Enhancing Secrecy Rates for Wiretap Channels

Shahid Mehraj Shah

ECE Dept., Indian Institute of Science

Bangalore, India

November 06, 2013

Outline

I Introduction
I Information Theoretic security
I The Wiretap Channel
I Fading Wiretap Channel
I Fading MAC with Eve
I Alternative notion of Security
I Dual encoder scheme
I Conclusions
Introduction

I Security is one of the most important considerations in

transmission of information from one user to another
I Conventional technique is Cryptography
I Transmitter uses key to encrypt source information.
I Eve is assumed to be ignorant of the key.
I Assumes limited computational capacity of Eavesdropper.
I Information theoretic security.
I Does not require key for securing the message.
I Assumes unlimited computational capacity of Eavesdropper.
I Wyner introduced Wiretap channel in his seminal paper in
1974.
I Key distribution and storage adds complexity to the network
design.
I Various Cryptographic encryption algorithms are vulnerable to
Man-in-the middle attack
I Open nature of Wireless networks and lack of infrastructure in
decentralized networks makes further makes key
distribution/management difficult.
I Information theoretic security Promises new direction toward
solving security problems.
Model

Encryption with channel coding

Information Theoretic Security
I Security issues include confidentiality, integrity,
authentication, and non-repudiation
I Attacks on the security of communication networks can be
divided into two basic types: passive attacks and active
attacks.
Information Theoretic Security: Shannon’s Model

I A source message W is encrypted to a ciphertext E by a key K

shared by the transmitter and receiver
I System is perfectly secure if the a posteriori probabilities of W
given E are equal to the a priori probabilities of W for all E,
i.e., PW |E = PW
I Shannon also showed that we need H(K ) ≥ H(W ) for perfect
secrecy.
Wyner’s Wiretap Model

I Security, i.e., the secrecy level of the confidential message W

at the eavesdropper, is measured by the equivocation rate
defined as
(n)
I Re = n1 H(W | Z n )
I The reliability is average block probability of error, for a
length n code:
|W|
(n) 1 P
I Pe = Pr {W̃ 6= W } = |W| Pr {w̃ 6= w }
w =1
I A rate − equivocationpair (R, Re ) is achievable if ∃ message
sets Wn with | Wn |= 2nR and encoder - decoder pairs (fn , gn )
(n) (n)
such that Pe → 0 , Re ≤ liminfn→∞ Re
I The capacity-equivocation region C is defined to be the closure

I Q → U → X → (Y , Z ).
The Wiretap Channel: Coding Scheme

I Wiretap Coding is basically random binning.

I The codebook is divided into subcode books.
I The message to be sent is selected according to the
subcodebook, from which a message is choosen randomly and
transmitted.
I The codebook is constructed such that, Eve can successfully
decode message but could not decode from which
sub-codebook the message was selected.
I Where as legitimate reciever can decode the sub-codebook
also.
The Wiretap Channel: Coding Scheme

I The Codebook is constructed as

n o
n
C = xab , a = 1, 2, ...2n(I (X ;Y )−I (X ;Z )) ; b = 1, 2..., 2nI (X ;Z ) (1)
Gaussian Wiretap Channel

I The Gaussian Wiretap Channel was studied by Cheong and

Hellman in 1978
I The Channel model is
I Y = X + N1 , Z = X + N2 , where X is the input, N1 ∼
N (0, σ12 ) and N2 ∼ N (0, σ22 )
I The secrecy capacity for the degraded Gaussian Channel(i.e.
σ1 < σ2 ) is
   
I Cs = 21 log 1 + σP2 − 12 log 1 + σP2 , where E(X 2 ) ≤ P
1 2
Multiple Access Channel with Eve

I Model 2: Eavesdropper at the receiving end

I We follow this model in our work

I {X1n } independent of {X2n }

Multiple Access Channel with Eve

I Gaussian MAC with eavesdropper studied by Yener and

Tekin(IEEE trans 2008)
I Co-operative jamming improves secrecy sum-rate
I Fading MAC with full CSI of eavesdropper studied by Yener
and Tekin
I In general, Secrecy Capacity region for MAC not known.
Multiple Access Channel with Eve

