MAC Wiretap Channels with Confidential and Open Messages: Improved Achievable Region and Low-complexity Precoder Design

As shown in Fig. 1, we consider a DM MAC-WT channel with $K$ users, a legitimate receiver (or Bob for brevity), and an eavesdropper (Eve). Let ${\cal K}=\{1,\cdots,K\}$ denote the set of all users. The DM MAC-WT system can then be denoted by $\left({\cal X}_{\cal K},p(y,z|x_{\cal K}),{\cal Y},{\cal Z}\right)$ (in short $p(y,z|x_{\cal K})$), where ${\cal X}_{k}$, $\cal Y$, and $\cal Z$ are finite alphabets, $x_{k}\in{\cal X}_{k}$ is the channel inputs from user $k$, and $y\in{\cal Y}$ and $z\in{\cal Z}$ are respectively channel outputs at Bob and Eve. For brevity, we use the short-hand notation $p(x_{k})$ to indicate $P_{X_{k}}(x_{k})$. Analogous short-hand notations are clear from the context.

Each user $k\in{\cal K}$ transmits a secret message $M_{k}^{\text{s}}$ and an open message $M_{k}^{\text{o}}$ to Bob. Eve attempts to overhear all the secret messages but is not interested in the open messages. User $k$ encodes its information into a codeword $X_{k}^{n}$, and then transmits it over the channel with transition probability $p(y,z|x_{\cal K})$. Upon receiving the sequence $Y^{n}$, Bob decodes the messages of all users. To avoid leakage of confidential information to Eve, the secret messages of all users, i.e., $M_{k}^{\text{s}},k\in{\cal K}$, should be protected. Let $R_{k}^{\text{s}}$ and $R_{k}^{\text{o}}$ denote the rate of user $k$’s secret and open messages. Then, a $\left(2^{nR_{1}^{\text{s}}},2^{nR_{1}^{\text{o}}},\cdots,2^{nR_{K}^{\text{s}}},2^{nR_{K}^{\text{o}}},n\right)$ secrecy code for the considered DM MAC-WT channel consists of

• •

  Secret and open message sets: ${\cal M}_{k}^{\text{s}}=\left[1:2^{nR_{k}^{\text{s}}}\right]$ and ${\cal M}_{k}^{\text{o}}\!=\!\left[1:2^{nR_{k}^{\text{o}}}\right],\forall k\!\in\!{\cal K}$. Messages $M_{k}^{\text{s}}$ and $M_{k}^{\text{o}}$ are uniformly distributed over the corresponding sets ${\cal M}_{k}^{\text{s}}$ and ${\cal M}_{k}^{\text{o}}$.

• •

  $K$ randomized encoders: the encoder of user $k$ maps the message pair $(m_{k}^{\text{s}},m_{k}^{\text{o}})\in{\cal M}_{k}^{\text{s}}\times{\cal M}_{k}^{\text{o}}$ to a codeword $x_{k}^{n}$.

• •

  A decoder at Bob which maps the received noisy sequence $y^{n}$ to the message estimate $\left({\hat{m}}_{k}^{\text{s}},{\hat{m}}_{k}^{\text{o}}\right)\in{\cal M}_{k}^{\text{s}}\times{\cal M}_{k}^{\text{o}},\forall k\in{\cal K}$.

To ensure that all messages can be perfectly decoded at Bob and all confidential information can be perfectly protected from Eve, we define two metrics, i.e., the average probability of error

for Bob and the information leakage rate for Eve. For the MAC-WT channel, a widely used information leakage rate is $\frac{1}{n}I(M_{\cal K}^{\text{s}};Z^{n})$ and it is required that this rate vanishes as $n$ goes to infinity [1, 8, 13, 14]. In this paper, we use a different leakage rate, based on which perfect secrecy can be realized and the achievable rate region in existing literatures can be improved.

