Polar Coding for Confidential Broadcasting

Jaume del Olmo Alòs; Javier Rodríguez Fonollosa

doi:10.3390/e22020149

. 2020 Jan 27;22(2):149. doi: 10.3390/e22020149

Polar Coding for Confidential Broadcasting

Jaume del Olmo Alòs ^1,^*, Javier Rodríguez Fonollosa ¹

PMCID: PMC7516562 PMID: 33285924

Abstract

A polar coding scheme is proposed for the Wiretap Broadcast Channel with two legitimate receivers and one eavesdropper. We consider a model in which the transmitter wishes to send the same private (non-confidential) message and the same confidential message reliably to two different legitimate receivers, and the confidential message must also be (strongly) secured from the eavesdropper. The coding scheme aims to use the optimal rate of randomness and does not make any assumption regarding the symmetry or degradedness of the channel. This paper extends previous work on polar codes for the wiretap channel by proposing a new chaining construction that allows to reliably and securely send the same confidential message to two different receivers. This construction introduces new dependencies between the random variables involved in the coding scheme that need to be considered in the secrecy analysis.

Keywords: polar codes, information-theoretic security, wiretap broadcast channel, strong secrecy

1. Introduction

Information-theoretic security over noisy channels was introduced by Wyner in [1], which characterized the secrecy-capacity of the degraded wiretap channel. Later, Csiszár and Körner in [2] generalized Wyner’s results to the general wiretap channel. In these settings, one transmitter wishes to reliably send one message to a legitimate receiver, while keeping it secret from an eavesdropper, where secrecy is defined based on a condition of some information-theoretic measure that is fully quantifiable. One of these measures is the information leakage, defined as the mutual information $I (W; Z^{n})$ between a uniformly distributed random message W and the channel observations $Z^{n}$ at the eavesdropper, n being the number of uses of the channel. Based on this measure, the most common secrecy conditions required to be satisfied by channel codes are the weak secrecy, which requires ${lim}_{n \to \infty} \frac{1}{n} I (W; Z^{n}) = 0$ , and the strong secrecy, requiring ${lim}_{n \to \infty} I (W; Z^{n}) = 0$ . Although the second notion of security is stronger, surprisingly both conditions result in the same secrecy-capacity [3].

In the last decade, information-theoretic security has been extended to a large variety of contexts, and polar codes have become increasingly popular in this area, due to their easily provable secrecy capacity achieving property. Polar codes were originally proposed by Arikan in [4] to achieve the capacity of binary-input, symmetric, and point-to-point channels under Successive Cancellation (SC) decoding. Secrecy capacity achieving polar codes for the binary symmetric degraded wiretap channel were introduced in [5,6], satisfying the weak and the strong secrecy condition, respectively. Recently, polar coding has been extended to the general wiretap channel in [7,8,9,10] and to different multiuser scenarios (for instance, see [11,12]). Indeed, [9,10] generalize their results providing polar codes for the broadcast channel with confidential messages.

This paper provides a polar coding scheme that allows to transmit strongly confidential common information to two legitimate receivers over the Wiretap Broadcast Channel (WTBC). Although [13] provided an obvious lower-bound on the secrecy-capacity of this model, no constructive polar coding scheme has already been proposed so far. Our polar coding scheme is based mainly on the one introduced by [10] for the broadcast channel with confidential messages. Therefore, the proposed polar coding scheme aims to use the optimal amount of randomness in the encoding. Moreover, in order to construct an explicit polar coding scheme that provides strong secrecy, the distribution induced by the encoder must be close in terms of the statistical distance to the original one considered for the code construction, and transmitter and legitimate receivers need to share a secret key of negligible size in terms of rate. Nevertheless, the particularization for the model proposed in this paper is not straightforward. Specifically, we propose a new chaining construction [14] (transmission will take place over several blocks) that is crucial to secretly transmit common information to different legitimate receivers. Indeed, this model generalizes, in part, the one described in [10], where the confidential message is intended only for one legitimate receiver, and the one in [15], which considers only the transmission of non-confidential messages intended for two different receivers. The proposed chaining introduces new bidirectional dependencies between encoding random variables of adjacent blocks that must be considered carefully in the secrecy analysis. Indeed, we need to make use of an additional secret key of negligible size in terms of rate that is privately shared between transmitter and legitimate receivers, which will be used to prove that dependencies between blocks can be broken and, therefore, the strong secrecy condition will be satisfied.

1.1. Notation

Throughout this paper, let $[n] = {1, \dots, n}$ for $n \in Z^{+}$ , $a^{n}$ denotes a row vector $(a (1), \dots, a (n))$ . We write $a^{1 : j}$ for $j \in [n]$ to denote the subvector $(a (1), \dots, a (j))$ . Let $A \subset [n]$ , then we write $a [A]$ to denote the sequence ${a (j)}_{j \in A}$ , and we use $A^{C}$ to denote the set complement with respect to the universal set $[n]$ , that is, $A^{C} = [n] ∖ A$ . If $A$ denotes an event, then $A^{C}$ also denotes its complement. We use ln to denote the natural logarithm, whereas log denotes the logarithm base 2. Let X be a random variable taking values in $X$ , and let $q_{x}$ and $p_{x}$ be two different distributions with support $X$ , then $D (q_{x}, p_{x})$ and $V (q_{x}, p_{x})$ denote the Kullback–Leibler divergence and the total variation distance respectively. Finally, $h_{2} (p)$ denotes the binary entropy function, i.e., $h_{2} (p) = - p log p - (1 - p) log (1 - p)$ .

1.2. Organization

The remainder of this paper is organized as follows. Section 2 introduces the channel model formally. In Section 3, the fundamental theorems of polar codes are revisited. Section 4 describes the proposed polar coding scheme, and Section 5 proves that this polar coding scheme achieves the best known inner-bound on the secrecy-capacity of this model. Finally, the concluding remarks are presented in Section 6.

2. Channel Model and Achievable Region

Formally, a WTBC $(X, p_{Y_{(1)} Y_{(2)} Z | X}, Y_{(1)} \times Y_{(2)} \times Z)$ with 2 legitimate receivers and an external eavesdropper is characterized by the probability transition function $p_{Y_{(1)} Y_{(2)} Z | X}$ , where $X \in X$ denotes the channel input, $Y_{(k)} \in Y_{(k)}$ denotes the channel output corresponding to the legitimate Receiver $k \in [1, 2]$ , and $Z \in Z$ denotes the channel output corresponding to the eavesdropper. We consider a model, namely Common Information over the Wiretap Broadcast Channel (CI-WTBC), in which the transmitter wishes to send a private message W and a confidential message S to both legitimate receivers. A code $(⌈ 2^{n R_{W}} ⌉, ⌈ 2^{n R_{S}} ⌉, ⌈ 2^{n R_{R}} ⌉, n)$ for the CI-WTBC consists of a private message set $W ≜ [1, ⌈ 2^{n R_{W}} ⌉]$ , a confidential message set $S ≜ [1, ⌈ 2^{n R_{S}} ⌉]$ , a randomization sequence set $R ≜ [1, ⌈ 2^{n R_{R}} ⌉]$ (needed to confuse the eavesdropper about the confidential message S), an encoding function $f : W \times S \times R \to X^{n}$ that maps $(w, s, r)$ to a codeword $x^{n}$ , and two decoding functions $g_{(1)}$ and $g_{(2)}$ such that $g_{(k)} : Y_{(k)}^{n} \to W \times S$ ( $k \in [1, 2]$ ) maps the k-th legitimate receiver observations $y_{(k)}^{n}$ to the estimates $({\hat{w}}^{(k)}, {\hat{s}}^{(k)})$ . The reliability condition to be satisfied by this code is measured in terms of the average probability of error and is given by

\begin{matrix} lim_{n \to \infty} P [(W, S) \neq ({\hat{W}}^{(k)}, {\hat{S}}^{(k)})] = 0, k \in [1, 2] . \end{matrix}

(1)

The strong secrecy condition is measured in terms of the information leakage and is given by

\begin{matrix} lim_{n \to \infty} I (S; Z^{n}) = 0 . \end{matrix}

(2)

This model is graphically illustrated in Figure 1. A triple of rates $(R_{W}, R_{S}, R_{R}) \in R_{+}^{3}$ will be achievable for the CI-WTBC if there exists a sequence of $(⌈ 2^{n R_{W}} ⌉, ⌈ 2^{n R_{S}} ⌉, ⌈ 2^{n R_{R}} ⌉, n)$ codes such that satisfy the reliability and secrecy conditions (1) and (2), respectively.

The achievable rate region is defined as the closure of the set of all achievable rate triples $(R_{W}, R_{S}, R_{R})$ . The following proposition defines an inner-bound on this region.

Proposition 1

(Adapted from [13,16]). The region $R_{CI - WTBC}$ defined by the union over the triples of rates $(R_{W}, R_{S}, R_{R}) \in R_{+}^{3}$ satisfying

$\begin{matrix} R_{W} + R_{S} & \leq min \{I (V; Y_{(1)}), I (V; Y_{(2)})\}, \\ R_{S} & \leq min \{I (V; Y_{(1)}), I (V; Y_{(2)})\} - I (V; Z), \\ R_{W} + R_{R} & \geq I (X; Z), \\ R_{R} & \geq I (X; Z | V), \end{matrix}$

where the union is taken over all distributions $p_{V X}$ such that $V - X - (Y_{(1)}, Y_{(2)}, Z)$ forms a Markov chain, defines an inner-bound on the achievable region of the CI-WTBC.

In this model, the private message W introduces part of the randomness required to confuse the eavesdropper about the confidential message S, and the randomization sequence R denotes the additional randomness that is required for channel prefixing.

3. Review of Polar Codes

Let $(X \times Y, p_{X Y})$ be a Discrete Memoryless Source (DMS), where $X \in {0, 1}$ (Throughout this paper, we assume binary polarization. Nevertheless, an extension to q-ary alphabets is possible [10,17,18]) and $Y \in Y$ . The polar transform over the n-sequence $X^{n}$ , n being any power of 2, is defined as $U^{n} ≜ X^{n} G_{n}$ , where $G_{n} ≜ {[\begin{matrix} 1 & 1 \\ 1 & 0 \end{matrix}]}^{\otimes n}$ is the source polarization matrix [19]. Since $G_{n} = G_{n}^{- 1}$ , then $X^{n} = U^{n} G_{n}$ .

The polarization theorem for source coding with side information [19] (Th. 1) states that the polar transform extracts the randomness of $X^{n}$ in the sense that, as $n \to \infty$ , the set of indices $j \in [n]$ can be divided practically into two disjoint sets, namely $H_{X | Y}^{(n)}$ and $L_{X | Y}^{(n)}$ , such that $U (j)$ for $j \in H_{X | Y}^{(n)}$ is practically independent of $(U^{1 : j - 1}, Y^{n})$ and uniformly distributed, i.e., $H (U (j) | U^{1 : j - 1}, Y^{n}) \to 1$ , and $U (j)$ for $j \in L_{X | Y}^{(n)}$ is almost determined by $(U^{1 : j - 1}, Y^{n})$ , i.e., $H (U (j) | U^{1 : j - 1}, Y^{n}) \to 0$ . Formally, let

\begin{matrix} H_{X | Y}^{(n)} & ≜ \{j \in [n] : H (U (j) | U^{1 : j - 1}, Y^{n}) \geq 1 - δ_{n}\}, \\ L_{X | Y}^{(n)} & ≜ \{j \in [n] : H (U (j) | U^{1 : j - 1}, Y^{n}) \leq δ_{n}\}, \end{matrix}

where $δ_{n} ≜ 2^{- n^{β}}$ for some $β \in (0, \frac{1}{2})$ . Then, by Lemma 4 of [10] we have ${lim}_{n \to \infty} \frac{1}{n} | H_{X | Y}^{(n)} | = H (X | Y)$ and ${lim}_{n \to \infty} \frac{1}{n} | L_{X | Y}^{(n)} | = 1 - H (X | Y)$ , which imply that ${lim}_{n \to \infty} \frac{1}{n} | {(H_{X | Y}^{(n)})}^{C} ∖ L_{X | Y}^{(n)} | = 0$ , i.e., the number of elements that have not been polarized is asymptotically negligible in terms of rate. Furthermore, Th. 2 of [19] states that given $U [{(L_{X | Y}^{(n)})}^{C}]$ and $Y^{n}$ , $U [L_{X | Y}^{(n)}]$ can be reconstructed using SC decoding with error probability in $O (n δ_{n})$ . Alternatively, the previous sets can be defined based on the Bhattacharyya parameters ${Z (U (j) | U^{1 : j - 1}, Y^{n})}_{j = 1}^{n}$ because both parameters polarize simultaneously Proposition 2 of [19]. It is worth mentioning that both the entropy terms and the Bhattacharyya parameters required to define these sets can be obtained deterministically from $p_{X Y}$ and the algebraic properties of $G_{n}$ [20,21,22].

Similarly to $H_{X | Y}^{(n)}$ and $L_{X | Y}^{(n)}$ , the sets $H_{X}^{(n)}$ and $L_{X}^{(n)}$ can be defined by considering that observations $Y^{n}$ are absent. A discrete memoryless channel $(X, p_{Y | X}, Y)$ with some arbitrary $p_{X}$ can be seen as a DMS $(X \times Y, p_{X} p_{Y | X})$ . In channel polar coding, first we define $H_{X | Y}^{(n)}$ , $L_{X | Y}^{(n)}$ , $H_{X}^{(n)}$ and $L_{X}^{(n)}$ from the target distribution $p_{X} p_{Y | X}$ (polar construction). Then, based on the previous sets, the encoder somehow constructs (since the polar-based encoder will construct random variables that must approach the target distribution of the DMS, throughout this paper we use tilde above the random variables to emphazise this purpose) ${\tilde{U}}^{n}$ and applies the inverse polar transform ${\tilde{X}}^{n} = {\tilde{U}}^{n} G_{n}$ with distribution ${\tilde{q}}_{X^{n}}$ . Afterwards, the transmitter sends ${\tilde{X}}^{n}$ over the channel, which induces ${\tilde{Y}}^{n} \sim {\tilde{q}}_{Y^{n}}$ . If $V ({\tilde{q}}_{X^{n} Y^{n}}, p_{X^{n} Y^{n}}) \to 0$ , then the receiver can reliably reconstruct $\tilde{U} [L_{X | Y}^{(n)}]$ from ${\tilde{Y}}^{n}$ and $\tilde{U} [{(L_{X | Y}^{(n)})}^{C}]$ by using SC decoding [23].

4. Polar Coding Scheme

Let $(V \times X \times Y_{(1)} \times Y_{(2)} \times Z, p_{V X Y_{(1)} Y_{(2)} Z})$ denote the DMS that represents the input $(V, X)$ and output $(Y_{(1)}, Y_{(2)}, Z)$ random variables of the CI-WTBC, where $| V | = | X | ≜ 2$ . Without loss of generality, and to avoid the trivial case $R_{S} = 0$ in Proposition 1, we assume that

\begin{matrix} H (V | Z) > H (V | Y_{(1)}) \geq H (V | Y_{(2)}) . \end{matrix}

(3)

If $H (V | Y_{(1)}) < H (V | Y_{(2)})$ , one can simply exchange the role of $Y_{(1)}$ and $Y_{(2)}$ in the polar coding scheme described in Section 4. We propose a polar coding scheme that achieves the following rate triple,

\begin{matrix} (R_{W}, R_{S}, R_{R}) = (I (V; Z), I (V; Y_{(1)}) - I (V; Z), I (X; Z | V)), \end{matrix}

(4)

which corresponds to the one of the region in Proposition 1 such that the private and the confidential message rate are maximum and the amount of randomness is minimum.

For the input random variable V, we define the polar transform $A^{n} ≜ V^{n} G_{n}$ and the sets

\begin{matrix} H_{V}^{(n)} & ≜ \{j \in [1, n] : H (A (j) | A^{1 : j - 1}) \geq 1 - δ_{n}\}, \end{matrix}

(5)

\begin{matrix} H_{V | Z}^{(n)} & ≜ \{j \in [1, n] : H (A (j) | A^{1 : j - 1} Z^{n}) \geq 1 - δ_{n}\}, \end{matrix}

(6)

\begin{matrix} L_{V | Y_{(k)}}^{(n)} & ≜ \{j \in [1, n] : H (A (j) | A^{1 : j - 1} Y_{(k)}^{n}) \leq δ_{n}\}, k = 1, 2 . \end{matrix}

(7)

For the input random variable X, we define $T^{n} ≜ X^{n} G_{n}$ and the associated sets

\begin{matrix} H_{X | V}^{(n)} & ≜ \{j \in [1, n] : H (T (j) | T^{1 : j - 1} V^{n}) \geq 1 - δ_{n}\} . \end{matrix}

(8)

\begin{matrix} H_{X | V Z}^{(n)} & ≜ \{j \in [1, n] : H (T (j) | T^{1 : j - 1} V^{n} Z^{n}) \geq 1 - δ_{n}\} . \end{matrix}

(9)

We have $p_{A^{n} T^{n}} (a^{n}, t^{n}) = p_{V^{n} X^{n}} (a^{n} G_{n}, t^{n} G_{n})$ , due to the invertibility of $G_{n}$ , and we write

\begin{matrix} p_{A^{n} T^{n}} (a^{n}, t^{n}) & = (\prod_{j = 1}^{n} p_{A (j) | A^{1 : j - 1}} (a (j) | a^{1 : j - 1})) (\prod_{j = 1}^{n} p_{T (j) | T^{1 : j - 1} V^{n}} (t (j) | t^{1 : j - 1}, a^{n} G_{n})) . \end{matrix}

Consider that the encoding takes place over L blocks indexed by $i \in [1, L]$ . At the i-th block, the encoder will construct ${\tilde{A}}_{i}^{n}$ , which will carry the private and the confidential messages intended for both legitimate receivers. Additionally, the encoder will store into ${\tilde{A}}_{i}^{n}$ some elements from ${\tilde{A}}_{i - 1}^{n}$ (if $i \in [2, L]$ ) and ${\tilde{A}}_{i + 1}^{n}$ (if $i \in [1, L - 1]$ ), so that both legitimate receivers are able to reliably reconstruct ${\tilde{A}}_{1 : L}^{n}$ . Then, given ${\tilde{V}}_{i}^{n} = {\tilde{A}}_{i}^{n} G_{n}$ , the encoder will perform the polar-based channel prefixing to construct ${\tilde{T}}_{i}^{n}$ . Finally, it will obtain ${\tilde{X}}_{i}^{n} = {\tilde{T}}_{i}^{n} G_{n}$ , which will be transmitted over the WTBC, inducing the channel output observations $({\tilde{Y}}_{(1), i}^{n}, {\tilde{Y}}_{(2), i}^{n}, {\tilde{Z}}_{i}^{n})$ .