I Security if measured by the equivocation rate for each user

(n)
I R1e = n1 H(W1 |Z n )
(n)
I R2e = n1 H(W2 |Z n )
(n) (n)
I R1e + R2e = n1 H(W1 W2 |Z n )
(n) (n)
I Reliability: Pe1 = Pr {W̃1 6= W1 }, Pe1 = Pr {W̃1 6= W1 }
I A rate-equivocation pair (R1 , R2 , R1e , R2e ) is achievable if ∃ a
sequence of message sets W1n and W2n and encoder-decoder
(n)
pairs (f1n , f2n , gn ) s.t. Pe → 0 as n → ∞ and equivocation
(n) (n)
rates satisfy R1e ≤ lim inf n→∞ R1e , R2e ≤ lim inf n→∞ R2e ,
MAC with eavesdropper: Secrecy rate region

I The best known rate region for DM - MAC is as follows

R1 ≤ [I (U1 ; Y | U2 ) − I (U1 ; Z )]+ (2)
R2 ≤ [I (U2 ; Y | U1 ) − I (U2 ; Z )]+ (3)
R1 + R2 ≤ [I (U1 , U2 ; Y ) − I (U1 , U2 ; Z )]+ (4)

I where p(x1 , x2 , u1 , u2 , y , z) = p(u1 )p(x1 | u1 )p(u2 )p(x2 |

u2 )p(y , z | x1 , x2 )
I The rate region for Gaussian MAC and fading MAC can be
obtained from this rate region.
Fading MAC: Secrecy rate region

I Rate region for fading MAC is as follows(Yener and Tekin)

(  )
(1 + h1 P1 (h, g ))(1 + g2 P2 (h, g )) +
R1 ≤ Eh,g log ,
1 + g1 P1 (h, g ) + g2 P2 (h, g )
(  )
(1 + g1 P1 (h, g ))(1 + h2 P2 (h, g )) +
R2 ≤ Eh,g log ,
1 + g1 P1 (h, g ) + g2 P2 (h, g )
(  )
1 + h1 P1 (h, g ) + h2 P2 (h, g ) +
R1 + R2 ≤ Eh,g log ,
1 + g1 P1 (h, g ) + g2 P2 (h, g )

I E [Pi (h, g )] ≤ P̄i , i = 1, 2. Gaussian signalling is used.

Fading MAC without CSI of eve

I In passive attack of Eavesdropper, CSI cannot be estimated

I In single user wiretap channel, H.E Elgamal(IEEE trans 2008)
reports secrecy capacity with optimal power control with main
channel CSI only
I Mathew Bloch et. al(IEEE trans 2008) studied outage analysis
of single user slow fading channel with imperfect CSI of eve.
I We study fading MAC which achieve secrecy sum rate without
knowing CSI of eve.
Fading MAC without CSI of eve: Channel Model

I φsx1 ,x2 = 1 + s1 x1 + s2 x2 where s is the channel state (h or g )

and xk is the power used.
Fading MAC without CSI of eve: Optimal power allocation

Theorem
For a given power control policy {Pk (h)}, k = 1, 2, the following
secrecy sum-rate
(" !#+ )
φhP1 ,P2
Eh,g log (5)
φgP1 ,P2

is achievable, subject to power constraint

Eh,g [Pk (h)] ≤ P¯k , k = 1, 2.
I Optimal policy is not available in closed form. Can be
computed numerically.
Fading MAC without CSI of eve: Optimal power control
with Cooperative Jamming

I {Pk (h)}, k = 1, 2, policy when users transmit and

{Qk (h)},when users jam
I Cooperative Jamming substantially improves secrecy sum-rate.
Without CSI of Eve: ON/OFF power control

I ON/OFF power control is a simple threshold based scheme as

follows:
I h1 > τ1 , h2 > τ2 : Both transmit;
I h1 > τ1 , h2 < τ2 : User-1 transmits;
I h1 < τ1 , h2 > τ2 : User-2 transmits;
I h1 < τ1 , h2 < τ2 : No user transmits.

I Optimize the secrecy sum-rate over τ1 , τ2

ON/OFF power control with cooperative Jamming

I Here we employ co-operative jamming over ON/OFF scheme

I h1 > τ1 , h2 > τ2 : Both transmit with power P1a , P2a ;
I h1 > τ1 , h2 < τ2 : User-1 transmits with power P1b , user-2
jams with power Q2 ;
I h1 < τ1 , h2 > τ2 : User-2 transmits with power P2b , user-1
jams with power Q1 ;
I h1 < τ1 , h2 < τ2 : None transmits or jams.
Fading MAC Without CSI of Eve: Simulation results

