Secure Network Coding in the Setting in Which a Non-Source Node May Generate Random Keys
Debaditya Chaudhuri, Michael Langberg, Michelle Effros

TL;DR
This paper studies secure network coding where only one non-source node can generate random keys, characterizing the secure communication rate in this intermediate model with an eavesdropper accessing multiple links.
Contribution
It introduces and analyzes a new model of secure network coding where a non-source node generates keys, extending understanding beyond traditional source-only key generation scenarios.
Findings
Secure rate characterized for the intermediate model.
Analysis extends to scenarios with non-source key generation.
Highlights complexity of secure multicast with multiple key-generating nodes.
Abstract
It is common in the study of secure multicast network coding in the presence of an eavesdropper that has access to network links, to assume that the source node is the only node that generates random keys. In this setting, the secure multicast rate is well understood. Computing the secure multicast rate, or even the secure unicast rate, in the more general setting in which all network nodes may generate (independent) random keys is known to be as difficult as computing the (non-secure) capacity of multiple-unicast network coding instances --- a well known open problem. This work treats an intermediate model of secure unicast in which only one node can generate random keys, however that node need not be the source node. The secure communication rate for this setting is characterized again with an eavesdropper that has access to network links.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
\xpatchcmd
Abstract
It is common in the study of secure multicast network coding in the presence of an eavesdropper that has access to network links, to assume that the source node is the only node that generates random keys. In this setting, the secure multicast rate is well understood. Computing the secure multicast rate, or even the secure unicast rate, in the more general setting in which all network nodes may generate (independent) random keys is known to be as difficult as computing the (non-secure) capacity of multiple-unicast network coding instances — a well known open problem. This work treats an intermediate model of secure unicast in which only one node can generate random keys, however that node need not be the source node. The secure communication rate for this setting is characterized again with an eavesdropper that has access to network links.
Secure Network Coding in the Setting in Which a Non-Source Node May Generate Random Keys
Debaditya Chaudhuri
Michael Langberg
Michelle Effros
I Introduction
In this work, we study secure network communication over a directed acyclic network having a single source node , a single terminal node , and a single node , which is capable of generating random “keys” independent of the messages generated by . We employ a notion of secure “wiretap” communication networks introduced by Cai and Yeung in [1] and studied further in, for example [2, 3, 4, 5, 6]. Under this notion of security, given a communication scheme over , we consider an edge of the network to be secure in the presence of a wiretap adversary if and only if , where denotes the source message and denotes the information communicated on edge .111Detailed definitions of all concepts discussed here and below appear in Section II. To be secure in the presence of an adversary that wiretaps any size- subset of edges, we require that , where .
Given integers and , we define a secure network code over the network to be -feasible if it allows information to be communicated from the source to the terminal at rate and, in addition, it secures the network against a wiretap adversary that eavesdrops on up to edges of the network. Our work entails determining, for each , the closure of the set of rates that are -feasible, thereby deriving the capacity-security region.
When , the capacity-security region for secure multicast network codes is well understood [1, 2] with several follow up works [3, 4, 5, 6] that address various methods to alter any given non-secure linear network code into a new code that is secure. In contrast, determining the capacity-security region for secure network codes over a single-source single-terminal network, where every node can generate random keys, is as hard as the problem of characterizing the (non-secure) capacity region of the -unicast problem as shown by [7]. Results of a similar nature are also presented in [8]. The -unicast problem is a well known open problem in the study of network codes [8, 9, 10, 11, 12].
In this work, we seek to make progress in the apparently difficult generalization from the scenario where only the source can generate random keys to the scenario where all nodes can generate keys by studying the case where only a single node can generate keys but allowing that single node to be arbitrary. Our central result is a characterization of the capacity-security region in the unicast (single-source single-terminal) setting when only a single network node can generate random keys.
