of our knowledge, upon all other existing lower bounds for either SM or SK for this setup, even if the semantic security requirement is relaxed to weak secrecy. It is demonstrated that our region can be strictly larger than those reported in the preceding works.

... This result was improved in [19] based on a novel superposition coding scheme 1 . SK agreement over the GP-WTC was the focus of [22], and, more recently, of [23] (see also references therein). ...

... We propose a novel superposition coding scheme for the combined model that subsumes all the aforementioned achievability results as special cases. Specifically, [18], [19], [22]- [24], as well as all the other existing inner bounds (on SM transmission, SK agreement or both) that are known to the authors, are captured. Furthermore, our inner bound is shown to achieve strictly higher rates than each of these previous results. ...

... The coding scheme used herein is inspired by [19]. Namely, an over-populated superposition codebook that encodes the entire confidential message in its outer layer is utilized. ...

We study the trade-off between secret message (SM) and secret key (SK) rates, simultaneously achievable over a state-dependent (SD) wiretap channel (WTC) with non-causal channel state information (CSI) at the encoder. This model subsumes other instances of CSI availability as special cases, and calls for efficient utilization of the state sequence for both reliability and security purposes. An inner bound on the semantic-security (SS) SM-SK capacity region is derived based on a superposition coding scheme inspired by a past work of the authors. The region is shown to attain capacity for a certain class of SD-WTCs. SS is established by virtue of two versions of the strong soft-covering lemma. The derived region yields an improvement upon the previously best known SM-SK trade-off result reported by Prabhakaran et al., and, to the best of our knowledge, upon all other existing lower bounds for either SM or SK for this setup, even if the semantic security requirement is relaxed to weak secrecy. It is demonstrated that our region can be strictly larger than those reported in the preceding works.

We study the state-dependent (SD) wiretap channel (WTC) with non-causal channel state information (CSI) at the encoder. This model subsumes all other instances of CSI availability as special cases, and calls for an efficient utilization of the state sequence both for reliability and security purposes. A lower bound on the secrecy-capacity, that improves upon the previously best known result by Chen and Han Vinck, is derived based on a novel superposition coding scheme. The improvement over the Chen and Han Vinck result is strict for some SD-WTCs. Specializing the lower bound to the case where CSI is also available to the decoder reveals that it is at least as good as the achievable formula by Chia and El-Gamal, which is already known to outperform the adaptation of the Chen and Han Vinck code to the encoder and decoder CSI scenario. The results are derived under the strict semantic-security metric that requires negligible information leakage for all message distributions.

We study semantically secure communication over state dependent (SD) wiretap channels (WTCs) with non-causal channel state information (CSI) at the encoder. This model subsumes all other instances of CSI availability as special cases, and calls for an efficient utilization of the state sequence both for reliability and security purposes. A lower bound on the secrecy-capacity, that improves upon the previously best known result by Chen and Han Vinck, is derived based on a novel superposition coding scheme. The improvement over the Chen and Han Vinck result is strict for some SD-WTCs. Specializing the lower bound to the case where CSI is also available to the decoder reveals that it is at least as good as the achievable formula by Chia and El-Gamal, which is already known to outperform the adaptation of the Chen and Han Vinck code to the encoder and decoder CSI scenario. The results are derived under the strict semantic security metric that requires negligible information leakage for all message distributions. The proof of achievability relies on a stronger version of the soft-covering lemma for superposition codes. The lower bound is shown to be tight for a class of reversely less-noisy SD-WTCs, thus characterizing the fundamental limit of reliable a secure communication. An explicit coding scheme that includes a key extraction phase via the random state sequence is also proposed.

Westudythe trade-offbetweensecret message (SM) and secret key (SK) rates simultaneously achievable over a state-dependent (SD) wiretap channel (WTC) with non-causal channel state information (CSI) at the encoder. This model subsumes all other instances of CSI availability as special cases, and calls for an efficient utilization of the state sequence both for reliability and security purposes. An inner bound on the semantic-security (SS) SM-SK capacity region is derived based on a novel superposition coding scheme. Our inner bound improves upon the previously best known SM-SK trade-off result by Prabhakaran et al., and to the best of our knowledge, upon all other existing lower bounds for either SM or SK for this setup. The results are derived under the strict semantic-security metric that requires negligible information leakage for all message-key distributions. The achievability proof uses the strong soft-covering lemma for superposition codes.

