Multiple-Access Channels With Confidential Messages - Yingbin Liang

976

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 54, NO. 3, MARCH 2008

Multiple-Access Channels With Confidential Messages Yingbin Liang, Member, IEEE, and H. Vincent Poor, Fellow, IEEE

Abstract—A discrete memoryless multiple-access channel (MAC) with confidential messages is studied, where two users attempt to transmit common information to a destination and each user also has private (confidential) information intended for the destination. This channel generalizes the classical MAC model in that each user also receives channel outputs, and hence may obtain the confidential information sent by the other user from the channel output it receives. However, each user views the other user as a wiretapper or eavesdropper, and wishes to keep its confidential information as secret as possible from the other user. The level of secrecy of the confidential information is measured by the equivocation rate, i.e., the entropy rate of the confidential information conditioned on channel outputs at the wiretapper (the other user). The performance measure is the rate–equivocation tuple that includes the common rate, two private rates, and two equivocation rates as components. The set that includes all achievable rate–equivocation tuples is referred to as the capacity–equivocation region. The case of perfect secrecy is particularly of interest, in which each user’s confidential information is perfectly hidden from the other user. The set that includes all achievable rates with perfect secrecy is referred to as the secrecy capacity region. For the MAC with two confidential messages, in which both users have confidential messages for the destination, inner bounds on the capacity–equivocation region, and secrecy capacity region are obtained. It is demonstrated that there is a tradeoff between the two equivocation rates (secrecy levels) achieved for the two confidential messages. For the MAC with one confidential message, in which only one user (user 1) has private (confidential) information for the destination, inner and outer bounds on the capacity-equivocation region are derived. These bounds match partially, and hence the capacity-equivocation region is partially characterized. Furthermore, the outer bound provides a tight converse for the case of perfect secrecy, and hence establishes the secrecy capacity region. A class of degraded MACs with one confidential message is further studied, and the capacity-equivocation region and the secrecy capacity region are established. These results are further explored via two example channels: the binary and Gaussian MACs. For both channels, the capacity-equivocation regions and the secrecy capacity regions are obtained. Index Terms—Binary multiple-access channel (MAC), degraded channel, equivocation, Gaussian MAC, inner bound, outer bound, secrecy capacity. Manuscript received April 7, 2006; revised July 6, 2007. This work was supported by the National Science Foundation under Grants ANI-03-38807, CNS-06-25637 and CCF-07-28208. The material in this paper was presented in part at the IEEE International Symposium on Information Theory, Seattle, WA, July 2006, and in part at the 44th Annual Allerton Conference on Communication, Control, and Computing, Monticello, IL, September 2006. Y. Liang is with the Department of Electrical Engineering, University of Hawaii, Honolulu, HI 96822 USA (e-mail: [email protected]). H. V. Poor is with the Department of Electrical Engineering, Princeton University, Engineering Quadrangle, Princeton, NJ 08544 USA (e-mail: [email protected]). Communicated by G. Kramer, Associate Editor for Shannon Theory. Color versions of Figures 1–4, 8–10, and 12 in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIT.2007.915978

I. INTRODUCTION

T

WO important issues in communications are reliability and security. The reliability quantifies the maximum rate achievable with small probability of error (i.e., the capacity), and has been studied intensively since Shannon theory was established [1]. Security is an important issue when the transmitted information is confidential and needs to be kept as secret as possible from wiretappers or eavesdroppers. The level of secrecy of confidential information at a wiretapper can be measured by the equivocation rate, i.e., the entropy rate of the confidential message conditioned on the channel output at the wiretapper. If both reliability and security are considered, the performance measure becomes the rate–equivocation tuple that includes both the communication rates and the equivocation rates (achieved at wiretappers) as components. We refer to the set that consists of all achievable rate–equivocation tuples as the capacity–equivocation region, and refer to the set of all achievable communication rates with perfect secrecy as the secrecy capacity region, where the legitimate receiver successfully decodes the source messages and the wiretapper is perfectly ignorant of the information source. Communication of confidential messages has been studied in the literature for some classes of channels. The wiretap channel was introduced by Wyner in [2], in which a sender wishes to transmit information to a legitimate receiver and to keep a wiretapper as ignorant of this information as possible. The broadcast channel from the sender to the legitimate receiver and the wiretapper was assumed to be a degraded broadcast channel. The tradeoff between the communication rate to the legitimate receiver and the level of secrecy at the wiretapper was developed. The secrecy capacity was also established. A generalization of the wiretap channel was studied in [3], in which the broadcast channel was assumed to be general (not necessarily degraded) and the sender also wishes to transmit common information to both the legitimate receiver and the wiretapper in addition to the confidential information to the legitimate receiver. This channel is referred to as the broadcast channel with confidential messages (BCC). The capacity–equivocation region and the secrecy capacity region were established for this channel. Some other related studies on the wiretap channel/BCC can be found in [4]–[15]. Other than the broadcast channel models, the relay channel with confidential messages was studied in [16], [17], the interference channel with confidential messages was studied in [14], [18], and the two-way channel with confidential messages was studied in [19].

0018-9448/$25.00 © 2008 IEEE Authorized licensed use limited to: University of Illinois. Downloaded on October 24, 2008 at 02:35 from IEEE Xplore. Restrictions apply.

LIANG AND POOR: MULTIPLE-ACCESS CHANNELS WITH CONFIDENTIAL MESSAGES

In this paper, we consider a two-user multiple-access channel (MAC) with confidential messages, which generalizes the classical MAC [20], [21] (see also [22, Sec. 14.3]) by allowing both users to receive noisy channel outputs. This channel model is motivated by wireless communications, in which transmitted signals are broadcast over open media and can be received by all nodes within communication range. For this channel, we assume that two users (users 1 and 2) have common information and each user has its private (confidential) information intended for a destination. Since the two users also receive channel outputs, they may extract each other’s confidential information from their received channel outputs. However, each user treats the other user as a wiretapper, and wishes to keep its confidential message as secret as possible from this wiretapper. The level of secrecy of one user’s confidential message at the other user (wiretapper) is measured by the equivocation rate. Our goal is to study the capacity–equivocation region of the MAC with confidential messages. As in [2], [3], we assume the users are passive eavesdroppers, and hence do not attempt to utilize the channel outputs they receive to disturb the other user’s transmission, i.e., the signals that the users transmit do not depend on the outputs they receive from the channel. However, the users may be naturally curious about the other user’s messages, and the outputs they receive help the users to learn such information. Hence, to maintain privacy, each user tries to prevent the other user from knowing the message that it transmits to the destination. Under these assumptions, we allow the users to jointly design transmission schemes to achieve the optimal tradeoff between the communication rates and secrecy, i.e., the capacity–equivocation region. This joint design can be justified in the following. Since the MAC models centralized communication in either cellular networks or well-coordinated small group in ad hoc networks, communication protocols, transmission rates, and signaling and coding strategies are predesigned and are possibly optimized to achieve the best overall performance. Hence, users participating in such multiple-access communication are forced to obey these communication rules. We study the full-duplex MAC model, in which users 1 and 2 are allowed to transmit and receive at the same time in the same frequency band. In general, full-duplex communication is not easy to implement in practice, because the transmitted signal from one user may cause interference at the receiver of the same user. Nevertheless, the full-duplex MAC we study is a valid model because it takes the self-interference issue into account by assuming the output at one user can be dependent on its own input. Furthermore, the full-duplex model also serves as a general model that includes the half-duplex model as a special case, and hence, the results in this paper can be directly applied to study the half-duplex model. In this paper, we first study the MAC with two confidential messages, in which both users have confidential messages for the destination in addition to the common message. We obtain an achievable rate–equivocation region (inner bound on the capacity–equivocation region). We demonstrate a tradeoff between the two equivocation rates achieved for the two confidential messages sent by users 1 and 2, which is a new feature that arises in the case with two confidential messages. Based on

