Secret Key Agreement under Discussion Rate Constraints

For the multiterminal secret key agreement problem, new single-letter lower bounds are obtained on the public discussion rate required to achieve any given secret key rate below the secrecy capacity. The results apply to general source model without helpers or wiretapper's side information but can be strengthened for hypergraphical sources. In particular, for the pairwise independent network, the results give rise to a complete characterization of the maximum secret key rate achievable under a constraint on the total discussion rate

Achieving SK Capacity in the Source Model: When Must All Terminals Talk?

In this paper, we address the problem of characterizing the instances of the multiterminal source model of Csisz\'ar and Narayan in which communication from all terminals is needed for establishing a secret key of maximum rate. We give an information-theoretic sufficient condition for identifying such instances. We believe that our sufficient condition is in fact an exact characterization, but we are only able to prove this in the case of the three-terminal source model. We also give a relatively simple criterion for determining whether or not our condition holds for a given multiterminal source model.Comment: A 5-page version of this paper was submitted to the 2014 IEEE International Symposium on Information Theory (ISIT 2014

Compressed Secret Key Agreement: Maximizing Multivariate Mutual Information Per Bit

The multiterminal secret key agreement problem by public discussion is formulated with an additional source compression step where, prior to the public discussion phase, users independently compress their private sources to filter out strongly correlated components for generating a common secret key. The objective is to maximize the achievable key rate as a function of the joint entropy of the compressed sources. Since the maximum achievable key rate captures the total amount of information mutual to the compressed sources, an optimal compression scheme essentially maximizes the multivariate mutual information per bit of randomness of the private sources, and can therefore be viewed more generally as a dimension reduction technique. Single-letter lower and upper bounds on the maximum achievable key rate are derived for the general source model, and an explicit polynomial-time computable formula is obtained for the pairwise independent network model. In particular, the converse results and the upper bounds are obtained from those of the related secret key agreement problem with rate-limited discussion. A precise duality is shown for the two-user case with one-way discussion, and such duality is extended to obtain the desired converse results in the multi-user case. In addition to posing new challenges in information processing and dimension reduction, the compressed secret key agreement problem helps shed new light on resolving the difficult problem of secret key agreement with rate-limited discussion, by offering a more structured achieving scheme and some simpler conjectures to prove

Distributed Function Computation with Confidentiality

A set of terminals observe correlated data and seek to compute functions of the data using interactive public communication. At the same time, it is required that the value of a private function of the data remains concealed from an eavesdropper observing this communication. In general, the private function and the functions computed by the nodes can be all different. We show that a class of functions are securely computable if and only if the conditional entropy of data given the value of private function is greater than the least rate of interactive communication required for a related multiterminal source-coding task. A single-letter formula is provided for this rate in special cases.Comment: To Appear in IEEE JSAC: In-Network Computation: Exploring the Fundamental Limits, April 201

On the Public Communication Needed to Achieve SK Capacity in the Multiterminal Source Model

The focus of this paper is on the public communication required for generating a maximal-rate secret key (SK) within the multiterminal source model of Csisz{\'a}r and Narayan. Building on the prior work of Tyagi for the two-terminal scenario, we derive a lower bound on the communication complexity, $R_{\text{SK}}$, defined to be the minimum rate of public communication needed to generate a maximal-rate SK. It is well known that the minimum rate of communication for omniscience, denoted by $R_{\text{CO}}$, is an upper bound on $R_{\text{SK}}$. For the class of pairwise independent network (PIN) models defined on uniform hypergraphs, we show that a certain "Type $\mathcal{S}$" condition, which is verifiable in polynomial time, guarantees that our lower bound on $R_{\text{SK}}$ meets the $R_{\text{CO}}$ upper bound. Thus, PIN models satisfying our condition are $R_{\text{SK}}$-maximal, meaning that the upper bound $R_{\text{SK}} \le R_{\text{CO}}$ holds with equality. This allows us to explicitly evaluate $R_{\text{SK}}$ for such PIN models. We also give several examples of PIN models that satisfy our Type $\mathcal S$ condition. Finally, we prove that for an arbitrary multiterminal source model, a stricter version of our Type $\mathcal S$ condition implies that communication from \emph{all} terminals ("omnivocality") is needed for establishing a SK of maximum rate. For three-terminal source models, the converse is also true: omnivocality is needed for generating a maximal-rate SK only if the strict Type $\mathcal S$ condition is satisfied. Counterexamples exist that show that the converse is not true in general for source models with four or more terminals.Comment: Submitted to the IEEE Transactions on Information Theory. arXiv admin note: text overlap with arXiv:1504.0062

When is a Function Securely Computable?

A subset of a set of terminals that observe correlated signals seek to compute a given function of the signals using public communication. It is required that the value of the function be kept secret from an eavesdropper with access to the communication. We show that the function is securely computable if and only if its entropy is less than the "aided secret key" capacity of an associated secrecy generation model, for which a single-letter characterization is provided