Secure Information Exchange for Omniscience
Chung Chan, Navin Kashyap, Praneeth Kumar Vippathalla and Qiaoqiao Zhou
Secure Information Exchange
Public
info.
F_0
F_1
F
Z_0
Private
info.
Z_1
Z_V
0
1
Network
Nodes
V
Target
info.
Y_0
Y_1
Y_V
Censored
info.
X_V
X_0
X_1
Interactive Public discussion
\frac{1}{n} I(F \wedge Y_{0}^n|Z_{0}^n) \to u_{0} (\text{utility})
\frac{1}{n} I(F \wedge Y_{1}^n|Z_{1}^n) \to u_{1}
\frac{1}{n} I(F \wedge X_{0}^n|Z_{0}^n) \to l_{0} (\text{leakage})
\frac{1}{n} I(F \wedge X_{1}^n|Z_{1}^n) \to l_{1}
\frac{1}{n} H(F_{0})\to r_{0}\\(\text{discussion rate})
\frac{1}{n} H(F_{1})\to r_{1}
\mathcal{R}:={closure}\{\text{$(u_V,\ell_V,r_V)$ achievable by some $F$}\}
Secure Information Exchange
- Private information extraction problem [Asoodeh et al 19]
- \( V =\{1,2\}\)
- \( Z_1 = (X_2, Y_2)\) and \(X_1\), \(Y_1\), \(Z_2\) are null
- Information bottleneck [Tishby et al 99]
- \(X_1\), \(Y_1\), \(X_2\) and \(Z_2\) are null
- Secure function computation [Tyagi et al 11]
Secure Omniscience Scenario
\text{ minimum leakage, } R_L
u_{1} \to H(Z_U|Z_1)
Z_U \text{ is censored info. of node } w
\text{complete recovery of } Z_U
Z_w
\text{active users in } A\\ \text{attain omniscience}
U
h
1
\text{helpers in } U\backslash A
\text{ with no target information}
w
\text{wiretapper}
Interactive Public discussion
F_0
F_h
F
\text{unlimited } r_1
\text{unlimited } r_2
Z_0
Z_h
Z_U
- Special case of secure information exchange
Problem Formulation
- Smallest achievable total discussion rate for omniscience \(r(V):=\sum_{i\in V} r_i\) is denoted by
$$ R_{CO} :=\inf \{ r(V) |(r_V,u_V,\ell_V)\in \mathcal{R}, u_i=H(Z_V|Z_i) \forall i\in A\} $$
- Minimum leakage
$$ R_{L} := \inf\{\ell_{w} | (u_V,\ell_V,r_V)\in \mathcal{R}, u_i=H(Z_V|Z_i)\,\forall i\in A\}$$
- When \(Z_w = \empty \), \(R_{CO} = R_L\)
- Wiretapper is not vocal and has no target info.
- Helpers have no target and censored info.
\(R_L\) and \(R_{CO}\) are not simultaneously achievable!
$$A:=\{1,2\} \subseteq U:=\{1,2,3\} \\ Z_w := (X_a+ X_b, X_b+ X_c)\\Z_1 := (X_a,X_b) \\Z_2 := (X_b, X_c)\\ Z_3 := (X_a+ X_b+ X_c)$$
$$R_{CO} = \min \{r(U): r_1+r_2 \geq 0, r_1+r_3 \geq 1, r_2+r_3 \geq 1\} =1$$
\((r_1,r_2,r_3)=(0,0,1)\) uniquely achieves it
\(X_a,X_b, \) and \( X_c\) are uniformly random and independent bits
\(F =(F_1,F_2)=(X_a^n+X_b^n,X_b^n+X_c^n)\)
\(F=F_3=Z_3^n\)
\(l_w = 1\) bit
\(l_w = 0\)
\(R_L = 0\)
Any scheme with \((r_1,r_2,r_3)=(0,0,1)\) cannot have \(R_L = 0\)
achieves omniscience
Main Results
Theorem 1 (Lower bound on minimum leakage)
For the secure omniscience scenario with \(|A| \geq 2\)
\(W\) is any random variable satisfying \( I(W\wedge Z_U | Z_w)=0\)
$$R_L \geq H(Z_U|Z_w) - C_S \geq R_{CO}(Z_U|W) - I(Z_U \wedge Z_w | W)$$
wiretapper secret key capacity
smallest communication rate for omniscience of the source \(Z_U\) for the active users who also have \(W\)
This theorem relates \(R_L\) and \(C_S/ R_{CO}\)
Proof Idea
use a discussion scheme that achieves \(R_{L}\) and privacy amplification technique [csiszar et al.'04] to extract a secret key at rate \(H(Z_U|Z_w)-R_{L}\leq C_S\) from the recovered source.