Consider the construction of ${\tilde{A}}_{1 : L}^{n}$ . Besides, sets in (5)–(7), define the partition of $H_{V}^{(n)}$ :

\begin{matrix} G^{(n)} & ≜ H_{V | Z}^{(n)}, \end{matrix}

(10)

\begin{matrix} C^{(n)} & ≜ H_{V}^{(n)} \cap {(H_{V | Z}^{(n)})}^{C} . \end{matrix}

(11)

Moreover, we also define the following partition of the set $G^{(n)}$ :

\begin{matrix} G_{0}^{(n)} & ≜ G^{(n)} \cap L_{V | Y_{(1)}}^{(n)} \cap L_{V | Y_{(2)}}^{(n)}, \end{matrix}

(12)

\begin{matrix} G_{1}^{(n)} & ≜ G^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} \cap L_{V | Y_{(2)}}^{(n)}, \end{matrix}

(13)

\begin{matrix} G_{2}^{(n)} & ≜ G^{(n)} \cap L_{V | Y_{(1)}}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}, \end{matrix}

(14)

\begin{matrix} G_{1, 2}^{(n)} & ≜ G^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}, \end{matrix}

(15)

and the following partition of the set $C^{(n)}$ :

\begin{matrix} C_{0}^{(n)} & ≜ C^{(n)} \cap L_{V | Y_{(1)}}^{(n)} \cap L_{V | Y_{(2)}}^{(n)}, \end{matrix}

(16)

\begin{matrix} C_{1}^{(n)} & ≜ C^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} \cap L_{V | Y_{(2)}}^{(n)}, \end{matrix}

(17)

\begin{matrix} C_{2}^{(n)} & ≜ C^{(n)} \cap L_{V | Y_{(1)}}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}, \end{matrix}

(18)

\begin{matrix} C_{1, 2}^{(n)} & ≜ C^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}; \end{matrix}

(19)

These sets are graphically represented in Figure 2. Roughly speaking, $A [H_{V}^{(n)}]$ is the nearly uniformly distributed part of $A^{n}$ . Thus, ${\tilde{A}}_{i} [H_{V}^{(n)}]$ , $i \in [1, L]$ , is suitable for storing uniformly distributed random sequences. The sequence $A [H_{V | Z}^{(n)}]$ is almost independent of $Z^{n}$ and, hence, ${\tilde{A}}_{i} [G^{(n)}]$ is suitable for storing information to be secured from the eavesdropper, whereas ${\tilde{A}}_{i} [C^{(n)}]$ is not. Sets in (12)–(19) with subscript 1 (sets inside the red curve in Figure 2) form $H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}$ , while those with subscript 2 (sets inside the blue curve) form $H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}$ . From Th. 2 of [19,23], recall that ${\tilde{A}}_{i} [H_{V}^{(n)} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C}]$ is the nearly uniformly distributed part of the sequence ${\tilde{A}}_{i}^{n}$ required by legitimate Receiver k to reliably reconstruct the entire sequence by performing SC decoding.

Graphical representation of the sets in (10)–(19). The indices inside the soft and dark gray area form $G^{(n)}$ and $C^{(n)}$ respectively. The indices that form $H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}$ are those inside the red curve, while those inside the blue curve form $H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}$ .

For sufficiently large n, assumption (3) imposes the following restriction on the size of the previous sets:

\begin{matrix} | G_{1}^{(n)} | - | C_{2}^{(n)} | \geq | G_{2}^{(n)} | - | C_{1}^{(n)} | > | C_{1, 2}^{(n)} | - | G_{0}^{(n)} | . \end{matrix}

(20)

The left-hand inequality in (20) holds from the fact that

\begin{matrix} | C_{1}^{(n)} \cup G_{1}^{(n)} | - | C_{2}^{(n)} \cup G_{2}^{(n)} | \\ = | H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} ∖ H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C} | - | H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C} ∖ H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} | \\ = | H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} | - | H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C} | \geq 0, \end{matrix}

where the positivity holds by Lemma 4 of [10] because, for any $k \in [1, 2]$ , we have

\begin{matrix} \frac{1}{n} | H_{V}^{(n)} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} | & = \frac{1}{n} | H_{V | Y_{(k)}}^{(n)} | + \frac{1}{n} | H_{V}^{(n)} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} ∖ H_{V | Y_{(k)}}^{(n)} | \overset{n \to \infty}{\to} H (V | Y_{(k)}) \end{matrix}

Similarly, the right-hand inequality in (20) holds by Lemma 4 of [10] and the fact that

\begin{matrix} | G_{0}^{(n)} \cup G_{2}^{(n)} | - | C_{1}^{(n)} \cup C_{1, 2}^{(n)} | & = | H_{V | Z}^{(n)} ∖ H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} | - | H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} ∖ H_{V | Z}^{(n)} | \\ = | H_{V | Z}^{(n)} | - | H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} | . \end{matrix}

Thus, according to (20), we must consider four cases:

$| G_{1}^{(n)} | > | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | > | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | \geq | C_{1, 2}^{(n)} |$ ;
$| G_{1}^{(n)} | > | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | > | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | < | C_{1, 2}^{(n)} |$ ;
$| G_{1}^{(n)} | \geq | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | \leq | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | > | C_{1, 2}^{(n)} |$ ;
$| G_{1}^{(n)} | < | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | < | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | > | C_{1, 2}^{(n)} |$ .

4.1. General Polar-Based Encoding

The generic encoding process for all cases is summarized in Algorithm 1. For $i \in [1, L]$ , let $W_{i}$ be a uniformly distributed vector of length $| C^{(n)} |$ that represents the private message. The encoder forms ${\tilde{A}}_{i} [C^{(n)}]$ by simply storing $W_{i}$ . Indeed, if $i \in [1, L - 1]$ , notice that the encoder forms ${\tilde{A}}_{i + 1} [C^{(n)}]$ before constructing ${\tilde{A}}_{i}^{n}$ entirely. From ${\tilde{A}}_{i} [C^{(n)}]$ , $i \in [1, L]$ , we define

\begin{matrix} Ψ_{i}^{(V)} & ≜ {\tilde{A}}_{i} [C_{2}^{(n)}], \end{matrix}

(21)

\begin{matrix} Γ_{i}^{(V)} & ≜ {\tilde{A}}_{i} [C_{1, 2}^{(n)}], \end{matrix}

(22)

\begin{matrix} Θ_{i}^{(V)} & ≜ {\tilde{A}}_{i} [C_{1}^{(n)}] . \end{matrix}

(23)

Notice that $[Ψ_{i}^{(V)}, Γ_{i}^{(V)}] = {\tilde{A}}_{i} [C_{2}^{(n)} \cup C_{1, 2}^{(n)}]$ is required by legitimate Receiver 2 to reliably estimate ${\tilde{A}}_{i}^{n}$ and, thus, the encoder will repeat $[Ψ_{i}^{(V)}, Γ_{i}^{(V)}]$ , if $i \in [1, L - 1]$ , conveniently in ${\tilde{A}}_{i + 1} [G^{(n)}]$ (the function form_A_G is responsible of the chaining construction and is described later). On the other hand, $[Θ_{i}^{(V)}, Γ_{i}^{(V)}] = {\tilde{A}}_{i} [C_{1}^{(n)} \cup C_{1, 2}^{(n)}]$ is required by legitimate Receiver 1. Nevertheless, in order to satisfy the strong secrecy condition in (2), $[Θ_{i}^{(V)}, Γ_{i}^{(V)}]$ , $i \in [2, L]$ , is not repeated directly into ${\tilde{A}}_{i - 1} [G^{(n)}]$ , but the encoder copies instead ${\bar{Θ}}_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ obtained as follows. Let $κ_{Θ}^{(V)}$ and $κ_{Γ}^{(V)}$ be uniformly distributed keys with length $| C_{1}^{(n)} |$ and $| C_{1, 2}^{(n)} |$ respectively that are privately shared between transmitter and both legitimate receivers. For any $i \in [2, L]$ , we define the sequences

\begin{matrix} {\bar{Θ}}_{i}^{(V)} & ≜ {\tilde{A}}_{i} [C_{1}^{(n)}] \oplus κ_{Θ}^{(V)}, \\ {\bar{Γ}}_{i}^{(V)} & ≜ {\tilde{A}}_{i} [C_{1, 2}^{(n)}] \oplus κ_{Γ}^{(V)} . \end{matrix}

Since these secret keys are reused in all blocks, their size becomes negligible in terms of rate for L large enough. The need of these secret keys may not be obvious at this point, but a further discussion of this question can be found in Section 5.4. Indeed, they are required to prove independence between an eavesdropper’s observations of adjacent blocks (see Lemma 3), which is crucial to prove that the polar coding scheme satisfies the strong secrecy condition in (2).

The function form_A_G in Algorithm 1 constructs sequences ${\tilde{A}}_{1 : L} [G^{(n)}]$ differently depending on which case, among cases A, B, C or D described before, characterizes the given CI-WTBC. This part of the encoding is described in detail in Section 4.2 and Algorithm 2.

Then, given ${\tilde{A}}_{i} [C^{(n)} \cup G^{(n)}]$ , the encoder forms the remaining entries of ${\tilde{A}}_{i}^{n}$ , i.e., ${\tilde{A}}_{i} [{(H_{V}^{(n)})}^{C}]$ , as follows. If $j \in L_{V}^{(n)}$ , where $L_{V}^{(n)} ≜ \{j \in [1, n] : H (A (j) | A^{1 : j - 1}) \leq δ_{n}\}$ , it constructs ${\tilde{A}}_{i} (j)$ deterministically by using SC encoding [24], and only ${\tilde{A}}_{i} [{(H_{V}^{(n)})}^{C} ∖ L_{V}^{(n)}]$ is constructed randomly.

Finally, given ${\tilde{V}}_{i}^{n} = {\tilde{A}}_{i}^{n} G_{n}$ , a randomization sequence $R_{i}$ and a uniformly distributed random sequence $Λ_{0}^{(V)}$ , the encoder performs polar-based channel prefixing (function pb_ch_pref in Algorithm 1) to obtain ${\tilde{X}}_{i}^{n}$ , which is transmitted over the WTBC inducing $({\tilde{Y}}_{(1), i}^{n}, {\tilde{Y}}_{(2), i}^{n}, {\tilde{Z}}_{i}^{n})$ . This part of the encoding is described in detail in Section 4.3.

Furthermore, the encoder obtains the sequence

\begin{matrix} Φ_{(k), i}^{(V)} ≜ {\tilde{A}}_{i} [{(H_{V}^{(n)})}^{C} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C}] \end{matrix}

for any $k \in [1, 2]$ and $i \in [1, L]$ , which is required by legitimate Receiver k to reliably estimate ${\tilde{A}}_{i}^{n}$ entirely. Since $Φ_{(k), i}^{(V)}$ is not nearly uniform, the encoder cannot make it available to the legitimate Receiver k by means of the chaining structure. Furthermore, the encoder obtains

\begin{matrix} Υ_{(1)}^{(V)} & ≜ {\tilde{A}}_{1} [H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}], \\ Υ_{(2)}^{(V)} & ≜ {\tilde{A}}_{L} [H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}] . \end{matrix}

The sequence $Υ_{(k)}^{(V)}$ is required by legitimate Receiver $k \in [1, 2]$ to initialize the decoding process. Therefore, the transmitter additionally sends $(Υ_{(k)}^{(V)}, Φ_{(k), i}^{(V)}) \oplus κ_{{Υ Φ}_{(k)}}^{(V)}$ to legitimate Receiver k, where $κ_{{Υ Φ}_{(k)}}^{(V)}$ is a uniformly distributed key with size

\begin{matrix} L | {(H_{V}^{(n)})}^{C} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} | + | H_{V}^{(n)} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} | \end{matrix}

that is privately shared between transmitter and the corresponding receiver. In Section 5.1 we show that the length of $κ_{{Υ Φ}_{(1)}}^{(V)}$ and $κ_{{Υ Φ}_{(2)}}^{(V)}$ is asymptotically negligible in terms of rate.

Algorithm 1 Generic encoding scheme

Require: Private and confidential messages

W_{1 : L}

and

S_{1 : L}

; randomization sequences

R_{1 : L}

; random sequence

Λ_{0}^{(X)}

; and secret keys

κ_{Θ}^{(V)}

κ_{Γ}^{(V)}

κ_{{Υ Φ}_{(1)}}^{(V)}

and

κ_{{Υ Φ}_{(2)}}^{(V)}

1:
$Ψ_{0}^{(V)}$ , $Γ_{0}^{(V)}$ , $Π_{0}^{(V)}$ , $Λ_{0}^{(V)}$ , ${\bar{Θ}}_{L + 1}^{(V)}$ , ${\bar{Γ}}_{L + 1}^{(V)} \leftarrow ⌀$
2:
${\tilde{A}}_{1} [C^{(n)}] \leftarrow W_{1}$
3:
$Ψ_{1}^{(V)}, Γ_{1}^{(V)} \leftarrow {\tilde{A}}_{1} [C^{(n)}]$
4:
for $i = 1$ to L do
5:
if $i \neq L$ then
6:
${\tilde{A}}_{i + 1} [C^{(n)}] \leftarrow W_{i + 1}$
7:
$Ψ_{i + 1}^{(V)}, Γ_{i + 1}^{(V)}, {\bar{Θ}}_{i + 1}^{(V)}, {\bar{Γ}}_{i + 1}^{(V)} \leftarrow ({\tilde{A}}_{i + 1} [C^{(n)}], κ_{Θ}^{(V)}, κ_{Γ}^{(V)})$
8:
end if
9:
${\tilde{A}}_{i} [G^{(n)}]$ , $Π_{i}^{(V)}$ , $Λ_{i}^{(V)} \leftarrow$ form_A_G $(i, S_{i}, {\bar{Θ}}_{i + 1}^{(V)}, {\bar{Γ}}_{i + 1}^{(V)}, Ψ_{i - 1}^{(V)}, Γ_{i - 1}^{(V)}, Π_{i - 1}^{(V)}, Λ_{i - 1}^{(V)})$
10:
if $i = 1$ then $Υ_{(1)}^{(V)} \leftarrow {\tilde{A}}_{1} [H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}]$
11:
if $i = L$ then $Υ_{(2)}^{(V)} \leftarrow {\tilde{A}}_{L} [H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}]$
12:
for $j \in {(H_{V}^{(n)})}^{C}$ do
13:
if $j \in {(H_{V}^{(n)})}^{C} ∖ L_{V}^{(n)}$ then
14:
${\tilde{A}}_{i} (j) \leftarrow p_{A (j) | A^{1 : j - 1}} ({\tilde{A}}_{i} (j) | {\tilde{A}}_{i}^{1 : j - 1})$
15:
else if $j \in L_{V}^{(n)}$ then
16:
${\tilde{A}}_{i} (j) \leftarrow {arg max}_{a \in V} p_{A (j) | A^{1 : j - 1}} ({\tilde{a}}_{i} (j) | {\tilde{A}}_{i}^{1 : j - 1})$
17:
end if
18:
end for
19:
$Φ_{(1), i}^{(V)} \leftarrow {\tilde{A}}_{i} [{(H_{V}^{(n)})}^{C} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}]$
20:
$Φ_{(2), i}^{(V)} \leftarrow {\tilde{A}}_{i} [{(H_{V}^{(n)})}^{C} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}]$
21:
${\tilde{X}}_{i}^{n}, Λ_{i}^{(X)} \leftarrow pb_ch_pref ({\tilde{A}}_{i}^{n} G_{n}, R_{i}, Λ_{i - 1}^{(X)})$
22:
end for
23:
Send $(Φ_{(k), i}^{(V)}, Υ_{(k)}^{(V)}) \oplus κ_{{Υ Φ}_{(k)}}^{(V)}$ to Receiver $k \in [1, 2]$
24:
return ${\tilde{X}}_{1 : L}^{n}$