We divide the user set ${\cal K}$ into two parts, i.e., ${\cal K}^{\prime}\subseteq{\cal K}$ with $R_{k}^{\text{s}}\geq 0,\forall k\in{\cal K}^{\prime}$, and ${\overline{{\cal K}^{\prime}}}={\cal K}\setminus{\cal K}^{\prime}$ with $R_{k}^{\text{s}}=0,\forall k\in{\overline{{\cal K}^{\prime}}}$. Here we do not require $R_{k}^{\text{s}}>0$ if $k\in{\cal K}^{\prime}$ such that users in ${\overline{{\cal K}^{\prime}}}$ can also be reclassified to ${\cal K}^{\prime}$. To protect the confidential information of users in ${\cal K}^{\prime}$, the coding scheme has to at least ensure that Eve cannot directly decode their messages using the normal MAC decoding scheme even if Eve has codebooks of all users. As for user $k\in{\overline{{\cal K}^{\prime}}}$, since $R_{k}^{\text{s}}=0$, there is no such requirement and it is thus possible for Eve to get its open message $M_{k}^{\text{o}}$. For a given ${\cal K}^{\prime}\subseteq{\cal K}$, since $R_{k}^{\text{s}}=0,\forall k\in{\overline{{\cal K}^{\prime}}}$ and it is possible that Eve gets $M_{k}^{\text{o}},\forall k\in{\overline{{\cal K}^{\prime}}}$, we have

where the last step holds since the messages of all users are independent. If $\frac{1}{n}I(M_{\cal K}^{\text{s}};Z^{n})$ is used to evaluate the secrecy level, a hidden assumption is that Eve cannot decode the messages of all users, including $M_{k}^{\text{o}},\forall k\in{\overline{{\cal K}^{\prime}}}$, since otherwise due to (II-A), Eve may be able to extract the confidential information from $(M_{\overline{{\cal K}^{\prime}}}^{\text{o}},Z^{n})$ even if $\frac{1}{n}I(M_{{\cal K}^{\prime}}^{\text{s}};Z^{n})\rightarrow 0$. Hence, we argue that the secrecy requirement based solely on $\frac{1}{n}I(M_{\cal K}^{\text{s}};Z^{n})$ implicitly forces any achievable coding scheme to prevent Eve to decode the open messages of users in ${\overline{{\cal K}^{\prime}}}$. This requirement may be too restrictive and thus may limit the achievable region. As an alternative, we propose to use

to evaluate the system’s secrecy level. For perfect secrecy, we require $R_{{\text{E}},{\cal K}^{\prime}}\rightarrow 0$ and take the union over all possible choices of ${\cal K}^{\prime}$. Obviously, by using (3), it is no longer necessary to design codes that prevent Eve from decoding $M_{k}^{\text{o}},\forall k\in{\overline{{\cal K}^{\prime}}}$.

Note that here we are not saying $\frac{1}{n}I(M_{\cal K}^{\text{s}};Z^{n})$ is always a bad metric in designing the codes and determining the achievable region. Actually, as we will show later, by preventing Eve from decoding $M_{k}^{\text{o}},\forall k\in{\overline{{\cal K}^{\prime}}}$, the signal of users in ${\overline{{\cal K}^{\prime}}}$ performs as noise to Eve, and may thus limit its wiretapping capability. What we want to emphasize is that more possibilities should be taken into account. In this paper, we use (3) to evaluate the secrecy level for all possible ${\cal K}^{\prime}\subseteq{\cal K}$. As stated above, users in ${\overline{{\cal K}^{\prime}}}$ can be reclassified to ${\cal K}^{\prime}$. If ${\cal K}^{\prime}={\cal K}$, i.e., ${\overline{{\cal K}^{\prime}}}=\phi$, it is obvious that (II-A) holds with equality, indicating that the case using metric $\frac{1}{n}I(M_{\cal K}^{\text{s}};Z^{n})$ is also considered.