A framework of analogy between wiretap channels (WTCs) and state-dependent point-to-point channels with non-causal encoder channel state information (referred to as Gelfand-Pinker channels (GPCs)) is proposed. A good (reliable and secure) sequence of wiretap codes is shown to induce a good (reliable) sequence of codes for a corresponding GPC. Consequently, the framework enables exploiting existing results for GPCs to produce converse proofs for their wiretap analogs. The fundamental limits of communication of analogous wiretap and GP models are characterized by the same rate bounds; the optimization domains may differ. The analogy readily extends to multiuser broadcasting scenarios, encompassing broadcast channels (BCs) with deterministic components, degradation ordering between users, and BCs with cooperative receivers. Given a wiretap BC (WTBC) with two receivers and one eavesdropper, an analogous Gelfand-Pinsker BC (GPBC) is constructed by converting the eavesdropper's observations to a state sequence with an appropriate product distribution, and non-causally revealing the states to the encoder. The transition matrix of the (state-dependent) GPBC is the appropriate conditional marginal of the WTBC's transition law, with the eavesdropper's output playing the role of the channel state. Past capacity results for the semi-deterministic (SD) GPBC and the physically-degraded (PD) GPBC with an informed receiver are leveraged to furnish analogy-based converse proofs for the analogous WTBC setups. This characterizes the secrecy-capacity regions of the SD-WTBC, which was an open problem until this work, as well as the PD-WTBC where the stronger receiver also observes the eavesdropper's channel output. These new derivations exemplify the strength of the wiretap-GP analogy as a research tool through which results on one problem directly translate into advances in the study of the other.

This paper investigates the problem of secret key generation over a wiretap channel when the terminals observe correlated sources. These sources are independent of the main channel and the users overhear them before the transmission takes place. A novel outer bound is proposed and, employing a previously reported inner bound, the secret key capacity is derived under certain less-noisy conditions on the channel or source components. This result improves upon the existing literature where the more stringent condition of degradedness is required. Furthermore, numerical evaluation of the achievable scheme and previously reported results for a binary model are presented; a comparison of the numerical bounds provides insights on the benefit of the chosen scheme.

In this work we study the problem of secure communication over a fully quantum Gel’fand-Pinsker channel. The best known achievability rate for this channel model in the classical case was proven by Goldfeld, Cuff and Permuter, and here we generalize their result. One key feature of the results obtained in this work is that all the bounds are based on error exponents. We obtain our achievability result via the technique of simultaneous pinching. This in turn allows us to show the existence of a simultaneous decoder. Further, to obtain our encoding technique and to prove the security feature of our coding scheme we prove a bivariate classical-quantum channel resolvability lemma and a conditional classical-quantum channel resolvability lemma. As a byproduct of the achievability result obtained in this work, we also obtain an achievable rate for a fully quantum Gel’fand-Pinsker channel in the absence of Eve. The form of this achievable rate matches with its classical counterpart. The Gel’fand-Pinsker channel model had earlier only been studied for the classicalquantum case and in the case where Alice (the sender) and Bob (the receiver) have shared entanglement between them.

It is a well-known fact that feedback does not increase the capacity of point-to-point memoryless channels, however, its effect in secure communications is not fully understood yet. In this work, an achievable scheme for the wiretap channel with generalized feedback is presented. This scheme, which uses the feedback signal to generate a shared secret key between the legitimate users, encrypts the message to be sent at the bit level. New capacity results for a class of channels are provided, as well as some new insights into the secret key agreement problem. Moreover, this scheme recovers previously reported rate regions from the literature and thus, it can be seen as a generalization that unifies several results in the field.

R\'enyi divergence is related to R\'enyi entropy much like Kullback-Leibler
divergence is related to Shannon's entropy, and comes up in many settings. It
was introduced by R\'enyi as a measure of information that satisfies almost the
same axioms as Kullback-Leibler divergence, and depends on a parameter that is
called its order. In particular, the R\'enyi divergence of order 1 equals the
Kullback-Leibler divergence.
We review and extend the most important properties of R\'enyi divergence and
Kullback-Leibler divergence, including convexity, continuity, limits of
{\sigma}-algebras and the relation of the special order 0 to the Gaussian
dichotomy and contiguity. We also extend the known equivalence between channel
capacity and minimax redundancy to continuous channel inputs (for all orders),
and present several other minimax results.