977

the rate–equivocation region, we derive the secrecy rate region, where the confidential message of each user is perfectly secret from the other user. We then study the MAC with one confidential message, in which two users have common information for the destination and only one user (user 1) has confidential information for the destination. This channel generalizes the MAC with degraded message sets [23] with the further assumption that user 2 receives channel outputs and the further requirement of secrecy, i.e., user 1 wants to keep user 2 as ignorant of its confidential information as possible. The MAC with one confidential message is also a counterpart of the BCC studied in [3]. For this model, we obtain inner and outer bounds on the capacity–equivocation region. The two bounds match partially and determine the capacity–equivocation region partially. Furthermore, the inner and outer bounds match for the case in which user 2 is perfectly ignorant of the confidential message of user 1, and we hence establish the secrecy capacity region. We further establish the capacity–equivocation region and the secrecy capacity region for the special case of the degraded MAC with one confidential message, in which the output at user 2 is a degraded version of the output at the destination. This model generalizes the wiretap channel [2] to allow user 1 and user 2 (the wiretapper) to send common information to the destination. We finally study two example channels: the binary and Gaussian MACs with one confidential message. For both channels, we characterize the capacity–equivocation regions and secrecy capacity regions. We note that a MAC model similar to that we study was independently studied in [24], where one user transmits an individual message (possibly public) and the other user transmits a confidential message. We also note that a different MAC model with confidential messages was studied in [25], where all users in the MAC want to keep their messages secret from an additional wiretapper. In this paper, we adopt the following notation. We use upper case letters to indicate random variables, and we use lower case letters to indicate deterministic variables or realizations of the corresponding random variables. We clarify exceptions where to indicate the vector they appear in the paper. We use , and use to indicate the vector . Throughout the paper, the logarithmic function is to the base . The organization of this paper is as follows. In Section II, we introduce the channel model of the MAC with confidential messages. In Section III, we present our results for the MAC with two confidential messages, and illustrate the intuition behind the result. In Section IV, we present our results for the MAC with one confidential message. In particular, we study the degraded MAC with one confidential message. In Section V, we study the binary and Gaussian MACs with one confidential message. In the final section, we give concluding remarks. II. CHANNEL MODEL We define the following MAC model. Definition 1: A discrete memoryless MAC with confidential messages consists of two finite channel input alphabets and , three finite channel output alphabets and ,

Authorized licensed use limited to: University of Illinois. Downloaded on October 24, 2008 at 02:35 from IEEE Xplore. Restrictions apply.

978


Fig. 1. Multiple-access channel (MAC).

and a transition probability distribution (see Fig. 1), where and are channel inputs from , , and users 1 and 2, respectively, and are channel outputs at the destination, user 1 and user 2, respectively. Note that the MAC model defined in Definition 1 generalizes the classical MAC [20], [21] (see also [22, Sec. 14.3]) by allowing users 1 and 2 to receive channel outputs and , respectively. This channel combines the broadcast channel from user 1 to the destination and user 2 and the broadcast channel from user 2 to the destination and user 1. For generality, we assume that each user receives channel outcan depend on puts that also depend on its own inputs, i.e., , and can depend on . This assumption is also valid in practice because the transmitted signal from one user may cause interference at its own receiver. All results that we obtain apply to the case where outputs at either user do not depend on its own inputs. We note that the model can also be viewed as the traditional MAC with two additional eavesdroppers, where each eavesdropper has access to the information known to one of the users. code for the MAC Definition 2: A consists of the following. for • Three message sets: . , , and are independent and • Three messages: and , respectively. uniformly distributed over • Two (stochastic) encoders, at user 1: , to a which maps each message pair ; and at user 2: , codeword to a which maps each message pair codeword . , • One decoder at the destination: to a message tuple which maps a received sequence . We note that the stochastic encoders and define and two transition probability distributions , respectively. They can also be represented by equivalent deterministic mappings. For example, the stochastic can be represented by a deterministic mapping encoder , which maps

to a codeword , and is a randomizer random variable that is independent of and . The distribution of is part of the encoding strategy of user 1, and in this paper we assume this distribution is known to both users and the is not known at the destination. However, the realization of other user (user 2) and the destination. For the case in which the is known at the destination but not at the other realization of user, the model is completely different from that considered here in that the randomizer serves in this case as a secret key shared by the user and the destination which results in better performance (i.e., larger secrecy rate). In this paper, we do not consider this case with shared secret key. Note that although users 1 and 2 can receive channel outputs (see Fig. 1), these outputs are used only for them to interpret the other user’s message, but are not used for them to disturb or help the other user’s transmission. Hence, their encoding functions are not affected by these received outputs. Since users may extract each other’s confidential information from the received output, we assume that each user treats the other user as a wiretapper, and wishes to keep the other user as ignorant of its confidential message as possible. A given code determines the following joint probability distribution: (1) where and are uniform distributions, and and are deterthe distributions and . The probmined by the random mapping functions ability distribution (1) implies the following two Markov chain conditions: (2) and (3) For a given code, we define two performance measures: the probability of error and the secrecy levels of confidential messages. The average block probability of error is defined as


(4)


The secrecy level of tion rate

at user 2 is defined by the equivoca-

(5) and the secrecy level of cation rate

at user 1 is defined by the equivo-

(6) Note that the larger the equivocation rate, the higher the level of secrecy. Remark 1: Based on the Markov chains (2) and (3), the equivocation rates (5) and (6) can be simplified to be (7) and (8) respectively. However, to emphasize that the equivocation rate is conditioned on all information known at the wiretapper, we keep in the conditioning in (5) and in the conditioning in (6). A rate–equivocation tuple able if there exists a sequence of with the average error probability finity and with the equivocation rates

as and

and

is achievcodes goes to insatisfying

979

III. MAC WITH TWO CONFIDENTIAL MESSAGES In this section, we first provide our main results on the rate–equivocation region and the secrecy rate region. We then give an intuitive interpretation of the rate–equivocation region. A. Main Results We first provide the following useful lemma on the capacity–equivocation region for the MAC with confidential messages, which will be useful in Sections IV-C and V. Lemma 1: Two MACs with confidential messages have the same capacity–equivocation region if they have the same mar, ginal channel transition probability distributions , and . Proof: Consider channel I with the probability distriand channel II with the probabution , where bility distribution has the marginal distributions , , and . It is sufficient to show that if we apply the same codebook and encoding schemes to channels I and the equivocation and II, the average error probability rates and are the same for both channels. For channels I and II, a given codebook and encoding scheme induce the distributions

(11) and

(12)

(9)

Note that the rate–equivocation tuple indicates the common and confidential rates achieved at certain secrecy levels . Definition 3: The capacity–equivocation region is the closure of the set that consists of all achievable rate–equivocation . tuples Definition 4: The secrecy capacity region is the region such that that includes all achievable rate tuples and . perfect secrecy is achieved, i.e., The secrecy capacity region can be expressed as follows:

respectively, where and are determined by the codebook and encoding schemes at users 1 and 2. It is easy to see that the average error probability of both channels depends on the same distribution

and hence are the same. The equivocation rate mined by

is deter-

and is thus determined by the distribution (10) We note that the (achievable) rate–equivocation region and the (achievable) secrecy rate region refer to inner bounds of the capacity–equivocation region and the secrecy capacity region, respectively.

which is also the same for both channels. It follows from an is the same for the two argument similar to the above that channels, which concludes the proof.