- For the first lower bound,
$$R_{L}\geq H(Z_U|Z_w)-C_S$$
follows from the upper bound [csiszar et al. '04] on \(C_S\), $$C_S\leq H(Z_U|W) - R_{CO}(Z_U|W)$$
- The second lower bound,
$$ H(Z_U|Z_w) - C_S \geq R_{CO}(Z_U|W) - I(Z_U \wedge Z_w | W)$$
Lower Bound is Not Tight
$$A:=\{1,2\} \subseteq U:=\{1,2,3\} \\ Z_w := X_a+ X_b,\\ Z_1 = Z_2 := X_a , Z_3 := X_b$$
\(X_a,X_b, \) and \( X_c\) are uniformly random and independent bits
Secret key $$K = X_a^n \perp Z_w^n$$
Achieved with no discussion
\(1\leq C_S\)
\(\leq H(Z_1) =1\)
\(R_L \geq H(Z_U|Z_w) - C_S = 1-1=0\)
Lower bound
\(F =F_3=X_b^n\)
\(l_w =1\)
\(R_L \leq 1\)
It is shown that \(R_L = 1\)
achieves omniscience
Main Results
Theorem 2 (Upper bound on minimum leakage)
R_L \leq \frac{1}{m} [ R_{CO}(Z_U^m|F') + I(Z_U^m \wedge F' | Z_w^m) ] \leq R_{CO}
For the secure omniscience scenario,
any public discussion on block length \(m\)
positive integer
Set \(m=1\) and \(F'\) to a constant
Proof Idea
Leakage rate is
Additionally, \(F''\) is revealed to attain omniscience with rate
$$\frac{1}{n} H(F'')= \frac{1}{m} R_{CO}(Z_U^m|F')$$
$$\frac{1}{n} I({F'}^{\frac{n}{m}}, F'' \wedge Z_U^n | Z_{w}^n) \leq \frac{1}{n} H(F'') + \frac{1}{n} I({F'}^{\frac{n}{m}} \wedge Z_U^n | Z_{w}^n)$$
$$ \to \frac{1}{m} [ R_{CO}(Z_U^m|F') + I(Z_U^m \wedge F' | Z_w^m) ]$$
\(Z_{U1}\)
\(Z_{Um}\)
\(Z_{Un}\)
\(Z_{U(n-m+1)}\)
\(Z_{U2}\)
\(Z_{U}^n\)
\(F'_1\)
\(F'_{\frac{n}{m}}\)
\(F'_1\)
Tightness of Upper bound
\(R_{CO}\) upper bound is improved by an additional information alignment step that completely aligns \(F'\) to the \(Z_{w}\)
\(R_L\) and \(R_{CO}\) are not simultaneously achievable
\(F'=(F'_1,F'_2)=(X_a+X_b,X_b+X_c)=Z_{w}\) with \(m=1\)
\(R_L \leq R_{CO}(Z_U|Z_{w}) + I(Z_U \wedge F'|Z_{w}) = 0\)
$$A:=\{1,2\} \subseteq U:=\{1,2,3\} \\ Z_w := (X_a+ X_b, X_b+ X_c)\\Z_1 := (X_a,X_b) \\Z_2 := (X_b, X_c)\\ Z_3 := (X_a+ X_b+ X_c)$$
\(X_a,X_b, \) and \( X_c\) are uniformly random and independent bits
\(R_{CO} = 1\)
\(R_L = 0\)
\(< R_{CO} = 1\)
achieves omniscience
Example with Tight Upper and Lower bound