With the metrics defined in (1) and (3), a rate tuple $(R_{1}^{\text{s}},R_{1}^{\text{o}},\cdots,R_{K}^{\text{s}},R_{K}^{\text{o}})$ is said to be achievable if for any $\delta>0$, there exist a subset ${\cal K}^{\prime}\subseteq{\cal K}$ and a sequence of $\left(2^{nR_{1}^{\text{s}}},2^{nR_{1}^{\text{o}}},\cdots,2^{nR_{K}^{\text{s}}},2^{nR_{K}^{\text{o}}},n\right)$ codes such that $R_{k}^{\text{s}}=0,\forall k\in{\overline{{\cal K}^{\prime}}}$ and

In wiretap channels, to protect or hide the confidential information, ‘garbage’ messages are usually introduced to the users [1, 15, 37]. We also do so in this paper. It is thus important to study the existence condition of the ‘garbage’ message rate (see a two-user example in [1, Lemma $7$]). With the condition satisfied, ‘garbage’ messages can be introduced at a feasible rate and perfect secrecy can be proven. We give the condition for the considered DM MAC-WT channel in the following theorem, which plays quite an important role for the achievability proof in this paper.

Proof: We give in the following Lemma 1, which is a special case of Theorem 1 for ${\cal K}^{\prime}={\cal K}$ and directly extends [1, Lemma $7$] to the case with any $K$. Lemma 1 is proven in Appendix A. Then, using this lemma, Theorem 1 is proven in Appendix B. $\Box$

In contrast to [1, Lemma $7$], which considers only two users and can thus be easily proven, Theorem 1 not only extends the result to the general case with any $K$, but also gives the existence conditions of $R_{k}^{\text{g}},\forall k\in{\cal K}^{\prime}$ for all possible subsets ${\cal K}^{\prime}\subseteq{\cal K}$, which is quite important for the achievability proof in this paper. To apply the coding scheme provided in the next section, it is also necessary to know how to find the feasible $R_{k}^{\text{g}},\forall k\in{\cal K}^{\prime}$. We show that this is easy. For a given ${\cal K}^{\prime}\subseteq{\cal K}$ and any rate tuple $(R_{1}^{\text{s}},R_{1}^{\text{o}},\cdots,R_{K}^{\text{s}},R_{K}^{\text{o}})$ satisfying (5), the linear inequalities in (6) define a polytope as a feasible region of $R_{k}^{\text{g}},\forall k\in{\cal K}^{\prime}$, which should be non-empty since otherwise the region defined by (5) is empty. Then, we may apply Dantzig’s simplex algorithm to obtain $R_{k}^{\text{g}},\forall k\in{\cal K}^{\prime}$ [39].

For the case ${\cal K}^{\prime}={\cal K}$, the basic result obtained from Theorem 1 is collected in the following lemma.

Proof: See Appendix A. $\Box$

Here we explain why it is possible to improve [1, Lemma $1$]. For convenience, we rewrite [1, Lemma $1$] below.

In Subsection III-B, we give Theorem 2, which improves the region in Lemma 2, and provide the general proof for any $K$ in Appendix C. Now we consider two special cases of Lemma 2 and provide some observations that evidence the fact that the region of Lemma 2 can be improved.

First, consider the case with $R_{k}^{\text{o}}=0,\forall k\in{\cal K}$. Then, (9) becomes

which can be further simplified as (11) since for any ${\cal S}\subseteq{\cal K}$, it is obvious that $I(X_{\cal S};Z)\geq I(X_{{\cal S}^{\prime}};Z),\forall{\cal S}^{\prime}\subseteq{\cal S}$. We give an achievable secrecy rate region in the following lemma.

Similar achievable secrecy rate regions for Gaussian MAC-WT channels can be found in [13, Theorem $1$] (with two users), [8, Theorem $2$] (with a weaker Eve which has access to a degraded version of the main channel), and also [14, Theorem $1$] (by letting all open message rates be $0$). Notice that we have shown in [1, Remark $1$ and Appendix G] that [14, Theorem $1$], which bounds the secret and open message rates is in general incorrect. We show in Lemma 4 in Subsection III-B that the region provided in Lemma 3 can be enlarged. The results in [13], [8], and [14] can thus also be improved.