2.5
Secrecy Sum−Rate (bits/channel use)

1.5

1
Opt with full CSI
Opt with only Rx CSI
ON/OFF with only Rx CSI
0.5
CJ Opt with full CSI
CJ Opt with only Rx CSI
CJ ON/OFF with only Rx CSI
0
0 5 10 15 20 25 30 35
SNR (dB)
New Notion

I Equivocation Based definition:

I (R, Re ) is achievable if ∃ Wn with | Wn |= 2nR and encoder -
(n)
decoder pairs (fn , gn ) such that Pe → 0, and the
1
equivocation rate limn→∞ n H(W |Z n ) ≥ Re
I Code design to satisfy equivocation rate is difficult.([?])
I To confuse Eve random messages are sent, which decreases
the rate.
New Notion

I Natural Definition of secrecy: Probability of error for receiver

→ 0 and that for eavesdropper → 1. ([1])
I Strong converse: R > C , probability of error of decoding → 1.
I Will use strong converse to formulate coding schemes.
I Eve is confused with the messages which are useful for
Intended receiver,and Eve getting no message, i.e. no
common information.
I Each message for Eve confused with same number of
codewords as in Equivocation based approach
New Notion: Achieving Capacity
Gaussian Wiretap Channel

C1 = Capacity of main channel, C2 = Capacity of Eve’s channel,

Pen (B) = Probability of decoding error at Bob,
Pen (E ) = Probability of decoding error at Eve
Proposition
All rates R < C1 are achievable such that Pen (B) → 0, Pen (E ) → 1
as n → ∞.
New Notion: Coding Scheme

I Region C2 < R < C1 : generate n length iid Gaussian

codewords with X ∼ N (0, P)
I R < C1 ensures Pen (B) → 0
I R > C2 , by strong converse, Pen (E ) → 1.
I To achieve rate R < C2 , select Gaussian PX with power < P
such that I (X ; Y ) > R > I (X ; Z )
Performance (via AEP decoder at Eve)

I N be the number of codewords other than that of message 1

that are jointly typical with Z n
I E[N] = (2nR − 1)2−nI (X ;Z ) .
I Pen (E ) ≈ 2n(R−I (X ;Z ))
I Pen (E ) ≤ 2−n(C1 −C2 ) possible, maximum decay rate for
equivocation based secrecy also.
I Higher R means more confusion for Eve.
ML Decoding at Eve

I ML Decoding at Eve: If x1 (1), ..., xn (1) is transmitted, decode

as message m̂ if
n
X
m̂ = argmin (Zk − xk (m̂))2 . (6)
k=1

I Eve will confuse with 2n(R−C2 ) codewords . Max confusion as

in AEP decoder.
I AEP and ML decoder best for Eve.
New Notion: Relation with Equivocation

I When C2 < R < C1 , Pen (B) → 0, and Pen (E ) → 1. Fano’s

Inequality gives: For Bob
1 H(Pen (B))
H(W |Y n ) ≤ + Pen (B)R (7)
n n
I Lower bound: For Eve

H(W | Z n ) ≥ φ∗ (π(W | Z n )) (8)

where φ∗ is a piecewise linear, continuous, non-decreasing,

convex function.([2]). π(W | Z n ) is the average probability of
error for the MAP decoder at Eve.
I From Arimoto’s lower bound

π(W | Z n ) ≥ 1 − e −n(E0 (ρ,p)−ρR) , 0 ≥ ρ ≥ −1. (9)

Numerical Example
I For σ12 = 0.1, σ22 = 1.5, and P = 20dB, Pen (B) and Pen (E ) are
plotted for n = 50, 100 and 200.
I For Pen (B) Gallagers random coding bound and for Pen (E )
Arimoto’s lower bound are plotted

0.8

Bob N=50
Probability of Error

Eve N=50
0.6
Bob N=100
Eve N=100
Bob N=200
0.4
Eve N=200

0.2 P=20dB, σ21=0.1,

σ22=1.5, R=2.5

0
0.3 0.4 0.5 0.6 0.7
Fraction of SNR(α)
Fading Channel
I For the fading channel

Yi = hi Xi + N1i , (10)

Zi = gi Xi + N2i , (11)
,
I The capacity is ([gopala2008]):
Z ∞Z ∞
Cs = [log(1 + qP ∗ (q, r )) −
0 r
log(1 + rP ∗ (q, r ))]f (q)f (r )dqdr (12)

where q(i) = |h(i)|2 and r (i) = |g (i)|2 E [P ∗ (q, r )] = P,

q
P ∗ (q, r ) = 0.5[ (1/r − 1/q)2 + 4/λ(1/r − 1/q) +
(1/r + 1/q)]+ (13)
Secrecy Capacity for fading Channel