This paper gives a rate equivocation achievable region for the discrete memoryless wiretap channel with side information. The secrecy capacities in some special cases are also determined. We extend our result to the Gaussian case. It is very interesting to find that, for the wiretap channel, unlike the dirty paper channel, the side information helps to get larger secrecy capacity. Moreover, the rate equivocation region is also larger than that of the Gaussian wiretap channel where the side information is absent.

The wiretap channel is a setting where one aims to provide
information-theoretic privacy of communicated data based solely on the
assumption that the channel from sender to adversary is "noisier" than the
channel from sender to receiver. It has been the subject of decades of work in
the information and coding (I&C) community. This paper bridges the gap between
this body of work and modern cryptography with contributions along two fronts,
namely metrics (definitions) of security, and schemes. We explain that the
metric currently in use is weak and insufficient to guarantee security of
applications and propose two replacements. One, that we call mis-security, is a
mutual-information based metric in the I&C style. The other, semantic security,
adapts to this setting a cryptographic metric that, in the cryptography
community, has been vetted by decades of evaluation and endorsed as the target
for standards and implementations. We show that they are equivalent (any scheme
secure under one is secure under the other), thereby connecting two
fundamentally different ways of defining security and providing a strong,
unified and well-founded target for designs. Moving on to schemes, results from
the wiretap community are mostly non-constructive, proving the existence of
schemes without necessarily yielding ones that are explicit, let alone
efficient, and only meeting their weak notion of security. We apply
cryptographic methods based on extractors to produce explicit, polynomial-time
and even practical encryption schemes that meet our new and stronger security
target.

This paper investigates the problem of secure lossy source coding in the
presence of an eavesdropper with arbitrary correlated side informations at the
legitimate decoder (referred to as Bob) and the eavesdropper (referred to as
Eve). This scenario consists of an encoder that wishes to compress a source to
satisfy the desired requirements on: (i) the distortion level at Bob and (ii)
the equivocation rate at Eve. It is assumed that the decoders have access to
correlated sources as side information. For instance, this problem can be seen
as a generalization of the well-known Wyner-Ziv problem taking into account the
security requirements. A complete characterization of the
rate-distortion-equivocation region for the case of arbitrary correlated side
informations at the decoders is derived. Several special cases of interest and
an application example to secure lossy source coding of binary sources in the
presence of binary and ternary side informations are also considered. It is
shown that the statistical differences between the side information at the
decoders and the presence of non-zero distortion at the legitimate decoder can
be useful in terms of secrecy. Applications of these results arise in a variety
of distributed sensor network scenarios.

We study the capacity of secret-key agreement over a wiretap channel with state parameters. The transmitter communicates to the legitimate receiver and the eavesdropper over a discrete memoryless wiretap channel with a memoryless state sequence. The transmitter and the legitimate receiver generate a shared secret key, that remains secret from the eavesdropper. No public discussion channel is available. The state sequence is known noncausally to the transmitter. We derive lower and upper bounds on the secret-key capacity. The lower bound involves constructing a common state reconstruction sequence at the legitimate terminals and binning the set of reconstruction sequences to obtain the secret-key. For the special case of Gaussian channels with additive interference (secret-keys from dirty paper channel) our bounds differ by 0.5 bit/symbol and coincide in the high signal-to-noise-ratio and high interference-to-noise-ratio regimes. For the case when the legitimate receiver is also revealed the state sequence, we establish that our lower bound achieves the the secret-key capacity. In addition, for this special case, we also propose another scheme that attains the capacity and requires only causal side information at the transmitter and the receiver. Comment: 10 Pages, Submitted to IEEE Transactions on Information Forensics and Security, Special Issue on Using the Physical Layer for Securing the Next Generation of Communication Systems

We study the problem of generating a shared secret key between two terminals in a joint source-channel setup -- the sender communicates to the receiver over a discrete memoryless wiretap channel and additionally the terminals have access to correlated discrete memoryless source sequences. We establish lower and upper bounds on the secret-key capacity. These bounds coincide, establishing the capacity, when the underlying channel consists of independent, parallel and reversely degraded wiretap channels. In the lower bound, the equivocation terms of the source and channel components are functionally additive. The secret-key rate is maximized by optimally balancing the the source and channel contributions. This tradeoff is illustrated in detail for the Gaussian case where it is also shown that Gaussian codebooks achieve the capacity. When the eavesdropper also observes a source sequence, the secret-key capacity is established when the sources and channels of the eavesdropper are a degraded version of the legitimate receiver. Finally the case when the terminals also have access to a public discussion channel is studied. We propose generating separate keys from the source and channel components and establish the optimality of this approach when the when the channel outputs of the receiver and the eavesdropper are conditionally independent given the input. Comment: 29 Pages, Submitted IEEE Trans. Information Theory

