Function Computation under Privacy, Secrecy, Distortion, and Communication Constraints ^†

Abstract

The problem of reliable function computation is extended by imposing privacy, secrecy, and storage constraints on a remote source whose noisy measurements are observed by multiple parties. The main additions to the classic function computation problem include (1) privacy leakage to an eavesdropper is measured with respect to the remote source rather than the transmitting terminals’ observed sequences; (2) the information leakage to a fusion center with respect to the remote source is considered a new privacy leakage metric; (3) the function computed is allowed to be a distorted version of the target function, which allows the storage rate to be reduced compared to a reliable function computation scenario, in addition to reducing secrecy and privacy leakages; (4) two transmitting node observations are used to compute a function. Inner and outer bounds on the rate regions are derived for lossless and lossy single-function computation with two transmitting nodes, which recover previous results in the literature. For special cases, including invertible and partially invertible functions, and degraded measurement channels, simplified lossless and lossy rate regions are characterized, and one achievable region is evaluated as an example scenario.

1. Introduction

We consider function computation scenarios in a network with multiple nodes involved. Each node observes a random sequence, and all observed random sequences are modeled to be correlated. Recent advancements in network function virtualization [1] and distributed machine learning applications [2] make function computation in a wireless network via software defined networking an important practical problem that should be tackled to improve the performance of future communication systems. In a classic function computation scenario, the nodes exchange messages through authenticated, noiseless, and public communication links, which results in undesired information leakage about the computed function [3,4,5]. Furthermore, it is possible to reduce the amount of public communication [6,7] by using distributed lossless or lossy source coding methods; see [8,9,10,11,12] for several extensions. The former method uses Slepian-Wolf (SW) coding [13] constructions, and the latter allows the computed function to be a distorted version of the target function and applies Wyner-Ziv (WZ) coding [14] methods, which result in further reductions compared to the former. A decrease in public communication is also important in order to limit the information about the computed function leaked to an eavesdropper in the same network, i.e., secrecy leakage. In addition to the public messages, an eavesdropper has generally access to a random sequence correlated with other sequences; see [15,16,17] for various secure function computation extensions.

An important addition to the secure function computation model is a privacy constraint that measures the amount of information about the observed sequence leaked to an eavesdropper [18]. Providing privacy is necessary to ensure confidentiality of a private sequence that can be reused for future function computations [19]. An extension of the results in [18] are given in [20], where two privacy constraints are considered on a remote source whose different noisy measurements are observed by multiple nodes in the same network. The extension in [20] is different from the previous secure and private function computation models due to the assumption that there exists a remote source that is the main reason for the correlation between the random sequences observed by the nodes in the same network. It is illustrated via practical examples that considering a remote source hinders unexpected decrease in reliability and unnoticed secrecy leakage [19]. Similarly, such a remote source model is proposed, e.g., in [21] for biometric secrecy and in [22] for user or device authentication problems. It is shown in [20] that with such a remote source model, two different privacy leakage rate values should be limited, unlike a single constraint considered in [18].

We consider a private remote source whose three noisy versions are used for secure single-function computation. Suppose two nodes transmit public indices to a fusion center to compute one function. In [20], for each function computation, one node sends a public index to a fusion center. In [18], cases with two transmitting nodes for function computation are considered for a visible source model, whose results are improved in this work for a remote source model with an additional privacy leakage constraint. Furthermore, we also consider function computation scenarios where the function computed is allowed to be a distorted version of the target function, which is relevant for various recent function computation applications.

1.1. Models for Function Inputs and Outputs

We consider noisy remote source output measurements that are independent and identically distributed (i.i.d.) according to a fixed probability distribution and that are inputs of a target function. This model is reasonable if, e.g., one uses transform-coding algorithms from [19,23,24,25,26,27,28] to extract almost i.i.d. symbols, as applied in the biometric security, physical unclonable function, and image and video coding literature. Furthermore, the set of target functions we study are applied per letter; i.e., the same function is applied to each input symbol (see Section 2 below). These functions are realistic and are used in various recent applications, such as distributed and federated learning applications where the same loss function is applied to each data example [29].

1.2. Summary of Contributions

We extend the lossless and lossy rate region analysis of the single-function computation model with one transmitting node in [20] to consider two transmitting nodes with joint secrecy and privacy constraints, as well as a distortion constraint on the computed function. A summary of the main contributions is as follows.

• The lossless single-function computation model with two transmitting nodes is considered, and an inner bound for the rate region that characterizes the optimal trade-off between secrecy, privacy, storage, and distortion constraints is established by using the output statistics of a random binning (OSRB) method [30,31]. An outer bound for the same rate region is also provided by using standard properties of Shannon entropy. Inner and outer bounds are shown to not match in general due to different Markov chains imposed.
• The proposed inner and outer bounds are extended for the lossy single-function computation model with two transmitting nodes by considering a distortion metric. Furthermore, effects of considering a distortion constraint, rather than a reliability constraint, on the function computation are discussed.
• For both partially invertible functions, which define a set that is a proper superset of the set of invertible functions, and invertible functions, we characterize simplified lossless and lossy rate regions.
• The simplified rate regions for invertible functions are further simplified when the eavesdropper’s measurement channel is physically degraded with respect to the fusion center’s channel or vice versa, which results in different bounds on the rates.
• We evaluate a simplified rate region for a physically degraded case with multiplicative Bernoulli noise components.

We remark that the new contributions in this work as compared to [32,33] include the characterization of the rate region for a physically-degraded channel and the evaluation of the rate region for an example lossless single-function computation scenario, which are mentioned in the last two bullet points above. Furthermore, additional discussions to compare lossless and lossy function computation models are given, the function computation literature review is extended, and discussions about why the considered model is realistic are provided.

1.3. Organization

This paper is organized as follows. In Section 2, we introduce the lossless and lossy single-function computation problems with two transmitting nodes under secrecy, privacy, storage, and reliability or distortion constraints. In Section 3, we present the inner and outer bounds for the rate regions of the introduced problems and discuss that the bounds differ because of different Markov chains imposed. In Section 4, we characterize simplified lossless and lossy rate regions for invertible functions, partially invertible functions, and two different degraded measurement channels, and a rate region for an example case is evaluated. In Section 5, we offer proofs of the inner and outer bounds for the lossless single-function computations with two transmitting nodes. In Section 6, we conclude the paper.