980


The following theorem provides an inner bound on the capacity–equivocation region for the MAC with two confidential messages.

where

Theorem 1: The following region of nonnegative rate–equivocation tuples is achievable for the MAC with two confidential messages:

(13)

where

indicates the convex hull of the region

(18)

, and

(14)

where the function and

if

and

if

, (19) and

(15) where

is defined as

(16) (20) Proof: See Appendix II. Proof: See Appendix I. An intuitive interpretation of the rate–equivocation region in Theorem 1 is given in the next subsection. Note that the region contains the equivocation pairs achieved for the given rate tuple . It can be seen that in (14) is characterized by a union of a , which is not an explicit form. It is thus set of pairs to an explicit form that is desirable to change characterized through inequality bounds only. This is done in the following result. Theorem 2: The set in the following explicit form:

Remark 2: The region (13) reduces to the capacity region of the MAC [26] by removing the secrecy constraints, i.e., setting and , and setting and .

in (14) can be expressed

Remark 3: The last two bounds in (18) indicate a tradeoff between the two equivocation rates and , i.e., the secrecy levels achieved for the two confidential messages and . It will be clear in Section III-B that this tradeoff can be achieved by using codebooks that achieve different boundary points of the capacity region of the corresponding MAC. It will be further clear in Appendix I that this tradeoff corresponds to a tradeoff between the sizes of the two codebooks used by the two users.

(17)

and Remark 4: The sets characterize the equivocation rates when only one of the users achieves a nonzero equivocation rate.



We now study the secrecy capacity region, which contains all with the confidential message of each achievable user perfectly hidden from the other user. Corollary 1: A secrecy rate region (an inner bound on the secrecy capacity region) for the MAC with two confidential messages is given by (21)

where

(22)

981

Proof: From (23), it is clear that if (25) is satisfied, user ). Similarly, from 1 achieves positive secrecy rate (for (24), user 2 achieves positive rate if (26) is satisfied. Therefore, time-sharing between two such operating points guarantees positive secrecy rates for both users. In Fig. 2, we plot the secrecy rate region for the MAC with two confidential messages for a given distribution . We assume that both conditions in Corollary 2 are satisfied, i.e., both users have nonzero secrecy rates. We further assume that in (22) is positive, i.e., the bounds on the sum rate is nonempty. The geometric structure of the the region secrecy rate region (shaded area) falls into one of the four cases depending on how the mutual information terms compare with each other. In Fig. 2, we also plot the capacity of the corresponding MAC without secrecy constraints (setting and ) with the outer solid line as the boundary. It is clear from the figure that the secrecy rate region is inside the capacity region of the corresponding MAC. Hence, to achieve perfectly secure communication, the users need to transmit their confidential messages at smaller rates. It is also clear from is Fig. 2 that the secrecy rate region given by not convex in general and needs to be convexified. These cases of secrecy regions will be further discussed in the next section and intuition behind the achievability of the corner points will be given.

(23) B. Interpretation of

and

in Theorem 1

We now explain the intuition behind the achievable given in Theorem 1. We focus on rate–equivocation region the following region : (24)

Proof: The proof follows directly from Theorems 1 and 2 by using the perfect secrecy conditions and . (27)

For the MAC with two confidential messages, it is desirable that both users achieve positive secrecy rates. We have the following sufficient condition for this case to happen. Corollary 2: A sufficient condition for both users to achieve positive secrecy rates is that

where

(25) for some joint distribution (28) and (26) for some joint distribution

where

Note that the joint distributions that satisfy the two conditions (25) and (26) are not necessarily the same. Authorized licensed use limited to: University of Illinois. Downloaded on October 24, 2008 at 02:35 from IEEE Xplore. Restrictions apply.

(29)

982


Fig. 2. Secrecy rate region for the MAC with two confidential messages for a given joint distribution.

and

(30)

given in Theorem 1 follows from in (27) by The region prefixing two discrete memoryless channels with inputs and and transition probabilities and to the given and in MAC (similar to [3, Lemma 4]). In particular,

are replaced with and , respectively, to derive , except in the term is replaced by and that in the term is replaced by . This is because these two mutual information terms arise from the and appear in definition of the equivocation rates, where the conditioning. It is easy to see that the first four bounds in in (27) are the bounds that define the capacity region of the MAC [26]. Hence, these bounds also need to be satisfied for the MAC with two con, fidential messages. To understand the bounds on we plot Fig. 3 for illustration. In Fig. 3, the solid line indicates for a given common rate . the boundary of the region



983

thus achieving a tradeoff between the secrecy levels for the two confidential messages sent by user 1 and user 2 as commented in Remark 3. We further illustrate the preceding interpretation by considering case 1 (see Fig. 2) of the secrecy rate region given in Corollary 1. We plot this case in more detail in Fig. 4. In case 1, the secrecy rate region is a pentagon, because both of the following two conditions are satisfied: (31) and

C

Fig. 3. Region ~

A

and ~(R

For a given rate tuple bounds in (27), i.e.,

(32) ;R ;R

) for a given common rate

R

.

that satisfies the first four

To achieve perfect secrecy for rate tuples in the secrecy rate region, the two users need to use codebooks achieving rate tuples with larger rate components. For example, consider the corner point of the secrecy rate region in Fig. 4. The rates of the two confidential messages are (33)

we plot the region of in Fig. 3 as the shaded area. It is clear that the rate tuple can be achieved by applying the codebook that achieves any rate tuples and throwing away the redunand . However, it is a waste of channel dant bits resources to achieve a rate tuple with lower rate components by applying a codebook that achieves a rate tuple with higher rate components. The situation becomes different for channels with confidential messages, where one user (say user 1) wants to keep its confidential information secret from the other user (user 2). Now to so that achieve a rate , user 1 may transmit at a higher rate the codebook contains a larger number of codewords than the number of messages that user 1 wants to convey to the destination. The redundant codewords are used to confuse user 2 about real messages that user 1 transmits to the destination. Since user 2 can decode at the rate of the capacity of the channel from user , intuitively user 1 can 1 to user 2, which is and keep informatransmit at the rate tion secret from user 2. Similarly, user 2 can transmit at the rate and keep information secret from user 1. Hence, the equivocation rates and can be achieved by the codefor the MAC. We thus conclude book achieving that all equivocation rate pairs in given in (28) are achievable. Note that there is no loss of generality to consider only the that are on the sum rate tuples rate boundary of the region , i.e., the points on the line and point in Fig. 3. This is because any between point corresponds to a point on the line point inside and . By operating at from to that achieves larger different points between and , user 1 and user 2 use different sizes of codebooks, and hence achieve different equivocation . As the operating point moves from rate pairs to , the equivocation rate increases and decreases,

and (34) To achieve the point with perfect secrecy, the actual codebook being used needs to operate at the point which is on the boundary of the capacity region of the MAC. The rates correare sponding to (35) and (36) If we compare the rate tuples corresponding to the points and , it is easy to see that the secrecy rates decrease from the actual rates of the codebook by the capacities of the channels between and . the two users, i.e., In fact, every point on the boundary of the secrecy rate region of case 1 in Fig. 4 is achieved by the codebook that operates at a corresponding point on the boundary of the capacity region of the MAC. IV. MAC WITH ONE CONFIDENTIAL MESSAGE In this section, we study the MAC with one confidential message, where user 2 has only the common message and does not have the confidential message for the destination. This model generalizes the MAC with degraded message sets studied in [23] to require the private message sent from user 1 to be confidential from user 2. This model is also a counterpart of the broadcast channel with confidential messages studied in [3]. In the following, we first provide our main results on the capacity–equivocation region, and we then present an example, for which we obtain the capacity–equivocation region. Finally, we study the degraded case.


