3.4 Proofs

3.4.3 Proof of Theorem 11

Proof of Theorem 11. The idea of the proof is very similar to the proof of Lemma 4. The essence of the proof is that we will start with a secure code for network N¯e(Rc,0) and we will construct a secure code for networkN. Specifically we will show how to achieve any pointR inside the secrecy rate region of network Ne¯(Rc,0) at network N. The two networksNe¯(Rc,0) and N are identical except from edge ¯ewhere at networkNe¯(Rc,0) edge ¯eis a noiseless bit pipe that can carry up toRc

bits per channel use whereas edge ¯e in networkN is a noisy degraded broadcast channel with the propertyR_c<max

p(x)

I(X, Y)−max

p(x)

I(X, Z). This property is essential so that one can apply a secure channel such as the one derived by Wyner [17] and carry the information traveling edge ¯esecurely.

Specifically the information bitsCⁿ transversing edge ¯eof networkNe¯(R_c,0) will be mixed with some random bitsPⁿin networkN to ensure the security of the code for networkN. To prove that an eavesdropper gets a very small mutual information with the message by choosing any eavesdropping set E∈A we would make use of an auxiliary networkIshown in Figure 3.5. Network Iis similar to network N with the addition that for every eavesdropping set E where ¯e∈E we add a receiver that has access to the whole message W, the eavesdropper’s observation (Z^E\{¯e})ⁿ, the degraded outputZⁿ from the channel in edge ¯eand a noiseless bit of capacityCE carrying bits (the value of CEis defined in equation (3.49)) from a “super source” that has access to (Cⁿ, Pⁿ) the information transversing edge ¯eat networkN, message W and the eavesdropper’s observation (Z^E\{e¯})ⁿ. The additional receiver corresponding to eavesdropping setE demands messageW, the eavesdropping observations (Z^E\{e¯})ⁿ and the information (Pⁿ, Cⁿ) input to edge ¯e. These additional receivers assist in the proof of the secrecy of the code for those eavesdropping set E ∈ A such that ¯e∈ E in the following manner: the sum of capacities of (W,(Z^E\{¯e})ⁿ, Zⁿ, Lⁿ_E) (whereLⁿ_E are the bits in the noiseless bit pipe of capacity CE) that are all the incoming links to the auxiliary receivers is almost equal to the entropy of (Pⁿ, Cⁿ, W,(Z^E\{¯e})ⁿ) that correspond to the decoded message at the auxiliary receivers and therefore all links are filled up to capacity. Therefore there is no spare

capacity at links ((Z^E\{¯e})ⁿ, Zⁿ) to carry any information about messageW and therefore the code is secure. The proof of secrecy for eavesdropping setsE∈Asuch that ¯e /∈E is derived identical to equation (3.38) of the proof of Lemma4 and therefore is skipped. The details of the proof for those E∈Asuch that ¯e∈E follow below.

Fix any rate R inside the secrecy rate region of networkNe¯(Rc,0), i.e. R∈ int(R(N(Re¯), A)) and choose some ˜R∈int(R(N(Re¯), A)) such that ˜R^(i→B)> R^(i→B)for alli∈ V andB ∈ B⁽ⁱ⁾ with R^(i→B) > 0. Then for any λ > 0 and ε > 0 there is a solution of blocklength n and rate ˜R for networkN¯e(Rc,0) such that Pr

(W˘˜^(j→K,i)̸= ˜W^(j→K) )

< λfor all (j,K) withK ∈ B^(j),i∈ K and R^(j→K)>0, andI(

( ˜Z^E)ⁿ; ˜W)

< nεfor allE∈A, where the tilde on the eavesdropper’s observation ( ˜Z^E)ⁿ and the message ˜W refers to the fact that the code operates at rate ˜R. By carefully choosing parameterλit was shown in the proof of Theorem 8 one can create a (2^{−N δ}, ε, R)–S(N¯e(R_c,0), A) solution for the stacked network Ne¯(R_c,0). One can use code (2^{−N δ}, ε, R)–S(Ne¯(R_c,0), A) along with some channel encoder/decoder {aN t, bN t}^Nt=1 pair and find a secure solution for the stacked networkN where the noiseless bit pipe of edge ¯ehave been replaced by a noisy degraded broadcast channel. The channel code works as follows: At each time step t ∈ {1, . . . , n} once the bits ˜C_t on edge ¯e of network N(Re¯) have been received they are transmitted through the noisy channel along withN(max_p(x)I(X;Z)−ε) random bits denoted by ˜P_t. The random bits ˜P_tare generated independently across different timestand independent of the messageW and the noise randomness.