1.4. Notation

Upper case letters represent random variables and lower case letters their realizations. A superscript denotes a sequence of variables, e.g., ${\displaystyle X^n=X_1,X_2,\dots ,X_i,\dots ,X_n}$, and a subscript i denotes the position of a variable in a sequence. A random variable ${\displaystyle X}$ has probability distribution ${\displaystyle P_X}$. Calligraphic letters such as ${\displaystyle \mathcal{X}}$ denote sets, and set sizes are written as ${\displaystyle \left|\mathcal{X}\right|}$. Given any $a\in \mathbb{R}$, we define ${\left[a\right]}^{-}=min\{a,0\}$. $H_b\left(c\right)=-c{log}_{2}c-(1-c){log}_2(1-c)$ as the binary entropy function for any $c\in [0,1]$.

2. System Model

We consider the single-function computation model with two transmitting nodes illustrated in Figure 1. Noisy measurements ${\tilde{X}}_1^n$ and ${\tilde{X}}_2^n$ of an i.i.d. remote source $X^n\sim P_X^n$ through memoryless channels $P_{{\tilde{X}}_1|X}$ and $P_{{\tilde{X}}_2|X}$, respectively, are observed by two legitimate nodes in a network. Similarly, other noisy measurements $Y^n$ and $Z^n$ of the same remote source are observed by the fusion center and eavesdropper (Eve), respectively, through another memoryless channel $P_{YZ|X}$. Encoders ${\mathsf{Enc}}_1(·)$ and ${\mathsf{Enc}}_2(·)$ of the legitimate nodes send indices $W_1$ and $W_2$, respectively, to the fusion center over public communication links with storage rate constraints. The fusion center decoder $\mathsf{Dec}(·)$ then uses its observed noisy sequence $Y^n$ and the public indices $W_1$ and $W_2$ to estimate a function $f^n({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)$ such that

$$\begin{array}{c}\hfill f^n({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)={\left\{f({\tilde{X}}_{1,i},{\tilde{X}}_{2,i},Y_i)\right\}}_{i=1}^n.\end{array}$$

(1)

Figure 1. Single-function computation problem with two transmitting nodes under secrecy, privacy, and storage (or communication) constraints.

The source and measurement alphabets are finite sets.

A natural secrecy leakage constraint is to minimize the information leakage about the function output $f^n({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)$ to the eavesdropper. However, its analysis depends on the specific function $f(·,·,·)$ computed, so we impose below another secrecy leakage constraint that does not depend on the function used and that provides an upper bound for secrecy leakage for all functions, as considered in [18,20]. Furthermore, we impose two privacy leakage constraints to minimize the information leakage about $X^n$ to the fusion center and eavesdropper because the same remote source would be measured if another function would be computed in the same network (see also [19] for motivations to consider privacy leakage with respect to a remote source) as well as public storage constraints that minimize the rate of storage for transmitting nodes.

We next define lossless and lossy single-function computation rate regions.

2.1. Lossless Single-Function Computation

Consider the single-function computation model illustrated in Figure 1. The corresponding lossless rate region is defined as follows.

Definition 1.

A lossless tuple $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$ is achievable if, for any $\delta >0$, there exist $n\ge 1$, two encoders, and one decoder such that

$$\begin{array}{cccc}\hfill & Pr\left[f^n({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)\ne \widehat{f^n}\right]\le \delta \hfill & \hfill & \left(\mathrm{reliability}\right)\hfill \end{array}$$

(2)

$$\begin{array}{cccc}\hfill & \frac{1}{n}I({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n;W_1,W_2|Z^n)\le R_{\mathrm{s}}+\delta \hfill & \hfill & \left(\sec \mathrm{recy}\right)\hfill \end{array}$$

(3)

$$\begin{array}{cccc}\hfill & \frac{1}{n}log\left|{\mathcal{W}}_1\right|\le R_{\mathrm{w},1}+\delta \hfill & \hfill & \left(\mathrm{storage}1\right)\hfill \end{array}$$

(4)

$$\begin{array}{cccc}\hfill & \frac{1}{n}log\left|{\mathcal{W}}_2\right|\le R_{\mathrm{w},2}+\delta \hfill & \hfill & \left(\mathrm{storage}2\right)\hfill \end{array}$$

(5)

$$\begin{array}{cccc}\hfill & \frac{1}{n}I(X^n;W_1,W_2|Y^n)\le R_{\ell ,\mathrm{Dec}}+\delta \hfill & \hfill & \left(\mathrm{privacyDec}\right)\hfill \end{array}$$

(6)

$$\begin{array}{cccc}\hfill & \frac{1}{n}I(X^n;W_1,W_2|Z^n)\le R_{\ell ,\mathrm{Eve}}+\delta \hfill & \hfill & \left(\mathrm{privacyEve}\right).\hfill \end{array}$$

(7)

The lossless region $\mathcal{R}$ is the closure of the set of all achievable lossless tuples.

2.2. Lossy Single-Function Computation

The corresponding lossy rate region for the single-function computation model illustrated in Figure 1 is defined as follows.

Definition 2.

A lossy tuple $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}},D)$ is achievable if, for any $\delta >0$, there exist $n\ge 1$, two encoders, and one decoder such that (3)–(7) and

$$\begin{array}{cccc}\hfill & \mathbb{E}\left[d(f^n({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n),\widehat{f^n})\right]\le D+\delta \hfill & \hfill & \left(\mathrm{distortion}\right)\hfill \end{array}$$

(8)

where

$$\begin{array}{c}\hfill d(f^n,\widehat{f^n})=\frac{1}{n}\sum _{i=1}^{n}d(f_i,{\widehat{f}}_i)\end{array}$$

(9)

is a per-letter distortion metric. The lossy region ${\mathcal{R}}_{\mathrm{D}}$ is the closure of the set of all achievable lossy tuples.

3. Inner and Outer Bounds

3.1. Lossless Single-Function Computation

We first extend the notion of admissibility defined in [6] for a single auxiliary random variable to two auxiliary random variables, used in the inner and outer bounds given below for lossless function computation; see also Theorem 3 of [18].

Definition 3.

A pair of (vector) random variables $(U_1,U_2)$ is admissible for a function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ if we have

$$\begin{array}{c}\hfill H\left(f({\tilde{X}}_1,{\tilde{X}}_2,Y)\right|U_1,U_2,Y)=0\end{array}$$

(10)

and

$$\begin{array}{cc}\hfill & U_1-{\tilde{X}}_1-({\tilde{X}}_2,Y)\hfill \end{array}$$

(11)

$$\begin{array}{cc}\hfill & U_2-{\tilde{X}}_2-({\tilde{X}}_1,Y)\hfill \end{array}$$

(12)

form Markov chains.

We next provide inner and outer bounds for the lossless region $\mathcal{R}$; see Section 5 for a proof sketch.

 Theorem 1. 