Open in a new tab

Algorithm 2 Function form_A_G

Require:i,

S_{i}

{\bar{Θ}}_{i + 1}^{(V)}

{\bar{Γ}}_{i + 1}^{(V)}

Ψ_{i - 1}^{(V)}

Γ_{i - 1}^{(V)}

Π_{i - 1}^{(V)}

Λ_{i - 1}^{(V)}

1:
Define $R_{1}^{(n)}$ , $R_{1}^{' (n)}$ , $R_{2}^{(n)}$ , $R_{2}^{' (n)}$ , $R_{1, 2}^{(n)}$ , $R_{1, 2}^{' (n)}$ , $I^{(n)}$ , $R_{S}^{(n)}$ , $R_{Λ}^{(n)}$ (depending on the case)
2:
if $i = 1$ then ${\tilde{A}}_{1} [I^{(n)} \cup G_{1}^{(n)} \cup G_{1, 2}^{(n)}] \leftarrow S_{1}$
3:
if $i \in [2, L - 1]$ then ${\tilde{A}}_{i} [I^{(n)}] \leftarrow S_{i}$
4:
if $i = L$ then ${\tilde{A}}_{L} [I^{(n)} \cup G_{2}^{(n)}] \leftarrow S_{L}$
5:
$Ψ_{1, i - 1}^{(V)}$ , $Ψ_{2, i - 1}^{(V)} \leftarrow Ψ_{i - 1}^{(V)}$ (depending on the case)
6:
$Γ_{1, i - 1}^{(V)}$ , $Γ_{2, i - 1}^{(V)} \leftarrow Γ_{i - 1}^{(V)}$ (depending on the case)
7:
${\bar{Θ}}_{1, i + 1}^{(V)}$ , ${\bar{Θ}}_{2, i + 1}^{(V)} \leftarrow {\bar{Θ}}_{i + 1}^{(V)}$ (depending on the case)
8:
${\bar{Γ}}_{1, i + 1}^{(V)}$ , ${\bar{Γ}}_{2, i + 1}^{(V)} \leftarrow {\bar{Γ}}_{i + 1}^{(V)}$ (depending on the case)
9:
${\tilde{A}}_{i} [R_{1, 2}^{(n)}] \leftarrow Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$
10:
${\tilde{A}}_{i} [R_{1, 2}^{' (n)}] \leftarrow Ψ_{2, i - 1}^{(V)} \oplus {\bar{Θ}}_{2, i + 1}^{(V)}$
11:
if $i \in [1, L - 1]$ then
12:
${\tilde{A}}_{i} [R_{1}^{(n)}] \leftarrow {\bar{Θ}}_{1, i + 1}^{(V)}$
13:
${\tilde{A}}_{i} [R_{1}^{' (n)}] \leftarrow {\bar{Γ}}_{2, i + 1}^{(V)}$
14:
end if
15:
if $i \in [2, L]$ then
16:
${\tilde{A}}_{i} [R_{2}^{(n)}] \leftarrow Ψ_{1, i - 1}^{(V)}$
17:
${\tilde{A}}_{i} [R_{2}^{' (n)}] \leftarrow Γ_{2, i - 1}^{(V)}$
18:
${\tilde{A}}_{i} [R_{S}^{(n)}] \leftarrow Π_{i - 1}^{(V)}$
19:
${\tilde{A}}_{i} [R_{Λ}^{(n)}] \leftarrow Λ_{i - 1}^{(V)}$
20:
end if
21:
$Π_{i}^{(V)} \leftarrow {\tilde{A}}_{i} [I^{(n)} \cap G_{2}^{(n)}]$
22:
$Λ_{i}^{(V)} \leftarrow {\tilde{A}}_{i} [R_{Λ}^{(n)}]$
23:
return the sequences ${\tilde{A}}_{i} [G^{(n)}]$ , $Π_{i}^{(V)}$ and $Λ_{i}^{(V)}$

Open in a new tab

4.2. Function `form_A_G`

The function form_A_G encodes the confidential messages $S_{1 : L}$ and builds the chaining construction. Based on the sets in (10)–(19), let $R_{1}^{(n)} \subseteq G_{0}^{(n)} \cup G_{2}^{(n)}$ , $R_{1}^{' (n)} \subseteq G_{2}^{(n)}$ , $R_{2}^{(n)} \subseteq G_{1}^{(n)}$ , $R_{2}^{' (n)} \subseteq G_{1}^{(n)}$ , $R_{1, 2}^{(n)} \subseteq G_{0}^{(n)}$ , $R_{1, 2}^{' (n)} \subseteq G_{0}^{(n)}$ , $I^{(n)} \subseteq G_{0}^{(n)} \cup G_{2}^{(n)}$ , $R_{S}^{(n)} \subseteq G_{1}^{(n)}$ and $R_{Λ}^{(n)} \subseteq G_{1}^{(n)}$ form an additional partition of $G^{(n)}$ . The definition of $R_{1}^{(n)}$ , $R_{1}^{' (n)}$ , $R_{2}^{(n)}$ , $R_{2}^{' (n)}$ , $R_{1, 2}^{(n)}$ and $R_{1, 2}^{' (n)}$ will depend on the particular case (among A to D), while

\begin{matrix} I^{(n)} & ≜ (G_{0}^{(n)} \cup G_{2}^{(n)}) ∖ (R_{1}^{(n)} \cup R_{1}^{' (n)} \cup R_{1, 2}^{(n)} \cup R_{1, 2}^{' (n)}), \end{matrix}

(24)

\begin{matrix} R_{S}^{(n)} & ≜ any subset of G_{1}^{(n)} ∖ (R_{2}^{(n)} \cup R_{2}^{' (n)}) with size | I^{(n)} \cap G_{2}^{(n)} |, \end{matrix}

(25)

\begin{matrix} R_{Λ}^{(n)} & ≜ G_{1, 2}^{(n)} \cup (G_{1}^{(n)} ∖ (R_{2}^{(n)} \cup R_{2}^{' (n)} \cup R_{S}^{(n)})) . \end{matrix}

(26)

For $i \in [1, L]$ , let $S_{i}$ denote a uniformly distributed vector that represents the confidential message. The message $S_{1}$ has size $| I^{(n)} \cup G_{1}^{(n)} \cup G_{1, 2}^{(n)} |$ ; for $i \in [2, L - 1]$ , $S_{i}$ has size $| I^{(n)} |$ ; and $S_{L}$ has size $| I^{(n)} \cup G_{2}^{(n)} |$ . Furthermore, for $i \in [1, L]$ , we write $Ψ_{i}^{(V)} ≜ [Ψ_{1, i}^{(V)}, Ψ_{2, i}^{(V)}]$ , $Γ_{i}^{(V)} ≜ [Γ_{1, i}^{(V)}, Γ_{2, i}^{(V)}]$ , ${\bar{Θ}}_{i}^{(V)} ≜ [{\bar{Θ}}_{1, i}^{(V)}, {\bar{Θ}}_{2, i}^{(V)}]$ and ${\bar{Γ}}_{i}^{(V)} ≜ [{\bar{Γ}}_{1, i}^{(V)}, {\bar{Γ}}_{2, i}^{(V)}]$ , where we define $Ψ_{p, i}$ , $Γ_{p, i}$ , ${\bar{Θ}}_{p, i}$ and ${\bar{Γ}}_{p, i}$ , for any $p \in [1, 2]$ , accordingly in each case.

This function, which is used in Case A to Case D, is described in Algorithm 2.

4.2.1. Case A

In this case, recall that $| G_{1}^{(n)} | > | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | > | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | \geq | C_{1, 2}^{(n)} |$ . We define

\begin{matrix} R_{1}^{(n)} & ≜ any subset of G_{2}^{(n)} with size | C_{1}^{(n)} |, \end{matrix}

(27)

\begin{matrix} R_{2}^{(n)} & ≜ any subset of G_{1}^{(n)} with size | C_{2}^{(n)} |, \end{matrix}

(28)

\begin{matrix} R_{1, 2}^{(n)} & ≜ any subset of G_{0}^{(n)} with size | C_{1, 2}^{(n)} |, \end{matrix}

(29)

and $R_{1}^{' (n)} = R_{2}^{' (n)} = R_{1, 2}^{' (n)} ≜ \emptyset$ . By the assumption of Case A, it is clear that $R_{1}^{(n)}$ , $R_{2}^{(n)}$ and $R_{1, 2}^{(n)}$ exist. Furthermore, by (20), the set $I^{(n)}$ exists, and so will $R_{S}^{(n)}$ because

\begin{matrix} | G_{1}^{(n)} ∖ (R_{2}^{(n)} \cup R_{2}^{' (n)}) | - | I^{(n)} \cap G_{2}^{(n)} | & = | G_{1}^{(n)} ∖ (R_{2}^{(n)} \cup R_{2}^{' (n)}) | - | (G_{2}^{(n)} ∖ R_{1}^{(n)} \cup R_{1}^{' (n)}) | \\ = | G_{1}^{(n)} | - | C_{2}^{(n)} | - | G_{2}^{(n)} | - | C_{1}^{(n)} | \geq 0 . \end{matrix}

These sets that form the partition of $G^{(n)}$ in Case A can be seen in Figure 3, which also displays the encoding process that aims to construct ${\tilde{A}}_{1 : L} [H_{V}^{(n)}] = {\tilde{A}}_{1 : L} [C^{(n)} \cup G^{(n)}]$ .

For Case A, graphical representation of the encoding that leads to the construction of ${\tilde{A}}_{1 : L} [H_{V}^{(n)}]$ when $L = 4$ . Consider the Block 2: $R_{1}^{(n)}$ , $R_{2}^{(n)}$ , $R_{1, 2}^{(n)}$ , $R_{S}^{(n)}$ and $R_{Λ}^{(n)}$ are those areas filled with yellow squares, blue circles, blue and yellow diamonds, pink crosses, and gray pentagons, respectively, and the set $I^{(n)}$ is the green filled area. At Block $i \in [1, L]$ , $W_{i}$ is represented by symbols of the same color (e.g., red symbols at Block 2), and $Θ_{i}^{(V)}$ , $Ψ_{i}^{(V)}$ and $Γ_{i}^{(V)}$ are represented by squares, circles and triangles respectively. Furthermore, ${\bar{Θ}}_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ are denoted by squares and triangles, respectively, with a line through them. At Block $i \in [2, L - 1]$ , the diamonds denote $Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$ . In Block $i \in [1, L]$ , $S_{i}$ is stored into those entries whose indices belong to the green area. For $i \in [1, L - 1]$ , $Π_{i}^{(V)}$ is denoted by crosses (e.g., purple crosses at Block 2), and is repeated in ${\tilde{A}}_{i + 1} [R_{S}^{(n)}]$ . The sequence $Λ_{1}^{(V)}$ is represented by gray pentagons and is replicated in all blocks. The sequences $Υ_{(1)}^{(V)}$ and $Υ_{(2)}^{(V)}$ are those entries inside the red at Block 1 and the blue curve at Block L, respectively.

For $i \in [1, L]$ , we define $Ψ_{1, i}^{(V)} ≜ Ψ_{i}^{(V)}$ , $Γ_{1, i}^{(V)} ≜ Γ_{i}^{(V)}$ , ${\bar{Θ}}_{1, i}^{(V)} ≜ {\bar{Θ}}_{i}^{(V)}$ , ${\bar{Γ}}_{1, i}^{(V)} ≜ {\bar{Γ}}_{i}^{(V)}$ and, therefore, we have $Ψ_{2, i}^{(V)} = Γ_{2, i}^{(V)} = {\bar{Θ}}_{2, i}^{(V)} = {\bar{Γ}}_{2, i}^{(V)} ≜ ⌀$ .

From (18), we have $C_{2}^{(n)} \subseteq L_{V | Y_{(1)}}^{(n)} ∖ L_{V | Y_{(2)}}^{(n)}$ . Thus, the sequence $Ψ_{1, i - 1}^{(V)} = {\tilde{A}}_{i - 1} [C_{2}^{(n)}]$ is needed by legitimate Receiver 2 to reliably reconstruct ${\tilde{A}}_{i - 1}^{n}$ , but can be reliably inferred by legitimate Receiver 1 given ${\tilde{A}}_{i - 1} [{(L_{V | Y_{(1)}}^{(n)})}^{C}]$ . Hence, according to Algorithm 2, the encoder repeats the entire sequence $Ψ_{1, i - 1}^{(V)}$ in ${\tilde{A}}_{i} [R_{2}^{(n)}] \subseteq {\tilde{A}}_{i} [L_{V | Y_{(2)}}^{(n)} ∖ L_{V | Y_{(1)}}^{(n)}]$ .

Similarly, from (17), we have $C_{1}^{(n)} \subseteq L_{V | Y_{(2)}}^{(n)} ∖ L_{V | Y_{(1)}}^{(n)}$ . Thus, $Θ_{1, i + 1}^{(V)} = {\tilde{A}}_{i + 1} [C_{1}^{(n)}]$ is needed by Receiver 1 to form ${\tilde{A}}_{i + 1}^{n}$ but can be inferred by Receiver 2 given ${\tilde{A}}_{i + 1} [{(L_{V | Y_{(2)}}^{(n)})}^{C}]$ . Hence, the encoder repeats the sequence ${\bar{Θ}}_{1, i + 1}^{(V)}$ in ${\tilde{A}}_{i} [R_{1}^{(n)}] \subseteq {\tilde{A}}_{i} [L_{V | Y_{(1)}}^{(n)} ∖ L_{V | Y_{(2)}}^{(n)}]$ .

Finally, from (19), $C_{1, 2}^{(n)} \subseteq {(L_{V | Y_{(2)}}^{(n)})}^{C} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}$ . Thus, sequences $Γ_{1, i - 1}^{(V)} = {\tilde{A}}_{i - 1} [C_{1, 2}^{(n)}]$ and $Γ_{1, i + 1}^{(V)} = {\tilde{A}}_{i + 1} [C_{1, 2}^{(n)}]$ are needed by both receivers to form ${\tilde{A}}_{i - 1}^{n}$ and ${\tilde{A}}_{i + 1}^{n}$ respectively. Hence, the encoder repeats $Γ_{1, i - 1}^{(V)}$ and ${\bar{Γ}}_{1, i + 1}^{(V)}$ in ${\tilde{A}}_{i} [R_{1, 2}^{(n)}] \subseteq {\tilde{A}}_{i} [L_{V | Y_{(1)}}^{(n)} \cap L_{V | Y_{(2)}}^{(n)}]$ . Indeed, both sequences are repeated in the same entries of ${\tilde{A}}_{i} [G_{0}^{(n)}]$ by performing $Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$ . Since $Γ_{1, 0}^{(V)} = {\bar{Γ}}_{1, L + 1}^{(V)} = ⌀$ , only ${\bar{Γ}}_{1, 2}^{(V)}$ is repeated at Block 1 and $Γ_{1, L - 1}^{(V)}$ at Block L.

Moreover, part of secret message $S_{i}$ , $i \in [1, L]$ , is stored into some entries of ${\tilde{A}}_{i}^{n}$ whose indices belong to $G_{2}^{(n)}$ . Thus, in any Block $i \in [2, L]$ , the encoder repeats

\begin{matrix} Π_{i - 1}^{(V)} ≜ {\tilde{A}}_{i - 1} [I^{(n)} \cap G_{2}^{(n)}] \end{matrix}

in ${\tilde{A}}_{i} [R_{S}^{(n)}] \subseteq {\tilde{A}}_{i} [L_{V | Y_{(2)}}^{(n)} ∖ L_{V | Y_{(1)}}^{(n)}]$ . Furthermore, it repeats

\begin{matrix} Λ_{i - 1}^{(V)} ≜ {\tilde{A}}_{i - 1} [R_{Λ}^{(n)}] \end{matrix}

in ${\tilde{A}}_{i} [R_{Λ}^{(n)}]$ . Hence, notice that $Λ_{1}^{(V)}$ is replicated in all blocks.

4.2.2. Case B

In this case, $| G_{1}^{(n)} | > | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | > | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | < | C_{1, 2}^{(n)} |$ . We define $R_{1}^{(n)}$ and $R_{2}^{(n)}$ as in (27) and (28) respectively, and $R_{1, 2}^{' (n)} ≜ \emptyset$ . Now, since $| G_{0}^{(n)} | < | C_{1, 2}^{(n)} |$ , only a part of $Γ_{i - 1}^{(V)}$ and ${\bar{Γ}}_{i + 1}^{(V)}$ , $i \in [1, L]$ , can be repeated in ${\tilde{A}}_{i} [G_{0}^{(n)}]$ . Thus, we define $R_{1, 2}^{(n)} ≜ G_{0}^{(n)}$ and

\begin{matrix} R_{1}^{' (n)} & ≜ any subset of G_{2}^{(n)} ∖ R_{1}^{(n)} with size | C_{1, 2}^{(n)} | - | G_{0}^{(n)} |, \end{matrix}

(30)

\begin{matrix} R_{2}^{' (n)} & ≜ any subset of G_{1}^{(n)} ∖ R_{2}^{(n)} with size | C_{1, 2}^{(n)} | - | G_{0}^{(n)} | . \end{matrix}

(31)

Obviously, $R_{1, 2}^{(n)}$ exists and, by the assumption of Case B, so do $R_{1}^{(n)}$ and $R_{2}^{(n)}$ . By (20), $R_{1}^{' (n)}$ exists and so does $I^{(n)}$ . Indeed, since $G_{0}^{(n)} ∖ R_{1, 2}^{(n)} = \emptyset$ , then $I^{(n)} \subseteq G_{2}^{(n)}$ . Again, by the property in (20), $R_{2}^{' (n)}$ exists and so does $R_{S}^{(n)}$ because

\begin{matrix} | G_{1}^{(n)} ∖ (R_{2}^{(n)} \cup R_{2}^{' (n)}) | - | (G_{2}^{(n)} ∖ R_{1}^{(n)} \cup R_{1}^{' (n)}) | \\ = | G_{1}^{(n)} | - | C_{2}^{(n)} | - (| C_{1, 2}^{(n)} | - | G_{0}^{(n)} |) - (| G_{2}^{(n)} | - | C_{1}^{(n)} | - (| C_{1, 2}^{(n)} | - | G_{0}^{(n)} |)) \\ = | G_{1}^{(n)} | - | C_{2}^{(n)} | - | G_{2}^{(n)} | + | C_{1}^{(n)} | \geq 0 . \end{matrix}

Indeed, since $I^{(n)} \subseteq G_{2}^{(n)}$ , notice that $| R_{S}^{(n)} | = | I^{(n)} |$ . These sets that form the partition of $G^{(n)}$ in Case B can be seen in Figure 4, which also displays the encoding process that aims to construct ${\tilde{A}}_{1 : L} [H_{V}^{(n)}] = {\tilde{A}}_{1 : L} [C^{(n)} \cup G^{(n)}]$ .