Proposition
All rates R < C1 are achievable such that Pen (B) → 0 and
Pen (E ) → 1 where
Z ∞Z ∞
C1 = sup [log(1 + qP(q, r ))]f (q)f (r )dqdr . (14)
P(q,r ) 0 r
.
Channel Model

Figure : The Wiretap channel

Literature Survey

I Yamamoto in 1997 used Wiretap coding and secret key to

enhance secrecy rate in degraded Wiretap channel. [1]
I Kang and Liu (2010) extended Yamamoto’s work to general
broadcast channel [2].
I E. Ardestanizadeh et. al. (2008) used feedback from Bob to
Alice to enhance secrecy rate [3].
I In this work we use previous secret messages as secret key to
enhance the secrecy rate.
Channel Model

I W ∈ W = {1, 2, . . . , 2nRs } is message set, where

Rs = max [I (X ; Y ) − I (X ; Z )] . (15)
p(x)

I {Wm , m ≥ 1} is an independent sequence of messages to be

transmitted.
I At time i:
I Xi the channel input.
I Yi Channel O/P at Bob.
I Zi Channel O/P at Eve.
Channel Model

I A mini-slot consists of n channel uses

I Each slot, upto λ, consists of 2 mini-slots where
 
C
λ, , (16)
Rs
I After λ slots each slot has only one mini-slot.
Channel Model

I Wk to be transmitted in slot k consists of one or more

messages Wm .
I Codeword for W k : Xk2n = {Xk1 , . . . , X2kn } or Xkn depending
on the length of the slot.
I Transmitter uses the secret message W k transmitted in slot k
as the key for transmitting the message in slot k + 1.
Encoder/Decoder

I Encoder: To transmit W k in slot k, encoder has two parts

fs : W → X n , fd : W × K → X n , (17)

where X ∈ X , and K set of secret keys generated and fs is the

Wiretap encoder
I Deterministic Encoder fd : Encode XOR of message and
binary version of the key optimal usual channel encoder.
I Slot 1:Message encoded using the wiretap code only.
I Slot k: (1 < k ≤ λ), both fs and fd used simultaneously.
Encoder/Decoder
Encoder/Decoder
Encoder/Decoder
Encoder/Decoder
Encoder/Decoder
Encoder/Decoder

I Slot 1: Decoder function at Bob is

φ1 : Y 2n → W. (18)

I Slot k: (k > 1), decoder is

φi : Y n × K → W j (19)
for time slot i, with j = min(i, RCs ).
I Probability of error:
(n)
Pe = Pr {W
c 6= W } (20)

where W
c is the decoded message.
Achievable Rate

I Leakage rate is RLn = n1 I (W ; Z 2n ).

I Definition 1 : A Leakage-rate pair (RL , R) is said to be
achievable if there exists a sequence of (2nR , n)-codes such
(n)
that Pe → 0 and lim supn→∞ RLn ≤ RL as n → ∞.

Theorem
Any rate < C is achievable for all slots k ≥ λ.
Coding Scheme

I Slot 1: Alice picks message W1 from W and transmits this

message using (n, 2nRs )-Code.
I Slot 2: using the previous message, W 1 = W1 , as a key (with
key rate Rk = Rs ) Alice transmits message W 2 = (W21 , W22 ),
where W21 = W2 , W22 = W3 are taken from the iid sequence
{Wk , k ≥ 1}.
Coding Scheme Contd.

I n using wiretap code.

First message W21 is encoded to X21
I Second message W22 is first encrypted to produce the cipher
using one-time pad with the previous message as secret key,
f22 = W22 L W1
i.e., K = W1 and the cipher is W
I n using a
We encode this encrypted message to X22
point-to-point optimal channel code
I We continue this till λ − 1 slots. In slot λ − 1, we transmit
message (Wλ−1,1 , Wλ−1,2 , ..., Wλ−1,λ−1 ).
Decoding Scheme

I Total rate:
1 1
(Rs + (λ − 1)Rs ) = (Rs + C ) . (21)
2 2
I n is decoded via
Bob (Decoder): In slot k, (for 1 < k < λ) Yk1
n
usual wiretap decoding while Yk2 is decoded first by the
channel decoder and then XORed with W ck−1
Error Analysis