The remainder of the paper is organized as follows. In Section II, we present our model and preliminary notation. Our main result, the capacity-security characterization of the networks at hand, appears in Section III. The characterization is combinatorial in nature and involves different cut-set bounds between the source node, the key generating node, and the terminal node. Achievability is proven in Section IV via a reduction from secure communication over to (non-secure) multi-source multi-cast network coding over a modified network as shown in Figure 1b. The converse proof, which is based on cutset bounds, appears in Section V. An additional converse proof, in the more general context of cyclic networks, is presented in Appendix A. The proofs of some one of our lemmas and claims are presented in Appendix B and Appendix C, respectively.
II Network Model
Our system model consists of the following components:
- (a)
A finite directed acyclic graph . We assume that each edge noiselessly transmits one unit of information (i.e., one field element in a given field ) per unit time. We use multiple edges to model an edge with the ability to communicate more than one information symbol per unit time.
- (b)
A source node , which generates a source message vector of length , , with independently and uniformly distributed over the field of size .
- (c)
A terminal node , which is required to decode all the messages generated by the source with zero error.
- (d)
A node , which generates a random “key” vector, with independently and uniformly distributed over the field with independent of .
- (e)
An eavesdropper that can access any subset of edges for which .
In the following subsections, we introduce our definition of a network code and discuss the notions of topological order and cut sets.
II-A Network Code
We define a scalar linear network code for the network to be an assignment of a linear encoding function to each edge and a linear decoding function to terminal . For , we denote the edge message on by , and for any set , we define . If and then the edge message is a linear combination of all the messages carried by the edges in , the incoming edges of . The edge message at is obtained using local encoding at . We define using the local encoding function on as
[TABLE]
Here, denotes the message on edge , for each edge , denotes the messages on edges and is the coefficient acting on each message . If edge is an outgoing edge of (or ), then is a function of the source messages (or keys) as well. Given, such a network code, an adversary that wiretaps any size- subset of edges would obtain the information on the wiretapped edges. A network code is said to be -feasible if
[TABLE]
where is the terminal node and is the -dimensional message vector generated by the source .
II-B Topological Order
To achieve secure communication over the network , the source must “mix” the message symbols in with the (received) random key symbols in . This mixture of messages and keys is communicated to the terminal , which must decode correctly to reconstruct message . Let . Since is directed and acylic, we assume, without loss of generality, that the nodes are indexed according to their topological order in . This implies that the node receives its incoming information only from nodes . We also assume that the index of in this topological order is less than that of which in turn is less than that of the terminal . More specifically, we assume , , and for and . There is no loss of generality in these assumptions as otherwise, either transmissions on outgoing edges of cannot be secure or the communication rate between and is zero. This implies that nodes only transmit, on their outgoing edges, functions of the information generated by while nodes may potentially transmit functions of the information generated at both and .
II-C The Cut Sets
For any pair of nodes , a cut is a set of edges in which, when removed, disconnects all paths from to . The cut with the minimum capacity that separates and is denoted as . Since each edge in is assumed to be of unit capacity, represents the total capacity of all the edges in . The cuts as defined above may also separate sets of nodes in the network . For a subset of nodes , the set is the minimum capacity cut that separates the set of nodes in from the node . For the network , we use the following notation
[TABLE]
III Results
In this work we prove the following theorem.
Theorem 1**.**
Given the directed acyclic network and integers and such that , there exists an -feasible network code over if and only if,
[TABLE]
The proof of Theorem 1 is divided into two parts, the achievability proof, shown in Section IV, and the converse proof shown in Section V.
IV Proof of Theorem 1: Achievability
Proof.
For the network with source node and key generating node holding message symbols and key symbols respectively, we set the values of integers and such that they satisfy the bounds (4), (5), and (6). We implement a random linear network code over and over a sufficiently large field such that, for any edge , the local encoding coefficients associated with edge , as described in (1), are i.i.d. and uniform over .
The network code is said to be decodable at rate over network , if it satisfies the condition of (2). We consider the following lemma which we prove in Section VI-A.