For Case B, graphical representation of the encoding that leads to the construction of ${\tilde{A}}_{1 : L} [H_{V}^{(n)}]$ when $L = 4$ . Consider the Block 2: the sets $R_{1}^{(n)}$ , $R_{1}^{' (n)}$ , $R_{2}^{(n)}$ , $R_{2}^{' (n)}$ , $R_{1, 2}^{(n)}$ , $R_{S}^{(n)}$ and $R_{Λ}^{(n)}$ are those areas filled with yellow squares, yellow triangles, blue circles, blue triangles, blue and yellow diamonds, pink crosses, and gray pentagons, respectively, and $I^{(n)}$ is the green filled area with purple crosses. At Block $i \in [1, L]$ , $W_{i}$ is represented by symbols of the same color (e.g., red symbols at Block 2), and $Θ_{i}^{(V)}$ , $Ψ_{i}^{(V)}$ and $Γ_{i}^{(V)}$ are represented by squares, circles, and triangles, respectively. Furthermore, ${\bar{Θ}}_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ are denoted by squares and triangles, respectively, with a line through them. At Block $i \in [2, L - 1]$ , the diamonds denote $Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$ . In Block $i \in [1, L]$ , $S_{i}$ is stored into those entries whose indices belong to the green area. For $i \in [2, L - 1]$ , $Π_{i}^{(V)} = S_{i}$ and, therefore, $S_{i}$ is repeated entirely into ${\tilde{A}}_{i + 1} [R_{S}^{(n)}]$ . The sequence $Λ_{1}^{(V)}$ from $S_{1}$ is represented by gray pentagons and is repeated in all blocks. The sequences $Υ_{(1)}^{(V)}$ and $Υ_{(2)}^{(V)}$ are the entries inside the red curve at Block 1 and the blue curve at Block L, respectively.

In this case, for any $i \in [1, L]$ , $Ψ_{1, i}^{(V)} ≜ Ψ_{i}^{(V)}$ , ${\bar{Θ}}_{1, i}^{(V)} ≜ {\bar{Θ}}_{i}^{(V)}$ and $Ψ_{2, i}^{(V)} = {\bar{Θ}}_{2, i}^{(V)} ≜ ⌀$ ; and we define $Γ_{1, i}^{(V)}$ and ${\bar{Γ}}_{1, i}^{(V)}$ as any part of $Γ_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ , respectively, with size $| G_{0}^{(n)} |$ , and $Γ_{2, i}^{(V)}$ and ${\bar{Γ}}_{2, i}^{(V)}$ as the remaining parts with size $| C_{1, 2}^{(n)} | - | G_{0}^{(n)} |$ . Now, the encoder copies $Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$ into ${\tilde{A}}_{i} [R_{1, 2}^{(n)}]$ , and $Γ_{2, i - 1}^{(V)}$ and ${\bar{Γ}}_{2, i + 1}^{(V)}$ into ${\tilde{A}}_{i} [R_{2}^{' (n)}]$ and ${\tilde{A}}_{i} [R_{1}^{' (n)}]$ respectively. Moreover, since $I^{(n)} \subseteq G_{2}^{(n)}$ , notice that $Π_{i}^{(V)} = S_{i}$ for any $i \in [2, L - 1]$ .

4.2.3. Case C

In this case, recall that $| G_{1}^{(n)} | \geq | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | \leq | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | > | C_{1, 2}^{(n)} |$ . Hence, we define $R_{2}^{(n)}$ and $R_{1, 2}^{(n)}$ as in (28) and (29) respectively, and $R_{1}^{' (n)} = R_{2}^{' (n)} = R_{1, 2}^{' (n)} ≜ \emptyset$ . On the other hand, since $| G_{2}^{(n)} | \leq | C_{1}^{(n)} |$ , now for $i \in [1, L - 1]$ only a part of ${\bar{Θ}}_{i + 1}^{(V)}$ can be repeated entirely in ${\tilde{A}}_{i} [G_{2}^{(n)}]$ . Consequently, we define

\begin{matrix} R_{1}^{(n)} ≜ the union of G_{2}^{(n)} with any subset of G_{0}^{(n)} ∖ R_{1, 2}^{(n)} with size | C_{1}^{(n)} | - | G_{2}^{(n)} | . \end{matrix}

(32)

It is clear that $R_{2}^{(n)}$ and $R_{1, 2}^{(n)}$ exist. By (20), $R_{1}^{(n)}$ also exists and so does $I^{(n)}$ . Since $R_{1}^{(n)} \supseteq G_{2}^{(n)}$ , then $I^{(n)} \cap G_{2}^{(n)} = \emptyset$ and $R_{S}^{(n)} = \emptyset$ . These sets that form $G^{(n)}$ are represented in Figure 5, which also displays the part of the encoding that aims to construct ${\tilde{A}}_{1 : L} [H_{V}^{(n)}]$ .

For Case C, graphical representation of the encoding that leads to the construction of ${\tilde{A}}_{1 : L} [H_{V}^{(n)}]$ when $L = 4$ . Consider the Bloc 2: $R_{1}^{(n)}$ , $R_{2}^{(n)}$ , $R_{1, 2}^{(n)}$ and $R_{Λ}^{(n)}$ are those areas filled with yellow squares, blue circles, blue and yellow diamonds, and gray pentagons, respectively, and $I^{(n)}$ is the green filled area. At Block $i \in [1, L]$ , $W_{i}$ is represented by symbols of the same color (e.g., red symbols at Block 2), and $Θ_{i}^{(V)}$ , $Ψ_{i}^{(V)}$ and $Γ_{i}^{(V)}$ are represented by squares, circles, and triangles, respectively. Furthermore, ${\bar{Θ}}_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ are denoted by squares and triangles, respectively, with a line through them. At Block $i \in [2, L - 1]$ , the diamonds denote $Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$ . For $i \in [1, L]$ , $S_{i}$ is stored into those entries belonging to the green area. The sequence $Λ_{1}^{(V)}$ is represented by gray pentagons and is repeated in all blocks. The sequences $Υ_{(1)}^{(V)}$ and $Υ_{(2)}^{(V)}$ are the entries inside the red curve at Block 1 and the blue curve at Block L, respectively.

In this case, for $i \in [1, L]$ , we define $Ψ_{1, i}^{(V)} ≜ Ψ_{i}^{(V)}$ , $Γ_{1, i}^{(V)} ≜ Γ_{i}^{(V)}$ , ${\bar{Θ}}_{1, i}^{(V)} ≜ {\bar{Θ}}_{i}^{(V)}$ , ${\bar{Γ}}_{1, i}^{(V)} ≜ {\bar{Γ}}_{i}^{(V)}$ , and $Ψ_{2, i}^{(V)} = Γ_{2, i}^{(V)} = {\bar{Θ}}_{2, i}^{(V)} = {\bar{Γ}}_{2, i}^{(V)} ≜ ⌀$ . Moreover, note that $Π_{i}^{(V)} = ⌀$ because $I^{(n)} \cap G_{2}^{(n)} = \emptyset$ .

4.2.4. Case D

In this case, recall that $| G_{1}^{(n)} | < | C_{2}^{(n)} |$ , $| G_{2}^{(n)} | < | C_{1}^{(n)} |$ and $| G_{0}^{(n)} | > | C_{1, 2}^{(n)} |$ . The sets that form the partition of $G^{(n)}$ in Case D are defined below and can be seen in Figure 6, which also displays the encoding process that aims to construct of ${\tilde{A}}_{1 : L} [H_{V}^{(n)}]$ .

For Case D, graphical representation of the encoding that leads to the construction of ${\tilde{A}}_{1 : L} [H_{V}^{(n)}]$ when $L = 4$ . Consider the Block 2: $R_{1}^{(n)}$ , $R_{2}^{(n)}$ , $R_{1, 2}^{(n)}$ , $R_{1, 2}^{' (n)}$ and $R_{Λ}^{(n)}$ are those areas filled with yellow squares, blue circles, blue and yellow diamonds, yellow squares overlapped by blue circles, and gray pentagons, respectively, and the set $I^{(n)}$ is the green filled area. At Block $i \in [1, L]$ , $W_{i}$ is represented by symbols of the same color (e.g., red symbols at Block 2), and $Θ_{i}^{(V)}$ , $Ψ_{i}^{(V)}$ and $Γ_{i}^{(V)}$ are represented by squares, circles, and triangles, respectively. Furthermore, ${\bar{Θ}}_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ are denoted by squares and triangles, respectively, with a line through them. At Block $i \in [2, L - 1]$ , $Γ_{1, i - 1}^{(V)} \oplus {\bar{Γ}}_{1, i + 1}^{(V)}$ is represented by diamonds, and $Ψ_{2, i - 1}^{(V)} \oplus {\bar{Θ}}_{2, i + 1}^{(V)}$ by squares overlapped by circles. At Block $i \in [1, L]$ , $S_{i}$ is stored into those entries that belong to the green area. Sequence $Λ_{1}^{(V)}$ is denoted by gray pentagons and is repeated in all blocks. Sequences $Υ_{(1)}^{(V)}$ and $Υ_{(2)}^{(V)}$ are the entries inside the red curve at Block 1 and the blue curve at Block L, respectively.

As in Case A and Case C, since $| G_{0}^{(n)} | > | C_{1, 2}^{(n)} |$ then we define the set $R_{1, 2}^{(n)}$ as in (29) and $R_{1}^{' (n)} = R_{2}^{' (n)} ≜ \emptyset$ . On the other hand, since $| G_{1}^{(n)} | < | C_{2}^{(n)} |$ , now for $i \in [2, L]$ only a part of $Ψ_{i - 1}^{(V)}$ can be repeated entirely in ${\tilde{A}}_{i} [G_{1}^{(n)}]$ . Consequently, we define $R_{2}^{(n)} ≜ G_{1}^{(n)}$ and

\begin{matrix} R_{1, 2}^{' (n)} ≜ any subset of G_{0}^{(n)} ∖ R_{1, 2}^{(n)} with size | C_{2}^{(n)} | - | G_{1}^{(n)} | . \end{matrix}

(33)

By (20), it is clear that $R_{1, 2}^{' (n)}$ exists. Now, despite $| G_{2}^{(n)} | < | C_{1}^{(n)} |$ as in Case C, the set $R_{1}^{(n)}$ is not defined as in (32), but

\begin{matrix} R_{1}^{(n)} & ≜ the union of G_{2}^{(n)} with any subset \\ of G_{0}^{(n)} ∖ (R_{1, 2}^{(n)} \cup R_{1, 2}^{' (n)}) with size | C_{1}^{(n)} | - | G_{2}^{(n)} | - (| C_{2}^{(n)} | - | G_{1}^{(n)} |), \end{matrix}

(34)

which exists because, by the assumption in (20), we have

\begin{matrix} | G_{0}^{(n)} ∖ (R_{1, 2}^{(n)} \cup R_{1, 2}^{' (n)}) | - | R_{1}^{(n)} | \\ = | G_{0}^{(n)} | - | C_{1, 2}^{(n)} | - | C_{2}^{(n)} | + | G_{1}^{(n)} | - (| C_{1}^{(n)} | - | G_{2}^{(n)} | - | C_{2}^{(n)} | + | G_{1}^{(n)} |) \\ = | G_{0}^{(n)} | - | C_{1, 2}^{(n)} | - | C_{1}^{(n)} | + | G_{2}^{(n)} | \geq 0 . \end{matrix}

In this case, for $i \in [1, L]$ , we set $Γ_{1, i}^{(V)} ≜ Γ_{i}^{(V)}$ , ${\bar{Γ}}_{1, i}^{(V)} ≜ {\bar{Γ}}_{i}^{(V)}$ and ${\bar{Γ}}_{2, i}^{(V)} = Γ_{2, i}^{(V)} ≜ ⌀$ . Furthermore, we define $Ψ_{1, i}^{(V)}$ as any part of $Ψ_{i}^{(V)}$ with size $| G_{1}^{(n)} |$ , and $Ψ_{2, i}^{(V)}$ as the remaining part with size $| C_{2}^{(n)} | - | G_{1}^{(n)} |$ . Lastly, we define ${\bar{Θ}}_{1, i}^{(V)}$ as any part ${\bar{Θ}}_{i}^{(V)}$ with size $| C_{1}^{(n)} | - (| C_{2}^{(n)} | - | G_{1}^{(n)} |)$ , and ${\bar{Θ}}_{2, i}^{(V)}$ as the remaining part with size $| C_{2}^{(n)} | - | G_{1}^{(n)} |$ .

Thus, according to Algorithm 2, instead of repeating $Ψ_{2, i - 1}^{(V)}$ , that is, the part of $Ψ_{i - 1}^{(V)}$ that does not fit in ${\tilde{A}}_{i}^{n} [G_{1}^{(n)}]$ , in a specific part of ${\tilde{A}}_{i} [G_{0}^{(n)}]$ , the encoder stores $Ψ_{2, i - 1}^{(V)} \oplus {\bar{Θ}}_{2, i + 1}^{(V)}$ into ${\tilde{A}}_{i} [R_{1, 2}^{' (n)}] \subseteq {\tilde{A}}_{i} [G_{0}^{(n)}]$ , where ${\bar{Θ}}_{2, i + 1}^{(V)}$ denotes part of those elements of ${\bar{Θ}}_{i + 1}^{(V)}$ that do not fit in ${\tilde{A}}_{i} [G_{2}^{(n)}]$ . Furthermore, as in Case C, since $I^{(n)} \cap G_{2}^{(n)} = \emptyset$ , we have $Π_{i}^{(V)} = ⌀$ .

4.3. Channel Prefixing

For $i \in [1, L]$ , let $R_{i}$ be a uniformly distributed vector of length $| H_{X | V}^{(n)} ∖ H_{X | V Z}^{(n)} |$ that represents the randomization sequence. Furthermore, let $Λ_{0}^{(X)}$ be a uniformly distributed random sequence of size $| H_{X | V Z}^{(n)} |$ . The channel prefixing aims to construct ${\tilde{X}}_{i}^{n} = {\tilde{T}}_{i}^{n} G_{n}$ and is summarized in Algorithm 3.

Algorithm 3 Function pb_ch_pref

Require:

{\tilde{V}}_{i}^{n}

R_{i}

Λ_{i - 1}^{(X)}

1:
${\tilde{T}}_{i} [H_{X | V Z}^{(n)}] \leftarrow Λ_{i - 1}^{(X)}$
2:
${\tilde{T}}_{i} [H_{X | V}^{(n)} ∖ H_{X | V Z}^{(n)}] \leftarrow R_{i}$
3:
for $j \in {(H_{X | V}^{(n)})}^{C}$ do
4:
if $j \in {(H_{X | V}^{(n)})}^{C} ∖ L_{X | V}^{(n)}$ then
5:
${\tilde{T}}_{i} (j) \leftarrow p_{T (j) | T^{1 : j - 1} V^{n}} ({\tilde{T}}_{i} (j) | {\tilde{T}}_{i}^{1 : j - 1} {\tilde{V}}_{i}^{n})$
6:
else if $j \in L_{X | V}^{(n)}$ then
7:
${\tilde{T}}_{i} (j) \leftarrow {arg max}_{t \in X} p_{T (j) | T^{1 : j - 1} V^{n}} (t | {\tilde{T}}_{i}^{1 : j - 1} {\tilde{V}}_{i}^{n})$
8:
end if
9:
end for
10:
${\tilde{X}}_{i}^{n} \leftarrow {\tilde{T}}_{i}^{n} G_{n}$
11:
$Λ_{i}^{(X)} \leftarrow {\tilde{T}}_{i} [H_{X | V}^{(n)} ∖ H_{X | V Z}^{(n)}]$
12:
return ${\tilde{X}}_{i}^{n}$ and $Λ_{i}^{(X)}$

Open in a new tab

Notice that the sequence $Λ_{0}^{(X)}$ is copied in ${\tilde{T}}_{i} [H_{X | V Z}^{(n)}]$ at any Block $i \in [1, L]$ , while $R_{i}$ is stored into ${\tilde{T}}_{i} [H_{X | V}^{(n)} ∖ H_{X | V Z}^{(n)}]$ . After forming ${\tilde{T}}_{i} [H_{X | V}^{(n)}]$ , and given the sequence ${\tilde{V}}_{i}^{n} ≜ {\tilde{A}}_{i}^{n} G_{n}$ , the encoder forms the remaining entries of ${\tilde{T}}_{i}^{n}$ , that is, ${\tilde{T}}_{i} [{(H_{X | V}^{(n)})}^{C}]$ as follows. If $j \in L_{X | V}^{(n)}$ , where $L_{V | X}^{(n)} ≜ \{j \in [1, n] : H (T (j) | T^{1 : j - 1} V^{n}) \leq δ_{n}\}$ , it constructs ${\tilde{T}}_{i} (j)$ deterministically by using SC encoding [24]. Otherwise, if $j \in (H_{X | V}^{(n)})^{C} ∖ L_{X | V}^{(n)}$ , the encoder randomly draws ${\tilde{T}}_{i} (j)$ from distribution $p_{T (j) | T^{1 : j - 1} V^{n}}$ .

4.4. Decoding

Consider that $(Υ_{(k)}^{(V)}, Φ_{(k), 1 : L}^{(V)})$ , for all $k \in [1, 2]$ , is available to the k-th legitimate receiver. In the decoding process, both legitimate receivers form the estimates ${\hat{A}}_{1 : L}^{n}$ of ${\tilde{A}}_{1 : L}^{n}$ and then obtain the messages $({\hat{W}}_{1 : L}, {\hat{S}}_{1 : L})$ .

4.4.1. Legitimate Receiver 1

This receiver forms the estimates ${\hat{A}}_{1 : L}^{n}$ by going forward, i.e., from ${\hat{A}}_{1}^{n}$ to ${\hat{A}}_{L}^{n}$ , and this process is summarized in Algorithm 4.