(Inner Bound): An achievable lossless region is the union over all $P_Q$, $P_{V_1|Q}$, $P_{V_2|Q}$, $P_{U_1|V_1}$, $P_{U_2|V_2}$, $P_{{\tilde{X}}_1|U_1}$, and $P_{{\tilde{X}}_2|U_2}$ of the rate tuples $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$ such that the $(U_1,U_2)$ pair is admissible for the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ and

$$\begin{array}{cc}\hfill & R_{\mathrm{s}}\ge {\left[I(U_1,U_2;Z|V_1,V_2,Q)-I(U_1,U_2;Y|V_1,V_2,Q)\right]}^{-}+I(U_1,U_2;{\tilde{X}}_1,{\tilde{X}}_2|Z)\hfill \end{array}$$

(13)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},1}\ge I(V_1;{\tilde{X}}_1|V_2,Y)+I(U_1;{\tilde{X}}_1|V_1,U_2,Y)\hfill \end{array}$$

(14)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},2}\ge I(V_2;{\tilde{X}}_2|V_1,Y)+I(U_2;{\tilde{X}}_2|U_1,V_2,Y)\hfill \\ \hfill & R_{\mathrm{w},1}+R_{\mathrm{w},2}\ge I(U_2;{\tilde{X}}_2|U_1,V_2,Y)+I(U_1;{\tilde{X}}_1|V_1,V_2,Y)\hfill \end{array}$$

(15)

$$\begin{array}{cc}\hfill & +I(V_2;{\tilde{X}}_2|V_1,Y)+I(V_1;{\tilde{X}}_1|Y)\hfill \end{array}$$

(16)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Dec}}\ge I(U_1,U_2;X|Y)\hfill \end{array}$$

(17)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Eve}}\ge {\left[I(U_1,U_2;Z|V_1,V_2,Q)-I(U_1,U_2;Y|V_1,V_2,Q)\right]}^{-}+I(U_1,U_2;X|Z)\hfill \end{array}$$

(18)

where we have

$$\begin{array}{cc}\hfill & P_{Q{V}_1{V}_2{U}_1{U}_2{\tilde{X}}_1{\tilde{X}}_{2}XYZ}=P_{Q|V_1{V}_2}{P}_{V_1|U_1}{P}_{U_1|{\tilde{X}}_1}{P}_{{\tilde{X}}_1|X}{P}_{V_2|U_2}{P}_{U_2|{\tilde{X}}_2}{P}_{{\tilde{X}}_2|X}{P}_X{P}_{YZ|X}.\hfill \end{array}$$

(19)

(Outer Bound): An outer bound for the lossless region $\mathcal{R}$ is the union of the rate tuples in (13), (16)–(18), and

$$\begin{array}{cc}\hfill & R_{\mathrm{w},1}\ge I(V_1;{\tilde{X}}_1|V_2,Y)+I(U_1;{\tilde{X}}_1|V_1,U_2,Y)\hfill \end{array}$$

$$\begin{array}{cc}\hfill & -I(V_1;V_2|{\tilde{X}}_1,Y)-I(U_1;U_2|{\tilde{X}}_1,Y,V_1)\hfill \\ \hfill & R_{\mathrm{w},2}\ge I(V_2;{\tilde{X}}_2|V_1,Y)+I(U_2;{\tilde{X}}_2|U_1,V_2,Y)\hfill \end{array}$$

(20)

$$\begin{array}{cc}\hfill & -I(V_2;V_1|{\tilde{X}}_2,Y)-I(U_2;U_1|{\tilde{X}}_2,Y,V_2)\hfill \end{array}$$

(21)

over all $P_Q$, $P_{V_1|Q}$, $P_{V_2|Q}$, $P_{U_1|V_1}$, $P_{U_2|V_2}$, $P_{{\tilde{X}}_1|U_1}$, and $P_{{\tilde{X}}_2|U_2}$ such that $(U_1,U_2)$ pair is admissible for the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ and

$$\begin{array}{cc}\hfill & (Q,V_1)-U_1-{\tilde{X}}_1-X-({\tilde{X}}_2,Y,Z)\hfill \end{array}$$

(22)

$$\begin{array}{cc}\hfill & (Q,V_2)-U_2-{\tilde{X}}_2-X-({\tilde{X}}_1,Y,Z)\hfill \end{array}$$

(23)

form Markov chains. One can limit the cardinalities to $\left|\mathcal{Q}\right|\le 2$, $|{\mathcal{V}}_1|\le |{\tilde{X}}_1|+6$, $|{\mathcal{V}}_2|\le |{\tilde{X}}_2|+6$, $|{\mathcal{U}}_1|\le (|{\tilde{X}}_1{|+6)}^2$, and $|{\mathcal{U}}_2|\le (|{\tilde{X}}_2{|+6)}^2$.

We remark that if the joint probability distribution in (19) is imposed on the outer bound, (20) and (21) recover (14) and (15), respectively, because then

$$\begin{array}{cc}\hfill & (V_1,U_1)-{\tilde{X}}_1-(Y,U_2,V_2)\hfill \end{array}$$

(24)

$$\begin{array}{cc}& (V_2,U_2)-{\tilde{X}}_2-(Y,U_1,V_1)\hfill \end{array}$$

(25)

form Markov chains for (19). However, the outer bound that satisfies (22) and (23) defines a rate region that is in general larger than the rate region defined by the inner bound that satisfies (19). Thus, inner and outer bounds generally differ. The results in Theorem 1 recover previous results including Theorem 3 of [18] and, naturally, also other results that are recovered by these previous results such as the SW coding region.

3.2. Lossy Single-Function Computation

We next provide inner and outer bounds for the lossy region ${\mathcal{R}}_{\mathrm{D}}$; see below for a proof sketch.

 Theorem 2. 

(Inner Bound):An achievable lossy region is the union over all $P_Q$, $P_{V_1|Q}$, $P_{V_2|Q}$, $P_{U_1|V_1}$, $P_{U_2|V_2}$, $P_{{\tilde{X}}_1|U_1}$, and $P_{{\tilde{X}}_2|U_2}$ of the rate tuples in (13)–(18) and

$$\begin{array}{cc}\hfill & D\ge \mathbb{E}\left[d(f({\tilde{X}}_1,{\tilde{X}}_2,Y),g(U_1,U_2,Y))\right]\hfill \end{array}$$

(26)

for some function $g(·,·,·)$ and where $P_{Q{V}_1{V}_2{U}_1{U}_2{\tilde{X}}_1{\tilde{X}}_{2}XYZ}$ is equal to (19).