We study the state-dependent (SD) wiretap channel (WTC) with non-causal channel state information (CSI) at the encoder. This model subsumes all other instances of CSI availability as special cases, and calls for an efficient utilization of the state sequence both for reliability and security purposes. A lower bound on the secrecy-capacity, that improves upon the previously best known result by Chen and Han Vinck, is derived based on a novel superposition coding scheme. The improvement over the Chen and Han Vinck result is strict for some SD-WTCs. Specializing the lower bound to the case where CSI is also available to the decoder reveals that it is at least as good as the achievable formula by Chia and El-Gamal, which is already known to outperform the adaptation of the Chen and Han Vinck code to the encoder and decoder CSI scenario. The results are derived under the strict semantic-security metric that requires negligible information leakage for all message distributions.

A likelihood encoder is studied in the context of lossy source compression. The analysis of the likelihood encoder is based on the soft-covering lemma. It is demonstrated that the use of a likelihood encoder together with the soft-covering lemma yields simple achievability proofs for classical source coding problems. The cases of the point-to-point rate-distortion function, the rate-distortion function with side information at the decoder (i.e., the Wyner-Ziv problem), and the multi-terminal source coding inner bound (i.e., the Berger-Tung problem) are examined in this paper. Furthermore, a non-asymptotic analysis is used for the point-to-point case to examine the upper bound on the excess distortion provided by this method. The likelihood encoder is also related to a recent alternative technique using the properties of random binning.

The arbitrarily varying wiretap channel (AVWTC) is among the most challenging
open problems in the field of information-theoretic secrecy. Not only does it
capture the difficulty of the compound wiretap channel (another open problem)
as a special case, it also requires that secrecy is ensured with respect to
exponentially many possible channel state sequences. However, a stronger
version of Wyner's soft-covering lemma, recently derived by the authors, lays
the groundwork for overcoming the second aforementioned difficulty. To that
end, we consider an AVWTC with a type constraint on the allowed state
sequences, and derive a single-letter characterization of its correlated-random
(CR) assisted semantic-security (SS) capacity. The allowed state sequences are
the ones in a typical set around the type constraint. SS is establish by
showing that the information leakage to the eavesdropper is negligible even
when maximized over all message distributions, choices of state sequences and
realizations of the CR-code. Both the achievability and the converse proofs of
the type constrained coding theorem rely on stronger claims than actually
required. The direct part establishes a novel single-letter lower bound on the
CR-assisted SS-capacity of an AVWTC with state sequences constrained by any
convex and closed set of state probability mass functions (PMFs). SS follows by
leveraging a heterogeneous version of the stronger soft-covering lemma and a
CR-code reduction argument. Optimality is a consequence of an upper bound on
the CR-assisted SS-capacity of an AVWTC with state sequences constrained to any
collection of type-classes. The proof of the upper bound uses a novel
distribution coupling argument. The capacity formula shows that the legitimate
users effectively see an averaged main channel, while security must be ensured
versus an eavesdropper with perfect channel state information.

A broadcast channel (BC) where the decoders cooperate via a one-sided link is
considered. One common and two private messages are transmitted and the private
message to the cooperative user should be kept secret from the
cooperation-aided user. The secrecy level is measured in terms of
strong-secrecy, i.e., a vanishing information leakage. An inner bound on the
capacity region is derived by using a channel-resolvability-based code that
double-bins the codebook of the secret message, and by using a likelihood
encoder to choose the transmitted codeword. The inner bound is shown to be
tight for semi-deterministic and physically degraded BCs and the results are
compared to those of the corresponding BCs without a secrecy constraint.
Blackwell and Gaussian BC examples illustrate the impact of secrecy on the rate
regions. Unlike the case without secrecy, where sharing information about both
private messages via the cooperative link is optimal, our protocol conveys
parts of the common and non-confidential messages only. This restriction
reduces the transmission rates more than the usual rate loss due to secrecy
requirements.