Algorithm 4 Decoding at legitimate Receiver 1

Require:

Υ_{(1)}^{(V)}

Φ_{(1), 1 : L}^{(V)}

κ_{Θ}^{(V)}

and

κ_{Γ}^{(V)}

, and

{\tilde{Y}}_{(1), 1 : L}^{n}

1:
${\hat{A}}_{1}^{n} \leftarrow (Υ_{(1)}^{(V)}, Φ_{(1), 1}^{(V)}, {\tilde{Y}}_{(1), 1}^{n})$
2:
${\hat{Λ}}_{2 : L}^{(V)} \leftarrow {\hat{A}}_{1} [R_{Λ}^{(n)}]$
3:
for $i = 1$ to $L - 1$ do
4:
${\hat{Ψ}}_{i}^{(V)} \leftarrow {\hat{A}}_{i} [C_{2}^{(n)}]$
5:
${\hat{Γ}}_{i}^{(V)} \leftarrow {\hat{A}}_{i} [C_{1, 2}^{(n)}]$
6:
${\hat{\bar{Θ}}}_{i + 1}^{(V)} \leftarrow ({\hat{A}}_{i} [R_{1}^{(n)}], {\hat{A}}_{i} [R_{1, 2}^{' (n)}] \oplus {\hat{Ψ}}_{2, i - 1}^{(V)})$
7:
${\hat{Θ}}_{i + 1}^{(V)} \leftarrow {\hat{\bar{Θ}}}_{i + 1}^{(V)} \oplus κ_{Θ}^{(V)}$
8:
${\hat{\bar{Γ}}}_{i + 1}^{(V)} \leftarrow ({\hat{A}}_{i} [R_{1, 2}^{(n)}] \oplus {\hat{Γ}}_{1, i - 1}^{(V)}, {\hat{A}}_{i} [R_{1}^{' (n)}])$
9:
${\hat{Γ}}_{i + 1}^{(V)} \leftarrow {\hat{\bar{Γ}}}_{i + 1}^{(V)} \oplus κ_{Γ}^{(V)}$
10:
${\hat{Π}}_{i}^{(V)} \leftarrow {\hat{A}}_{i} [I^{(n)} \cap G_{2}^{(n)}]$
11:
${\hat{Υ}}_{(1), i + 1}^{' (V)} \leftarrow ({\hat{Ψ}}_{1, i}^{(V)}, {\hat{Γ}}_{2, i}^{(V)}, {\hat{Θ}}_{i + 1}^{(V)}, {\hat{Γ}}_{i + 1}^{(V)}, {\hat{Π}}_{i}^{(V)}, {\hat{Λ}}_{i}^{(V)})$
12:
${\hat{A}}_{i + 1}^{n} \leftarrow ({\hat{Υ}}_{(1), i + 1}^{' (V)}, Φ_{(1), i + 1}^{(V)}, {\tilde{Y}}_{(1), i + 1}^{n})$
13:
end for

Open in a new tab

In all cases (among Case A to Case D), Receiver 1 constructs ${\hat{A}}_{1}^{n}$ as follows. Given $Υ_{(1)}^{(V)}$ (all the elements inside the red curve at Block 1 in Figure 3, Figure 4, Figure 5 and Figure 6) and $Φ_{(1), 1}^{(V)}$ , notice that Receiver 1 knows ${\tilde{A}}_{1} [{(L_{V | Y_{(1)}}^{(n)})}^{C}]$ . Therefore, from $(Υ_{(1)}^{(V)}, Φ_{(1), 1}^{(V)})$ and channel observations ${\tilde{Y}}_{(1), 1}^{n}$ , Receiver 1 performs SC decoding to form ${\hat{A}}_{1}^{n}$ . Moreover, since $Λ_{1}^{(V)}$ has been replicated in all blocks, legitimate Receiver 1 obtains ${\hat{Λ}}_{2 : L}^{(V)} = {\hat{A}}_{1} [R_{Λ}^{(n)}]$ (gray pentagons in all blocks).

For $i \in [1, L - 1]$ , consider the construction of ${\hat{A}}_{i + 1}^{n}$ . First, since ${\hat{A}}_{1 : i}^{n}$ have already been estimated, from ${\hat{A}}_{i}^{n}$ Receiver 1 obtains ${\hat{Ψ}}_{i}^{(V)} = {\hat{A}}_{i} [C_{2}^{(n)}]$ (e.g., red circles at Block 2 in Figure 3, Figure 4, Figure 5 and Figure 6) and ${\hat{Γ}}_{i}^{(V)} = {\hat{A}}_{i} [C_{1, 2}^{(n)}]$ (red triangles).

Furthermore, from ${\hat{A}}_{i}^{n}$ , Receiver 1 obtains ${\hat{Θ}}_{i + 1}^{(V)}$ as follows. At Block 1, in all cases it gets ${\hat{\bar{Θ}}}_{2}^{(V)} = {\tilde{A}}_{1} [R_{1}^{(n)} \cup R_{1, 2}^{' (n)}]$ (all the red squares with a line through them at Block 1 in Figure 3, Figure 4, Figure 5 and Figure 6). At Block $i \in [2, L - 1]$ , we distinguish two situations:

In Case D, Receiver 1 gets ${\hat{\bar{Θ}}}_{1, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1}^{(V)}]$ (e.g., yellow squares with a line through them at Block 2 in Figure 6) and ${\hat{Ψ}}_{2, i - 1}^{(V)} \oplus {\hat{\bar{Θ}}}_{2, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{' (V)}]$ (yellow squares with a line through them overlapped by blue circles). Since ${\hat{Ψ}}_{2, i - 1}^{(V)} \subset {\hat{A}}_{i - 1}^{n}$ (blue circles) has already been estimated, Receiver 1 obtains ${\hat{\bar{Θ}}}_{2, i + 1}^{(V)} = {\hat{Ψ}}_{2, i - 1}^{(V)} \oplus {\hat{A}}_{i} [R_{1, 2}^{' (V)}]$ (yellow squares with a line through them).
Otherwise, in other cases, Receiver 1 obtains ${\hat{\bar{Θ}}}_{i + 1}^{(V)} = {\hat{A}}_{i} [R_{1}^{(n)}]$ directly (yellow squares with a line through them at Block 2 in Figure 3, Figure 4 and Figure 5).

Then, given ${\hat{\bar{Θ}}}_{i + 1}^{(V)} = [{\hat{\bar{Θ}}}_{1, i + 1}^{(V)}, {\hat{\bar{Θ}}}_{2, i + 1}^{(V)}]$ , in all cases Receiver 1 recovers ${\hat{Θ}}_{i + 1}^{(V)} = {\hat{\bar{Θ}}}_{i + 1}^{(V)} \oplus κ_{Θ}^{(V)}$ .

From ${\hat{A}}_{i}^{n}$ , Receiver 1 also obtains ${\hat{Γ}}_{i + 1}^{(V)}$ as follows. At Block 1, in all cases it gets ${\hat{\bar{Γ}}}_{2}^{(V)} = {\tilde{A}}_{1} [R_{1, 2}^{(n)} \cup R_{1}^{' (n)}]$ directly (e.g., all red triangles with a line through them at Block 1 in Figure 3, Figure 4, Figure 5 and Figure 6). At Block $i \in [2, L - 1]$ , in all cases it obtains ${\hat{Γ}}_{1, i - 1}^{(V)} \oplus {\hat{\bar{Γ}}}_{1, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{(n)}]$ (e.g., blue and yellow diamonds with a line through them at Block 2). Since ${\hat{Γ}}_{1, i - 1}^{(V)} \subset {\hat{A}}_{i - 1}^{n}$ (blue triangles) has already been estimated, Receiver 1 obtains ${\hat{\bar{Γ}}}_{1, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{(n)}] \oplus {\hat{Γ}}_{1, i - 1}^{(V)}$ (yellow triangles with a line through them). Only in Case B, Receiver 1 obtains ${\hat{\bar{Γ}}}_{2, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1}^{' (n)}]$ (remaining yellow triangles with a line through them at Block 2 in Figure 4). Then, given ${\hat{\bar{Γ}}}_{i + 1}^{(V)} = [{\hat{\bar{Γ}}}_{1, i + 1}^{(V)}, {\hat{\bar{Γ}}}_{2, i + 1}^{(V)}]$ , in all cases Receiver 1 recovers ${\hat{Γ}}_{i + 1}^{(V)} = {\hat{\bar{Γ}}}_{i + 1}^{(V)} \oplus κ_{Γ}^{(V)}$ .

Lastly, only in Case A and Case B, Receiver 1 obtains ${\hat{Π}}_{i}^{(V)} = {\hat{A}}_{i} [I^{(n)} \cap G_{2}^{(n)}]$ (e.g., purple crosses at Block 2 in Figure 3 and Figure 4).

Finally, define the sequence ${\hat{Υ}}_{(1), i + 1}^{' (V)} ≜ [{\hat{Ψ}}_{1, i}^{(V)}, {\hat{Γ}}_{2, i}^{(V)}, {\hat{Θ}}_{i + 1}^{(V)}, {\hat{Γ}}_{i + 1}^{(V)}, {\hat{Π}}_{i}^{(V)}, {\hat{Λ}}_{i}^{(V)}]$ . Notice that ${\hat{Υ}}_{(1), i + 1}^{' (V)} \supseteq {\hat{A}}_{i + 1} [H_{V}^{(n)} ∖ L_{V | Y_{(1)}}^{(n)}]$ (elements inside red curve at Block $i + 1$ in Figure 3, Figure 4, Figure 5 and Figure 6). Therefore, Receiver 1 performs SC decoding to form ${\hat{A}}_{i + 1}^{n}$ by using ${\hat{Υ}}_{(1), i + 1}^{' (V)}$ , $Φ_{(1), i + 1}^{(V)}$ and the channel observations ${\tilde{Y}}_{(1), i + 1}^{n}$ .

4.4.2. Legitimate Receiver 2

This receiver forms the estimates ${\hat{A}}_{1 : L}^{n}$ by going backward, i.e., from ${\hat{A}}_{L}^{n}$ to ${\hat{A}}_{1}^{n}$ , and this process is summarized in Algorithm 5.

Algorithm 5 Decoding at legitimate Receiver 2

Require:

Υ_{(2)}^{(V)}

Φ_{(2), 1 : L}^{(V)}

κ_{Θ}^{(V)}

and

κ_{Γ}^{(V)}

, and

{\tilde{Y}}_{(2), 1 : L}^{n}

1:
${\hat{A}}_{L}^{n} \leftarrow (Υ_{(2)}^{(V)}, Φ_{(2), L}^{(V)}, {\tilde{Y}}_{(2), L}^{n})$
2:
${\hat{Λ}}_{1 : L - 1}^{(V)} \leftarrow {\hat{A}}_{L} [R_{Λ}^{(n)}]$
3:
for $i = L$ to 2 do
4:
${\hat{\bar{Θ}}}_{i}^{(V)} \leftarrow {\hat{A}}_{i} [C_{1}^{(n)}] \oplus κ_{Θ}^{(V)}$
5:
${\hat{\bar{Γ}}}_{i}^{(V)} \leftarrow {\hat{A}}_{i} [C_{1, 2}^{(n)}] \oplus κ_{Γ}^{(V)}$
6:
${\hat{Ψ}}_{i - 1}^{(V)} \leftarrow ({\hat{A}}_{i} [R_{2}^{(n)}], {\hat{A}}_{i} [R_{1, 2}^{' (n)}] \oplus {\hat{\bar{Θ}}}_{2, i + 1}^{(V)})$
7:
${\hat{Γ}}_{i - 1}^{(V)} \leftarrow ({\hat{A}}_{i} [R_{1, 2}^{(n)}] \oplus {\hat{\bar{Γ}}}_{1, i + 1}^{(V)}, {\hat{A}}_{i} [R_{2}^{' (n)}])$
8:
${\hat{Π}}_{i - 1}^{(V)} \leftarrow {\hat{A}}_{i} [R_{S}^{(n)}]$
9:
$Υ_{(2), i - 1}^{' (V)} \leftarrow ({\hat{\bar{Θ}}}_{1, i}^{(V)}, {\hat{\bar{Γ}}}_{2, i}^{(V)}, {\hat{Ψ}}_{i - 1}^{(V)}, {\hat{Γ}}_{i - 1}^{(V)}, {\hat{Π}}_{i - 1}^{(V)}, {\hat{Λ}}_{i - 1}^{(V)})$
10:
${\hat{A}}_{i - 1}^{n} \leftarrow (Υ_{(2), i - 1}^{' (V)}, Φ_{(2), i - 1}^{(V)}, {\tilde{Y}}_{(2), i - 1}^{n})$
11:
end for

Open in a new tab

In all cases (among Case A to Case D), Receiver 2 constructs ${\hat{A}}_{L}^{n}$ as follows. Given $Υ_{(2)}^{(V)}$ (all the elements inside blue curve at Block 4 in Figure 3, Figure 4, Figure 5 and Figure 6) and $Φ_{(2), L}^{(V)}$ , notice that Receiver 2 knows ${\tilde{A}}_{L} [{(L_{V | Y_{(2)}}^{(n)})}^{C}]$ . Hence, from $(Υ_{(2)}^{(V)}$ , $Φ_{(2), L}^{(V)})$ and channel output observations ${\tilde{Y}}_{(2), L}^{n}$ , Receiver 2 performs SC decoding to form ${\hat{A}}_{L}^{n}$ . Since $Λ_{1}^{(V)}$ has been replicated in all blocks, from ${\hat{A}}_{L}^{n}$ it obtains ${\hat{Λ}}_{1 : L - 1}^{(V)} = {\hat{A}}_{L} [R_{Λ}^{(n)}]$ (gray pentagons at all blocks).

For $i \in [2, L]$ , consider the construction of ${\hat{A}}_{i - 1}^{n}$ . First, since ${\hat{A}}_{i : L}^{n}$ have already been estimated, from ${\hat{A}}_{i}^{n}$ Receiver 2 obtains the sequence ${\hat{Θ}}_{i}^{(V)} = {\hat{A}}_{i} [C_{1}^{(n)}]$ (e.g., yellow squares at Block 3 in Figure 3, Figure 4, Figure 5 and Figure 6). Given ${\hat{Θ}}_{i}^{(V)}$ , it computes ${\hat{\bar{Θ}}}_{i}^{(V)} = {\hat{Θ}}_{i}^{(V)} \oplus κ_{Θ}^{(V)}$ (yellow squares with a line through them). Furthermore, Receiver 2 obtains ${\hat{Γ}}_{i}^{(V)} = {\hat{A}}_{i} [C_{1, 2}^{(n)}]$ (yellow triangles at Block 3 in Figure 3, Figure 4, Figure 5 and Figure 6). Given this sequence, it computes ${\hat{\bar{Γ}}}_{i}^{(V)} = {\hat{Γ}}_{i}^{(V)} \oplus κ_{Γ}^{(V)}$ (yellow triangles with a line through them).

Furthermore, from ${\hat{A}}_{i}^{n}$ , Receiver 2 obtains ${\hat{Ψ}}_{i - 1}^{(V)}$ as follows. At block L, in all cases it gets ${\hat{Ψ}}_{L - 1}^{(V)} = {\hat{A}}_{i} [R_{2}^{(n)} \cup R_{1, 2}^{' (n)}]$ directly (all yellow circles at Block L in Figure 3, Figure 4, Figure 5 and Figure 6). At Block $i \in [2, L - 1]$ , we distinguish two situations:

In Case D, Receiver 2 obtains ${\hat{Ψ}}_{1, i - 1}^{(V)} = {\hat{A}}_{i} [R_{2}^{(n)}]$ (e.g., red circles at Block 3 in Figure 6) and ${\hat{Ψ}}_{2, i - 1}^{(V)} \oplus {\hat{\bar{Θ}}}_{2, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{' (n)}]$ (cyan squares with a line through them overlapped by red circles). Since ${\hat{\bar{Θ}}}_{2, i + 1}^{(V)}$ (cyan squares with a line through them) has already been estimated, it obtains ${\hat{Ψ}}_{2, i - 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{' (n)}] \oplus {\hat{\bar{Θ}}}_{2, i + 1}^{(V)}$ (red circles).
Otherwise, in other cases, Receiver 2 obtains directly ${\hat{Ψ}}_{i - 1}^{(V)} = {\hat{A}}_{i} [R_{2}^{(n)}]$ (e.g., red circles at Block 3 in Figure 3, Figure 4 and Figure 5).

From ${\hat{A}}_{i}^{n}$ , Receiver 2 also obtains ${\hat{Γ}}_{i - 1}^{(V)}$ as follows. At block L, in all cases it gets ${\hat{\bar{Γ}}}_{L - 1}^{(V)} = {\hat{A}}_{L} [R_{1, 2}^{(n)} \cup R_{2}^{' (n)}]$ (e.g., all yellow triangles at Block L in Figure 3, Figure 4, Figure 5 and Figure 6). At Block $i \in [2, L - 1]$ , in all cases Receiver 2 obtains ${\hat{Γ}}_{1, i - 1}^{(V)} \oplus {\hat{\bar{Γ}}}_{1, i + 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{(n)}]$ (e.g., red and cyan diamonds with a line through them at Block 3). Since ${\hat{\bar{Γ}}}_{1, i + 1}^{(V)}$ (cyan triangles with a line through them) has already been estimated, Receiver 2 obtains ${\hat{Γ}}_{1, i - 1}^{(V)} = {\hat{A}}_{i} [R_{1, 2}^{(n)}] \oplus {\hat{\bar{Γ}}}_{1, i + 1}^{(V)}$ (red triangles). Furthermore, only in Case B, Receiver 2 obtains the sequence ${\hat{Γ}}_{2, i - 1}^{(V)} = {\hat{A}}_{i} [R_{2}^{' (n)}]$ (remaining red triangles at Block 3 in Figure 4).

Lastly, only in Case A and Case B, Receiver 2 obtains the sequence ${\hat{Π}}_{i - 1}^{(V)} = {\hat{A}}_{i} [R_{S}^{(n)}]$ (e.g., purple crosses at Block 3 in Figure 3 and Figure 4).

Finally, define the sequence $Υ_{(2), i - 1}^{' (V)} ≜ [{\hat{\bar{Θ}}}_{1, i}^{(V)}, {\hat{\bar{Γ}}}_{2, i}^{(V)}, {\hat{Ψ}}_{i - 1}^{(V)}, {\hat{Γ}}_{i - 1}^{(V)}, {\hat{Π}}_{i - 1}^{(V)}, {\hat{Λ}}_{i - 1}^{(V)}]$ . Notice that $Υ_{(2), i - 1}^{' (V)} \supseteq {\hat{A}}_{i - 1} [H_{V}^{(n)} ∖ L_{V | Y_{(2)}}^{(n)}]$ (elements inside blue curve at Block $i - 1$ in Figure 3, Figure 4, Figure 5 and Figure 6). Thus, Receiver 2 performs SC decoding to form ${\hat{A}}_{i - 1}^{n}$ by using $Υ_{(2), i - 1}^{' (V)}$ , $Φ_{(2), i - 1}^{(V)}$ and ${\tilde{Y}}_{(2), i - 1}^{n}$ .