984


in (37) reduces Remark 6: The rate–equivocation region to the capacity region of the MAC with degraded message sets and . given in [23] by setting Theorem 4: The following region is an outer bound on the capacity–equivocation region of the MAC with one confidential message:

(38) Fig. 4. Secrecy rate region of case 1: I (V ; Y jQ) I (U ; Y jQ) > I (U ; Y jX ; V ; Q).

> I (V

;Y

jX ; U; Q)

and

Proof: See Appendix III.

A. Main Results For the MAC with one confidential message, the rate , and the equivocation rate is not of interest. Hence, the channel output at user 1 does not play a role in the to indicate analysis. For notational convenience, we use in this situation. Now the rate–equivocation tuple becomes . We use to denote the capacity–equivocation region in this situation. The following two theorems provide inner and outer bounds on the capacity–equivocation region . Theorem 3: The following region is an inner bound on the capacity–equivocation region for the MAC with one confidential message:

Remark 7: The last four bounds in the outer bound (38) match the last four bounds in the inner bound (37), and hence these four common bounds partially determine the boundary of the capacity–equivocation region . We now study the case in which perfect secrecy is achieved, i.e., user 2 does not get any information about the confidential message that user 1 sends to the destination. This happens . According to Definition 4, the secrecy capacity if region is the region that includes all achievable rate pairs such that , i.e., (39) For a given rate , we further use the secrecy capacity to indicate the maximum achievable rate with the confidential message perfectly hidden from user 2, i.e., (40)

(37)

where the auxiliary random variables cardinality by

and

are bounded in

Although the outer bound given in Theorem 4 provides only a partial converse to the capacity–equivocation region, it is sufficiently tight to serve as the converse to the secrecy capacity region and the secrecy capacity as a function of . Theorem 5: For the MAC with one confidential message, the secrecy capacity region is given by

and

respectively. Proof: The region 2 by setting , (13) with(19).

follows from , and

(41)

in Theorems 1 and , and combining The secrecy capacity for a given rate

Remark 5: The last bound in in (37) indicates a tradeoff between the common rate and the secrecy level of the confidenincreases, the secrecy level of tial message. As common rate the confidential message may decrease. Authorized licensed use limited to: University of Illinois. Downloaded on October 24, 2008 at 02:35 from IEEE Xplore. Restrictions apply.

is given by

(42)


985

Fig. 6. Capacity region of binary multiplier MAC.

Fig. 5. An example MAC.

where the maximum is taken over all joint distributions . In both (41) and (42), the auxiliary random variables and are bounded in cardinality by and , respectively. follows directly from the Proof: The achievability of in Theorem 3 by using the perfect secrecy coninner bound dition . The converse follows from the last two bounds given in Theorem 4. The secrecy capacity in the outer bound follows easily from the secrecy capacity region . Remark 8: If we let and , the MAC with one confidential message reduces to the case of a broadcast channel with confidential messages studied in [3] with the common rate being zero. For this channel, the secrecy capacity in (42) reduces to (43) is taken over all joint distribution . This is the same as the secrecy capacity given in Corollary 2 in [3]. where the

B. An Example In Section IV-A, the inner bound in Theorem 3 and the outer bound in Theorem 4 do not match for the general MAC with one confidential message. In this subsection, we give an example MAC, for which we can obtain the exact capacity–equivocation region. Consider a binary MAC with all inputs and outputs having . The channel from the two users to the destinaalphabets tion is a binary multiplier channel, and the channel from user 1 to user 2 is a bias channel. The channel input–output relationships (see Fig. 5) thus satisfy and

if if

We first note that the region given in (46) (see Fig. 6) is the capacity region of the binary multiplier MAC [27]. We now show that perfect secrecy can be achieved for the two corner points of this region. It is trivial that perfect secrecy can be achieved for , i.e., is achievable at the corner point , perfect this point. For the other corner point for secrecy is achieved by sending and for . When either of these two codewords is transmitted, user 2 always gets output , or is sent. and hence cannot determine whether Therefore, perfect secrecy is achieved. By time-sharing between these two corner points, perfect secrecy can be achieved for the entire region given in (46), which is thus the secrecy capacity region. Therefore, the region in (45) is the capacity–equivocation region. Remark 9: The example channel given in (44) is a nondegraded channel. We hence obtain the capacity–equivocation region for a nondegraded channel. C. Degraded MAC With One Confidential Message In this subsection, we study the degraded MAC with one confidential message, in which the output at user 2 is a degraded version of the output at the destination. This channel is a special case of the MAC studied in Section IV-A, and models the case in which the destination has a powerful receiver, e.g., it is equipped with multiple antennas or it is helped by relay nodes. The degraded MAC generalizes the wiretap channel studied in [2] to allow user 1 and user 2 (wiretapper) to jointly send common information to the destination. In the following, we define two classes of degraded MACs with one confidential message. Definition 5: The MAC with one confidential message is physically degraded if the transition probability distribution satisfies (47) i.e.,

(44)

is independent of

conditioned on

and

.

We now show that the capacity–equivocation region of the example channel given in (44) is

Definition 6: The MAC with one confidential message is stochastically degraded if its conditional marginal distribution is the same as that of a physically degraded MAC, i.e., there exsuch that ists a distribution

(45)

(48)

which implies that the secrecy capacity region of this channel is (46)

Note that the preceding two definitions assume the distribution , i.e., can depend on . This is more general


986


than assuming the distribution . In practice, the output at user 2 may be interfered with its own input , and hence the takes this into account. distribution According to Lemma 1, the stochastically degraded MAC with one confidential message has the same capacity–equivocation region as its corresponding physically degraded MAC with one confidential message. Hence, in the following we do not explicitly indicate whether the channel is stochastically or physically degraded. Theorem 6: For the degraded MAC with one confidential message, the capacity–equivocation region is given by

Fig. 7. A binary MAC.

where the

is taken over all joint distribution . This is consistent with the secrecy capacity given in [2] in a different form, because the problem in [2] is formulated as a source–channel problem. The secrecy capacity in (52) is also consistent with the secrecy capacity of the less noisy channel (more generally, the more capable channel) given in [3, Theorem 3], because degraded channels belong to the class of less noisy channels [28].