The secrecy capacity of the type II wiretap channel (WTC II) with a noisy
main channel is currently an open problem. Herein its secrecy-capacity is
derived and shown to be equal to its semantic-security (SS) capacity. In this
setting, the legitimate users communicate via a discrete-memoryless (DM)
channel in the presence of an eavesdropper that has perfect access to a subset
of its choosing of the transmitted symbols, constrained to a fixed fraction of
the blocklength. The secrecy criterion is achieved simultaneously for all
possible eavesdropper subset choices. The SS criterion demands negligible
mutual information between the message and the eavesdropper's observations even
when maximized over all message distributions.
A key tool for the achievability proof is a novel and stronger version of
Wyner's soft covering lemma. Specifically, a random codebook is shown to
achieve the soft-covering phenomenon with high probability. The probability of
failure is doubly-exponentially small in the blocklength. Since the combined
number of messages and subsets grows only exponentially with the blocklength,
SS for the WTC II is established by using the union bound and invoking the
stronger soft-covering lemma. The direct proof shows that rates up to the
weak-secrecy capacity of the classic WTC with a DM erasure channel (EC) to the
eavesdropper are achievable. The converse follows by establishing the capacity
of this DM wiretap EC as an upper bound for the WTC II. From a broader
perspective, the stronger soft-covering lemma constitutes a tool for showing
the existence of codebooks that satisfy exponentially many constraints, a
beneficial ability for many other applications in information theoretic
security.

Probabilistic approach is used for the coding of channels having random parameters. The capacity of these channels is found and the binary channel with random defects and errors is discussed.

We consider the situation in which digital data is to be reliably transmitted over a discrete, memoryless channel (DMC) that is subjected to a wire-tap at the receiver. We assume that the wire-tapper views the channel output via a second DMC. Encoding by the transmitter and decoding by the receiver are permitted. However, the code books used in these operations are assumed to be known by the wire-tapper. The designer attempts to build the encoder-decoder in such a way as to maximize the transmission rate R, and the equivocation d of the data as seen by the wire-tapper. In this paper, we find the trade-off curve between R and d, assuming essentially perfect (“error-free”) transmission. In particular, if d is equal to H s, the entropy of the data source, then we consider that the transmission is accomplished in perfect secrecy. Our results imply that there exists a C8 > 0, such that reliable transmission at rates up to CS is possible in approximately perfect secrecy.

Two familiar notions of correlation are rediscovered as the extreme operating
points for distributed synthesis of a discrete memoryless channel, in which a
stochastic channel output is generated based on a compressed description of the
channel input. Wyner's common information is the minimum description rate
needed. However, when common randomness independent of the input is available,
the necessary description rate reduces to Shannon's mutual information. This
work characterizes the optimal trade-off between the amount of common
randomness used and the required rate of description. We also include a number
of related derivations, including the effect of limited local randomness, rate
requirements for secrecy, applications to game theory, and new insights into
common information duality.
Our proof makes use of a soft covering lemma, known in the literature for its
role in quantifying the resolvability of a channel. The direct proof
(achievability) constructs a feasible joint distribution over all parts of the
system using a soft covering, from which the behavior of the encoder and
decoder is inferred, with no explicit reference to joint typicality or binning.
Of auxiliary interest, this work also generalizes and strengthens this soft
covering tool.

Half-title pageSeries pageTitle pageCopyright pageDedicationPrefaceAcknowledgementsContentsList of figuresHalf-title pageIndex

Information theory answers two fundamental questions in communication theory: what is the ultimate data compression (answer: the entropy H), and what is the ultimate transmission rate of communication (answer: the channel capacity C). For this reason some consider information theory to be a subset of communication theory. We will argue that it is much more. Indeed, it has fundamental contributions to make in statistical physics (thermodynamics), computer science (Kolmogorov complexity or algorithmic complexity), statistical inference (Occam's Razor: “The simplest explanation is best”) and to probability and statistics (error rates for optimal hypothesis testing and estimation). The relationship of information theory to other fields is discussed. Information theory intersects physics (statistical mechanics), mathematics (probability theory), electrical engineering (communication theory) and computer science (algorithmic complexity). We describe these areas of intersection in detail.