Lemma 1**.**
Given integers that satisfy (4)-(6) of Theorem 1, the random linear network coding scheme is decodable at rate with probability at least .
We now consider a wiretapping adversary that can eavesdrop on any subset of edges such that . We denote the information gleaned by the adversary as which may be expressed as
[TABLE]
Here, and are and matrices whose rows are global encoding vectors associated with each edge in , acting on and , respectively. We consider the network coded information to be secure if and only if (3) holds for any of size , i.e. the adversary gains no information about the source message symbols even after wiretapping a -sized subset of edges in the network. In [3], Cai and Yeung show that a linear network coding scheme is secure if and only if the following condition holds.
[TABLE]
Here, denotes the rank of a matrix.
The following lemma is proven in Section VI-B by analyzing the matrices and .
Lemma 2**.**
Given integers that satisfy (4)-(6) of Theorem 1, the random linear network coding scheme over is -secure with probability at least for all wiretap sets of size .
A network code is said to be -feasible if it is both -feasible and -secure. It now follows that, given integers and that satisfy (4), (5), and (6), the suggested network code is -feasible with probability at least
[TABLE]
which, for sufficiently large , implies our achievability with high probability.
∎
V Proof of Theorem 1: Converse
Proof.
We prove the converse for any (not necessarily linear) -feasible network code over the network . We start with an -feasible coding scheme and show that and satisfy the bounds of (4), (5) and (6). Here, we give a partial proof in which we only address bound (4). Proofs of a similar nature apply to the other bounds as well. Details of the converse proof, in the more general context of cyclic networks, appear in Appendix A.
We denote by the minimum cut separating and , and by the total capacity of the edges in . The random variable , over the support set , represents the information on all edges of . We denote by any subset of edges in that is wiretapped by an eavesdropping adversary. Then denotes the encoded information on all the edges in . We denote the set of edges that are incoming to as , and the encoded information on all of the edges in as with support set . Similarly, for .
For the bound we consider two cases. First, assume by contradiction that . Specifically set . This implies that the eavesdropping adversary may choose to wiretap all the edges in and an edge to obtain the wiretap set of size . Then the wiretapped information is , where is the information on the chosen edge . Note that , where, is the information present at the source .
For -security, we require that the mutual information . Therefore,
[TABLE]
implying that, and . Thus, we conclude that .
Suppose that cut partitions into disjoint sub-networks and , where includes the key generating node . Note that any information communicated through edges in must be a function of . In addition, , implying that all information reaching is a function of . We conclude, for any edge , that
[TABLE]
where, is some deterministic function. Equation (9) implies that which in turn implies . This means that to be -secure the information must completely determine for all . Therefore, the information is also a deterministic function of . As shows that is independent of , it follows that is also independent of and thus . This, in turn, implies that the rate realizable by the network code is which is a contradiction.
A similar proof holds for , in which we study the set for any edge . ∎
VI Proof of Lemmas
VI-A Proof of Lemma 1
We begin by considering the modified network , obtained from as shown in Figure 1b. Specifically, is obtained from by adding a new node and parallel edges from to . As in , the network has nodes and holding symbols of and symbols of , respectively. Here, the outgoing edges of include those in the original network , denoted as , and the additional edges. Both terminals and want to decode all symbols of and symbols of . A network code, over , that satisfies the demands of terminals and is a multi-source multicast network code which is -feasible, where .
We use a random linear multi-source multicast network code over network and the finite field . In what follows, we set some notation.
Let , and .
- 2.
The node transmits linear combinations of through . We express the information on these edges as . Here, the rows of , which is an matrix, are the local encoding vectors associated with each edge in . The entries of are i.i.d. and uniform over the field .
- 3.
The message source receives linear combinations of through the edges in . We express the information on these edges as . is an matrix, and the rows of are the global encoding vectors, associated with each edge in , acting on .
- 4.