(49) V. BINARY AND GAUSSIAN MAC WITH ONE CONFIDENTIAL MESSAGE . where is bounded in cardinality by Proof: The achievability is obtained by applying Thein (37). The converse is provided orem 3 and setting in Appendix IV. Remark 10: The region can be shown to be convex via arguments similar to those used in the proof of Lemma 5 in [3], and hence does not need further convexification. The following theorem provides the secrecy capacity region and the secrecy capacity as a function of . Corollary 3: For the degraded MAC with one confidential message, the secrecy capacity region is given by

In this section, we study two important classes of channels: binary and Gaussian MACs with one confidential message. We obtain the capacity–equivocation region for these two channels. A. Binary MAC With One Confidential Message We first follow [29] to introduce notation and useful lemmas for binary channels. We then introduce a binary MAC model and present the capacity–equivocation region for this channel. We define the following operation: for

(53)

and the entropy function if if

(50)

The secrecy capacity as a function of

is given by

or

(54) The function is one-to-one for . The inverse . of the entropy function is limited to We consider the following binary MAC model. We assume . We all channel inputs and outputs have alphabets further assume that the channel is discrete memoryless and the input–output relationship (see Fig. 7) at each time instant satisfies

(51) where the maximum is taken over all joint distributions . In both (50) and (51), is bounded in cardinality by . Proof: The proof follows directly from Theorem 6 by using . the perfect secrecy condition Remark 11: If and , the degraded MAC with one confidential message reduces to the wiretap channel studied in [2]. For this channel, the secrecy capacity in (50) reduces to (52)

for (55) is a binary random vector with independent and idenwhere tically distributed (i.i.d.) components and has the distribuwhere . Note that the tion to is a binary multiplier MAC, and the channel from channel outputs and can be viewed as the input and output of a discrete memoryless binary-symmetric channel (BSC) with crossover probability . According to Definition 5, this channel is a degraded MAC with one confidential message, and we have the following theorem on the capacity–equivocation region.



987

Theorem 7: For the binary MAC with one confidential message defined in (55), the capacity-equivocation region is given by

(56)

Proof: See Appendix V. Corollary 4: The secrecy capacity region of the binary MAC with one confidential message defined in (55) is

(57)


Fig. 8. Secrecy capacity regions of the binary MAC with one confidential message.

is given by (58)

where

is determined by the following equation: (59)

Proof: The proof follows directly from Theorem 7 by using the perfect secrecy condition . Remark 12: The crossover probability parameter determines how noisy the channel from user 1 to user 2 is compared , to the channel from user 1 to the destination. When user 2 has the same channel from user 1 as the destination, and hence no secrecy can be achieved. As increases, user 2 has a noisier channel from user 1 than the destination, and hence , user 2 is higher secrecy level can be achieved. When totally confused by the channel outputs, and perfect secrecy is always achievable. for Fig. 8 plots the secrecy capacity as a function of four values of . These lines of also serves as (upper) boundaries of the secrecy capacity regions with the vertical axis . It is clear from Fig. 8 that as increases, being viewed as the secrecy capacity region enlarges, because user 2 is further confused by the channel outputs. Remark 13: The optimal scheme to achieve the secrecy capacity region in Theorem 4 uses superposition encoding. To achieve the secrecy capacity corresponding to different values , different values of the superposition parameter needs of to be chosen for the optimal input distribution (see (138) in Appendix V). However, if secrecy is not required, the capacity region of the binary multiplier MAC can be achieved by a timesharing scheme and superposition encoding is not necessary. Note that time-sharing refers to a scheme in which a fraction ( ) of time is used to achieve a rate point and a fraction of time is used to achieve another rate

Fig. 9. Comparison of the secrecy capacity region and the secrecy rate region achieved by using time-sharing for the binary MAC with one confidential message.

. Using such time-sharing, the average rate pair is achievable. Fig. 9 plots the secrecy capacity as a function of (indicated by the solid line) and compares it with the secrecy rate achieved by the time-sharing scheme (indicated by the dashed (on line). The time-sharing is between the point with the vertical axis) and the point with (on the horizontal axis). The figure demonstrates that the time-sharing scheme is strictly suboptimal in providing the secrecy capacity region. As we commented in Remark 13, although the time-sharing scheme is optimal to achieve the capacity region of the binary multiplier MAC, it is not optimal to achieve the secrecy capacity region when secrecy is required.

point

B. Gaussian MAC With One Confidential Message In this subsection, we study the Gaussian MAC with one confidential message, in which the channel outputs at the destina-


988


tion and user 2 are corrupted by additive Gaussian noise terms. We assume that the channel is discrete and memoryless, and that the channel input–output relationships at each time instant are given by and

is

(65)

(60)

where and are independent Gaussian random vectors with i.i.d. components. We assume that and have variand , respectively, where . The channel ances and are subject to the average power input sequences and , respectively, i.e., constraints and


(61)

We note that the Gaussian MAC defined in (60) is stochastically degraded according to Definition 6, because the marginal distribution is the same as that of the following physically degraded Gaussian MAC:

(62) where is the same as in (60). The random vector is inde, and has i.i.d. components with each component pendent of being zero-mean Gaussian with variance . According to Lemma 1, the Gaussian MAC defined in (60) has the same capacity–equivocation region as the Gaussian MAC defined in (62). Theorem 8: For the Gaussian MAC with one confidential message defined in (60), the capacity-equivocation region is given by

(63) where indicates the correlation between the inputs from users 1 and 2. Proof: See Appendix VI. Corollary 5: The secrecy capacity region of the Gaussian MAC with one confidential message defined in (60) is

(64)

where

is determined by the following equation: (66)

Proof: The proof follows directly from Theorem 8 by using the perfect secrecy condition . Fig. 10 plots the secrecy capacity of Gaussian MACs with one confidential message for three user-1-to-user-2 also signal-to-noise ratio (SNR) values. The lines of serve as the (upper) boundaries of the secrecy capacity regions . It can be seen that as if we view the vertical axis as user-1-to-user-2 SNR decreases, which implies that the noise level at user 2 increases, user 2 becomes more confused by the channel outputs. Thus, the secrecy capacity region enlarges. As user-1-to-user-2 SNR approaches zero, the secrecy capacity region approaches the entire capacity region of the Gaussian MAC, which means that perfect secrecy is achieved for almost all points in the capacity region of the Gaussian MAC. VI. CONCLUSION In this paper, we have studied the capacity–equivocation region of the MAC with confidential messages. We have obtained an achievable rate–equivocation region (inner bound on the capacity–equivocation region) for the MAC with two confidential messages. We have further derived an equivalent but explicit form for the achievable rate–equivocation region. This achievable rate–equivocation region demonstrates a tradeoff between the secrecy levels achieved for the two confidential messages sent by the two users. We have further studied the MAC with one confidential message, and we have derived inner and outer bounds on the corresponding capacity–equivocation region. Although the two bounds match only partially, they are tight enough to characterize the secrecy capacity region, within which the confidential message sent by user 1 is perfectly hidden from user 2. For the special case of the degraded MAC, we have established the exact capacity–equivocation region. We have further derived the capacity–equivocation region for two classes of MACs: the binary and the Gaussian MACs with one confidential message. APPENDIX I PROOF OF THEOREM 1 We first show that the region given in (27) is achievable. in Theorem 1 is achievable follows by prefixing Then, that two discrete memoryless channels as described at the beginning of Section III-B. We present the proof in four steps. In step 1, we prove existence of a certain codebook based on a random coding technique, which is different from the nonrandom code construction used in [3]. Our random coding proof is also different from the



989

Fig. 10. Secrecy capacity regions of Gaussian MACs with one confidential message and capacity region of corresponding Gaussian MAC.