I n = message error probability for the wiretap encoder and δn

= message error probability due to the channel encoder for Wk
I Slot k: (1 < k < λ − 1), P(W k 6= W ck ) ≤ Pr (Error in
decoding Wk1 ) + Pr (Error in decoding Wfk2 ) + Pr (Error in
decoding W k−1 ) ≤ kn + (k − 1)δn .
I Error upper bound increases with k
I Restarting (as in slot 1) after some k slots ( > λ) will ensure
that P(W k 6= Wck ) → 0 as n → ∞.
Leakage Rate Analysis

I We show
1
I (W k ; Z1n , Z22n , ..., Zk2n ) → 0 (22)
n
as n → ∞
I Slot 1: Wire-tap coding is used, hence n1 I (W 1 ; Z1n ) → 0, as
n → ∞.
I slot 2:
1
I (W 1 ; Z1n , Z22n ) → 0 (23)
n
I We use mathematical induction to show that
1 n 2n 2n
n I (W m ; Z1 , Z2 , ..., Zk+1 ) → 0 for all m ≤ k + 1, k ≥ 1
Strong Secrecy

I Same secrecy rate can be achieved even with strong secrecy.

I Use information reconciliation and privacy amplification in the
first slot after transmitting message W 1 using wiretap coding
I In the subsequent blocks we use both the stochastic encoder
and the deterministic encoder
Fading Wiretap Channel

I We consider Slow fading AWGn model

Y = H̃X + N1 (24)

Z = G̃ X + N2 (25)

I N1 and N2 ∼ N (0, σ12 ) and (0, σ12 ).

I H̃ and G̃ are Rayleigh distributed channel gains.
I H = |H̃|2 and G = |G̃ |2 , are exponentially distributed with
mean µ1 and µ2 respectively.
Fading Wiretap Channel

I Hk = fading in slot k of Bob’s channel

I Gk = fading in slot k of Eve’s channel
I Bk = Total key capacity in key buffer
I Pk = Average power to be used in slot k
I P̄ = Long term average power constraint
I n = Number of channel uses in a slot
I rk = rate of transmission of message in slot k and Rk =
secret key rate from buffer.
Fading Wiretap Channel
I Buffer size evolves as follows
Bk+1 = Bk − Rk + rk (26)
I Let
Gk Pk +
 
1 Hk P k
Rsec = log(1 + ) − log(1 + ) (27)
2 σ12 σ22
I If we use Pk in slot k then the secret rate in slot k, using Bk
the key rate
 
1 Gk Pk
Rk = min Bk , log(1 + ) . (28)
2 σ22
I the secrecy rate that is achieved is
  
Hk Pk
1 1 + 2
σ1
rk =  log    + Rk . (29)
2 1 + k Pk
G
σ22
Fading Wiretap Channel

I Some notation
 
1 H k Pk
Ckb= log 1 + (30)
2 σ12
 
e 1 Gk Pk
Ck = log 1 + (31)
2 σ22
I H1 > G1 : First Slot of communication.
I Case 1: H2 < G2 , No wiretap coding. Use previous secret key
from buffer.
I secret key rate that we can get from the buffer is

R2 = min(B2 , C2b ) (32)

I Power Pk will use water-filling with average power P̄

Fading Wiretap channel: Infinite Buffer
I Case 2: H2 > G2 , Use both wiretap coding and secret key
from buffer.
I the total secret rate we will get is
r2 = C2b − C2e + min(B2 , C2e ) (33)
I use power control policy as in [3]
I From the evolution of buffer (26) we have rk ≥ Rk hence
Bk → ∞ a.s. as k → ∞
I Hence when k is large
min(Bk , Ckb ) = Bk (34)
and as well as
min(Bk , Ckb ) = Bk (35)
I the secret key rate that we will get from the buffer will be

1 Hk P k
Rk = Ckb = log(1 + ) (36)
2 σ12
Finite Buffer
I The queue process will evolve as
(F )
Bk+1 = min(B, B (F ) + rk − Rk ) (37)

I for any initial B0 , if P(Hk > Gk ) > 0, then eventually Bk = B

I we can get rate
rk (Pk (h, g )) =

g
max (Ckb − Cke )+ + min(B, Cke ), min(B, Ckb ) , if σh2 ≥

σ22


 1

g

min(B, C b ) if σh2 <

1 σ22

I long term average power constraint

m
1 X
lim sup Pk ≤ P̄ (38)
m→∞ m
k=1
Finite Buffer: Power Control

I we obtain power policy P(h, g ) that maximizes

E [r (H, G )] , (39)

subject to
E [P(H, G )] ≤ P. (40)
Using Lagrange multipliers we can convert this problem to
minimize