We consider the problem of secure communication over a (not necessarily degraded) wiretap channel with two-sided channel state information available at the transmitter and the main receiver, respectively. Using the time sharing argument [1], we establish an achievable rate equivocation region for this channel model. The obtained achievable region generalizes several existing results in the literature. More importantly, through examining various cases with different knowledge of channel state information, we provide a systematic study of the impact of channel state information on secure communication.

A lower bound on the secrecy capacity of the wiretap channel with state information available causally at both the encoder and decoder is established. The lower bound is shown to be strictly larger than that for the noncausal case by Liu and Chen. Achievability is proved using block Markov coding, Shannon strategy, and key generation from common state information. The state sequence available at the end of each block is used to generate a key, which is used to enhance the transmission rate of the confidential message in the following block. An upper bound on the secrecy capacity when the state is available noncausally at the encoder and decoder is established and is shown to coincide with the lower bound for several classes of wiretap channels with state. Comment: V2: Minor edits. 19 pages, 3 figures V3: Minor edits. Typos corrected

In this correspondence, we extend the Gaussian wiretap channel model introduced by Leung-Yan-Cheong and Hellman to the Gaussian wiretap channel with side information by introducing additive white Gaussian interference in the main channel, which is available to the encoder in advance. This model is also an extension of the dirty-paper channel introduced by Costa since its main channel is the dirty-paper channel. A perfect-secrecy-achieving coding strategy for the model is proposed. It is used to derive achievable rates with asymptotic perfect secrecy and an achievable rate-equivocation region. The achievable rates with asymptotic perfect-secrecy are then compared to upper and lower bounds. The comparison indicates that the proposed coding strategy is optimal in some cases.

A coding theorem for the discrete memoryless broadcast channel is proved for the case where no common message is to he transmitted. The theorem is a generalization of the results of Cover and van der Meulen on this problem. The result is tight for broadcast channels having one deterministic component

A sender communicates with a receiver who wishes to reliably
evaluate a function of their combined data. We show that if only the
sender can transmit, the number of bits required is a conditional
entropy of a naturally defined graph. We also determine the number of
bits needed when the communicators exchange two messages

Rate distortion theory is considered for the Shannon cipher system
(SCS). The admissible region of cryptogram rate R, key rate
R<sub>k</sub>, legitimate receiver's distortion D, and wiretapper's
uncertainty h is determined for the SCS with a noisy channel.
Furthermore, inner and outer bounds of the admissible region of R,
R<sub>k</sub>, D, and wiretapper's attainable minimum distortion
D˜ are derived for the SCS with a finite discrete source and a
noiseless channel

A sender communicates with a receiver who wishes to reliably evaluate a function of their combined data. We show that if only the sender can transmit, the number of bits required is a conditional entropy of a naturally defined graph. We also determine the number of bits needed when the communicators exchange two messages. 1 Introduction Let f be a function of two random variables X and Y . A sender PX knows X , a receiver P Y knows Y , and both want P Y to reliably determine f(X; Y ). How many bits must PX transmit? Embedding this communication-complexity scenario (Yao [22]) in the standard informationtheoretic setting (Shannon [17]), we assume that (1) f(X; Y ) must be determined for a block of many independent (X; Y )-instances, (2) PX transmits after observing the whole block of X- instances, (3) a vanishing block error probability is allowed, and (4) the problem's rate L f (X jY ) is the number of bits transmitted for the block, normalized by the number of instances. Two simple...

Applied Digital Information Theory

- J L Massey

J. L. Massey. Applied Digital Information Theory. ETH Zurich, Zurich, Switzerland, 1980-1998.

Teaching IT: An identity for the Gelfand-Pinsker converse

- G Kramer

G. Kramer. Teaching IT: An identity for the Gelfand-Pinsker converse. IEEE Inf. Theory Society Newsletter, 61(4):4-6, Dec. 2011.

Secret-key agreement with channel state information at the transmitter

- B Dai
- A J Han Vinck
- Y Luo
- X Tang

B. Dai, A. J. Han Vinck, Y. Luo, and X. Tang. Secret-key agreement with channel state information at the transmitter. Entropy, 15:445473,
2013.

Broadcast channels with confidential messages

- I Csiszár
- J Körner

I. Csiszár and J. Körner. Broadcast channels with confidential messages. IEEE Trans. Inf. Theory, 24(3):339-348, May 1978.