#
Reduction Theorem for Secrecy over Linear Network Code for Active Attacks^{ †}

^{1}

^{2}

^{3}

^{4}

^{5}

^{6}

^{7}

^{*}

^{†}

^{‡}

## Abstract

**:**

## 1. Introduction

## 2. Single Transmission Setting

#### 2.1. Generic Model

**Definition**

**1.**

**(A1)**- The relation ${H}_{E;j,i}=0$ holds for $j\in {w}_{i}$.
**(A2)**- The relation ${w}_{1}\subseteq {w}_{2}\subseteq \dots \subseteq {w}_{{m}_{5}}$ holds.

**Definition**

**2.**

**Lemma**

**1.**

**Proof.**

**Theorem**

**1**

**.**When the strategy α satisfies the uniqueness condition, Eve’s information ${\mathbf{Y}}_{E}(\alpha )$ with strategy α can be calculated from Eve’s information ${\mathbf{Y}}_{E}(0)$ with strategy 0 (the passive attack), and ${\mathbf{Y}}_{E}(0)$ is also calculated from ${\mathbf{Y}}_{E}(\alpha )$. Hence, we have the equation

**Proof.**

#### 2.2. Recovery and Information Leakage with Linear Code

**Proposition**

**1.**

**Proof.**

**Proposition**

**2.**

**Proof.**

**Corollary**

**1.**

#### 2.3. Construction of ${K}_{B},{K}_{E}$ from Concrete Network Model

#### 2.4. Construction of ${H}_{B},{H}_{E}$ from a Concrete Network Model

#### 2.5. Strategy and Order of Communication

#### 2.6. Secrecy in Concrete Network Model

**(B1)**- Eve eavesdrops one of three edges $e(7),e(9),$ and $e(11)$ connected to the sink node, and eavesdrops and contaminates one of the remaining eight edges $e(1),e(2),e(3),e(4),e(5),e(6),e(8),$ and $e(10)$ that are not connected to the sink node.

#### 2.7. A Problem in Error Detection in a Concrete Network Model

**(B2)**- Our node operations are fixed to the way as Figure 2.
**(B3)**- The message set $\mathcal{M}$ and all information on all edges are ${\mathbb{F}}_{2}$.
**(B4)**- The variables ${X}_{1},{X}_{2},{X}_{3},$ and ${X}_{4}$ are given as the output of the encoder. The encoder on the source node can be chosen, but is restricted to linear. It is allowed to use a scramble random number, which is an element of $\mathcal{L}:={\mathbb{F}}_{2}^{k}$ with a certain integer k. Formally, the encoder is given as a linear function from $\mathcal{M}\times \mathcal{L}$ to ${\mathbb{F}}_{2}^{4}$.
**(B5)**- The decoder on the sink node can be chosen dependently of the encoder and independently of Eve’s attack.

#### 2.8. Wiretap and Replacement Model

## 3. Multiple Transmission Setting

#### 3.1. General Model

**Definition**

**3.**

#### 3.2. The Multiple Transmission Setting with Sequential Transmission

**Definition**

**4.**

**(A1’)**- The relation ${H}_{E;j,i}=0$ holds for $(j,l)\notin {w}_{i,l}$.
**(A2’)**- The relation ${w}_{i,l}\subseteq {w}_{{i}^{\prime},{l}^{\prime}}$ holds when ${\tau}_{E}(\eta (i),l)\le {\tau}_{E}(\eta ({i}^{\prime}),{l}^{\prime})$.

**Lemma**

**2.**

**Proof.**

#### 3.3. Multiple Transmission Setting with Simultaneous Transmission

**Lemma**

**3.**

#### 3.4. Non-Local Code and Reduction Theorem

**Definition**

**5.**

**Remark**

**1.**

**Theorem**

**2**

**.**When the triplet $(\mathit{K},\mathit{H},{\alpha}^{n})$ satisfies the uniqueness condition, Eve’s information ${Y}_{E}^{n}({\alpha}^{n})$ with strategy ${\alpha}^{n}$ can be calculated from Eve’s information ${Y}_{E}^{n}(0)$ with strategy 0 (the passive attack), and ${Y}_{E}^{n}(0)$ is also calculated from ${Y}_{E}^{n}({\alpha}^{n})$. Hence, we have the equation

**Proof.**

**Remark**

**2.**

**Remark**

**3.**

#### 3.5. Application to Network Model in Section 2.6

**(B1’)**- Eve can choose any one of nodes $v(1),\dots ,v(4)$. When $v(2)$ is chosen, she eavesdrops all edges connected to $v(2)$ and contaminates all edges incoming to $v(2)$. When $v(i)$ is chosen for $i=1,3,4$, she eavesdrops and contaminates all edges connected to $v(i)$.