5. Performance of the Polar Coding Scheme

The analysis of the polar coding scheme of Section 4 leads to the following theorem.

Theorem 1.

Let $(X, p_{Y_{(1)} Y_{(2)} Z | X}, Y_{(1)} \times Y_{(2)} \times Z)$ be an arbitrary WTBC, such that $X \in {0, 1}$ . The polar coding scheme described in Section 4 achieves the corner point in Equation (4) of the region $R_{CI - WTBC}$ defined in Proposition 1.

The proof of Theorem 1 follows in four steps and is provided in the following subsections. In Section 5.1 we show that the polar coding scheme approaches the rate tuple in (4). In Section 5.2 we prove that the joint distribution of $({\tilde{V}}_{i}^{n}, {\tilde{X}}_{i}^{n}, {\tilde{Y}}_{(1), i}^{n}, {\tilde{Y}}_{(2), i}^{n}, {\tilde{Z}}_{i}^{n})$ , for all $i \in [1, L]$ , is asymptotically indistinguishable of the one of the original DMS that is used for the polar code construction. Finally, in Section 5.3 and Section 5.4 we show that the polar coding scheme satisfies the reliability and the secrecy conditions (1) and (2) respectively.

5.1. Transmission Rates

We prove that the polar coding scheme described in Section 4 approaches the rate tuple in Equation (4). Furthermore, we show that the overall length of the secret keys $κ_{Θ}^{(V)}$ , $κ_{Γ}^{(V)}$ , $κ_{Υ Φ_{(1)}}^{(V)}$ and $κ_{Υ Φ_{(2)}}^{(V)}$ , and the additional randomness used in the encoding (besides the randomization sequences) are asymptotically negligible in terms of rate.

5.1.1. Private Message Rate

For $i \in [1, L]$ , we have $W_{i} = {\tilde{A}}_{i} [C^{(n)}]$ . According to the definition of $C^{(n)}$ in (11), and since $H_{V | Z}^{(n)} \subseteq H_{V}^{(n)}$ , the rate of $W_{1 : L}$ is

\begin{matrix} \frac{1}{n L} \sum_{i = 1}^{L} | W_{i} | = \frac{1}{n} | H_{V}^{(n)} \cap {(H_{V | Z}^{(n)})}^{C} | = \frac{1}{n} | H_{V}^{(n)} | - \frac{1}{n} | H_{V | Z}^{(n)} | \overset{n \to \infty}{\to} H (V) - H (V | Z) \end{matrix}

where the limit holds by Lemma 4 of [10]. Therefore, the private message rate achieved by the polar coding scheme is $R_{W} = I (V; Z)$ , as in (4).

5.1.2. Confidential Message Rate

From Section 4.2, in all cases we have $S_{1} = {\tilde{A}}_{1} [I^{(n)} \cup G_{1}^{(n)} \cup G_{1, 2}^{(n)}]$ ; for $i \in [2, L - 1]$ , we have $S_{i} = {\tilde{A}}_{i} [I^{(n)}]$ ; and $S_{L} = {\tilde{A}}_{L} [I^{(n)} \cup G_{2}^{(n)}]$ . Thus, we have

\begin{matrix} \frac{1}{n L} \sum_{i = 1}^{L} | S_{i} | \\ = \frac{(L - 2)}{n L} | I^{(n)} | + \frac{1}{n L} (| I^{(n)} \cup G_{1}^{(n)} \cup G_{1, 2}^{(n)} | + | I^{(n)} \cup G_{2}^{(n)} |) \\ = \frac{1}{n} | I^{(n)} | + \frac{1}{n L} (| G_{1}^{(n)} | + | G_{2}^{(n)} | + | G_{1, 2}^{(n)} |) \\ = \frac{1}{n} | I^{(n)} | + \frac{1}{n L} | G^{(n)} ∖ G_{0}^{(n)} | \\ \overset{(a)}{=} \frac{1}{n} (| G_{0}^{(n)} | + | G_{2}^{(n)} | - | R_{1, 2}^{(n)} | - | R_{1, 2}^{' (n)} | - | R_{1}^{(n)} | - | R_{1}^{' (n)} |) + \frac{1}{n L} | G^{(n)} ∖ G_{0}^{(n)} | \\ \overset{(b)}{=} \frac{1}{n} (| G_{0}^{(n)} | + | G_{2}^{(n)} | - | C_{1}^{(n)} | - | C_{1, 2}^{(n)} |) + \frac{| G^{(n)} ∖ G_{0}^{(n)} |}{n L} \\ \overset{(c)}{\geq} \frac{1}{n} (| H_{V | Z}^{(n)} \cap L_{V | Y_{(1)}}^{(n)} | - | {(H_{V | Z}^{(n)})}^{C} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} |) + \frac{1}{n L} | H_{V | Z}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)} \cap L_{V | Y_{(2)}}^{(n)})}^{C} | \\ \overset{(d)}{\geq} \frac{1}{n} (| H_{V | Z}^{(n)} \cap L_{V | Y_{(1)}}^{(n)} | - | {(H_{V | Z}^{(n)})}^{C} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} |) + \frac{1}{n L} | H_{V | Z}^{(n)} | - \frac{1}{n L} | {(L_{V | Y_{(1)}}^{(n)})}^{C} | \\ = \frac{1}{n} | H_{V | Z}^{(n)} | - \frac{1}{n} | {(L_{V | Y_{(1)}}^{(n)})}^{C} | + \frac{1}{n L} | H_{V | Z}^{(n)} | - \frac{1}{n L} | {(L_{V | Y_{(1)}}^{(n)})}^{C} | \\ \overset{n \to \infty}{\to} H (V | Z) - H (V | Y_{(1)}) + \frac{1}{L} (H (V | Z) - H (V | Y_{(1)})) \\ \overset{L \to \infty}{\to} H (V | Z) - H (V | Y_{(1)}) \end{matrix}

where $(a)$ holds by the definition of $I^{(n)}$ in (24); $(b)$ holds because, in all cases, we have $| R_{1, 2}^{(n)} | + | R_{1}^{' (n)} | = | C_{1, 2}^{(n)} |$ and $| R_{1}^{(n)} | + | R_{1, 2}^{' (n)} | = | C_{1}^{(n)} |$ ; $(c)$ follows from the partition of $H_{V}^{(n)}$ defined in (12)–(19); $(d)$ follows from applying elementary set operations and because, by assumption, $H (V | Y_{(1)}) \geq H (V | Y_{(2)})$ , which means that $| {(L_{V | Y_{(1)}}^{(n)})}^{C} | \geq | {(L_{V | Y_{(2)}}^{(n)})}^{C} |$ (by Lemma 4 of [10]); and the limit when n goes to infinity holds also by Lemma 4 of [10]. Hence, the polar coding scheme operates as close to the rate $R_{S}$ in (4) as desired by choosing a sufficiently large L.

5.1.3. Randomization Sequence Rate

For $i \in [1, L]$ , we have $R_{i} = {\tilde{T}}_{i} [H_{X | V}^{(n)} \cap {(H_{X | V Z}^{(n)})}^{C}]$ . Since $H_{X | V Z}^{(n)} \supseteq H_{X | V}^{(n)}$ , we have

\begin{matrix} \frac{1}{n L} \sum_{i = 1}^{L} | R_{i} | & = \frac{1}{n} | H_{X | V}^{(n)} \cap {(H_{X | V Z}^{(n)})}^{C} | = \frac{1}{n} | H_{X | V}^{(n)} | - \frac{1}{n} | H_{X | V Z}^{(n)} | \overset{n \to \infty}{\to} H (X | Z) - H (X | V Z) \end{matrix}

where the limit holds by Lemma 4 of [10]. Thus, the randomization sequence rate used by the polar coding scheme is $R_{R} = I (X; Z | V)$ as in (4).

5.1.4. Private-Shared Sequence Rate

Transmitter and legitimate Receiver $k \in [1, 2]$ must privately share the keys $κ_{Θ}^{(V)}$ , $κ_{Γ}^{(V)}$ and $κ_{Υ Φ_{(k)}}^{(V)}$ . Hence, the overall rate is

\begin{matrix} \frac{1}{n L} (| κ_{Θ}^{(V)} | + | κ_{Γ}^{(V)} | + \sum_{k = 1}^{2} | κ_{Υ Φ_{(k)}}^{(V)} |) \\ = \frac{1}{n L} (| C_{1}^{(n)} | + | C_{1, 2}^{(n)} |) + \frac{1}{n L} \sum_{k = 1}^{2} (L | {(H_{V}^{(n)})}^{C} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} | + | H_{V}^{(n)} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} |) \\ \overset{(a)}{=} \frac{1}{n L} (| H_{V}^{(n)} \cap {(H_{V | Z}^{(n)})}^{C} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C} |) \\ + \frac{1}{n L} \sum_{k = 1}^{2} (L | {(H_{V}^{(n)})}^{C} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} | + | H_{V}^{(n)} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} |) \\ \overset{(b)}{\leq} \frac{1}{n L} | {(L_{V | Y_{(1)}}^{(n)})}^{C} | + \frac{1}{n L} \sum_{k = 1}^{2} (L | {(H_{V | Y_{(k)}}^{(n)})}^{C} \cap {(L_{V | Y_{(k)}}^{(n)})}^{C} | + | {(L_{V | Y_{(k)}}^{(n)})}^{C} |) \\ \overset{n \to \infty}{\to} \frac{1}{L} (2 H (V | Y_{(1)}) + H (V | Y_{(2)})) \\ \overset{L \to \infty}{\to} 0, \end{matrix}

where $(a)$ follows from the definition of $C_{1}^{(n)}$ and $C_{1, 2}^{(n)}$ in (17) and (19), respectively; $(b)$ follows from standard set properties and because ${(H_{V | Z}^{(n)})}^{C} \subseteq {(H_{V | Y_{(k)}}^{(n)})}^{C}$ for any $k \in [1, 2]$ ; and the limit when n goes to infinity holds by Lemma 4 of [10].

5.1.5. Rate of the Additional Randomness

Besides the randomization sequences $R_{1 : L}$ , the encoder uses the random sequence $Λ_{0}^{(X)}$ , with size $| H_{X | V}^{(n)} |$ , for the polar-based channel prefixing. Moreover, for $i \in [1, L]$ , the encoder randomly draws those elements ${\tilde{A}}_{i} (j)$ such that $j \in {(H_{V}^{(n)})}^{C} ∖ L_{V}^{(n)}$ , and those elements ${\tilde{T}}_{i} (j)$ such that $j \in {(H_{X | V}^{(n)})}^{C} ∖ L_{X | V}^{(n)}$ . Nevertheless, we have

\begin{matrix} \frac{1}{n L} (| H_{X | V}^{(n)} | + L | {(H_{V}^{(n)})}^{C} ∖ L_{V}^{(n)} | + L | {(H_{X | V}^{(n)})}^{C} ∖ L_{X | V}^{(n)} |) \\ \overset{n \to \infty}{\to} \frac{1}{L} H (X | V) \\ \overset{L \to \infty}{\to} 0, \end{matrix}

where the limit when n approaches to infinity follows from applying Lemma 4 of [10].

5.2. Distribution of the DMS after the Polar Encoding

For $i \in [1, L]$ , let ${\tilde{q}}_{A_{i}^{n} T_{i}^{n}}$ denote the distribution of $({\tilde{A}}_{i}^{n}, {\tilde{T}}_{i}^{n})$ after the encoding. The following lemma proves that ${\tilde{q}}_{A_{i}^{n} T_{i}^{n}}$ and the marginal distribution $p_{A^{n} T^{n}}$ of the original DMS are nearly statistically indistinguishable for sufficiently large n and, consequently, so are ${\tilde{q}}_{V_{i}^{n} X_{i}^{n} Y_{(1), i}^{n} Y_{(2), i}^{n} Z_{i}^{n}}$ and $p_{V^{n} X^{n} Y_{(1)}^{n} Y_{(2)}^{n} Z^{n}}$ . This result is crucial for the reliability and secrecy performance of the polar coding scheme.

Lemma 1.

For any $i \in [1, L]$ , we obtain

$\begin{matrix} V ({\tilde{q}}_{A_{i}^{n} T_{i}^{n}}, p_{A^{n} T^{n}}) & \leq δ_{n}^{(*)}, \\ V ({\tilde{q}}_{V_{i}^{n} X_{i}^{n} Y_{(1), i}^{n} Y_{(2), i}^{n} Z_{i}^{n}}, p_{V^{n} X^{n} Y_{(1)}^{n} Y_{(2)}^{n} Z^{n}}) & \leq δ_{n}^{(*)}, \end{matrix}$

where $δ_{n}^{(*)} ≜ 2 n \sqrt{4 \sqrt{n δ_{n} ln 2} (2 n - log (2 \sqrt{n δ_{n} ln 2})) + δ_{n}} + 2 \sqrt{n δ_{n} ln 2}$ .

Proof.

Omitted because it follows similar reasoning as in Lemma 3 of [11]. □

5.3. Reliability Analysis

In this section we prove that both legitimate receivers can reliably reconstruct the private and the confidential messages $(W_{1 : L}, S_{1 : L})$ with arbitrary small error probability.

For $i \in [1, L]$ and $k \in [1, 2]$ , let ${\tilde{q}}_{V_{i}^{n} Y_{(k), i}^{n}}$ and $p_{V^{n} Y_{(k)}^{n}}$ be marginals of ${\tilde{q}}_{V_{i}^{n} X_{i}^{n} Y_{(1), i}^{n} Y_{(2), i}^{n} Z_{i}^{n}}$ and $p_{V^{n} X^{n} Y_{(1)}^{n} Y_{(2)}^{n} Z^{n}}$ respectively, and define an optimal coupling Proposition 4.7 of [25] between ${\tilde{q}}_{V_{i}^{n} Y_{(k), i}^{n}}$ and $p_{V^{n} Y_{(k)}^{n}}$ such that $P [E_{V_{i}^{n} Y_{(k), i}^{n}}] = V ({\tilde{q}}_{V_{i}^{n} Y_{(k), i}^{n}}, p_{V^{n} Y_{(k)}^{n}})$ , where $E_{V_{i}^{n} Y_{(k), i}^{n}} ≜ \{({\tilde{V}}_{i}^{n}, {\tilde{Y}}_{(k), i}^{n}) \neq (V^{n}, Y_{(k)}^{n})\}$ . Additionally, define the error event

\begin{matrix} E_{(k), i} ≜ \{{\hat{A}}_{i} [{(L_{V | Y_{(k)}}^{(n)})}^{C}] \neq {\tilde{A}}_{i} [{(L_{V | Y_{(k)}}^{(n)})}^{C}]\} . \end{matrix}

Recall that $(Υ_{(k)}^{(V)}, Φ_{(k), 1 : L}^{(V)})$ is available to Receiver $k \in [1, 2]$ . Thus, $P [E_{(1), 1}] = P [E_{(2), L}] = 0$ because given $Υ_{(1)}^{(V)}$ and $Φ_{(1), 1}^{(V)}$ legitimate Receiver 1 knows ${\tilde{A}}_{1} [{(L_{V | Y_{(1)}}^{(n)})}^{C}]$ , and given $Υ_{(2)}^{(V)}$ and $Φ_{(2), L}^{(V)}$ legitimate Receiver 2 knows ${\tilde{A}}_{L} [{(L_{V | Y_{(2)}}^{(n)})}^{C}]$ . Moreover, due to the chaining structure, in Section 4.4 we have seen that ${\tilde{A}}_{i} [H_{V}^{(n)} \cap {(L_{V | Y_{(1)}}^{(n)})}^{C}]$ is repeated in ${\tilde{A}}_{i - 1}^{n}$ for $i \in [2, L]$ . Therefore, at legitimate Receiver 1, for $i \in [2, L]$ we have

\begin{matrix} P [E_{(1), i}] \leq P [{\hat{A}}_{i - 1}^{n} \neq {\tilde{A}}_{i - 1}^{n}] . \end{matrix}

(35)

Similarly, due to the chaining construction, we have seen that ${\tilde{A}}_{i} [H_{V}^{(n)} \cap {(L_{V | Y_{(2)}}^{(n)})}^{C}]$ is repeated in ${\tilde{A}}_{i + 1}^{n}$ for $i \in [1, L - 1]$ . Thus, at legitimate Receiver 2, for $i \in [1, L - 1]$ we obtain

\begin{matrix} P [E_{(2), i}] \leq P [{\hat{A}}_{i + 1}^{n} \neq {\tilde{A}}_{i + 1}^{n}] . \end{matrix}

(36)

Hence, the probability of incorrectly decoding $(W_{i}, S_{i})$ at the Receiver $k \in [1, 2]$ is

\begin{matrix} P [(W_{i}, S_{i}) \neq ({\hat{W}}_{i}, {\hat{S}}_{i})] & \leq P [{\hat{A}}_{i}^{n} \neq {\tilde{A}}_{i}^{n}] \\ = P [{\hat{A}}_{i}^{n} \neq {\tilde{A}}_{i}^{n} | E_{V_{i}^{n} Y_{(k), i}^{n}}^{C} \cap E_{(k), i}^{C}] P [E_{V_{i}^{n} Y_{(k), i}^{n}}^{C} \cap E_{(k), i}^{C}] \\ + P [{\hat{A}}_{i}^{n} \neq {\tilde{A}}_{i}^{n} | E_{V_{i}^{n} Y_{(k), i}^{n}} \cup E_{(k), i}] P [E_{V_{i}^{n} Y_{(k), i}^{n}} \cup E_{(k), i}] \\ \leq P [{\hat{A}}_{i}^{n} \neq {\tilde{A}}_{i}^{n} | E_{V_{i}^{n} Y_{(k), i}^{n}}^{C} \cap E_{(k), i}^{C}] + P [E_{V_{i}^{n} Y_{(k), i}^{n}}] + P [E_{(k), i}] \\ \overset{(a)}{\leq} n δ_{n} + P [E_{V_{i}^{n} Y_{(k), i}^{n}}] + P [E_{(k), i}] \\ \overset{(b)}{\leq} n δ_{n} + δ_{n}^{(*)} + P [E_{(k), i}] \\ \overset{(c)}{\leq} i (n δ_{n} + δ_{n}^{(*)}), \end{matrix}

where $(a)$ holds by Th. 2 of [19]; $(b)$ follows from the optimal coupling and Lemma 1; and $(c)$ holds by induction and Equations (35) and (36). Therefore, by the union bound we obtain

\begin{matrix} P [(W_{1 : L}, S_{1 : L}) \neq ({\hat{W}}_{1 : L}, {\hat{S}}_{1 : L})] \leq \sum_{i = 1}^{L} P [{\tilde{A}}_{i}^{n} \neq {\hat{A}}_{i}^{n}] \leq \frac{L (L + 1)}{2} (n δ_{n} + 2 δ_{n}^{(*)}), \end{matrix}

and for sufficiently large n the polar coding scheme satisfies the reliability condition in (1).