(Outer Bound): An outer bound for the lossy region ${\mathcal{R}}_{\mathrm{D}}$ is the union over all $P_Q$, $P_{V_1|Q}$, $P_{V_2|Q}$, $P_{U_1|V_1}$, $P_{U_2|V_2}$, $P_{{\tilde{X}}_1|U_1}$, and $P_{{\tilde{X}}_2|U_2}$ of the set of rate tuples $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}},D)$ in (13), (16)–(18), (20), (21), and (26) such that (22) and (23) form Markov chains. One can limit the cardinalities to $\left|\mathcal{Q}\right|\le 2$, $|{\mathcal{V}}_1|\le |{\tilde{X}}_1|+7$, $|{\mathcal{V}}_2|\le |{\tilde{X}}_2|+7$, $|{\mathcal{U}}_1|\le (|{\tilde{X}}_1{|+7)}^2$, and $|{\mathcal{U}}_2|\le (|{\tilde{X}}_2{|+7)}^2$.

 Proof Sketch 

The achievability proof of the lossy function computation problem follows from the achievability proof of its lossless version given in Section 5.1 by replacing the admissibility constraint with the constraint that $P_{U_1|{\tilde{X}}_1}$, $P_{V_1|U_1}$, $P_{U_2|{\tilde{X}}_2}$, and $P_{V_2|U_2}$ are chosen such that there exists a function $g(U_1,U_2,Y)$ that satisfies

$$\begin{array}{cc}\hfill & g^n(U_1^n,U_2^n,Y^n)={\left\{g(U_{1,i},U_{2,i},Y_i)\right\}}_{i=1}^n\hfill \end{array}$$

(27)

$$\begin{array}{cc}\hfill & \mathbb{E}\left[d(f^n({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n),g^n(U_1^n,U_2^n,Y^n))\right]\le D+{ϵ}_n\hfill \end{array}$$

(28)

where ${ϵ}_n>0$ such that ${ϵ}_n\to 0$ when $n\to \infty$. Since all $({\tilde{x}}_1^n,{\tilde{x}}_2^n,y^n,u_1^n,u_2^n)$ tuples are in the jointly typical set with high probability, by the typical average lemma [34] p. 26, constraint in (8) is satisfied.

The proof of the outer bound applies the standard properties of the Shannon entropy and follows mainly from the outer bound proof for the lossless function computation problem given in Section 5.2. However, the proof for the lossless function computation problem requires the auxiliary random variables to be admissible as defined in Definition 3, unlike the lossy function computation problem. Thus, the outer bound proof for Theorem 2 follows by replacing the admissibility step (96) in the outer bound proof for the lossless function computation problem with the step

$$\begin{array}{cc}\hfill & n(D+{\delta }_n)\hfill \\ \hfill & \stackrel{\left(a\right)}{\ge }\mathbb{E}\left[\sum _{i=1}^{n}d\left(f_i({\tilde{X}}_{1,i},{\tilde{X}}_{2,i},Y_i),\widehat{f_i}(W_1,W_2,Y^n)\right)\right]\hfill \\ \hfill & \stackrel{\left(b\right)}{\ge }\mathbb{E}\left[\sum _{i=1}^{n}d\left(f_i({\tilde{X}}_{1,i},{\tilde{X}}_{2,i},Y_i),g_i(W_1,W_2,Y^n,X^{i-1},Z^{i-1})\right)\right]\hfill \\ \hfill & \stackrel{\left(c\right)}{=}\mathbb{E}\left[\sum _{i=1}^{n}d\left(f_i({\tilde{X}}_{1,i},{\tilde{X}}_{2,i},Y_i),g_i(W_1,W_2,Y_i^n,X^{i-1},Z^{i-1})\right)\right]\hfill \\ \hfill & \stackrel{\left(d\right)}{=}\mathbb{E}\left[\sum _{i=1}^{n}d\left(f({\tilde{X}}_{1,i},{\tilde{X}}_{2,i},Y_i),g(U_{1,i},U_{2,i},Y_i)\right)\right]\hfill \end{array}$$

(29)

where $\left(a\right)$ follows by (8) and (9), $\left(b\right)$ follows since there exists a function $g_i(·,·,·)$ that achieves a distortion that is not greater than the distortion achieved by $\widehat{f_i}(W_1,W_2,Y^n)$, where the distortion is measured with respect to $f_i({\tilde{X}}_{1,i},{\tilde{X}}_{2,i},Y_i)$, since $g_i(·,·,·)$ has additional inputs, $\left(c\right)$ follows from the Markov chain given in (100), and $\left(d\right)$ follows from the definitions of $U_{1,i}$ and $U_{2,i}$ given in (91) and (92), respectively. Furthermore, the proof of the cardinality bounds for the lossy case follows from the proof for the lossless case since we preserve the same probability and conditional entropy values as being preserved for the lossless function computation problem with the addition of preserving the value of $g(U_1,U_2,Y)=g(U_1,U_2,V_1,V_2,Y)$, following from the Markov chain

$$\begin{array}{c}\hfill (V_1,V_2)-(U_1,U_2,Y)-g(U_1,U_2,Y).\end{array}$$

(30)

□

Entirely similar to Theorem 1, the inner and outer bounds given in Theorem 2 do not match in general because of different Markov chains imposed.

 Remark 1. 

Since all secrecy and privacy rate terms given in the outer bounds in Theorems 1 and 2, i.e., lower bounds in (13), (17), and (18), are generally strictly positive, strong secrecy or strong privacy constraints cannot be satisfied in general for the lossless and lossy single-function computation problems.

We next provide simplified rate regions, for various sets of computed functions $f(·,·,·)$ and measurement channels $P_{YZ|X}$.

4. Rate Regions for Special Sets of Computed Functions and Measurement Channels

The terms that characterize simplified rate regions of the lossless and lossy function computation problems for various sets of functions and channels are the same, except (1) removal of the admissibility requirement; (2) addition of a distortion constraint; and (3) increase in the cardinality bounds on the auxiliary random variables for the lossy case as compared to the lossless case. Thus, we provide simplified rate regions only for the lossless case. However, we remark that the optimal auxiliary random variables for lossless and lossy cases might differ. Therefore, the corresponding lossless and lossy rate regions might look different for the same joint probability distribution $P_{{\tilde{X}}_1{\tilde{X}}_{2}XYZ}$.