Therefore the entropyH(P˜ⁿ)

of the random bits across thentime steps is equal to

H(P˜ⁿ)

=nN (

max

p(x)

I(X;Z)−ε )

(3.48)

and the rateRp of the random bits equal toRp= maxp(x)I(X;Z)−ε.

Therefore at each time steptthere is a total ofN(Rc+Rp) bits delivered at the input of edge ¯e and have to be conveyed through the degraded broadcast channel that replaced the noiseless bit pipe of rate R_c of networkN¯e(R_c,0). TheN(R_c+R_p) bits at each time step correspond to 2^N(Rc+Rp) incoming messages m_t(i), i ∈ {

1, . . . ,2^N(Rc+Rp)}

at edge ¯e. The channel encoders a_N,t at each time stepthave assigned to each one of the 2^N(Rc+Rp)incoming messagesmt(i) a randomN–tuple X˜_t(i) =

(X˜t1(i), . . . ,X˜tN(i) )

where ˜Xtj(i), j ∈ {1, . . . , N} are chosen from the distribution p(x) that gives rise to the corresponding mutual informations max_p(x)I(X;Y) and max_p(x)I(X;Z) of the noisy degraded broadcast channel ¯e. This mapping is revealed to both the eavesdropper and V2(¯e) that is the output of ¯e. Once the N(Rc +Rp) public and confidential bits at time t are ready for transmission then the correspondingN–tuple is transmitted through theN noisy channels across the N layers and the intended receiver gets ˜Y_t. From the received N–tuple ˜Y_t the decoder finds the N–tuple ˜X_t(i) corresponding to the transmitted message m_t(i) so that ( ˜X_t(i),Y˜_t) are jointly typical, i.e. find message m_t(i) such that ( ˜X_t(i),Y˜_t) ∈ A^(N_t,γ⁾( ˜X,Y˜) where the definition

A^(N)_t,γ ( ˜X,Y˜) is given in (3.27). As shown in equation (3.29) one can chooseγ appropriately so that the probability that the channel code fails drops exponentially fast. At a later point in the proof it is going to be useful to mention that if one has access to the bits ˜C_t transversing edge ¯eand the degraded output ˜Z_t of edge ¯e then one can decode the random bits ˜P_t. Indeed from the received N–tuple ˜Z_t one can find N–tuple ˜X_t(i) corresponding to the transmitted message mt(i) so that ( ˜X_t(i),Z˜_t) are jointly typical,i.e. find messagem_t(i) such that ( ˜X_t(i),Z˜_t)∈A^(N_t,β⁾( ˜X,Z) where the˜ definition A^(N_t,β⁾( ˜X,Z˜) is given in (3.33). The probability that there are more than one sequences X˜_t(j), ˜X_t(k) withj ̸=kthat are jointly typical with the received sequence ˜Z_tis upper bounded by 2^{N Rp}2^{−N(maxp(x)I(X;Z)−3β)} and by choosingβ = ¹₆max_p(x)I(X;Z) makes the probability of error to drop exponentially fast with the number of layersN.

By setting the capacity CE of the side channel to each auxiliary receiver equal to C_E= 1

nH(C˜ⁿ|( ˜Z^E\{e¯})ⁿ,W˜)

+ε. (3.49)

then the side channel has the necessary capacity to transfer enough bits so that the auxiliary re- ceiver is able to decode bits ˜Cⁿ. Indeed since each auxiliary receiver has access to message ˜W and eavesdropper’s observation ( ˜Z^E\{e¯})ⁿ by defining the notion of typical set for tuple ( ˜w,(˜z^E\{¯e})ⁿ) as

A^(N)_ν (W ,˜ ( ˜Z^E\{¯e})ⁿ)

