Communication with secrecy constraints

Abstract

Let X, y, z be finite sets, X, Y random variables uniformly distributed over x×y, f a function from x×y to Z and 0≤?≤1. A person Px knows X and a person Py knows Y and they want to exchange X and Y. An eavesdropper who knows their protocol listens to their communication in order to obtain information about f (X, Y). Px and Py want to ensure that for every value (z,y) of (X,Y) the eavesdropper's a priori and a posteriori probabilities of {f (X, Y)=j} are e-close for all j. Therefore, they encrypt some of the transmitted bits. The problem is to find a protocol that minimizes the number of bits encrypted in the worst case. Two kinds of protocols are considered: deterministic and randomized. For deterministic protocols it is shown that for all 27, y, Boolean f ( IZI=2) and ? >0, there exists a protocol that requires no more than 2log(l/ ?) + 16 bits. An example where log(l/ ?) - 1 bits must be encrypted is given. For K valued functions (I Z I =K) it is shown that at most CK(E ) bits must be encrypted (independent of X, y and f) . The results ate extended to N persons communicating over a broadcast channel. The proofs rely on results concerning partitions of K valued matrices. For randomized Protocols it is shown that for all X, y Boolean f, and all possible joint distributions of X,Y (not only uniform), total secrecy (? =0) can be achieved using only two secret bits.