4.1. Partially Invertible Functions

We now impose the condition that the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is partially invertible with respect to ${\tilde{X}}_1$, i.e., we have [9,35]

$$\begin{array}{c}\hfill H\left({\tilde{X}}_1\right|f({\tilde{X}}_1,{\tilde{X}}_2,Y),Y)=0.\end{array}$$

(31)

For such functions, it is straightforward to show that we have the following simplified rate region for the lossless function computation problem with two transmitting nodes. The proof of Lemma 1 follows from Theorem 1 by assigning $U_1={\tilde{X}}_1$ and constant $V_1$ and then by applying the Markov chain (23) to (13). Furthermore, by symmetry, the simplified lossless rate region for a function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ that is partially invertible with respect to ${\tilde{X}}_2$ can be obtained by assigning $U_2={\tilde{X}}_2$ and constant $V_2$ and then applying (22) to (13).

Lemma 1.

The lossless rate region $\mathcal{R}$ when $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is a partially invertible function with respect to ${\tilde{X}}_1$ includes the set of all tuples $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$ such that $U_2$ is admissible for the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ and

$$\begin{array}{cc}\hfill & R_{\mathrm{s}}\ge {\left[I({\tilde{X}}_1,U_2;Z|V_2,Q)-I({\tilde{X}}_1,U_2;Y|V_2,Q)\right]}^{-}+H\left({\tilde{X}}_1\right|U_2,Z)+I(U_2;{\tilde{X}}_2|Z)\hfill \end{array}$$

(32)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},1}\ge H\left({\tilde{X}}_1\right|U_2,Y)\hfill \end{array}$$

(33)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},2}\ge I(V_2;{\tilde{X}}_2|Y)+I(U_2;{\tilde{X}}_2|{\tilde{X}}_1,V_2,Y)\hfill \end{array}$$

(34)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},1}+R_{\mathrm{w},2}\ge I(U_2;{\tilde{X}}_2|{\tilde{X}}_1,V_2,Y)+H\left({\tilde{X}}_1\right|V_2,Y)+I(V_2;{\tilde{X}}_2|Y)\hfill \end{array}$$

(35)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Dec}}\ge I({\tilde{X}}_1,U_2;X|Y)\hfill \end{array}$$

(36)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Eve}}\ge {\left[I({\tilde{X}}_1,U_2;Z|V_2,Q)-I({\tilde{X}}_1,U_2;Y|V_2,Q)\right]}^{-}+I({\tilde{X}}_1,U_2;X|Z)\hfill \end{array}$$

(37)

such that (23) forms a Markov chain. One can limit the cardinalities to $\left|\mathcal{Q}\right|\le 2$, $|{\mathcal{V}}_2|\le |{\tilde{X}}_2|+6$, and $|{\mathcal{U}}_2|\le (|{\tilde{X}}_2{|+6)}^2$.

4.2. Invertible Functions

Suppose now we impose the condition that the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is invertible; i.e., we have [9,35]

$$\begin{array}{c}\hfill H({\tilde{X}}_1,{\tilde{X}}_2|f({\tilde{X}}_1,{\tilde{X}}_2,Y),Y)=0.\end{array}$$

(38)

We provide in Lemma 2 below simplified rate region for the lossless function computation problem with two transmitting nodes when the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is invertible. The proof of Lemma 2 follows from Theorem 1 by assigning $U_1={\tilde{X}}_1$, $U_2={\tilde{X}}_2$, and constant $V_1$ and $V_2$.

Lemma 2.

The lossless rate region $\mathcal{R}$ when $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is an invertible function includes the set of all tuples $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$ satisfying

$$\begin{array}{cc}\hfill & R_{\mathrm{s}}\ge {\left[I({\tilde{X}}_1,{\tilde{X}}_2;Z|Q)-I({\tilde{X}}_1,{\tilde{X}}_2;Y|Q)\right]}^{-}+H({\tilde{X}}_1,{\tilde{X}}_2|Z)\hfill \end{array}$$

(39)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},1}\ge H\left({\tilde{X}}_1\right|{\tilde{X}}_2,Y)\hfill \end{array}$$

(40)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},2}\ge H\left({\tilde{X}}_2\right|{\tilde{X}}_1,Y)\hfill \end{array}$$

(41)

$$\begin{array}{cc}\hfill & R_{\mathrm{w},1}+R_{\mathrm{w},2}\ge H({\tilde{X}}_1,{\tilde{X}}_2|Y)\hfill \end{array}$$

(42)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Dec}}\ge I({\tilde{X}}_1,{\tilde{X}}_2;X|Y)\hfill \end{array}$$

(43)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Eve}}\ge {\left[I({\tilde{X}}_1,{\tilde{X}}_2;Z|Q)-I({\tilde{X}}_1,{\tilde{X}}_2;Y|Q)\right]}^{-}+I({\tilde{X}}_1,{\tilde{X}}_2;X|Z)\hfill \end{array}$$

(44)

where $Q-({\tilde{X}}_1,{\tilde{X}}_2)-X-(Y,Z)$ forms a Markov chain. One can limit the cardinality to $\left|\mathcal{Q}\right|\le 2$.

4.3. Invertible Functions and Two Different Degraded Channels

The lossless rate region given in Lemma 2 can be further simplified by imposing conditions on the measurement channel $P_{YZ|X}$ in addition to the function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ being invertible. We next characterize further simplified lossless rate regions for two different physically degraded channels.

4.3.1. Eve’s Channel Is Physically Degraded

Suppose the measurement channel $P_{YZ|X}$ is physically degraded such that

$$\begin{array}{c}\hfill P_{YZ|X}=P_{Y|X}{P}_{Z|Y}.\end{array}$$

(45)

For invertible functions and physically degraded measurement channels $P_{YZ|X}$ as defined in (45), we provide further simplified lossless rate region in Lemma 3. The proof of Lemma 3 follows from Lemma 2, and by using the following Markov chain for this case

$$\begin{array}{cc}\hfill & ({\tilde{X}}_1,{\tilde{X}}_2)-X-Y-Z\hfill \end{array}$$

(46)

which follows by (45).

 Lemma 3. 

The lossless rate region $\mathcal{R}$ when $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is an invertible function and $P_{YZ|X}$ is as given in (45) includes the set of all tuples $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$ satisfying (40)–(43) and

$$\begin{array}{cc}\hfill & R_{\mathrm{s}}\ge H({\tilde{X}}_1,{\tilde{X}}_2|Y)\hfill \end{array}$$

(47)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Eve}}\ge I({\tilde{X}}_1,{\tilde{X}}_2;X|Y).\hfill \end{array}$$

(48)

4.3.2. Fusion Center’s Channel Is Physically Degraded

Suppose the measurement channel $P_{YZ|X}$ is physically degraded such that

$$\begin{array}{c}\hfill P_{YZ|X}=P_{Z|X}{P}_{Y|Z}.\end{array}$$

(49)

For invertible functions and physically degraded measurement channels $P_{YZ|X}$ as defined in (49), we provide a simplified lossless rate region in Lemma 4. The proof of Lemma 4 follows from Lemma 2 and by using the following Markov chain for this case

$$\begin{array}{cc}\hfill & ({\tilde{X}}_1,{\tilde{X}}_2)-X-Z-Y\hfill \end{array}$$

(50)

which follows by (49).