#### 3.6. Error Detection

**(B3’)**- The message set $\mathcal{M}$ is ${\mathbb{F}}_{q}^{2}$, and all information on all edges per single use are ${\mathbb{F}}_{q}$.
**(B4’)**- The encoder on the source node can be chosen, but is restricted to linear. It is allowed to use a scramble random number, which is an element of $\mathcal{L}:={\mathbb{F}}_{q}^{k}$ with a certain integer k. Formally, the encoder is given as as a linear function from $\mathcal{M}\times \mathcal{L}$ to ${\mathbb{F}}_{q}^{8}$.

#### 3.7. Solution of Problem Given in Section 2.7

## 4. Conclusions

## Author Contributions

## Funding

## Acknowledgments

## Conflicts of Interest

## References

- Cai, N.; Yeung, R. Secure network coding. In Proceedings of the 2002 IEEE International Symposium on Information Theory (ISIT 2002), Lausanne, Switzerland, 30 June–5 July 2002; p. 323. [Google Scholar]
- Bennett, C.H.; Brassard, G.; Crépeau, C.; Maurer, U.M. Generalized privacy amplification. IEEE Trans. Inform. Theory
**1995**, 41, 1915–1923. [Google Scholar] [CrossRef][Green Version] - Håstad, J.; Impagliazzo, R.; Levin, L.A.; Luby, M. A Pseudorandom Generator from any One-way Function. SIAM J. Comput.
**1999**, 28, 1364. [Google Scholar] [CrossRef] - Hayashi, M. Exponential decreasing rate of leaked information in universal random privacy amplification. IEEE Trans. Inform. Theory
**2011**, 57, 3989–4001. [Google Scholar] [CrossRef][Green Version] - Matsumoto, R.; Hayashi, M. Secure Multiplex Network Coding. In Proceedings of the 2011 International Symposium on Networking Coding, Beijing, China, 25–27 July 2011. [Google Scholar] [CrossRef]
- Matsumoto, R.; Hayashi, M. Universal Secure Multiplex Network Coding with Dependent and Non-Uniform Messages. IEEE Trans. Inform. Theory
**2017**, 63, 3773–3782. [Google Scholar] [CrossRef] - Kurihara, J.; Matsumoto, R.; Uyematsu, T. Relative generalized rank weight of linear codes and its applications to network coding. IEEE Trans. Inform. Theory
**2013**, 61, 3912–3936. [Google Scholar] [CrossRef][Green Version] - Yeung, R.W.; Cai, N. Network error correction, Part I: Basic concepts and upper bounds. Commun. Inf. Syst.
**2006**, 6, 19–36. [Google Scholar] - Cai, N.; Yeung, R.W. Network error correction, Part II: Lower bounds. Commun. Inf. Syst.
**2006**, 6, 37–54. [Google Scholar] - Ho, T.; Leong, B.; Koetter, R.; Médard, M.; Effros, M.; Karger, D.R. Byzantine modification detection for multicast networks using randomized network coding. In Proceedings of the 2004 IEEE International Symposium on Information Theory (ISIT 2004), Chicago, IL, USA, 27 June–2 July 2004; p. 144. [Google Scholar]
- Jaggi, S.; Langberg, M.; Ho, T.; Effros, M. Correction of adversarial errors in networks. In Proceedings of the 2005 IEEE International Symposium on Information Theory, (ISIT 2005), Adelaide, Australia, 4–9 September 2005; pp. 1455–1459. [Google Scholar]
- Kadhe, S.; Sprintson, A.; Zhang, Q.E.; Bakshi, M.; Jaggi, S. Reliable and secure communication over adversarial multipath networks: A survey. In Proceedings of the 10th International Conference on Information, Communications and Signal Processing (ICICS), Singapore, 2–4 December 2015. [Google Scholar]
- Zhang, Q.; Kadhe, S.; Bakshi, M.; Jaggi, S.; Sprintson, A. Talking reliably, secretly, and efficiently: A “complete” characterization. In Proceedings of the 2015 IEEE Information Theory Workshop (ITW), Jerusalem, Israel, 26 April–1 May 2015. [Google Scholar] [CrossRef]
- Zhang, Q.; Kadhe, S.; Bakshi, M.; Jaggi, S.; Sprintson, A. Coding against a limited-view adversary: The effect of causality and feedback. In Proceedings of the 2005 IEEE International Symposium on Information Theory (ISIT 2015), Hong Kong, China, 14–19 June 2015; pp. 2530–2534. [Google Scholar]
- Blackwell, D.; Breiman, L.; Thomasian, A.J. The capacities of certain channel classes under random coding. Ann. Math. Stat.