proof in [2] in that the codeword ensemble contains only typical sequences, which makes equivocation computation convenient. In step 2, we define our encoding scheme. In step 3, we compute the equivocation rates. The technique follows [3, Sec. IV]. In step 4, we consider other cases in which the encoding scheme is slightly different from the case considered in the preceding steps. The main idea of the proof is similar to that in [2] and is briefly described as follows. We show that for each user there exists a codebook that consists of a number of subcodebooks. The destination can successfully decode over the entire codebooks of the two users. However, the wiretapper can successfully decode the codeword sent by the other user only when it knows to which subcodebook the codeword belongs, i.e., the wiretapper decodes only within each subcodebook. Hence, mapping messages to different subcodebooks confuses the wiretapper and achieves perfect secrecy. Step 1: : Existence of Certain Codebook We consider the following joint distribution:

We use to denote the strongly jointly -typical set (see [30, Sec. 1.2]) based on the distribution . Consider a given rate triple , where is given in (30). We wish to find a codebook that achieves with small probability of error, and that achieves and . We consider certain equivocation rates that satisfy the following conditions: (67)

and (68) or

The cases in which

will be considered in step 4. , we consider the folFor the given rate triple lowing codebook (see Fig. 11): ;

(69) , where all codewords are strongly typical, i.e., , and for all , and the numbers of codewords are defined as follows:

and

(70)

We define the following probabilities of error when the codeand are transmitted by user 1 and user 2, words respectively Error probability for the destination to decode and Error probability for user 2 to decode given


990


Proof of Lemma 2: We prove the lemma using a random coding technique. We define the following sum of error probabilities: (74)

Fig. 11. Codebooks for users 1 and 2.

Error probability for user 1 to decode given

(71)

over a random codebook enWe show that the average of semble is small for sufficiently large codeword length . Then, is small for there must exist at least one codebook such that sufficiently large . , we construct For a given distribution random codebooks by the following generating steps. codewords , each uniformly drawn from 1. Generate the set . Index , . , generate codewords , each uni2. For each . Index , formly drawn from the set . , generate codewords , each uni3. For each formly drawn from the set . Index , . and are transmitted by Suppose the codewords user 1 and user 2, respectively. We define the following decoding strategies at the destination, user 1 and user 2. and are 1. The destination declares that the indices of if there is a unique group of such indices such that

Let

denote the probability that codewords and are transmitted by user 1 and user 2, respectively. We further define the following average probabilities of error:

and

(72)

The following lemma assures the existence of a certain codebook, which will be used for encoding in step 2. Lemma 2: For any , there exists a codebook as described in (69), such that, for sufficiently large and

2. User 2, given , declares that the index of if there is a unique such that

is

3. User 1, given , declares that the index of if there is a unique such that

is

We can compute by following the standard techindicates averaging over niques as in [22, Ch. 14], where ; we the random codebook ensemble. Now choose can show that

(73)

(75)

In Fig. 11, we illustrate an example codebook that is described in the preceding lemma. Each row in the codebook is a subcodebook. If each of the two users randomly chooses one codeword from its codebook and sends it over the channel, the destination can decode these pair of codewords with small av. However, each user as erage error probability, because a receiver can only decode the codeword sent by the other user with small average probability of error if it knows to which row and the transmitted codeword belongs. This is because . Therefore, while the destination decodes reliably over the entire codebook, the two users decode reliably only within rows of the codebook.

for sufficiently large codeword length , by using the fact that and the sizes of indices and are and , respectively. Hence, there exists one codebook such that for sufficiently large codebook size (76) This leads to the conclusion that for sufficiently large codebook size


and

(77)


Step 2: Encoding Based on the codebook given in Lemma 2, we define an enwith coding strategy to achieve the given rate tuple certain equivocation rates . The equivocation rates will be computed in Step 3. We first assume that and The cases where

or will be considered in Step 4. , We denote the common message by and denote the confidential messages by and , respectively. We further define the following sets: and where

(78)

are defined in (70). We denote

991

The idea of the above encoding strategy is as follows. From Step 1, it is clear that users decode reliably within rows of the codebook and are not able to decode across different rows. Hence, each user tries to map its confidential message across different rows of the codebook to prevent the other user from decoding these messages. We note that the above technique of partitioning the codebook into subcodebooks and mapping each message to a subcodebook is similar to the random binning technique (see, e.g., [31]). However, the partitioning and mapping in this paper are performed over a deterministic codebook that we constructed in Step 1. This deterministic property is necessary to compute the equivocation rate in Step 3. The codebook in [31] for binning is random and cannot serve the purpose of computing equivocation rate. Step 3: Equivocation Computation The codebook given in Lemma 2 in Step 1 and the encoding functions defined in (84) in Step 2 determine the following joint probability distribution:

(79) where

and (85)

We denote (80) where

and

We define the following mappings: partitioning

into

nearly equal size partitioning into nearly equal size

where is the indicator function that is if its argument is and are true, and is otherwise. In (85), uniform distributions, i.e., the messages are uniformly chosen from the three message sets. The encoding function is a deterministic one-to-one mapping. The distributions and are determined by the random mapping and (referred to as “stochastic encoders” in functions Section II) as defined in (84) in Step 2, respectively. For the joint distribution given in (85), we note the following two Markov chain conditions (same as those in (2) and (3)): (86)

subsets with and

(87)

subsets with (81)

We first compute the following equivocation rate of

:

where “nearly equal size” means (82) and (83) The encoders at users 1 and 2 are defined in the following: mapping mapping and where is chosen

mapping uniformly from the set mapping and mapping where is chosen uniformly from the set (84)

(88) where follows from the Markov chain condition given in (86), the first term in follows because


(89)

992


and the second term in follows because is independent given . of We now compute the four terms in (88) one by one. To compute the first term, we first show the following useful lemma given in [3]. Lemma 3 [3]: Consider a discrete random variable with the mass points and probability mass function satisfying (90) Then (91) Proof: Let for Let (96) and We have

where and are small for sufficiently large , , and from the definition that because

by assumption. Hence

follows follows

(92) where the second inequality follows because can then bound the entropy of as follows:

. We

(97) To compute the third term in (88), we define if there is a unique such that

(93)

arbitrary

otherwise. (98)

Then For the first term in (88), we note that for each , has possible values. According to the encoding mapping defined in (84), we have function (94) By using Lemma 3, we obtain

(99) (95)

Therefore, by Fano’s inequality, we obtain

For the second term in (88), we have (100) where is small for sufficiently large . To compute the fourth term in (88), we define arbitrary

if otherwise.

We then obtain


(101)


993

is small for sufficiently large , and the second term where is small because in

(105) Therefore, the fourth term in (88) is (102) (106)

The first term in (102) can be bounded as

Substituting (95),(96), (100), and (106) into (88), we obtain

(107) where is small for sufficiently large . Similarly, we can also obtain (103) where is small for sufficiently large . To bound the second term in (102), we use Fano’s inequality and obtain

(108) where is small for sufficiently large . Hence, using the codebook given in Lemma 2 in Step 1 and the encoding functions defined in (84) in Step 2, the equivocation rates for sufficiently large are given by (109) and (110) Step 4: Other Cases In Step 1, we have assumed that and If , we generate codewords , and do not require in Lemma 2. We set . Similarly, , we set . if In Step 2, we have assumed that and If be the following:

, we change the encoder

to

mapping where is chosen uniformly from the set (111)

(104)

In this case, note that the number of codewords is less than the number of rows in the codebook. The encoding strategy is to map each codeword to each row. It is expected that in this case


994


the other user (user 2) is not able to decode any information, and hence user 1 achieves perfect secrecy. In fact, the first term of the equivocation rate in (88) becomes (112) , has posbecause for each sible equally likely values. All other terms in (88) remain the same as before. We hence have

(113) where is small for sufficiently large . Thus, for sufficiently large (114) and user 1 achieves perfect secrecy. We can similarly obtain that if user 2 achieves perfect secrecy, i.e.,

, Fig. 12. Regions

(115) Hence, in summary, for a given point the equivocation rate pairs in the set (28) are achievable.