5.4. Secrecy Analysis

Since encoding in Section 4 takes place over L blocks of size n, we need to prove that

\begin{matrix} lim_{n \to \infty} I (S_{1 : L}, {\tilde{Z}}_{1 : L}^{n}) = 0 . \end{matrix}

For clarity and with slight abuse of notation, for any Block $i \in [1, L]$ let

\begin{matrix} Ξ_{i}^{(V)} ≜ [Π_{i}^{(V)}, Λ_{i}^{(V)}, Ψ_{i}^{(V)}, Γ_{i}^{(V)}], \end{matrix}

which denotes the entire sequence depending on ${\tilde{A}}_{i}^{n}$ that is repeated at Block $i + 1$ . Furthermore, let

\begin{matrix} {\bar{Ω}}_{i}^{(V)} ≜ [{\bar{Θ}}_{i}^{(V)}, {\bar{Γ}}_{i}^{(V)}], \end{matrix}

which represents the sequence depending on ${\tilde{A}}_{i}^{n}$ that is repeated at Block $i - 1$ . Furthermore, we define $κ_{Ω}^{(V)} ≜ [κ_{Θ}^{(V)}, κ_{Γ}^{(V)}]$ . Then, a Bayesian graph describing the dependencies between all the variables involved in the polar coding scheme of Section 4 is given in Figure 7.

Graphical representation (Bayesian graph) of the dependencies between random variables involved in the polar coding scheme. Independent random variables are indicated by white nodes, whereas those that are dependent are indicated by gray nodes.

Despite $Γ_{i}^{(V)} \subseteq Ξ_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)} = Γ_{i}^{(V)} \oplus κ_{Γ}^{(V)} \subseteq {\bar{Ω}}_{i}^{(V)}$ , we represent $Ξ_{i}^{(V)}$ and ${\bar{Ω}}_{i}^{(V)}$ as two separate nodes in the Bayesian graph because, by crypto lemma [26], $Γ_{i}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)}$ are statistically independent. Furthermore, for convenience, we have considered that dependencies only take place forward (from Block i to Block $i + 1$ ), which is possible by reformulating the encoding as follows. According to Section 4.1, for any $i \in [1, L]$ we have ${\tilde{A}}_{i} [C^{(n)}] = W_{i}$ . Consequently, we can write $W_{i} ≜ [W_{1, i}, W_{2, i}]$ , where $W_{1, i} ≜ {\tilde{A}}_{i} [C_{1}^{(n)} \cup C_{1, 2}^{(n)}]$ and $W_{2, i} ≜ {\tilde{A}}_{i} [C_{2}^{(n)} \cup C_{0}^{(n)}]$ . Since ${\bar{Θ}}_{i}^{(V)} = {\tilde{A}}_{i} [C_{1}^{(n)}] \oplus κ_{Θ}^{(V)}$ and ${\bar{Γ}}_{i}^{(V)} = {\tilde{A}}_{i} [C_{1, 2}^{(n)}] \oplus κ_{Γ}^{(V)}$ , we regard ${\bar{Ω}}_{i}^{(V)}$ as an independent random sequence generated at Block $i - 1$ that is stored properly into some part of ${\tilde{A}}_{i - 1} [G^{(n)}]$ . Then, we consider that the encoder obtains $W_{1, i} ≜ {\bar{Ω}}_{i}^{(V)} \oplus κ_{Ω}^{(V)}$ , which is stored into ${\tilde{A}}_{i} [C_{1}^{(n)} \cup C_{1, 2}^{(n)}]$ at Block i. On the other hand, the remaining part $W_{2, i}$ is independently generated at Block i. Recall that the secret-key $κ_{Ω}^{(V)}$ is reused in all blocks.

The following lemma shows that strong secrecy holds for any Block $i \in [1, L]$ .

Lemma 2.

For any $i \in [1, L]$ and sufficiently large n,

$\begin{matrix} I (S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}; {\tilde{Z}}_{i}^{n}) \leq δ_{n}^{(S)}, \end{matrix}$

where $δ_{n}^{(S)} ≜ 2 n δ_{n} + 2 δ_{n}^{(*)} (2 n - log δ_{n}^{(*)})$ and $δ_{n}^{(*)}$ defined as in Lemma 1.

Proof.

For n sufficiently large, we have

$\begin{matrix} I (S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}; {\tilde{Z}}_{i}^{n}) \\ \overset{(a)}{=} I ({\tilde{A}}_{i} [H_{V | Z}^{(n)}] {\tilde{T}}_{i} [H_{X | V Z}^{(n)}]; {\tilde{Z}}_{i}^{n}) \\ \overset{(b)}{=} | H_{V | Z}^{(n)} | + | H_{X | V Z}^{(n)} | - H ({\tilde{A}}_{i} [H_{V | Z}^{(n)}] {\tilde{T}}_{i} [H_{X | V Z}^{(n)}] | {\tilde{Z}}_{i}^{n}) \\ \overset{(c)}{\leq} | H_{V | Z}^{(n)} | + | H_{X | V Z}^{(n)} | - H (A [H_{V | Z}^{(n)}] T [H_{X | V Z}^{(n)}] | Z_{i}^{n}) + 4 n δ_{n}^{(*)} - 2 δ_{n}^{(*)} log δ_{n}^{(*)} \\ \overset{(d)}{\leq} 2 n δ_{n} + 4 n δ_{n}^{(*)} - 2 δ_{n}^{(*)} log δ_{n}^{(*)} \end{matrix}$

where $(a)$ holds by the encoding described in Section 4; $(b)$ holds by the uniformity of ${\tilde{A}}_{i} [H_{V | Z}^{(n)}]$ and ${\tilde{A}}_{i} [H_{X | V Z}^{(n)}]$ ; $(c)$ holds because, for n large enough, we obtain

$\begin{matrix} | H ({\tilde{A}}_{i} [H_{V | Z}^{(n)}] {\tilde{T}}_{i} [H_{X | V Z}^{(n)}] | {\tilde{Z}}_{i}^{n}) - H (A_{i} [H_{V | Z}^{(n)}] T_{i} [H_{X | V Z}^{(n)}] | Z_{i}^{n}) | \\ \leq | H ({\tilde{Z}}_{m}^{n}) - H (Z_{m}^{n}) | + | H ({\tilde{A}}_{i} [H_{V | Z}^{(n)}] {\tilde{T}}_{i} [H_{X | V Z}^{(n)}] {\tilde{Z}}_{i}^{n}) - H (A_{i} [H_{V | Z}^{(n)}] T_{i} [H_{X | V Z}^{(n)}] Z_{i}^{n}) | \\ \leq V ({\tilde{q}}_{Z_{m}^{n}}, p_{Z_{m}^{n}}) log \frac{2^{n}}{V ({\tilde{q}}_{Z_{m}^{n}}, p_{Z_{m}^{n}})} \\ + V ({\tilde{q}}_{A_{i} [H_{V | Z}^{(n)}] T_{i} [H_{X | V Z}^{(n)}] Z^{n}}, p_{A_{i} [H_{V | Z}^{(n)}] T_{i} [H_{X | V Z}^{(n)}] Z^{n}}) log \frac{2^{(n + | H_{V | Z}^{(n)} | + | H_{X | V Z}^{(n)} |)}}{V ({\tilde{q}}_{A_{i} [H_{V | Z}^{(n)}] T_{i} [H_{X | V Z}^{(n)}] Z^{n}}, p_{A_{i} [H_{V | Z}^{(n)}] T_{i} [H_{X | V Z}^{(n)}] Z^{n}})} \\ \overset{(b)}{\leq} 4 n δ_{ld - nls}^{(n)} - 2 δ_{ld - nls}^{(n)} log δ_{ld - nls}^{(n)}, \end{matrix}$

where we have used the chain rule of entropy and the triangle inequality, ([27], Lemma 30), the fact that the function $x \to x log x$ is decreasing for $x > 0$ small enough and Lemma 1; and, lastly, $(d)$ holds because

$\begin{matrix} H (A [H_{V | Z}^{(n)}] T [H_{X | V Z}^{(n)}] | Z^{n}) \\ \geq H (A [H_{V | Z}^{(n)}] | Z^{n}) + H (T [H_{X | V Z}^{(n)}] | A^{n} Z^{n}) \\ \geq \sum_{j \in H_{V | Z}^{(n)}} H (A (j) | A^{1 : j - 1} Z^{n}) + \sum_{j \in H_{X | V Z}^{(n)}} H (T (j) | T^{1 : j - 1} V^{n} Z^{n}) \\ \geq | H_{V | Z}^{(n)} | (1 - δ_{n}) + | H_{X | V Z}^{(n)} | (1 - δ_{n}) \end{matrix}$

where we have used the fact that conditioning does not increase entropy, the invertibility of $G_{n}$ , and the definition of $H_{V | Z}^{(n)}$ and $H_{X | V Z}^{(n)}$ in (6) and (9) respectively. □

Next, the following lemma shows that eavesdropper observations ${\tilde{Z}}_{i}^{n}$ are asymptotically statistically independent of observations ${\tilde{Z}}_{1 : i - 1}^{n}$ from previous blocks.

Lemma 3.

For any $i \in [2, L]$ and sufficiently large n,

$\begin{matrix} I (S_{1 : L} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n}) \leq δ_{n}^{(S)}, \end{matrix}$

where $δ_{n}^{(S)}$ is defined as in Lemma 2.

Proof.

For any $i \in [2, L]$ and sufficiently large n, we have

$\begin{matrix} I (S_{1 : L} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n}) \\ = I (S_{1 : i} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n}) + I (S_{i + 1 : L}; {\tilde{Z}}_{i}^{n} | S_{1 : i} {\tilde{Z}}_{1 : i - 1}^{n}) \\ \overset{(a)}{=} I (S_{1 : i} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n}) \\ \leq I (S_{1 : i} {\tilde{Z}}_{1 : i - 1}^{n} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}; {\tilde{Z}}_{i}^{n}) \\ = I (S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}; {\tilde{Z}}_{i}^{n}) + I (S_{1 : i - 1} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ \overset{(b)}{\leq} δ_{n}^{(S)} + I (S_{1 : i - 1} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ \leq δ_{n}^{(S)} + I (S_{1 : i - 1} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n} W_{1, i} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ = δ_{n}^{(S)} + I (S_{1 : i - 1} {\tilde{Z}}_{1 : i - 1}^{n}; W_{1, i} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) + I (S_{1 : i - 1} {\tilde{Z}}_{1 : i - 1}^{n}; {\tilde{Z}}_{i}^{n} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)} W_{1, i}) \\ \overset{(c)}{=} δ_{n}^{(S)} + I (S_{1 : i - 1} {\tilde{Z}}_{1 : i - 1}^{n}; W_{1, i} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ \leq δ_{n}^{(S)} + I ({\tilde{A}}_{1 : i - 1}^{n} {\tilde{Z}}_{1 : i - 1}^{n}; W_{1, i} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ = δ_{n}^{(S)} + I ({\tilde{A}}_{1 : i - 1}^{n}; W_{1, i} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) + I ({\tilde{Z}}_{1 : i - 1}^{n}; W_{1, i} | {\tilde{A}}_{1 : i - 1}^{n} S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ \overset{(d)}{=} δ_{n}^{(S)} + I ({\tilde{A}}_{1 : i - 1}^{n}; W_{1, i} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ \overset{(e)}{=} δ_{n}^{(S)} + I ({\tilde{A}}_{1 : i - 1}^{n}; {\bar{Ω}}_{i}^{(V)} \oplus κ_{Ω}^{(V)} | S_{i} Ξ_{i - 1}^{(V)} Λ_{i - 1}^{(X)}) \\ \overset{(f)}{=} δ_{n}^{(S)} \end{matrix}$

where $(a)$ holds by independence between $S_{i + 1 : L}$ and any random variable from Blocks 1 to i; $(b)$ holds by Lemma 2; $(c)$ follows from applying d-separation [28] over the Bayesian graph in Figure 7 to obtain that ${\tilde{Z}}_{i}^{n}$ and $(S_{1 : i - 1}, {\tilde{Z}}_{1 : i - 1}^{n})$ are conditionally independent given $(S_{i}, Ξ_{i - 1}^{(V)}, Λ_{i - 1}^{(X)}, W_{1, i})$ ; $(d)$ also follows from applying d-separation to obtain that $W_{1, i}$ and ${\tilde{Z}}_{1 : i - 1}^{n}$ are conditionally independent given $({\tilde{A}}_{1 : i - 1}^{n}, S_{i}, Ξ_{i - 1}^{(V)}, Λ_{i - 1}^{(X)})$ ; $(e)$ holds by definition; and $(f)$ holds because ${\bar{Ω}}_{i}^{(V)}$ is independent of $(S_{i}, Ξ_{i - 1}^{(V)}, Λ_{i - 1}^{(X)})$ and any random variable from Block 1 to $(i - 2)$ , and because from applying crypto-lemma [26] we obtain that ${\bar{Ω}}_{i}^{(V)} \oplus κ_{Ω}^{(V)}$ is independent of ${\tilde{A}}_{i - 1}^{n}$ . □

Therefore, we obtain

\begin{matrix} I (S_{1 : L}; {\tilde{Z}}_{1 : L}^{n}) & \overset{(a)}{=} I (S_{1 : L}; {\tilde{Z}}_{1}^{n}) + \sum_{i = 2}^{L} I (S_{1 : L}; {\tilde{Z}}_{i}^{n} | {\tilde{Z}}_{1 : i - 1}^{n}) \\ \overset{(b)}{\leq} I (S_{1 : L}; {\tilde{Z}}_{1}^{n}) + (L - 1) δ_{n}^{(S)} \\ = I (S_{1}; {\tilde{Z}}_{1}^{n}) + I (S_{2 : L}; {\tilde{Z}}_{1}^{n} | S_{1}) + (L - 1) δ_{n}^{(S)} \\ \overset{(c)}{=} I (S_{1}; {\tilde{Z}}_{1}^{n}) + (L - 1) δ_{n}^{(S)} \\ \overset{(d)}{\leq} L δ_{n}^{(S)} \end{matrix}

where $(a)$ follows from applying the chain rule; $(b)$ holds by Lemma 3; $(c)$ holds by independence between $S_{2 : L}$ and any random variable from Block 1; and $(d)$ holds by Lemma 2. Thus, for sufficiently large n the polar coding scheme satisfies the strong secrecy condition in (2).

Remark 1.

We conjecture that the use $κ_{Ω}^{(V)}$ is not needed for the polar coding scheme to satisfy the strong secrecy condition. However, the key is required in order to prove this condition by means of analyzing a causal Bayesian graph similar to the one in Figure 7.

Remark 2.

Although backward dependencies between random variables of different blocks appear in [12], a secret seed as $κ_{Ω}^{(V)}$ is not necessary for the polar coding scheme to provide strong secrecy. This is because random sequences that are repeated in adjacent blocks are stored only into those corresponding entries whose indices belong to the “high entropy set given eavesdropper observations”, i.e., the equivalent sets of $H_{V | Z}^{(n)}$ and $H_{X | V Z}^{(n)}$ in our polar coding scheme. By contrast, notice that our polar coding scheme repeats $[Θ_{i}^{(V)}, Γ_{i}^{(V)}] \subseteq {\tilde{A}}_{i} [{(H_{V | Z}^{(n)})}^{C}]$ .

Remark 3.

Another possibility for the polar coding scheme is to repeat at Block $i + 1$ the modulo-2 addition between $[Ψ_{i}^{(V)}, Γ_{i}^{(V)}]$ and a particular secret-key, instead of repeating an encrypted version of $[Θ_{i}^{(V)}, Γ_{i}^{(V)}]$ at Block $i - 1$ . Then, it is not difficult to prove that $I (S_{1 : L} {\tilde{Z}}_{i + 1 : L}^{n}; {\tilde{Z}}_{i}^{n}) \leq δ_{n}^{(S)}$ (similar to Lemma 3). Thus, one can minimize the length of this secret-key depending on whether $| C_{1}^{(n)} | < | C_{2}^{(n)} |$ or vice versa.

6. Concluding Remarks

A strongly secure polar coding scheme is proposed for the WTBC with two legitimate receivers and one eavesdropper. This polar code achieves the best known inner-bound on the achievable region of the CI-WTBC model, where a transmitter wants to send common information (private and confidential) to both receivers. Due to the non-degradedness assumption of the channel, the encoder builds a chaining construction that induces bidirectional dependencies between adjacent blocks, which need to be taken carefully into account in the secrecy analysis.

These bidirectional dependencies involve elements from adjacent blocks whose indices belong to the “low entropy sets given eavesdropper observations”. Consequently, in order to prove that the polar coding scheme satisfies the strong secrecy condition, we have introduced a secret-key whose length becomes negligible in terms of rate as the number of blocks grows indefinitely. In the proposed polar coding scheme, this key has been used to randomize part of these elements from any block that are repeated in the previous (or next) one. In this way, we can analyze the dependencies between all random variables involved in the secrecy analysis by means of a causal Bayesian graph and apply d-separation to prove that the polar coding scheme induces eavesdropper’s observations that are statistically independent of one another.