$$A=U:=\{1,2,3,4\} \\ Z_w := X_a+ X_b+ X_c\\Z_1 := X_a\\ Z_2 := (X_a, X_b)\\ Z_3 := (X_b, X_c)\\Z_4 := X_c$$
\(X_a,X_b, \) and \( X_c\) are uniformly random and independent bits
$$R_{L} \geq H(Z_U|Z_{w}) - C_S \geq 2-1 = 1$$
\(C_s\leq H(Z_1) =1\)
$$R_{L} \leq \frac{1}{m} I(Z_U^m\wedge F'|Z_{w}^m) $$
$$= \frac{1}{2} H(F'|Z_{w}^2) = 1$$
$$F'_2 = \begin{bmatrix} X_{a1}\\ X_{a2}\end{bmatrix} + \begin{bmatrix} 1 & 1\\ 1 & 0\end{bmatrix} \begin{bmatrix} X_{b1}\\ X_{b2}\end{bmatrix}$$
$$F'_3 = \begin{bmatrix} X_{c1}\\ X_{c2}\end{bmatrix} + \begin{bmatrix} 0 & 1\\ 1 & 1\end{bmatrix} \begin{bmatrix} X_{b1}\\ X_{b2}\end{bmatrix}$$
\(F'=(F'_2,F'_3)\)
achieves omniscience
\(R_{CO}(Z_U^2|F') = 0\)
Main Results
Theorem 3 (Two-user finite linear source)
R_L = H(Z_1,Z_2|Z_w) - I(Z_1\wedge Z_2|G)
where \(G\) can be chosen to be \(G_1\) \(G_2\), or both \(G_1,G_2\), with \(G_i\) being the solution to
J_{GK}(Z_w \wedge Z_i) := \max\limits_{G_i: H(G_i|Z_w)=H(G_i|Z_i)=0} H(G_i) \text{ for } i \in U
For secure omniscience with \(A=U=\{1,2\}\) and finite linear source \(Z_V\)
Proof Idea
Z_1' = (X_a,X_c)\\
Z_2' = (X_b,X_c)
There exist functions \(Z_i'\) of \(Z_i\) such that \(I(Z_i'\wedge G_1) = H(Z_i|Z_i',G_1) = 0\)
Z_{w}' = X_a A + X_b B + X_c C
$$R_{L} \geq R_{CO}(Z_U|G_1) - I(Z_U\wedge Z_{w}|G_1)$$
Since \(G_1\) is a function of \(Z_w\)
$$\geq H(Z_U|Z_{w}) - I(Z_1\wedge Z_2|G_1)$$
$$R_{L} \leq R_{CO}(Z_U|F') + I(Z_U\wedge F'|Z_{w})$$
$$= H(Z_U|Z_{w})+ I(Z_U\wedge Z_{w}|F') -I(Z_1\wedge Z_2|F')$$
$$F'=(F'_1,F'_2) $$
$$R_{L} \leq H(Z_U|Z_{w}) - I(Z_1\wedge Z_2|G_1)$$
$$ F'_1 := (X_a A, G_1), F'_2 := X_b B + X_c C$$
Extension/Challenges
- The upper bound on the minimum leakage can be shown to be tight for the two-user case with one-way discussion
- Sufficient conditions for the minimum leakage upper bound to match the lower bound can also be derived and shown to hold for multiterminal hypergraphical sources
References
[1] C. H. Bennett, G. Brassard, and J.-M. Robert, “Privacy amplification by public discussion,” SIAM journal on Computing, vol. 17, no. 2, pp.210–229, 1988.