, defined in

A(

R ;R ;R

) and

B(

the following, the region i.e.,

APPENDIX II PROOF OF THEOREM 2 In this appendix, we show that is equivalent to

R ;R ;R

) of (R

;R

).

remains unchanged;

(118) given in (14)

(116) which is given in (17). We first characterize given in (14) in a more convenient form. We define the following set of :

and To see this, we plot the two sets in Fig. 12. For any point that is in but not in , there exists a corresuch that sponding point and . Hence

(119)

For set

(117) given in (14), if we replace union over the with union over the set , as in

but are Therefore, those points that are in do not contribute new for not in . given in (118) is equivaWe now show that lent to the region given in (116). We first show



Case 1. If

. For a point , we consider the following four cases. and , then there exits , such that

995

By Fano’s inequality, we have (123) (120)

and (121) needs to Applying the bounds that satisfy to the preceding inequalities, it is clear that . Case 2. If and , then it is easy to check that . and , then it is easy to check that Case 3. If . Case 4. If and , then it is trivially true that . . We We now show that . We consider the first show following four cases. and , then we let Case 1. If and . From the first three bounds and , it that define is easy to check that . Hence, . and , then it can be shown that Case 2. If using reasoning similar to that used in Case 1. and , then let Case 3. If and . It is easy . Hence, to check that . and , then it is trivially true that Case 4. If . Finally, following reasoning similar to those of Case 1 and Case 2, it is easy to show that

if . where The following lemma is useful in the proof. Lemma 4: [3, Lemma 7]

We define the following auxiliary random variables:

and

(124)

which satisfy the following Markov chain conditions:

(125) We first consider

and respectively. APPENDIX III PROOF OF THEOREM 4 The following proof applies the techniques in the converse proofs of the capacity-equivocation region of the broadcast channel with confidential messages in [3] and the converse proof of the capacity region of the MAC [22, Ch. 14.3]. code for the MAC with one We consider a confidential message with the average block error probability . Then the probability distribution on is given by

(122) Authorized licensed use limited to: University of Illinois. Downloaded on October 24, 2008 at 02:35 from IEEE Xplore. Restrictions apply.

(126)

996


where follows from the chain rule and Fano’s inequality and follows from Lemma 4, and follows from (123), and in (124). the definitions of We also can write

follows from the chain rule and nonnegativity of muwhere tual information. Theorem 4 then follows from standard singleletter characterization (see, e.g., [22, Ch. 14.3]). APPENDIX IV PROOF OF THE CONVERSE FOR THEOREM 6

(127) where follows from the chain rule and nonnegativity of mufollows from the definition of in tual information, and (124) and the bound (126). We further have

Appendix III provides an outer bound on the capacity–equivocation region for the general discrete memoryless MAC with one confidential message, which provides only a partial converse. In the following proof, we apply the degradedness condition and prove a tight converse for the degraded MAC with one confidential message. Our proof applies the techniques in the converse proofs for the wiretap channel in [2] and for the MAC in [22, Ch. 14.3]. If we compare the following proof with the proof in Appendix III, the degradedness condition helps reduce the number of auxiliary random variables and simplify manipulation of random variables. In fact, in the following proof, for we need to introduce only the auxiliary random variable , which has the same definition with in Appendix III, but which serves the converse proof purpose here. According to Lemma 1, it is sufficient to show the converse for the physically degraded MAC in the following. code for the MAC with one We consider a confidential message with average block error probability . Then the probability distribution on is given by

(130) By Fano’s inequality, we have (131) if . where We define the following auxiliary random variable: (128) follows because is independent of where conditioning does not increase entropy. Finally, we have

and

(132) Note that and form Markov chains. We first consider

(129)



997

(133) follows from Fano’s inequality, follows because where is independent of given , and follows from the degradedness condition, i.e., is indepengiven . dent of and obtain We proceed to bound

(135) where follows from Fano’s inequality, follows from the folchain rule and nonnegativity of mutual information, and lows from (134). The proof of the next two inequalities follows the converse proof for the MAC in [22]. For completeness, we include those steps here.

(136) (134) where the second term of follows because is independent of everything else given ; the third term of follows because conditioning does not increase entropy, and the follows because is independent of everyfourth term of , the third term of follows from thing else given the degraded condition, i.e., is independent of everything , and follows from the definition of else given given in (132). We further have

where follows from the partial step in (128), follows from the Markov chain condition , and follows because is independent of everything else . given We also have


998


(137) The converse for Theorem 6 then follows by standard singleletter characterization.

is a binary random vector with i.i.d. components and where has the distribution where . Then (140) with equality if and only if for and

APPENDIX V PROOF OF THEOREM 7 Proof of the Achievability: We apply Theorem 6 to show that the capacity–equivocation region (56) is achievable. Let and be independent binary random variables with alphabet . We choose the following joint distribution:

has independent components, .

Note that the vectors and defined as in Lemma 6 can be viewed as inputs and outputs of a BSC with crossover probability . We now apply the converse bounds obtained in Appendix IV, and further derive these bounds for the binary MAC. From (136), we obtain

(138) We now compute the mutual information terms in the region given in (49) in Theorem 6 based on the preceding joint distribution.

(141) where the equality follows from the deterministic property of the MAC that implies

Since for

are binary random variables, . Hence (142)

It is clear that there exists a parameter

such that (143)

Substituting the preceding equation into (141), we obtain (144) From (137), we obtain and (145) From (134), we obtain Proof of the Converse: We first introduce two useful lemmas. Lemma 5: [29] The function (where is a fixed parameter) is strictly convex in .

(146) where obtain

follows from (143). For the second term in (146), we

The following lemma is a binary version of the entropy power inequality. and

Lemma 6: [29] Consider two binary random vectors . Suppose , and for

(139)


(147)


where

follows because is a deterministic function of , and follows from because is conditionally independent of everything else given . Since in (55) is independent of and , we apply Lemma 6 to bound the term

999

and

(152)

Proof of the Converse: We further derive the bounds obtained in Appendix IV for the degraded Gaussian MAC. From (136), we obtain

(153) (148)

For the first term in the preceding inequality, we have

where indicates expectation with respect to the distribufollows from Lemma 6, tion of the random variable , follows from Lemma 5 and Jensen’s inequality, and follows from (143). Substituting (148) into (147), we obtain (149) Substituting (149) into (146), we obtain (150) From (135), we obtain (154) follows from Jensen’s inequality, and where the expectation value of the random variable . On the other hand

indicates

(155) Combining (154) and (155), we establish that there exists such that some (151) follows from (133), follows from the chain rule where follows from and nonnegativity of mutual information, and (149). APPENDIX VI PROOF OF THEOREM 8 According to Lemma 1, it is sufficient to show Theorem 8 for the physically degraded Gaussian MAC defined in(62). Proof of the Achievability: The achievability follows by computing the mutual information terms in Theorem 6 with the following joint distribution:

(156) Substituting (156) into (153), we obtain the bound for (157) For the term lowing bound:

is independent of Authorized licensed use limited to: University of Illinois. Downloaded on October 24, 2008 at 02:35 from IEEE Xplore. Restrictions apply.

