32 research outputs found
Compressed Secret Key Agreement: Maximizing Multivariate Mutual Information Per Bit
The multiterminal secret key agreement problem by public discussion is
formulated with an additional source compression step where, prior to the
public discussion phase, users independently compress their private sources to
filter out strongly correlated components for generating a common secret key.
The objective is to maximize the achievable key rate as a function of the joint
entropy of the compressed sources. Since the maximum achievable key rate
captures the total amount of information mutual to the compressed sources, an
optimal compression scheme essentially maximizes the multivariate mutual
information per bit of randomness of the private sources, and can therefore be
viewed more generally as a dimension reduction technique. Single-letter lower
and upper bounds on the maximum achievable key rate are derived for the general
source model, and an explicit polynomial-time computable formula is obtained
for the pairwise independent network model. In particular, the converse results
and the upper bounds are obtained from those of the related secret key
agreement problem with rate-limited discussion. A precise duality is shown for
the two-user case with one-way discussion, and such duality is extended to
obtain the desired converse results in the multi-user case. In addition to
posing new challenges in information processing and dimension reduction, the
compressed secret key agreement problem helps shed new light on resolving the
difficult problem of secret key agreement with rate-limited discussion, by
offering a more structured achieving scheme and some simpler conjectures to
prove
A Bound For Multiparty Secret Key Agreement And Implications For A Problem Of Secure Computing
We consider secret key agreement by multiple parties observing correlated data and communicating interactively over an insecure communication channel. Our main contribution is a single-shot upper bound on the length of the secret keys that can be generated, without making any assumptions on the distribution of the underlying data. Heuristically, we bound the secret key length in terms of ``how far is the joint distribution of the initial observations of the parties and the eavesdropper from a distribution that renders the observations of the parties conditionally independent across some partition, when conditioned on the eavesdropper\u27s side information.
The closeness of the two distributions is measured in terms of the exponent of the probability of error of type II for a binary hypothesis testing problem, thus bringing out a structural connection between secret key agreement and binary hypothesis testing. When the underlying data consists of an independent and identically distributed sequence, an application of our bound recovers several known upper bounds for the asymptotic rate of a secret key that can be generated, without requiring the agreement error probability or the security index to vanish to 0 asymptotically.
Also, we consider the following problem of secure function computation with trusted parties: Multiple parties observing correlated data seek to compute a function of their collective data. To this end, they communicate interactively over an insecure communication channel. It is required that the value of the function be concealed from an eavesdropper with access to the communication. When is such a secure computation of a given function feasible? Using the aforementioned upper bound, we derive a necessary condition for the existence of a communication protocol that allows the parties to reliably recover the value of a given function, while keeping this value concealed from an eavesdropper with access to (only) the communication
On the Optimality of Secret Key Agreement via Omniscience
For the multiterminal secret key agreement problem under a private source
model, it is known that the maximum key rate, i.e., the secrecy capacity, can
be achieved through communication for omniscience, but the omniscience strategy
can be strictly suboptimal in terms of minimizing the public discussion rate.
While a single-letter characterization is not known for the minimum discussion
rate needed for achieving the secrecy capacity, we derive single-letter lower
and upper bounds that yield some simple conditions for omniscience to be
discussion-rate optimal. These conditions turn out to be enough to deduce the
optimality of omniscience for a large class of sources including the
hypergraphical sources. Through conjectures and examples, we explore other
source models to which our methods do not easily extend
Converses for Secret Key Agreement and Secure Computing
We consider information theoretic secret key agreement and secure function
computation by multiple parties observing correlated data, with access to an
interactive public communication channel. Our main result is an upper bound on
the secret key length, which is derived using a reduction of binary hypothesis
testing to multiparty secret key agreement. Building on this basic result, we
derive new converses for multiparty secret key agreement. Furthermore, we
derive converse results for the oblivious transfer problem and the bit
commitment problem by relating them to secret key agreement. Finally, we derive
a necessary condition for the feasibility of secure computation by trusted
parties that seek to compute a function of their collective data, using an
interactive public communication that by itself does not give away the value of
the function. In many cases, we strengthen and improve upon previously known
converse bounds. Our results are single-shot and use only the given joint
distribution of the correlated observations. For the case when the correlated
observations consist of independent and identically distributed (in time)
sequences, we derive strong versions of previously known converses
Generating secret in a network
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 247-253) and index.This monograph studies the theory of information through the multiuser secret key agreement problem. A general notion of mutual dependence is established for the secrecy capacity, as a natural generalization of Shannon's mutual information to the multivariate case. Under linear-type source models, this capacity can be achieved practically by linear network codes. In addition to being an unusual application of the network coding solution to a secrecy problem, it gives secrecy capacity an interpretation of network information flow and partition connectivity, further confirming the intuitive meaning of secrecy capacity as mutual dependence. New identities in submodular function optimization and matroid theory are discovered in proving these results. A framework is also developed to view matroids as graphs, allowing certain theory on graphs to generalize to matroids. In order to study cooperation schemes in a network, a general channel model with multiple inputs is formulated. Single-letter secrecy capacity upper bounds are derived using the Shearer-type lemma. Lower bounds are obtained with a new cooperation scheme called the mixed source emulation. In the same way that mixed strategies may surpass pure strategies in zero-sum games, mixed source emulation outperforms the conventional pure source emulation approach in terms of the achievable key rate. Necessary and sufficient conditions are derived for tightness of these secrecy bounds, which shows that secrecy capacity can be characterized for a larger class of channels than the broadcast-type channels considered in previous work. The mixed source emulation scheme is also shown to be unnecessary for some channels while insufficient for others. The possibility of a better cooperative scheme becomes apparent, but a general scheme remains to be found.by Chung Chan.Ph.D