“mixes" the received symbols of with the symbols of and transmits the resulting combinations through and to . We express the information on as
[TABLE]
Here, the rows of the matrix are the local encoding vectors associated with the edges in . and are and matrices respectively. The entries of and are i.i.d. and uniform over .
We now consider the following claims. Claim 2 is proven in Appendix C-A.
Claim 1**.**
The multi-source multicast random linear network code , as described above, is -feasible over the network with probability at least .
Proof of Claim 1.
Given integers and , we start by observing the min-cut capacities in between the subsets of the node set and each terminal and as follows.
[TABLE]
From (10)-(15), we see that for all source-terminal pairs in , the corresponding Min-Cut Max-Flow bounds are satisfied.
Let be the total number of encoding coefficients employed over all the edges in . We can bound by . Using Theorem 8 of [13] and Theorem 5.4 of [14] (derived from [15]), we have that the network code is -feasible over the network with probability at least
[TABLE]
This proves the claim.
∎
Claim 2**.**
The -feasible network code over , when restricted to , implies that is -decodable over .
From Claim 1 and Claim 2, we have that the network code is -decodable over with probability at least
[TABLE]
This proves the lemma.
VI-B Proof of Lemma 2
We use the notation introduced in the proof of Lemma 1. For any edge , we express the information on as,
[TABLE]
Here, is an edge- encoding vector of dimension , acting on and . We partition such that the -dimensional vector acts on the information from and the -dimensional vector acts on the information from . Thus, we rewrite (16) as follows.
[TABLE]
We now consider an adversary that wiretaps any subset of edges such that . Then, using (17), we obtain the information observed by the adversary as follows.
[TABLE]
Here, is a matrix where is a matrix and is a matrix. We assume that has full row-rank of , as otherwise, the adversary could simply drop an edge in and not lose any information. Using (17), we rewrite (18) as follows.
[TABLE]
From (7) and (19), we have that
[TABLE]
Let,
[TABLE]
From our decodability proof, we know that , as otherwise, could not have decoded the keys . For the security condition of (8) to hold, we show that . Therefore, we compute the following.
[TABLE]
We now consider the following claims proven in Appendix C-B and Appendix C-C, respectively.
Claim 3**.**
**
Claim 4**.**
Given an matrix and an matrix such that and the entries of are i.i.d. and uniform over the field , then with probability at least , over .
Let us consider the following event.
- •
: The condition of (8) holds for a given wiretap set of size .
Using Claim 3 and Claim 4 we conclude from (VI-B) that
[TABLE]
Denoting the complementary event of by and using the union bound over event for any of size , we have the following.
[TABLE]
Namely, the probability over the i.i.d. entries of and , of the network code being secure against an adversary with a wiretap set of size is at least . This proves the lemma.
VII Conclusion
In this paper, we characterize the capacity-security region for single unicast network codes over a directed acyclic network in which only one node, which is not necessarily the source node, can generate random keys. We present a random linear achievability proof and a matching coverse proof. Our converse can be extended to cyclic networks as well. (Details appear in Appendix A.) Our work establishes an intermediate step between the well understood problem of characterizing the capacity-security region in which only the source node generates random keys and the problem of characterizing the capacity-security region when every node can generate random keys.
Several problems are left open. An extension of our result to the context of multicast network coding is within reach and the subject of future research. It would also be interesting to extend our achievability to single unicast network coding over networks with cycles. Additional possible extensions include the study of single unicast networks in which more than one node can independently generate random keys.
Acknowledgements
Work supported in part by NSF grants CCF-1526771 and CCF-1817241.
Appendix A Proof of Theorem 1: Converse (For cyclic networks)
Proof.
We prove the converse for the more general setting of directed networks that may contain cycles. As before, has the message generating source node , the random key generating node and the terminal , as shown in Figure 2. We show that for such a network and for any network coding scheme, the bounds given in (4), (5) and (6) are upper bounds for the capacity-security region.