Lemma 4.

The lossless rate region $\mathcal{R}$ when $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is an invertible function and $P_{YZ|X}$ is as given in (49) includes the set of all tuples $(R_{\mathrm{s}},R_{\mathrm{w},1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$ satisfying (40)–(43) and

$$\begin{array}{cc}\hfill & R_{\mathrm{s}}\ge H({\tilde{X}}_1,{\tilde{X}}_2|Z)\hfill \end{array}$$

(51)

$$\begin{array}{cc}\hfill & R_{\ell ,\mathrm{Eve}}\ge I({\tilde{X}}_1,{\tilde{X}}_2;X|Z).\hfill \end{array}$$

(52)

Remark 2.

The rate regions given in Lemmas 2–4 can be plotted by computing the terms that characterize the regions since $P_{{\tilde{X}}_1{\tilde{X}}_{2}XYZ}$ is fixed for function computation problems considered. However, the rate region given in Lemma 1, similar to the inner bounds given in Theorems 1 and 2, might not be easy to characterize due to the requirement to optimize the auxiliary random variables whose cardinalities are bounded by large terms. Thus, evaluating the rate region for a function computation problem with two transmitting terminals is generally significantly more difficult than characterization of the rate region for function computation with one transmitting terminal; see [20] for an example of an information bottleneck for the latter problem.

We next evaluate an inner bound for the lossless rate region $\mathcal{R}$ by using Lemma 4 for specific measurement channels when $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$ is an invertible function.

4.4. Lossless Rate Region Example

Suppose measurement channels in Figure 1 have binary input and output alphabets with multiplicative Bernoulli noise components; i.e., we have $\mathcal{X}={\tilde{\mathcal{X}}}_1={\tilde{\mathcal{X}}}_2=\mathcal{Z}=\mathcal{Y}={\mathcal{S}}_1={\mathcal{S}}_2={\mathcal{S}}_Z={\mathcal{S}}_Y=\{0,1\}$ and

$$\begin{array}{c}\hfill {\tilde{X}}_1=S_1·X,{\tilde{X}}_2=S_2·X,Z=S_Z·X,Y=S_Y·X\end{array}$$

(53)

where $S_1$, $S_2$, X, and $(S_Z,S_Y)$ are mutually independent, and we have $P_X\left(1\right)=0.5$, $P_{S_1}\left(1\right)={\beta }_1$, $P_{S_2}\left(1\right)={\beta }_2$, $P_{S_Z{S}_Y}(0,0)=(1-q)$, $P_{S_Z{S}_Y}(1,1)=q\alpha$, and $P_{S_Z{S}_Y}(1,0)=q(1-\alpha )$ for fixed ${\beta }_1,{\beta }_2,q,\alpha \in [0,1]$, so (49) is satisfied; see also Section IV-A of [36]. Using Lemma 4 for the given probability distributions, we evaluate an inner bound for the lossless rate region $\mathcal{R}$ for an invertible function computation scenario with two transmitting nodes, in which, e.g., ${\beta }_1=0.2$, ${\beta }_2=0.11$, $\alpha =0.3$, and $q=0.25$ and obtain the lossless rate region that is characterized by

$$\begin{array}{cccc}& R_{\mathrm{s}}\ge 0.7579\mathrm{bits}/\mathrm{symbol},\hfill & & R_{\mathrm{w},1}\ge 0.4626\mathrm{bits}/\mathrm{symbol},\hfill \end{array}$$

(54)

$$\begin{array}{cccc}& R_{\mathrm{w},2}\ge 0.3021\mathrm{bits}/\mathrm{symbol},\hfill & & R_{\mathrm{w},1}+R_{\mathrm{w},2}\ge 0.7686\mathrm{bits}/\mathrm{symbol},\hfill \end{array}$$

(55)

$$\begin{array}{cccc}& R_{\ell ,\mathrm{Dec}}\ge 0.1577\mathrm{bits}/\mathrm{symbol},\hfill & & R_{\ell ,\mathrm{Eve}}\ge 0.1469\mathrm{bits}/\mathrm{symbol}\hfill \end{array}$$

(56)

where the sum-storage rate constraint is active since the sum of the bounds on $R_{\mathrm{w},1}$ and $R_{\mathrm{w},2}$ is smaller than the bound on $(R_{\mathrm{w},1}+R_{\mathrm{w},2})$.

5. Proof of Theorem 1

5.1. Inner Bound

 Proof Sketch 

The OSRB method [30] is used for the proof of achievability by applying the steps given in Section 1.6 of [37]. Let

$$\begin{array}{c}\hfill (V_1^n,V_2^n,U_1^n,U_2^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n,X^n,Y^n,Z^n)\end{array}$$

(57)

be i.i.d. according to $P_{V_1{V}_2{U}_1{U}_2{\tilde{X}}_1{\tilde{X}}_{2}XYZ}$ that can be obtained from (19) with fixed $P_{U_1|{\tilde{X}}_1}$, $P_{V_1|U_1}$, $P_{U_2|{\tilde{X}}_2}$, and $P_{V_2|U_2}$ such that the pair $(U_1,U_2)$ is admissible for a function $f({\tilde{X}}_1,{\tilde{X}}_2,Y)$, so $(U_1^n,U_2^n)$ is also admissible since random variables in (57) are i.i.d.

To each $v_1^n$, assign two random bin indices $(F_{{\mathrm{v}}_1},W_{{\mathrm{v}}_1})$ such that $F_{{\mathrm{v}}_1}\in [1:2^{n{\tilde{R}}_{{\mathrm{v}}_1}}]$ and $W_{{\mathrm{v}}_1}\in [1:2^{n{R}_{{\mathrm{v}}_1}}]$. Furthermore, to each $u_1^n$, assign two random indices $(F_{{\mathrm{u}}_1},W_{{\mathrm{u}}_1})$ such that $F_{{\mathrm{u}}_1}\in [1:2^{n{\tilde{R}}_{{\mathrm{u}}_1}}]$ and $W_{{\mathrm{u}}_1}\in [1:2^{n{R}_{{\mathrm{u}}_1}}]$. Similarly, random indices $(F_{{\mathrm{v}}_2},W_{{\mathrm{v}}_2})$ and $(F_{{\mathrm{u}}_2},W_{{\mathrm{u}}_2})$ are assigned to each $v_2^n$ and $u_2^n$, respectively. The indices $F_1=(F_{{\mathrm{v}}_1},F_{{\mathrm{u}}_1})$, and $F_2=(F_{{\mathrm{v}}_2},F_{{\mathrm{u}}_2})$ represent the public choice of two encoders and one decoder, whereas $W_1=(W_{{\mathrm{v}}_1},W_{{\mathrm{u}}_1})$ and $W_2=(W_{{\mathrm{v}}_2},W_{{\mathrm{u}}_2})$ are the public messages sent by the encoders ${\mathsf{Enc}}_1(·)$ and ${\mathsf{Enc}}_2(·)$, respectively, to the fusion center.