Next we consider another special case with $R_{k}^{\text{s}}=0,\forall k\in{\cal K}$, i.e., each user has only an open message for Bob. Intuitively, we hope to get from Lemma 2 the capacity region of the standard MAC channel with $K$ users and no wiretapping. Unfortunately, we show that it is not the case. With $R_{k}^{\text{s}}=0,\forall k\in{\cal K}$, (9) becomes

which can be divided into two parts as follows

Obviously, (13a) over all $\prod_{k=1}^{K}p(x_{k})$ constructs the capacity region of a conventional MAC channel with no wiretapping. However, due to (13b), the region becomes smaller, indicating that the achievability results given in Lemma 2 do not handle ‘well’ the case where all (or some) users do not have confidential information. This is because in [1], the coding scheme introduces ‘garbage’ messages to all users and ensures $\sum_{k\in{\cal S}}(R_{k}^{\text{o}}+R_{k}^{\text{g}})\geq I(X_{\cal S};Z),\forall{\cal S}\subseteq{\cal K}$ to hide the confidential information. This is important if $R_{k}^{\text{s}}>0$. But if $R_{k}^{\text{s}}=0$, i.e., user $k$ has no confidential information, this may be unnecessary or even have a negative effect in determining the achievable region. We will give the more detailed explanations in Subsection III-B.

By allowing users with zero secret message rate to act as conventional MAC channel users with no wiretapping, we obtain a better achievable region in the following Theorem 2. We show later that this theorem not only improves Lemma 2, by considering the special cases with only secret or open messages as we have done in Subsection III-A, it also improves Lemma 3 and yields the standard MAC capacity region as a byproduct in a natural immediate way.

Proof: See Appendix C. $\Box$

Obviously, Lemma 2 is a special case of Theorem 2 with ${\cal K}^{\prime}={\cal K}$.

As done for Lemma 2, we also consider two special cases with $R_{k}^{\text{o}}=0,\forall k\in{\cal K}$ and $R_{k}^{\text{s}}=0,\forall k\in{\cal K}$ for Theorem 2. First, if $R_{k}^{\text{o}}=0,\forall k\in{\cal K}$, (14) becomes

which can be simplified as (21) since for any ${\cal S}\subseteq{\cal K}^{\prime}$,

We provide another achievable region for the DM MAC-WT channel with only confidential information in the following lemma and show that it improves the region given in Lemma 3.

It can be easily found by setting ${\cal K}^{\prime}={\cal K}$ that the achievable region given in Lemma 3 is contained in that provided by Lemma 4. In this sense, Lemma 4 not only improves the result in Lemma 3, but also those in [13, 8], and [14]. We further show this by giving a specific example with two users in Appendix H.

On the other hand, if $R_{k}^{\text{s}}=0,\forall k\in{\cal K}$, for a given ${\cal K}^{\prime}\subseteq{\cal K}$, (14) can be rewritten as

If ${\cal K}^{\prime}=\phi$, we have ${\overline{{\cal K}^{\prime}}}={\cal K}$ and ${\cal S}={\cal S}^{\prime}=\phi$. (22) in this case becomes

which over all possible distributions $\prod_{k=1}^{K}p(x_{k})$ constructs the capacity region of a conventional MAC channel with $K$ users and no wiretapping. If ${\cal K}^{\prime}\neq\phi$, (22) can be divided into two parts

It is obvious that (24a) is equivalent to (23). However, due to (24b), for any ${\cal K}^{\prime}\neq\phi$, the open message rate region jointly defined by (24a) and (24b) is included in that defined by (23). Hence, when $R_{k}^{\text{s}}=0,\forall k\in{\cal K}$, instead of taking into account (22) for all ${\cal K}^{\prime}\subseteq{\cal K}$, the region union of ${\mathscr{R}}(X_{\cal K},{\cal K}^{\prime})$ over all ${\cal K}^{\prime}\subseteq{\cal K}$ can be easily characterized by (23). In this sense, the open message rate region defined by (12) is improved.

Since this paper considers MAC-WT channels, we are especially concerned about the maximum achievable sum secrecy rate of the system. In addition, since all users have open messages intended for Bob, then, an interesting question is if all users encode their confidential messages at the maximum sum secrecy rate, what is the maximum sum rate at which they could encode their open messages. We give the answer in the following Theorem.

Proof: See Appendix I. $\Box$

Theorem 3 shows that the channel can support a non-trivial additional open sum rate even if the coding scheme is designed to maximize the sum secrecy rate.