= {

( ˜w,(˜z^E\{¯e})ⁿ) : −1

N logp( ˜w)−H( ˜W) ≤ν, −1

N logp((˜z^E\{¯e})ⁿ)−H(

( ˜Z^E\{e¯})ⁿ)≤ν, −1

N logp( ˜w,(˜z^E\{e¯})ⁿ)−H(W ,˜ ( ˜Z^E\{¯e})ⁿ)≤ν }

.

and the notion of conditionally typical ˜cⁿ given a typical ( ˜w,(˜z^E\{e¯})ⁿ) as A^(N_ν ⁾( ˜Cⁿ|w,˜ (˜z^E\{e¯})ⁿ) =

{

˜ cⁿ:

−1

N logp(˜cⁿ,w,˜ (˜z^E\{¯e})ⁿ)−H(C˜ⁿ,W ,˜ ( ˜Z^E\{e¯})ⁿ)≤ν }

.

one can prove similarly to (3.25) that the size of the conditionally typical setA^(Nν ⁾( ˜Cⁿ|w,˜ (˜z^E\{¯e})ⁿ) is upper bounded by

A^(N)_ν ( ˜Cⁿ|w,˜ (˜z^E\{e¯})ⁿ)≤2^{N[H( ˜Cn|W ,( ˜˜ ZE\{¯e})n)+2ν]}.

By using the Chernoff bound as in Lemma 8 of [31] it can be proved that the probability of observing an atypical ˜w,(˜z^E\{e¯})ⁿor a conditionally atypical ˜cⁿfor a typical ( ˜w,(˜z^E\{e¯})ⁿ) drops exponentially fast. Similar to the proof of Lemma 4 we only consider the case of typical ˜cⁿ given a typical ( ˜w,(˜z^E\{¯e})ⁿ) since the observing an atypical tuple has exponential small probability and will be

regarded as an error event. By settingν=ε/4 the error free channel has enough capacity to transfer allN[H( ˜Cⁿ|W ,˜ ( ˜Z^E\{¯e})ⁿ) + 2ν] bits needed to describe all typical ˜cⁿ during the nN channel uses of the noiseless bit pipe and therefore allowing the auxiliary receiver to decode ˜cⁿ. So far we have started with a rate ˜Rsecure code for networkN¯e(Rc,0) and constructed code for a stacked version of networkIin Figure 3.5. The sources of error for the constructed code of networkIare when the code for the stack networkN¯e(Rc,0) fails or when the channel code at edge ¯efails or when tuple ( ˜w,(˜z^E\{¯e})ⁿ) or ˜cⁿ are atypical. The overall probability of decoding error for the stacked version of network Ican be made less than valueλby choosing the number of layersN of the stack large enough.

In order to prove the security of the constructed code for networkN we first need to upper bound H(P˜ⁿ,C˜ⁿ,( ˜Z^E\{e¯})ⁿ,W˜|Z˜ⁿ,( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)

. Since the message ˜W, the public bits ˜Pⁿ, the confidential bits ˜Cⁿ and the eavesdropper’s observation ( ˜Z^E\{e¯})ⁿ can be decoded with probability of error at mostλthen due to Fano’s inequality [60]

EC

[

H(P˜ⁿ,C˜ⁿ,( ˜Z^E\{e¯})ⁿ,W˜|Z˜ⁿ,( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)]

=EC

[

H(P˜ⁿ,C˜ⁿ|Z˜ⁿ,( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)]

≤h(λ) +nN(Rc+Rp)λ (3.50)

From the definition of mutual information we get EC

[

I(P˜ⁿ,C˜ⁿ,( ˜Z^E\{¯e})ⁿ,W˜; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)]

=E_C[

H(P˜ⁿ,C˜ⁿ,( ˜Z^E\{¯e})ⁿ,W˜)]

−E_C[

H(P˜ⁿ,C˜ⁿ,( ˜Z^E\{e¯})ⁿ,W˜|Z˜ⁿ,( ˜Z^E\{¯e})ⁿ,L˜ⁿ_E,W˜)]

(a)≥E_C[

H(P˜ⁿ,C˜ⁿ,( ˜Z^E\{e¯})ⁿ,W˜)]