We consider the following decoding order:

• observing $(Y^n,F_{{\mathrm{v}}_1},W_{{\mathrm{v}}_1})$, the decoder $\mathsf{Dec}(·)$ estimates $V_1^n$ as ${\widehat{V}}_1^n$;
• observing $(Y^n,{\widehat{V}}_1^n,F_{{\mathrm{v}}_2},W_{{\mathrm{v}}_2})$, the decoder estimates $V_2^n$ as ${\widehat{V}}_2^n$;
• observing $(Y^n,{\widehat{V}}_1^n,{\widehat{V}}_2^n,F_{{\mathrm{u}}_1},W_{{\mathrm{u}}_1})$, the decoder estimates $U_1^n$ as ${\widehat{U}}_1^n$;
• observing $(Y^n,{\widehat{V}}_1^n,{\widehat{V}}_2^n,{\widehat{U}}_1^n,F_{{\mathrm{u}}_2},W_{{\mathrm{u}}_2})$, the decoder estimates $U_2^n$ as ${\widehat{U}}_2^n$.

By swapping indices 1 and 2 in the decoding order, another corner point in the achievable rate region is obtained, so we analyze the given decoding order but also provide the results for the other corner point.

Consider Step 1 in the decoding order given above. Using an SW [13] decoder, one can reliably estimate $V_1^n$ from $(Y^n,F_{{\mathrm{v}}_1},W_{{\mathrm{v}}_1})$ such that the expected value of the error probability taken over the random bin assignments vanishes when $n\to \infty$, if we have Lemma 1 of [30]

$$\begin{array}{c}\hfill {\tilde{R}}_{{\mathrm{v}}_1}+R_{{\mathrm{v}}_1}>H\left(V_1\right|Y).\end{array}$$

(58)

Similarly, Step 2–4 estimations are reliable if we have

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{v}}_2}+R_{{\mathrm{v}}_2}>H\left(V_2\right|V_1,Y)\hfill \end{array}$$

(59)

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{u}}_1}+R_{{\mathrm{u}}_1}>H\left(U_1\right|V_1,V_2,Y)\hfill \end{array}$$

(60)

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{u}}_2}+R_{{\mathrm{u}}_2}>H\left(U_2\right|V_1,V_2,U_1,Y)\stackrel{\left(a\right)}{=}H\left(U_2\right|V_2,U_1,Y)\hfill \end{array}$$

(61)

where $\left(a\right)$ follows from the Markov chain $V_1-U_1-(U_2,V_2,Y)$. Therefore, (2) is satisfied if (58)–(61) are satisfied.

The public index $F_{{\mathrm{v}}_1}$ is almost independent of ${\tilde{X}}_1^n$, so it is almost independent of $({\tilde{X}}_1^n,{\tilde{X}}_2^n,X^n,Y^n,Z^n)$, if we have Theorem 1 of [30]

$$\begin{array}{c}\hfill {\tilde{R}}_{{\mathrm{v}}_1}<H\left(V_1\right|{\tilde{X}}_1)\end{array}$$

(62)

because then the expected value, which is taken over the random bin assignments, of the variational distance between the joint probability distributions $\mathrm{Unif}[1:2^{n{\tilde{R}}_{{\mathrm{v}}_1}}]·P_{{\tilde{X}}_1^n}$ and $P_{F_{{\mathrm{v}}_1}{\tilde{X}}_1^n}$, vanishes when $n\to \infty$. Furthermore, the public index $F_{{\mathrm{u}}_1}$ is almost independent of $(V_1^n,{\tilde{X}}_1^n)$, so it is almost independent of $(V_1^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n,X^n,Y^n,Z^n)$, if we have

$$\begin{array}{c}\hfill {\tilde{R}}_{{\mathrm{u}}_1}<H\left(U_1\right|V_1,{\tilde{X}}_1).\end{array}$$

(63)

Similarly, $F_{{\mathrm{v}}_2}$ is almost independent of ${\tilde{X}}_2^n$ if we have

$$\begin{array}{c}\hfill {\tilde{R}}_{{\mathrm{v}}_2}<H\left(V_2\right|{\tilde{X}}_2)\end{array}$$

(64)

and $F_{{\mathrm{u}}_2}$ is almost independent of $(V_2^n,{\tilde{X}}_2^n)$ if we have

$$\begin{array}{c}\hfill {\tilde{R}}_{{\mathrm{u}}_2}<H\left(U_2\right|V_2,{\tilde{X}}_2).\end{array}$$

(65)

To satisfy (58)–(65), for any $ϵ>0$ we fix

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{v}}_1}=H\left(V_1\right|{\tilde{X}}_1)-ϵ\hfill \end{array}$$

(66)

$$\begin{array}{cc}\hfill & R_{{\mathrm{v}}_1}=I(V_1;{\tilde{X}}_1)-I(V_1;Y)+2ϵ\hfill \end{array}$$

(67)

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{v}}_2}=H\left(V_2\right|{\tilde{X}}_2)-ϵ\hfill \end{array}$$

(68)

$$\begin{array}{cc}\hfill & R_{{\mathrm{v}}_2}=I(V_2;{\tilde{X}}_2)-I(V_2;V_1,Y)+2ϵ\hfill \end{array}$$

(69)

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{u}}_1}=H\left(U_1\right|V_1,{\tilde{X}}_1)-ϵ\hfill \end{array}$$

(70)

$$\begin{array}{cc}\hfill & R_{{\mathrm{u}}_1}=I(U_1;{\tilde{X}}_1|V_1)-I(U_1;V_2,Y|V_1)+2ϵ\hfill \end{array}$$

(71)

$$\begin{array}{cc}\hfill & {\tilde{R}}_{{\mathrm{u}}_2}=H\left(U_2\right|V_2,{\tilde{X}}_2)-ϵ\hfill \end{array}$$

(72)

$$\begin{array}{cc}\hfill & R_{{\mathrm{u}}_2}=I(U_2;{\tilde{X}}_2|V_2)-I(U_2;U_1,Y|V_2)+2ϵ.\hfill \end{array}$$