As we address networks with cycles, we consider the notion of time in our definition of a network code. Namely, we consider an -time step system. In such a system, we assume that communication starts at time step . The source holds a message uniformly distributed in and node holds random keys uniformly distributed in , where is not restricted in any way. For any edge such that , where , we define the information on at the -th time step, for all , as
[TABLE]
Here, is the time-variant local encoding function at edge at the -th time step, denotes the set of incoming edges in to node and . In our work, we consider to be a random variable with the support set , for all . For a given cut , we denote by the composite of the variables corresponding to edges at time step , i.e. . The support set of for all is denoted by . We use the notation to denote the information on edge for the -time step system, i.e. .
For the network model , the following definitions are useful for the discussions that follow:
- •
For any cut , separating any two nodes , we define two sub-networks and , with and , as shown in Figure 2. Here, and .
- •
We denote by , the minimum cut separating and and by , the total capacity of the edges in . The random variable , over the support set , represents the information, at the -th time step on all the edges of . represents the information on all the edges of for the -time step system. We use similar notations for the time variant random variables which represent the information on the edges in , , and .
- •
We denote by any subset of edges in that is wiretapped by an eavesdropping adversary. denotes the encoded information on all the edges in at the -th time step. We assume that the wiretap set is time invariant, i.e. it does not change with the time step . Thus, the information obtained by the adversary for the -time step system is .
- •
We denote by , the set of edges that are incoming to . We denote the encoded information at the -th time step on all the edges in as with support set . Similarly, for .
- •
For any sub-graph , let
[TABLE]
Given the definitions above, we start with an -feasible coding scheme and show that and satisfy the bounds of (4), (5) and (6). Here, a scheme is -feasible with blocklength if can decode and any wiretapped subset of edge hold no information on . We shall now consider each of the bounds separately in the following subsections.
A-A Bound on :
A-A1
Suppose, by contradiction, that . Particularly, assume This implies that the eavesdropping adversary may choose to wiretap all the edges in and an edge to obtain the wiretap set of size . Then the wiretapped information is , where is the information on the chosen edge for the -time step system. From (23), we see that
[TABLE]
Where, is the information present at the source for all time steps up to the -th time-step. For -security, we require that the mutual information . Therefore,
[TABLE]
Implying that,
[TABLE]
From (28), we obtain the following.
[TABLE]
Suppose the cut partitions into disjoint sub-networks and . Then, as per the definition in (24), . We denote by , the source message and/or key held by the nodes in . We see that , which implies that any edge either belongs to the set or the set .
For any edge , we observe that
[TABLE]
For , we consider the following lemma which we prove in Appendix B.
Lemma 3**.**
For any cut that partitions graph into disjoint sub-networks and , there exists, for any edge and any time step , a deterministic mapping such that .
Therefore, using Lemma 3 for edge :
[TABLE]
where, is a deterministic function.
Then, using (A-A1) we obtain the information on as follows.
[TABLE]
Thus, for the chosen edge , using (A-A1) and (A-A1) we have
[TABLE]
Thus, (A-A1) shows that is a deterministic function of and . As , this implies that
[TABLE]
Therefore by (29) and (34), we have,
[TABLE]
Thus, to be -secure, (35) shows that for all , the random variable must be completely determined by . Therefore, the information is also a deterministic function of . As (27) shows that is independent of the message symbols , it follows that is also independent of and thus
[TABLE]
Equation (36), in turn implies that the rate realizable by the network code is which is a contradiction.
A-A2
Suppose, by contradiction, that , specifically assuming that . This implies that the eavesdropping adversary may choose to wiretap all the edges in and any edge to obtain the wiretapped set of size . Then the wiretapped information is , where is the information on the chosen edge . For -security, we require that the mutual information . Therefore,
[TABLE]
Further implying that,
[TABLE]
From (39),
[TABLE]
We now consider the cut and the corresponding partitions and . Note that corresponding to the cut , the set of information and key generating source nodes in which are also present in is where .