**1960**, 31, 558–567. [Google Scholar] [CrossRef] - Ahlswede, R. Elimination of correlation in random codes for arbitrarily varying channels. Z. Wahrsch. Verw. Geb.
**1978**, 44, 159–175. [Google Scholar] [CrossRef][Green Version] - Csiszár, I.; Narayan, P. The capacity of the arbitrarily varying channel revisited: Positivity, constraints. IEEE Trans. Inform. Theory
**1988**, 34, 181–193. [Google Scholar] [CrossRef][Green Version] - Dey, B.K.; Jaggi, S.; Langberg, M. Sufficiently Myopic Adversaries are Blind. IEEE Trans. Inf. Theory
**2019**, 65, 5718–5736. [Google Scholar] [CrossRef] - Tian, P.; Jaggi, S.; Bakshi, M.; Kosut, O. Arbitrarily Varying Networks: Capacity-achieving Computationally Efficient Codes. In Proceedings of the 2016 IEEE International Symposium on Information Theory, Barcelona, Spain, 10–15 July 2016. [Google Scholar]
- Yao, H.; Silva, D.; Jaggi, S.; Langberg, M. Network Codes Resilient to Jamming and Eavesdropping. IEEE/ACM Trans. Netw.
**2014**, 22, 1978–1987. [Google Scholar] [CrossRef] - Hayashi, M.; Cai, N. Secure network code over one-hop relay network. arXiv
**2020**, arXiv:2003.12223. [Google Scholar] - Jaggi, S.; Langberg, M.; Katti, S.; Ho, T.; Katabi, D.; Medard, M. Resilient network coding in the presence of Byzantine adversaries. In Proceedings of the IEEE INFOCOM 2007, Anchorage, AK, 6–12 May 2007; pp. 616–624. [Google Scholar] [CrossRef][Green Version]
- Jaggi, S.; Langberg, M.; Katti, S.; Ho, T.; Katabi, D.; Medard, M.; Effros, M. Resilient Network Coding in the Presence of Byzantine Adversaries. IEEE Trans. Inform. Theory
**2008**, 54, 2596–2603. [Google Scholar] [CrossRef] - Jaggi, S.; Langberg, M. Resilient network codes in the presence of eavesdropping Byzantine adversaries. In Proceedings of the 2007 IEEE International Symposium on Information Theory (ISIT 2007), Nice, France, 24–29 June 2007; pp. 541–545. [Google Scholar] [CrossRef]
- Chan, T.; Grant, A. Capacity bounds for secure network coding. In Proceedings of the Australian Communication Theory Workshop, Christchurch, New Zealand, 30 January–1 February 2008; pp. 95–100. [Google Scholar]
- Rouayheb, S.E.; Soljanin, E.; Sprintson, A. Secure network coding for wiretap networks of type II. IEEE Trans. Inform. Theory
**2012**, 58, 1361–1371. [Google Scholar] [CrossRef] - Ngai, C.-K.; Yeung, R.W.; Zhang, Z. Network generalized hamming weight. In Proceedings of the Workshop on Network Coding, Theory, and Applications, Lausanne, Switzerland, 15–16 June 2009; pp. 48–53. [Google Scholar]
- Cai, N.; Yeung, R.W. Secure Network Coding on a Wiretap Network. IEEE Trans. Inform. Theory
**2011**, 57, 424–435. [Google Scholar] [CrossRef] - Cai, N.; Chan, T. Theory of Secure Network Coding. Proc. IEEE
**2011**, 99, 421–437. [Google Scholar] - Ahlswede, R.; Cai, N.; Li, S.-Y.R.; Yeung, R.W. Network information flow. IEEE Trans. Inform. Theory
**2000**, 46, 1204–1216. [Google Scholar] [CrossRef] - Yeung, R.W.; Li, S.-Y.R.; Cai, N.; Zhang, Z. Network Coding Theory; Now Publishers Inc.: Breda, The Netherlands, 2005. [Google Scholar]
- Koetter, R.; Médard, M. An Algebraic Approach to Network Coding. IEEE/ACM Trans. Netw.
**2003**, 11, 782–795. [Google Scholar] [CrossRef][Green Version] - Hayashi, M.; Cai, N. Asymptotically Secure Network Code for Active Attacks and its Application to Network Quantum Key Distribution. arXiv
**2020**, arXiv:2003.12225. [Google Scholar] - Shioji, E.; Matsumoto, R.; Uyematsu, T. Vulnerability of MRD-Code-based Universal Secure Network Coding against Stronger Eavesdroppers. IEICE Trans. Fundam.
**2010**, E93-A, 2026–2033. [Google Scholar] [CrossRef][Green Version] - Cai, N.; Hayashi, M. Secure Network Code for Adaptive and Active Attacks with No-Randomness in Intermediate Nodes. IEEE Trans. Inform. Theory
**2020**, 66, 1428–1448. [Google Scholar] [CrossRef][Green Version] - Hayashi, M.; Owari, M.; Kato, G.; Cai, N. Secrecy and Robustness for Active Attack in Secure Network Coding. In Proceedings of the IEEE International Symposium on Information Theory (ISIT 2017), Aachen, Germany, 25–30 June 2017; pp. 1172–1177. [Google Scholar]