F (P) = E [r (H, G )] + γ E [P(H, G )] − P (41)
Finite Buffer

I The resulting equation is,

∂F
∂P =


1 1 h g

 2 1+ hP(h,g ) σ12
+ γ, if σh2 ≥ σ22
,C e < B,
 2 1
" σ1



 #

1 1 h 1 g g
σ12
− σ22
+γ , if σh2 ≥ σ22
,C e > B,
2 1+
hP(h,g )
σ2
1+
gP(h,g )
σ2
1
1 2


1 1 h g
if σh2 < > C b.



 2 1+ hP(h,g
 ) σ12
+γ σ22
&B
2 1
σ
1
Finite Frame: Numerical result

3.5
Infinite Buffer Case

3
Secrecy Rate

Finite Buffer Case

2.5

2
σ = 0.01
1
σ 2=0.04
1.5
Pavg =24dB
1 Maximum Buffer length=7

0.5
0 1 2 3 4 5 6 7 8
Buffer Length

Figure : The Wiretap channel

References

C.E. Shannon, “Communication of secrecy systems,” Bell Syst.

Tech. J., vol. 28, pp. 656-715, October 1949.

A. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54,
pp. 1355-1387, 1974.

I. Csiszàr and J.Korner, “Broadcast channels with confidential

messages,” IEEE Transactions on Information Theory, vol. 82, no.
23, pp. 339–348, May 1978.

Y. Liang, H. V. Poor, “Multiple-access channels with confidential

messages,” IEEE Transactions on Information Theory, vol. 54, no. 3,
pp. 35–45, March 2008. P. K. Gopala, L. Lai, H. El Gamal, “On the
secrecy capacity of fading channels,” IEEE Trans. Info. Theory, vol.
54, no. 10, pp. 4687–4698, October 2008.
References- Contd.

M. Bloch, J. Barros, M.R.D. Rodrigues, S.W. McLaughlin,

“Wireless information-theoretic security,” IEEE Transactions
on Information Theory, vol. 54, no. 6, pp. 2515–2534, June
2008.
E. Tekin, A. Yener, ”The general gaussian multiple-access and
two-way wiretap channels: Achievable rates and cooperative
jamming,” IEEE Transactions on Information Theory, vol. 54 ,
no. 6, pp. 2735-2751, June 2008.
E. Tekin, A. Yener, “Secrecy sum-rates for the multiple-access
wire-tap Channel 45th Annual Allerton Conference, UIUC,
Illinois, USA, Sep 26–28, 2007.
References- Contd.

Y. Liang, H.V. Poor, S. Shamai, “Information theoretic

security,” Foundations and Trends in Communications and
Information Theory, vol. 5, no. 4-5 (2008), pp. 355–580, 2009.
J Villard, P Piantanida and Shlomo Shamai (Shitz), “Secure
Lossy Source-Channel Wiretapping with Side Information at
the Receiving Terminals”, ISIT 2011, St. Pittsburgh, Russia.
J Villard, P Piantanida , “Secure Lossy Source-Channel
Wiretapping with Side Information at the Receiving
Terminals”, Submitted to IEEE transactions on Information
Theory, To appear in september 2011
References- Contd.

Jean-Claude Belfiore and F. Oggier, “Secrecy Gain: a Wiretap

Lattice Code Design,” ISITA 2010
M. Feder and N. Merhav, “Relations Between Entropy and
Error Probability,” IEEE Trans. Inform. Theory., VOL. 40, NO.
1, Jan. 1994.
E. Ardestanizadeh, M. Franceschetti, T. Javidi, Y. H. Kim,
“Wiretap Channel With Secure Rate-Limited Feedback,” IEEE
Transactions on Information Theory, vol. 55, No. 12
pp. 5353–5361, December 2009.
References- Contd.

H. Yamamoto, “Rate-distortion Theory For The Shannon

Cipher System,” IEEE Transactions on Information Theory,
vol. 43, No. 3 pp. 827–835, May 1997.
W. Kang, N. Liu, “Wiretap Channel with Shared Key,” 2010
Information theory Workshop, Dublin, 2010.
P. K. Gopala, L. Lai, H. El Gamal, “On the secrecy capacity of
fading channels,” IEEE Trans. Info. Theory, vol. 54, no. 10,
pp. 4687–4698, October 2008.