[2] R. Ahlswede and I. Csiszár, “Common randomness in information theory and cryptography—Part I: Secret sharing,” IEEE Transactions on Information Theory, vol. 39, no. 4, pp. 1121–1132, Jul. 1993.
[3] U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Transactions on Information Theory, vol. 39, no. 3, pp. 733–742, 1993.
[4] I. Csiszár and P. Narayan, “Secrecy capacities for multiple terminals,” IEEE Transactions on Information Theory, vol. 50, no. 12, pp. 3047–3061, Dec. 2004.
[5] A. Gohari and V. Anantharam, “Information-theoretic key agreement of multiple terminals—Part I,” IEEE Transactions on Information Theory, vol. 56, no. 8, pp. 3973 –3996, Aug. 2010.
[6] A. Kaspi, “Two-way source coding with a fidelity criterion,” IEEE Transactions on Information Theory, vol. 31, no. 6, pp. 735–740,
November 1985.
[7] S. Asoodeh, M. Diaz, F. Alajaji, and T. Linder, “Estimation efficiency under privacy constraints,” IEEE Transactions on Information Theory, vol. 65, no. 3, pp. 1512–1534, March 2019.
[8] N. Tishby, F. C. Pereira, and W. Bialek, “The information bottleneck method,” in Thirty-Seventh Annual Allerton Conference on Communication, Control, and Computing, Sep. 1999.
[9] N. Slonim, “The information bottleneck: Theory and applications,” Ph.D. dissertation, Citeseer, 2002.
[10] N. Tishby and N. Zaslavsky, “Deep learning and the information bottleneck principle,” in IEEE Information Theory Workshop (ITW), April 2015, pp. 1–5.
[11] R. A. Amjad and B. C. Geiger, “Learning representations for neural network-based classification using the information bottleneck principle,” IEEE Transactions on Pattern Analysis and Machine Intelligence, 2019.
[12] I. Csiszár and J. Körner, Information Theory: Coding Theorems for Discrete Memoryless Systems. Akadémiai Kiadó, Budapest, 1981.
References
[13] C. Chan, N. Kashyap, P. K. Vippathalla, and Q. Zhou, “Secure information exchange for omniscience,” 2019. [Online]. Available:
http://bit.ly/secureomniscience
[14] C. Chan and L. Zheng, “Mutual dependence for secret key agreement,” in Proceedings of 44th Annual Conference on Information Sciences and Systems, 2010.
[15] P. Gács and J. Körner, “Common information is far less than mutual information,” Problems of Control and Information Theory, vol. 2, no. 2, pp. 149–162, Feb. 1972.
[16] C. Chan, M. Mukherjee, N. Kashyap, and Q. Zhou, “Multiterminal secret key agreement at asymptotically zero discussion rate,” in 2018 IEEE International Symposium on Information Theory (ISIT). IEEE, 6 2018, pp. 2654–2658.
[17] H. Tyagi, P. Narayan, and P. Gupta, “When is a function securely computable?” IEEE Transactions on Information Theory, vol. 57, no. 10, pp. 6337–6350, 2011.
[18] M. M. Mojahedian, M. R. Aref, and A. Gohari, “Perfectly secure index coding,” IEEE Transactions on Information Theory, vol. 63, no. 11, pp. 7382–7395, Nov 2017.
[19] L. Ong, J. Kliewer, and B. N. Vellambi, “Secure network-index code equivalence: Extension to non-zero error and leakage,” in 2018 IEEE International Symposium on Information Theory (ISIT), 2018, pp. 841–845.
[20] A. Orlitsky and J. R. Roche, “Coding for computing,” IEEE Transactions
on Information Theory, vol. 47, no. 3, pp. 903–917, March 2001.
deck
By Praneeth Kumar
deck
- 155