**Figure 1.**Network of Section 2.6 with name of edges.

**Figure 2.**Network of Section 2.6 with network flow.

**Figure 3.**Network of Section 2.6 with the wiretap and replacement model. Eve injects the replaced information on the edges ${e}^{\prime}(2)$ and ${e}^{\prime}(5)$.

${m}_{1}$ | Number of edges |

${m}_{2}$ | Number of vertecies |

${m}_{3}$ | Dimension of Alice’s input information $\mathbf{X}$ |

${m}_{4}$ | Dimension of Bob’s observed information ${\mathbf{Y}}_{B}$ |

${m}_{5}$ | Dimension of Eve’s injected information $\mathbf{Z}$ |

${m}_{6}$ | Dimension of Eve’s wiretapped information ${\mathbf{Y}}_{E}$ |

${m}_{7}$ | ${m}_{1}-{m}_{3}$ |

Node | Eavesdropping | Vector | $\mathit{\eta}$ | Detection | Recovery |
---|---|---|---|---|---|

$v(1)$ | $e(1)$ | $(0,1,0)$ | $\eta (1)=1$ | $-{Z}_{1}\kappa $ | ${Y}_{B,2}-{Y}_{B,3}$ |

$e(5)$ | $(0,1,0)$ | $\eta (2)=5$ | |||

$e(10)$ | $(0,1,0)$ | $\eta (3)=10$ | |||

$v(2)$ | $e(2)$ | $(\kappa ,\kappa ,1+\kappa )$ | ${Z}_{2}-{Z}_{1}\kappa $ | ${Y}_{B,2}-{Y}_{B,3}$ | |

$e(5)$ | $(0,1,0)$ | $\eta (1)=5$ | |||

$e(6)$ | $(0,1,0)$ | ||||

$e(7)$ | $(\kappa ,1+\kappa ,1+\kappa )$ | $\eta (2)=2$ | |||

$e(8)$ | $(0,1,0)$ | ||||

$v(3)$ | $e(3)$ | $(1,0,1)$ | $\eta (1)=3$ | $-({Z}_{1}+{Z}_{2}+{Z}_{3})\kappa $ | $({Y}_{B,1}-{Y}_{B,3}(1+\kappa )){\kappa}^{-1}$ |

$e(6)$ | $(0,1,0)$ | $\eta (2)=6$ | |||

$e(9)$ | $(1,1,1)$ | $\eta (3)=9$ | |||

$v(4)$ | $e(4)$ | $(0,0,1)$ | $\eta (1)=4$ | $-{Z}_{1}-{Z}_{2}-{Z}_{4}$ | ${Y}_{B,2}(1+\kappa )-{Y}_{B,1}$ |

$e(8)$ | $(0,1,0)$ | $\eta (2)=8$ | |||

$e(10)$ | $(0,1,0)$ | $\eta (3)=10$ | |||

$e(11)$ | $(0,1,1)$ | $\eta (4)=11$ |

© 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Hayashi, M.; Owari, M.; Kato, G.; Cai, N.
Reduction Theorem for Secrecy over Linear Network Code for Active Attacks. *Entropy* **2020**, *22*, 1053.
https://doi.org/10.3390/e22091053

**AMA Style**

Hayashi M, Owari M, Kato G, Cai N.
Reduction Theorem for Secrecy over Linear Network Code for Active Attacks. *Entropy*. 2020; 22(9):1053.
https://doi.org/10.3390/e22091053

**Chicago/Turabian Style**

Hayashi, Masahito, Masaki Owari, Go Kato, and Ning Cai.
2020. "Reduction Theorem for Secrecy over Linear Network Code for Active Attacks" *Entropy* 22, no. 9: 1053.
https://doi.org/10.3390/e22091053