Despite the good performance of the polar coding schemes, some issues still persist. First, it is worth saying that the additional secret transmission (that is negligible in terms of rate) required to initialize the decoding algorithms at both receivers can be omitted by using a similar approach as in [29], where an initialization phase to generate a secret-key can be performed without worsening the communication rate. On the other hand, how to replace the random decisions entirely by deterministic ones in SC encoding is a problem that still remains unsolved. Additionally, we conjecture that the previous secret-keys that are used to prove independence between blocks are not necessary. However, how to prove this independence without using them seems a difficult problem to address at this point.

Abbreviations

The following abbreviations are used in this manuscript:

WTBC	Wiretap broadcast channel
CI-WTBC	Common information over the wiretap broadcast channel
SC	Successive cancellation
DMS	Discrete memoryless source

Open in a new tab

Author Contributions

Conceptualization, J.d.O.A. and J.R.F.; formal analysis, J.d.O.A.; funding acquisition, J.R.F.; investigation, J.d.O.A. and J.R.F.; methodology, J.d.O.A. and J.R.F; supervision, J.R.F.; validation, J.R.F.; writing—original draft, J.d.O.A. All authors have read and agreed to the published version of the manuscript.

Funding

This work has been funded by the AEI of Ministerio de Ciencia, Innovación y Universidades of Spain, TEC2016-75067-C4-2-R, PID2019-104958RB-C41 and RED2018-102668-T with ESF and Dept. d’Empresa i Coneixement de la Generalitat de Catalunya, 2017 SGR 578 AGAUR and 001-P-001644 QuantumCAT with ERDF.

Conflicts of Interest

The authors declare no conflict of interest.

References

1.Wyner A. The wire-tap channel. Bell Syst. Tech. J. 1975;54:1355–1387. doi: 10.1002/j.1538-7305.1975.tb02040.x. [DOI] [Google Scholar]
2.Csiszár I., Korner J. Broadcast channels with confidential messages. IEEE Trans. Inf. Theory. 1978;24:339–348. doi: 10.1109/TIT.1978.1055892. [DOI] [Google Scholar]
3.Maurer U., Wolf S. Advances in Cryptology—EUROCRYPT 2000. Springer; Berlin/Heidelberg, Germany: 2000. Information-theoretic key agreement: From weak to strong secrecy for free; pp. 351–368. [Google Scholar]
4.Arikan E. Channel polarization: A method for constructing capacity-achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory. 2009;55:3051–3073. doi: 10.1109/TIT.2009.2021379. [DOI] [Google Scholar]
5.Mahdavifar H., Vardy A. Achieving the Secrecy Capacity of Wiretap Channels Using Polar Codes. IEEE Trans. Inf. Theory. 2011;57:6428–6443. doi: 10.1109/TIT.2011.2162275. [DOI] [Google Scholar]
6.Sasoglu E., Vardy A. A new polar coding scheme for strong security on wiretap channels; Proceedings of the 2013 IEEE International Symposium on Information Theory (ISIT); Istanbul, Turkey. 7–12 July 2013; pp. 1117–1121. [DOI] [Google Scholar]
7.Renes J.M., Renner R., Sutter D. Advances in Cryptology-ASIACRYPT. Springer; Berlin/Heidelberg, Germany: 2013. Efficient one-way secret-key agreement and private channel coding via polarization; pp. 194–213. [Google Scholar]
8.Wei Y., Ulukus S. Polar Coding for the General Wiretap Channel With Extensions to Multiuser Scenarios. IEEE J. Sel. Areas Commun. 2016;34:278–291. doi: 10.1109/JSAC.2015.2504275. [DOI] [Google Scholar]
9.Gulcu T.C., Barg A. Achieving Secrecy Capacity of the Wiretap Channel and Broadcast Channel with a Confidential Component. IEEE Trans. Inf. Theory. 2017;63:1311–1324. doi: 10.1109/TIT.2016.2631223. [DOI] [Google Scholar]
10.Chou R.A., Bloch M.R. Polar Coding for the Broadcast Channel With Confidential Messages: A Random Binning Analogy. IEEE Trans. Inf. Theory. 2016;62:2410–2429. doi: 10.1109/TIT.2016.2539145. [DOI] [Google Scholar]
11.del Olmo Alos J., Rodríguez Fonollosa J. Strong Secrecy on a Class of Degraded Broadcast Channels Using Polar Codes. Entropy. 2018;20:467. doi: 10.3390/e20060467. [DOI] [PMC free article] [PubMed] [Google Scholar]
12.Chou R.A., Yener A. Polar Coding for the Multiple Access Wiretap Channel via Rate-Splitting and Cooperative Jamming. IEEE Trans. Inf. Theory. 2018;64:7903–7921. doi: 10.1109/TIT.2018.2865741. [DOI] [Google Scholar]
13.Chia Y.K., El Gamal A. Three-receiver broadcast channels with common and confidential messages. IEEE Trans. Inf. Theory. 2012;58:2748–2765. doi: 10.1109/TIT.2012.2184668. [DOI] [Google Scholar]
14.Hassani S., Urbanke R. Universal polar codes; Proceedings of 2014 IEEE International Symposium on Information Theory (ISIT); Honolulu, HI, USA. 29 June–4 July 2014; pp. 1451–1455. [Google Scholar]
15.Mondelli M., Hassani S., Sason I., Urbanke R. Achieving Marton’s region for broadcast channels using polar codes. IEEE Trans. Inf. Theory. 2015;61:783–800. doi: 10.1109/TIT.2014.2368555. [DOI] [Google Scholar]
16.Watanabe S., Oohama Y. The optimal use of rate-limited randomness in broadcast channels with confidential messages. IEEE Trans. Inf. Theory. 2015;61:983–995. doi: 10.1109/TIT.2014.2382096. [DOI] [Google Scholar]
17.Karzand M., Telatar E. Polar codes for q-ary source coding; Proceedings of the 2010 IEEE International Symposium on Information Theory; Austin, TX, USA. 13–18 June 2010; pp. 909–912. [DOI] [Google Scholar]
18.Şasoğlu E., Telatar E., Arikan E. Polarization for arbitrary discrete memoryless channels; Proceedings of the 2009 IEEE Information Theory Workshop; Taormina, Italy. 11–16 October 2009; pp. 144–148. [Google Scholar]
19.Arikan E. Source polarization; Proceedings of 2010 the IEEE International Symposium on Information Theory; Austin, TX, USA. 13–18 June 2010; pp. 899–903. [Google Scholar]
20.Tal I., Vardy A. How to construct polar codes. IEEE Trans. Inf. Theory. 2013;59:6562–6582. doi: 10.1109/TIT.2013.2272694. [DOI] [Google Scholar]
21.Vangala H., Viterbo E., Hong Y. A comparative study of polar code constructions for the AWGN channel. arXiv. 20151501.02473 [Google Scholar]
22.Honda J., Yamamoto H. Polar Coding Without Alphabet Extension for Asymmetric Models. IEEE Trans. Inf. Theory. 2013;59:7829–7838. doi: 10.1109/TIT.2013.2282305. [DOI] [Google Scholar]
23.Korada S.B., Urbanke R.L. Polar codes are optimal for lossy source coding. IEEE Trans. Inf. Theory. 2010;56:1751–1768. doi: 10.1109/TIT.2010.2040961. [DOI] [Google Scholar]
24.Chou R.A., Bloch M.R. Using deterministic decisions for low-entropy bits in the encoding and decoding of polar codes; Proceedings of the 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton); Monticello, IL, USA. 29 September–2 October 2015; pp. 1380–1385. [DOI] [Google Scholar]
25.Levin D.A., Peres Y., Wilmer E.L. Markov Chains and Mixing Times. American Mathematical Society; Providence, RI, USA: 2009. [Google Scholar]
26.Forney G.D., Jr. On the role of MMSE estimation in approaching the information-theoretic limits of linear Gaussian channels: Shannon meets Wiener; Proceedings of the the 41st Annual Allerton Conference on Communication, Control, and Computing; Monticello, IL, USA. 1–3 October 2003. [Google Scholar]
27.Csiszar I., Körner J. Information Theory: Coding Theorems for Discrete Memoryless Systems. Cambridge University Press; Cambridge, UK: 2011. [Google Scholar]
28.Pearl J. Causality. Cambridge University Press; Cambridge, UK: 2009. [Google Scholar]
29.Chou R.A. Explicit Codes for the Wiretap Channel with Uncertainty on the Eavesdropper’s Channel; Proceedings of the 2018 IEEE International Symposium on Information Theory (ISIT); Vail, CO, USA. 17–22 June 2018; pp. 476–480. [DOI] [Google Scholar]

[B1-entropy-22-00149] 1.Wyner A. The wire-tap channel. Bell Syst. Tech. J. 1975;54:1355–1387. doi: 10.1002/j.1538-7305.1975.tb02040.x. [DOI] [Google Scholar]

[B2-entropy-22-00149] 2.Csiszár I., Korner J. Broadcast channels with confidential messages. IEEE Trans. Inf. Theory. 1978;24:339–348. doi: 10.1109/TIT.1978.1055892. [DOI] [Google Scholar]

[B3-entropy-22-00149] 3.Maurer U., Wolf S. Advances in Cryptology—EUROCRYPT 2000. Springer; Berlin/Heidelberg, Germany: 2000. Information-theoretic key agreement: From weak to strong secrecy for free; pp. 351–368. [Google Scholar]

[B4-entropy-22-00149] 4.Arikan E. Channel polarization: A method for constructing capacity-achieving codes for symmetric binary-input memoryless channels. IEEE Trans. Inf. Theory. 2009;55:3051–3073. doi: 10.1109/TIT.2009.2021379. [DOI] [Google Scholar]

[B5-entropy-22-00149] 5.Mahdavifar H., Vardy A. Achieving the Secrecy Capacity of Wiretap Channels Using Polar Codes. IEEE Trans. Inf. Theory. 2011;57:6428–6443. doi: 10.1109/TIT.2011.2162275. [DOI] [Google Scholar]

[B6-entropy-22-00149] 6.Sasoglu E., Vardy A. A new polar coding scheme for strong security on wiretap channels; Proceedings of the 2013 IEEE International Symposium on Information Theory (ISIT); Istanbul, Turkey. 7–12 July 2013; pp. 1117–1121. [DOI] [Google Scholar]

[B7-entropy-22-00149] 7.Renes J.M., Renner R., Sutter D. Advances in Cryptology-ASIACRYPT. Springer; Berlin/Heidelberg, Germany: 2013. Efficient one-way secret-key agreement and private channel coding via polarization; pp. 194–213. [Google Scholar]

[B8-entropy-22-00149] 8.Wei Y., Ulukus S. Polar Coding for the General Wiretap Channel With Extensions to Multiuser Scenarios. IEEE J. Sel. Areas Commun. 2016;34:278–291. doi: 10.1109/JSAC.2015.2504275. [DOI] [Google Scholar]

[B9-entropy-22-00149] 9.Gulcu T.C., Barg A. Achieving Secrecy Capacity of the Wiretap Channel and Broadcast Channel with a Confidential Component. IEEE Trans. Inf. Theory. 2017;63:1311–1324. doi: 10.1109/TIT.2016.2631223. [DOI] [Google Scholar]

[B10-entropy-22-00149] 10.Chou R.A., Bloch M.R. Polar Coding for the Broadcast Channel With Confidential Messages: A Random Binning Analogy. IEEE Trans. Inf. Theory. 2016;62:2410–2429. doi: 10.1109/TIT.2016.2539145. [DOI] [Google Scholar]

[B11-entropy-22-00149] 11.del Olmo Alos J., Rodríguez Fonollosa J. Strong Secrecy on a Class of Degraded Broadcast Channels Using Polar Codes. Entropy. 2018;20:467. doi: 10.3390/e20060467. [DOI] [PMC free article] [PubMed] [Google Scholar]

[B12-entropy-22-00149] 12.Chou R.A., Yener A. Polar Coding for the Multiple Access Wiretap Channel via Rate-Splitting and Cooperative Jamming. IEEE Trans. Inf. Theory. 2018;64:7903–7921. doi: 10.1109/TIT.2018.2865741. [DOI] [Google Scholar]

[B13-entropy-22-00149] 13.Chia Y.K., El Gamal A. Three-receiver broadcast channels with common and confidential messages. IEEE Trans. Inf. Theory. 2012;58:2748–2765. doi: 10.1109/TIT.2012.2184668. [DOI] [Google Scholar]

[B14-entropy-22-00149] 14.Hassani S., Urbanke R. Universal polar codes; Proceedings of 2014 IEEE International Symposium on Information Theory (ISIT); Honolulu, HI, USA. 29 June–4 July 2014; pp. 1451–1455. [Google Scholar]

[B15-entropy-22-00149] 15.Mondelli M., Hassani S., Sason I., Urbanke R. Achieving Marton’s region for broadcast channels using polar codes. IEEE Trans. Inf. Theory. 2015;61:783–800. doi: 10.1109/TIT.2014.2368555. [DOI] [Google Scholar]

[B16-entropy-22-00149] 16.Watanabe S., Oohama Y. The optimal use of rate-limited randomness in broadcast channels with confidential messages. IEEE Trans. Inf. Theory. 2015;61:983–995. doi: 10.1109/TIT.2014.2382096. [DOI] [Google Scholar]

[B17-entropy-22-00149] 17.Karzand M., Telatar E. Polar codes for q-ary source coding; Proceedings of the 2010 IEEE International Symposium on Information Theory; Austin, TX, USA. 13–18 June 2010; pp. 909–912. [DOI] [Google Scholar]

[B18-entropy-22-00149] 18.Şasoğlu E., Telatar E., Arikan E. Polarization for arbitrary discrete memoryless channels; Proceedings of the 2009 IEEE Information Theory Workshop; Taormina, Italy. 11–16 October 2009; pp. 144–148. [Google Scholar]

[B19-entropy-22-00149] 19.Arikan E. Source polarization; Proceedings of 2010 the IEEE International Symposium on Information Theory; Austin, TX, USA. 13–18 June 2010; pp. 899–903. [Google Scholar]

[B20-entropy-22-00149] 20.Tal I., Vardy A. How to construct polar codes. IEEE Trans. Inf. Theory. 2013;59:6562–6582. doi: 10.1109/TIT.2013.2272694. [DOI] [Google Scholar]

[B21-entropy-22-00149] 21.Vangala H., Viterbo E., Hong Y. A comparative study of polar code constructions for the AWGN channel. arXiv. 20151501.02473 [Google Scholar]

[B22-entropy-22-00149] 22.Honda J., Yamamoto H. Polar Coding Without Alphabet Extension for Asymmetric Models. IEEE Trans. Inf. Theory. 2013;59:7829–7838. doi: 10.1109/TIT.2013.2282305. [DOI] [Google Scholar]

[B23-entropy-22-00149] 23.Korada S.B., Urbanke R.L. Polar codes are optimal for lossy source coding. IEEE Trans. Inf. Theory. 2010;56:1751–1768. doi: 10.1109/TIT.2010.2040961. [DOI] [Google Scholar]

[B24-entropy-22-00149] 24.Chou R.A., Bloch M.R. Using deterministic decisions for low-entropy bits in the encoding and decoding of polar codes; Proceedings of the 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton); Monticello, IL, USA. 29 September–2 October 2015; pp. 1380–1385. [DOI] [Google Scholar]

[B25-entropy-22-00149] 25.Levin D.A., Peres Y., Wilmer E.L. Markov Chains and Mixing Times. American Mathematical Society; Providence, RI, USA: 2009. [Google Scholar]

[B26-entropy-22-00149] 26.Forney G.D., Jr. On the role of MMSE estimation in approaching the information-theoretic limits of linear Gaussian channels: Shannon meets Wiener; Proceedings of the the 41st Annual Allerton Conference on Communication, Control, and Computing; Monticello, IL, USA. 1–3 October 2003. [Google Scholar]

[B27-entropy-22-00149] 27.Csiszar I., Körner J. Information Theory: Coding Theorems for Discrete Memoryless Systems. Cambridge University Press; Cambridge, UK: 2011. [Google Scholar]

[B28-entropy-22-00149] 28.Pearl J. Causality. Cambridge University Press; Cambridge, UK: 2009. [Google Scholar]

[B29-entropy-22-00149] 29.Chou R.A. Explicit Codes for the Wiretap Channel with Uncertainty on the Eavesdropper’s Channel; Proceedings of the 2018 IEEE International Symposium on Information Theory (ISIT); Vail, CO, USA. 17–22 June 2018; pp. 476–480. [DOI] [Google Scholar]

PERMALINK

Polar Coding for Confidential Broadcasting

Jaume del Olmo Alòs

Javier Rodríguez Fonollosa

Abstract

1. Introduction

1.1. Notation

1.2. Organization

2. Channel Model and Achievable Region

Figure 1.

Proposition 1

3. Review of Polar Codes

4. Polar Coding Scheme

Figure 2.

4.1. General Polar-Based Encoding

4.2. Function form_AG

4.2.1. Case A

Figure 3.

4.2.2. Case B

Figure 4.

4.2.3. Case C

Figure 5.

4.2.4. Case D

Figure 6.

4.3. Channel Prefixing

4.4. Decoding

4.4.1. Legitimate Receiver 1

4.4.2. Legitimate Receiver 2

5. Performance of the Polar Coding Scheme

Theorem 1.

5.1. Transmission Rates

5.1.1. Private Message Rate

5.1.2. Confidential Message Rate

5.1.3. Randomization Sequence Rate

5.1.4. Private-Shared Sequence Rate

5.1.5. Rate of the Additional Randomness

5.2. Distribution of the DMS after the Polar Encoding

Lemma 1.

Proof.

5.3. Reliability Analysis

5.4. Secrecy Analysis

Figure 7.

Lemma 2.

Proof.

Lemma 3.

Proof.

Remark 1.

Remark 2.

Remark 3.

6. Concluding Remarks

Abbreviations

Author Contributions

Funding

Conflicts of Interest

References

ACTIONS

PERMALINK

RESOURCES

Similar articles

Cited by other articles

Links to NCBI Databases

4.2. Function `form_A_G`