−h(λ)−nN(Rp+Rc)λ

(b)≥EC

[ H(

( ˜Z^E\{e¯})ⁿ,W˜)]

+EC

[

H(C˜ⁿ|( ˜Z^E\{¯e})ⁿ,W˜)]

+EC

[

H(P˜ⁿ|C˜ⁿ,( ˜Z^E\{e¯})ⁿ,W˜)]

−nN ε

(c)=EC

[ H(

( ˜Z^E\{e¯})ⁿ,W˜)]

+EC

[

H(C˜ⁿ|( ˜Z^E\{e¯})ⁿ,W˜)]

+EC

[

H(P˜ⁿ)]

−nN ε

(d)=E_C[ H(

( ˜Z^E\{e¯})ⁿ,W˜)]

+NE_C[

H(C˜ⁿ|( ˜Z^E)ⁿ,W˜)]

+E_C[

H(P˜ⁿ)]

−nN ε

(e)=E_C[ H(

( ˜Z^E\{¯e})ⁿ,W˜)]

+nN(CE−ε) +E_C[

H(P˜ⁿ)]

−nN ε

=EC

[ H(

( ˜Z^E\{¯e})ⁿ,W˜)]

+nN(CE−2ε) +EC

[

H(P˜ⁿ)]

(3.51) where (a) holds due to (3.50), (b) holds since we chooseλsmall enough so thath(λ) +n(Rp+Rc)λ <

nε, (c) holds since the public bits ˜Pⁿ are chosen independently of the message ˜W, the confidential bits ˜Cⁿ and the noise inserted in the network, (d) holds since the information bits on the different layers of the stacked network are independent, and (e) follows from equation (3.49).

By applying the chain rule on mutual informationI(P˜ⁿ,C˜ⁿ,( ˜Z^E\{¯e})ⁿ,W˜; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)

we get similarly to inequality (3.42) EC

[

I(P˜ⁿ,C˜ⁿ,( ˜Z^E\{¯e})ⁿ,W˜; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ,L˜ⁿ_E,W˜)]

≤E_C[ H(

( ˜Z^E\{¯e})ⁿ,W˜)]

+E_C[

H(L˜ⁿ_E)]

+E_C[

I(P˜ⁿ,C˜ⁿ,( ˜Z^E\{e¯})ⁿ,W˜; ˜Zⁿ|( ˜Z^E\{¯e})ⁿ,L˜ⁿ_E,W˜)]

≤EC

[ H(

( ˜Z^E\{¯e})ⁿ,W˜)]

+nN CE+EC

[

I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|( ˜Z^E\{¯e})ⁿ,L˜ⁿ_E,W˜)]

ThereforeEC

[ H(

( ˜Z^E\{e¯})ⁿ,W˜)]

+nN(C_E−2ε)+EC

[

H(P˜ⁿ)]

≤EC

[ H(

( ˜Z^E\{¯e})ⁿ,W˜)]

+nN C_E+ E_C[

I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)]

or equivalently E_C[

H(P˜ⁿ)]

≤E_C[

I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|( ˜Z^E\{e¯})ⁿ,L˜ⁿ_E,W˜)]

+ 2nN ε. (3.52)

Moreover since ˜W ,L˜ⁿ_E,P˜ⁿ,C˜ⁿ,( ˜Z^E\{e¯})ⁿ →X˜ⁿ,( ˜Z^E\{e¯})ⁿ→Z˜ⁿ,( ˜Z^E\{¯e})ⁿ we get from the data processing inequality thatI(W ,˜ L˜ⁿ_E,P˜ⁿ,C˜ⁿ,( ˜Z^E\{¯e})ⁿ; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ)

≤I(X˜ⁿ,( ˜Z^E\{e¯})ⁿ; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ) and by using the chain rule in the left hand side of this inequality we get

I(W˜; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ)

+I(L˜ⁿ_E,( ˜Z^E\{¯e})ⁿ; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ|W˜)

+I(P˜ⁿ,C˜ⁿ; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ|W ,˜ L˜ⁿ_E,( ˜Z^E\{e¯})ⁿ)

≤I(X˜ⁿ,( ˜Z^E\{¯e})ⁿ; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ)

. (3.53)