Note that . Due to the cut , it follows that either or . For any edge , we have the following.
[TABLE]
where, is a deterministic function.
For any edge , by Lemma 3, we have the following.
[TABLE]
Equation (A-A2) shows that for any edge , the random variable is completely determined by and . As , we have.
[TABLE]
which implies by (40) that . This holds for all and thus . As (38) shows that is independent of , therefore we conclude that,
[TABLE]
This in turn implies that the rate realizable by the network code is which is a contradiction. Thus, for , an -feasible network code exists only if , i.e., bound (4) holds.
A-B Upper Bound of
The bound (5) is a direct consequence of Theorem 2.1 of [14] and therefore the proof is not included here.
A-C Upper Bound of :
To show that an -feasible network code exists only if bound (6) holds, we start by considering the following cases:
- •
Case 1:
- •
Case 2:
For Case 1, we see that the eavesdropping adversary has the option of wiretapping all the edges in . Therefore, we set thereby forcing . This, implies that is independent of the message symbols . We also observe that . From our previous discussions, we note that the random variable is a deterministic function of and therefore is also independent . Thus, the terminal receives no information regarding the message symbols and therefore the rate realizable by the network code in this case is which is a contradiction.
For Case 2, let . Then, where, . We denote the information on the edges of the set as and thus we have that where . Here, our measure of entropy equals 1 for a uniform random variable in . Thus, we have the following.
[TABLE]
Here, (45) is due to our assumption of correctly decoding and the min-cut max-flow theorem as the cut is an -cut. (46) is due to the security condition. Thus, one may realize an -feasible network code over the network only if the bound (6) holds for integers and .
Combining our analysis for bounds (4), (5) and (6) proves the theorem.
∎
Appendix B Proof of Lemma 3
We prove this lemma using an induction hypothesis on the time step parameter . At time , we assume that the network edges do not carry any information. Thus, at time , the information on all network edges in are solely a function of the random variable .
We assume by induction that the hypothesis holds for , i.e. for , we have the following.
[TABLE]
We now consider time step . For an edge , is a function of the incoming edges to and (the latter only if ). Namely,
[TABLE]
For , the incoming edges of are either included in the cut or are in . Thus,
[TABLE]
By induction, as is a function of and for . We conclude that there exists a function such that,
[TABLE]
This proves the lemma.
Appendix C Proof of Claims
C-A Proof of Claim 2
.
To prove that the network code is -decodable over network , given that is -feasible over , we consider the following steps.
We disconnect terminal from by removing the edges connecting to .
- 2.
We keep the random assignment of the local coding coefficients for each edge in unchanged.
- 3.
As in , the source does not decode the keys but “mixes” the incoming combinations of the keys in with the message that it holds, and transmits the resulting combinations through .
- 4.
The information that terminal wants to decode also remains unchanged.
By initiating the steps above, we obtain the network code from . It also follows that the network code allows to decode all symbols of as the -feasible allows to decode all symbols of and symbols of , thereby satisfying condition (2). This proves the claim. ∎
C-B Proof of Claim 3
.
Since , we assume, without loss of generality, that the first columns of and columns of are jointly linearly independent with . Then, we have that , where is matrix of full column-rank , and is a matrix. Let be the sub-matrix of containing the linearly independent columns of , and be a matrix such that . Then, as per our assumption, the first columns form a identity matrix. Therefore, we have that
We now consider the matrix . Since, , we may express as follows.
[TABLE]
Here, is a invertible sub-matrix of . The columns of the sub-matrix and the rows of the sub-matrix are spanned by the columns and rows of respectively, while the rows of the sub-matrix are spanned by the rows of . Thus we may rewrite (49) as follows
[TABLE]
Here, is an matrix. We now partition the matrix such that and are and matrices respectively. Let , then by using (50) we obtain the following.