, we also derive the fol-

1000


(158) and follows from Jensen’s inequality, and where indicates the variance of the random variable . Comparing (156) and (158), we have

(161) follows from Jensen’s inequality, and follows where follows from (159). from Cauchy–Schwarz inequality, and Substituting (161) into (160), we obtain (159) (162) From (134), we obtain

where . From (137), we obtain

(160) For the first term in the preceding inequality, we obtain

(163) in (163), we first To bound the term derive the following bound. Since is independent of given and , by the entropy power inequality (see, e.g., [22, Sec. 16.6, Theorem 16.6.3]), we obtain

We then obtain



Taking the expectation on both sides of the preceding equation, we obtain

where (164).

1001

follows from (160) and (161), and

follows from

ACKNOWLEDGMENT The authors would like to thank the reviewers and the Associate Editor for their comments and suggestions, which have led to much improvements in presentation and organization of the paper. REFERENCES where

follows from Jensen’s inequality and the fact that is a convex function. Summing over the index , the preceding inequality becomes

where follows from Jensen’s inequality, and follows from (156). Applying the preceding bound to the term , we obtain

(164) Substituting the preceding bound into (163), we obtain

(165) From (135), we obtain

(166)

[1] C. E. Shannon, “A mathematical theory of communication,” Bell Syst. Tech. J., vol. 27, pp. 379–423, 1948. [2] A. D. Wyner, “The wiretap channel,” Bell Syst. Tech. J., vol. 54, no. 8, pp. 1355–1387, Oct. 1975. [3] I. Csiszár and J. Körner, “Broadcast channels with confidential messages,” IEEE Trans. Inf. Theory, vol. IT-24, no. 3, pp. 339–348, May 1978. [4] A. Carleial and M. Hellman, “A note on Wyner’s wiretap channel,” IEEE Trans. Inf. Theory, vol. IT-23, no. 3, pp. 387–390, May 1977. [5] S. K. Leung-Yan-Cheong, “On a special class of wiretap channels,” IEEE Trans. Inf. Theory, vol. IT-23, no. 5, pp. 625–627, Sep. 1977. [6] S. K. Leung-Yan-Cheong and M. E. Hellman, “The Gaussian wiretap channel,” IEEE Trans. Inf. Theory, vol. IT-24, no. 4, pp. 451–456, Jul. 1978. [7] H. Yamamoto, “Coding theorem for secret sharing communication systems with two noisy channels,” IEEE Trans. Inf. Theory, vol. 35, no. 3, pp. 572–578, May 1989. [8] H. Yamamoto, “A coding theorem for secret sharing communication systems with two Gaussian wiretap channels,” IEEE Trans. Inf. Theory, vol. 37, no. 3, pp. 634–638, May 1991. [9] M. van Dijk, “On a special class of broadcast channels with confidential messages,” IEEE Trans. Inf. Theory, vol. 43, no. 2, pp. 712–714, Mar. 1997. [10] C. Mitrpant, A. J. H. Vinck, and Y. Luo, “An achievable region for the Gaussian wiretap channel with side information,” IEEE Trans. Inf. Theory, vol. 52, no. 5, pp. 2181–2190, May 2006. [11] P. Parada and R. Blahut, “Secrecy capacity of SIMO and slow fading channels,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Adelaide, Australia, Sep. 2005, pp. 2152–2155. [12] H. Koga and N. Sato, “On an upper bound of the secrecy capacity for a general wiretap channel,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Adelaide, Australia, Sep. 2005, pp. 1641–1645. [13] M. Hayashi, “General nonasymptotic and asymptotic formulas in channel resolvability and identification capacity and their application to the wiretap channel,” IEEE Trans. Inf. Theory, vol. 52, no. 4, pp. 1562–1575, Apr. 2006. [14] R. Liu, I. Maric, P. Spasojevic, and R. Yates, “Discrete memoryless interference and broadcast channels with confidential messages,” in Proc. 44th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2006, pp. 305–313. [15] Y. Liang, H. V. Poor, and S. Shamai (Shitz), “Secure communication over fading channels,” IEEE Trans. Inf. Theory, Special Issue on Information-Theoretic Security, to be published. [16] Y. Oohama, “Coding for relay channels with confidential messages,” in Proc. IEEE Information Theory Workshop (ITW), Cairns, Australia, Sep. 2001, pp. 87–89. [17] L. Lai and H. El Gamal, “The relay-eavesdropper channel: Cooperation for secrecy,” IEEE Trans. Inf. Theory, submitted for publication. [18] Y. Liang, A. Somekh-Baruch, H. V. Poor, S. Shamai (Shitz), and S. Verdú, “Cognitive interference channels with confidential messages,” in Proc. 45th Annu. Allerton Conf. Communication, Control and Computing, Monticello, IL, Sep. 2007. [19] E. Tekin and A. Yener, “Achievable rates for two-way wiretap channels,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Nice, France, Jun. 2007, pp. 941–945. [20] R. Ahlswede, “Multi-way communication channels,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Tsahkadsor, Armenian S.S.R., 1971, pp. 23–52, Publishing House of the Hungarian Academy of Sciences, 1973. [21] H. Liao, “Multiple Access Channels,” Ph.D. dissertation, Uni. Hawaii, Dept. Elec. Eng., Honolulu, HI, 1972. [22] T. M. Cover and J. A. Thomas, Elements of Information Theory. New York: Wiley, 1991.


1002


[23] V. V. Prelov, “Transmission over a multiple-access channel with a special source heirarchy,” Probl. Inform. Transm., vol. 20, no. 4, pp. 3–10, Oct.–Dec. 1984. [24] R. Liu, I. Maric, R. Yates, and P. Spasojevic, “The discrete memoryless multiple access channel with confidential messages,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Seattle, WA, Jul. 2006, pp. 957–961. [25] E. Tekin and A. Yener, “The Gaussian multiple access wiretap channel,” IEEE Trans. Inf. Theory, submitted for publication. [26] D. Slepian and J. K. Wolf, “A coding theorem for multiple access channels with correlated sources,” Bell Syst. Tech. J., vol. 52, pp. 1037–1076, 1973. [27] E. C. van der Meulen, “The discrete memoryless channel with two senders and one receiver,” in Proc. IEEE Int. Symp. Information Theory (ISIT), Tsahkadsor, Armenian S.S.R., 1971, Publishing House of the Hungarian Academy of Sciences, 1973.

[28] J. Körner and K. Marton, “Comparison of two noisy channels,” in Topics in Information Theory, Keszthely (Hungary), 1975. Amsterdam, The Netherlands: North-Holland, 1977, Colloquia Math. Soc. János Bolyai. [29] A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: Part I,” IEEE Trans. Inf. Theory, vol. IT-19, no. 6, pp. 769–777, Nov. 1973. [30] I. Csiszár and J. Körner, Information Theory: Coding Theorems for Discrete Memoryless Systems. Budapest, Hungary: Akadémiai Kiadó, 1981. [31] A. El Gamal and E. van der Meulen, “A proof of Marton’s coding theorem for the discrete memoryless broadcast channel,” IEEE Trans. Inf. Theory, vol. IT-27, no. 1, pp. 120–122, Jan. 1981.