The right hand side of inequality (3.53) can be expanded as EC

[

I(X˜ⁿ,( ˜Z^E\{¯e})ⁿ; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ)]

=EC

[

H(Z˜ⁿ,( ˜Z^E\{¯e})ⁿ)]

−EC

[

H(Z˜ⁿ,( ˜Z^E\{¯e})ⁿ|X˜ⁿ,( ˜Z^E\{e¯})ⁿ)]

(a)=EC

[

H(Z˜ⁿ)]

+EC

[ H(

( ˜Z^E\{¯e})ⁿ|Z˜ⁿ)]

−EC

[

H(Z˜ⁿ|X˜ⁿ)]

≤E_C[

I(X˜ⁿ; ˜Zⁿ)]

+E_C[ H(

( ˜Z^E\{e¯})ⁿ)]

=nNmax

p(x)I(X;Z) +EC

[ H(

( ˜Z^E\{¯e})ⁿ)]

. (3.54)

where equality (a) holds since ˜Zⁿ is conditionally independent of ( ˜Z^E\{¯e})ⁿ given ˜Xⁿ. Due to the fact that I(P˜ⁿ,C˜ⁿ; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ|W ,˜ L˜ⁿ_E,( ˜Z^E\{¯e})ⁿ)

= I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|W ,˜ L˜ⁿ_E,( ˜Z^E\{¯e})ⁿ) and combining (3.53), (3.54) we get

EC

[

I(W˜; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ)]

+EC

[

I(L˜ⁿ_E,( ˜Z^E\{¯e})ⁿ; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ|W˜)]

+EC

[

I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|W ,˜ L˜ⁿ_E,( ˜Z^E\{e¯})ⁿ)]

≤nNmax

p(x)

I(X;Z) +E_C[ H(

( ˜Z^E\{¯e})ⁿ)]

or sinceH(

( ˜Z^E\{e¯})ⁿ|W˜)

=I(L˜ⁿ_E,( ˜Z^E\{¯e})ⁿ; ( ˜Z^E\{¯e})ⁿ|W˜)

≤I(L˜ⁿ_E,( ˜Z^E\{e¯})ⁿ; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ|W˜) EC

[

I(W˜; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ)]

+EC

[ H(

( ˜Z^E\{e¯})ⁿ|W˜)]

+EC

[

I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|W ,˜ L˜ⁿ_E,( ˜Z^E\{¯e})ⁿ)]

≤nNmax

p(x)

I(X;Z) +E_C[ H(

( ˜Z^E\{¯e})ⁿ)]

or elseEC

[

I(W˜; ˜Zⁿ,( ˜Z^E\{e¯})ⁿ)]

is upper bounded by E_C[

I(W˜; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ)]

≤nNmax

p(x)I(X;Z) +EC

[

I(W˜; ( ˜Z^E\{¯e})ⁿ)]

−EC

[

I(P˜ⁿ,C˜ⁿ; ˜Zⁿ|W ,˜ L˜ⁿ_E,( ˜Z^E\{e¯})ⁿ)]

(a)≤nNmax

p(x)

I(X;Z) +E_C[

I(W˜; ( ˜Z^E\{¯e})ⁿ)]

−E_C[

H(P˜ⁿ)]

+ 2nN ε

(b)≤nNmax

p(x)I(X;Z) +NEC

[

I(W˜; ( ˜Z^E\{e¯})ⁿ)]

−nN( max

p(x)I(X;Z)−ε)

+ 2nN ε

(c)≤4nN ε

where inequality (a) follows from (3.52) and inequality (b) holds since the messages ˜W are indepen- dent across different layers and equation (3.49) and inequality (c) holds since the code for network Ne¯(R_c,0) of rate ˜Ris secure,i.e. EC

[

I(W˜; ( ˜Z^E\{¯e})ⁿ)]

≤nε.

Since W → W˜ → Z˜ⁿ,( ˜Z^E\{¯e})ⁿ and the data processing inequality we get that we have con- structed a random code withE_C[

I(W; ˜Zⁿ,( ˜Z^E\{¯e})ⁿ)

]≤4nN ε. One can follow an analysis identical to the one used in equation (3.1) of Theorem 8 to prove that there is at least one deterministic code (3λ,12ε, R)–S(N, A) for networkN.