[TABLE]
Here, the matrices and are and , respectively. Furthermore, we partition , where and are and sub-matrices respectively. Likewise, we partition . Then, using (50) and (C-B), we may rewrite (20) as follows.
[TABLE]
We now consider partition , where consists of the first columns of . Then, we have that where is the identity matrix and is a matrix whose columns are spanned by . Thus, we see that the rows of are linearly independent. We may rewrite (52) as follows.
[TABLE]
Since is invertible, implies . To prove that , we show that the rows of , having dimension , are linearly independent and not spanned by the rows of .
Given that the entries of the matrix are i.i.d and uniform in , for any and for , we compute the probability , where denotes the -th row of of dimension . From (C-B), we see that
[TABLE]
Here, and denotes the -th row of and respectively. As is invertible, we have the following.
[TABLE]
Here, (55) is due to that fact that the entries of , which is a sub-matrix of , are i.i.d. and uniform in . From (56), we see that the rows of are uniform in . For a fixed matrix in (54) and due to the invertibility of matrix , there exists a 1-1 map between and , for all . Now, as the vectors are chosen independently for each , it follows that the corresponding vectors must also be independent for all . This implies that the rows of , which is a sub-matrix of containing its first rows, are also i.i.d and uniform in .
Let and denote the -th row of for . For any , we compute the probability . Denoting the -th rows of and as and , respectively, we have that,
[TABLE]
Note that the rows of form the first rows of and therefore are i.i.d. and uniform in . Thus, by applying the same argument as in (56), we obtain . The vectors are mutually independent due to the fact that the vectors are mutually independent. Thus, as , we have the following.
[TABLE]
This proves our claim.
∎
C-C Proof of Claim 4
.
Let , where for , , where for and , where ’s are i.i.d. and uniform over .
For any , we have
[TABLE]
For any , we first compute , where is the -dimensional -th column of . Since , we assume, without loss of generality, that the last columns of are linearly independent. We also partition such that where consists of the last entries of . Then, we may rewrite (58) as
[TABLE]
Then,
[TABLE]
Since the -dimensional columns are linearly independent, the -system of equations must have a unique solution for each , and as the entries of are i.i.d. uniform in , we have that . Thus, we may rewrite (C-C) as follows.
[TABLE]
Equation (C-C) implies that the columns are uniform in . The columns are also mutually independent due to the fact that the columns are independent for all . Thus, we have
[TABLE]
This proves the claim.
∎
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] N. Cai and R. W. Yeung, “Secure network coding,” IEEE International Symposium on Information Theory , p. 323, 2002.
- 2[2] J. Feldman, T. Malkin, C. Stein, and R. Servedio, “On the capacity of secure network coding,” 42nd Annual Allerton Conference on Communication, Control, and Computing , pp. 63–68, 2004.
- 3[3] N. Cai and R. W. Yeung, “A security condition for multi-source linear network coding,” IEEE International Symposium on Information Theory , pp. 561–565, 2007.
- 4[4] ——, “On the optimality of a construction of secure network codes,” IEEE International Symposium on Information Theory , pp. 166–170, 2008.
- 5[5] S. El Rouayheb, E. Soljanin, and A. Sprintson, “Secure network coding for wiretap networks of type II,” IEEE Transactions on Information Theory , vol. 58, no. 3, pp. 1361–1371, 2012.
- 6[6] D. Silva and F. R. Kschischang, “Universal secure network coding via rank-metric codes,” IEEE Transactions on Information Theory , vol. 57, no. 2, pp. 1124–1135, 2011.
- 7[7] W. Huang, T. Ho, M. Langberg, and J. Kliewer, “Single-unicast secure network coding and network error correction are as hard as multiple-unicast network coding,” IEEE Transactions on Information Theory , vol. 64, no. 6, pp. 4496–4512, 2018.
- 8[8] T. H. Chan and A. Grant, “Network coding capacity regions via entropy functions,” IEEE Transactions on Information Theory , vol. 60, no. 9, pp. 5347–5374, 2014.