(73)

Public Message (Storage) Rates: (67) and (71) result in a public message (storage) rate $R_{{\mathrm{w}}_1}$ of

$$\begin{array}{cc}\hfill & R_{{\mathrm{w}}_1}=R_{{\mathrm{v}}_1}+R_{{\mathrm{u}}_1}\hfill \\ \hfill & \stackrel{\left(a\right)}{=}I(V_1;{\tilde{X}}_1|Y)+H\left(U_1\right|V_1,V_2,Y)-H\left(U_1\right|V_1,{\tilde{X}}_1)+4ϵ\hfill \\ \hfill & \stackrel{\left(b\right)}{=}I(V_1;{\tilde{X}}_1|Y)+I(U_1;{\tilde{X}}_1|V_1,V_2,Y)+4ϵ\hfill \end{array}$$

(74)

where $\left(a\right)$ follows because $V_1-{\tilde{X}}_1-Y$ forms a Markov chain and $\left(b\right)$ follows because $U_1-(V_1,{\tilde{X}}_1)-(V_2,Y)$ form a Markov chain. Furthermore, (69) and (73) result in a storage rate $R_{{\mathrm{w}}_2}$ of

$$\begin{array}{cc}\hfill & R_{{\mathrm{w}}_2}=R_{{\mathrm{v}}_2}+R_{{\mathrm{u}}_2}\hfill \\ \hfill & \stackrel{\left(a\right)}{=}I(V_2;{\tilde{X}}_2|V_1,Y)+H\left(U_2\right|U_1,V_2,Y)-H\left(U_2\right|V_2,{\tilde{X}}_2)+4ϵ\hfill \\ \hfill & \stackrel{\left(b\right)}{=}I(V_2;{\tilde{X}}_2|V_1,Y)+I(U_2;{\tilde{X}}_2|U_1,V_2,Y)+4ϵ\hfill \end{array}$$

(75)

where $\left(a\right)$ follows from the Markov chain $V_2-{\tilde{X}}_2-(V_1,Y)$ and $\left(b\right)$ from $U_2-(V_2,{\tilde{X}}_2)-(U_1,Y)$. We remark that if the indices 1 and 2 in the decoding order given above are swapped, the other corner point with

$$\begin{array}{cc}\hfill & R_{{\mathrm{w}}_1}^{\prime }=I(V_1;{\tilde{X}}_1|V_2,Y)+I(U_1;{\tilde{X}}_1|U_2,V_1,Y)+4ϵ\hfill \end{array}$$

(76)

$$\begin{array}{cc}\hfill & R_{{\mathrm{w}}_2}^{\prime }=I(V_2;{\tilde{X}}_2|Y)+I(U_2;{\tilde{X}}_2|V_1,V_2,Y)+4ϵ\hfill \end{array}$$

(77)

is achieved.

Privacy Leakage to Decoder: We have

$$\begin{array}{cc}\hfill & I(X^n;W_1,W_2,F_1,F_2|Y^n)\hfill \\ \hfill & =I(X^n;W_1,W_2|F_1,F_2,Y^n)+I(X^n;F_1,F_2|Y^n)\hfill \\ \hfill & \stackrel{\left(a\right)}{\le }H\left(X^n\right|Y^n)-H\left(X^n\right|W_1,W_2,F_1,F_2,V_1^n,V_2^n,U_1^n,U_2^n,Y^n)+4{ϵ}_n\hfill \\ \hfill & \stackrel{\left(b\right)}{=}H\left(X^n\right|Y^n)-H\left(X^n\right|U_1^n,U_2^n,Y^n)+4{ϵ}_n\hfill \\ \hfill & \stackrel{\left(c\right)}{=}nI(U_1,U_2;X|Y)+4{ϵ}_n\hfill \end{array}$$

(78)

where

$\left(a\right)$ follows for some ${ϵ}_n>0$ with ${ϵ}_n\to 0$ when $n\to \infty$ because

$$\begin{array}{cc}\hfill & I(X^n;F_1,F_2|Y^n)\hfill \\ \hfill & =I(X^n;F_{{\mathrm{v}}_1}|Y^n)+I(X^n;F_{{\mathrm{u}}_1}|F_{{\mathrm{v}}_1},Y^n)+I(X^n;F_{{\mathrm{v}}_2}|F_{{\mathrm{v}}_1},F_{{\mathrm{u}}_1},Y^n)\hfill \\ \hfill & +I(X^n;F_{{\mathrm{u}}_2}|F_{{\mathrm{v}}_1},F_{{\mathrm{u}}_1},F_{{\mathrm{v}}_2},Y^n)\hfill \\ \hfill & \le 4{ϵ}_n\hfill \end{array}$$

(79)

since (1) by (62) $F_{{\mathrm{v}}_1}$ is almost independent of $(X^n,Y^n)$; (2) by (63) $F_{{\mathrm{u}}_1}$ is almost independent of $(V_1^n,X^n,Y^n)$ and because $V_1^n$ determines $F_{{\mathrm{v}}_1}$; (3) by (64) $F_{{\mathrm{v}}_2}$ is almost independent of $(U_1^n,V_1^n,X^n,Y^n)$ and because $(V_1^n,U_1^n)$ determine $(F_{{\mathrm{v}}_1},F_{{\mathrm{u}}_1})$; (4) by (65) $F_{{\mathrm{u}}_2}$ is almost independent of $(V_2^n,U_1^n,V_1^n,X^n,Y^n)$ and because $(V_1^n,U_1^n,V_2^n)$ determine $(F_{{\mathrm{v}}_1},F_{{\mathrm{u}}_1},F_{{\mathrm{v}}_2})$;

$\left(b\right)$ follows because $(V_1^n,V_2^n,U_1^n,U_2^n)$ determine $(W_1,W_2,F_1,F_2)$ and from the Markov chains $V_1^n-U_1^n-(X^n,Y^n,U_2^n,V_2^n)$ and $V_2^n-U_2^n-(X^n,Y^n,U_1^n)$;

$\left(c\right)$ follows because $(X^n,U_1^n,U_2^n,Y^n)$ are i.i.d.

Privacy Leakage to Eve: We have

$$\begin{array}{cc}\hfill & I(X^n;W_1,W_2,F_1,F_2|Z^n)\hfill \\ \hfill & \stackrel{\left(a\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-H(W_1,W_2,F_1,F_2|X^n)\hfill \\ \hfill & \stackrel{\left(b\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-H(W_{u_1},F_{u_1},W_{u_2},F_{u_2},V_1^n,V_2^n|X^n)\hfill \\ \hfill & +H\left(V_1^n\right|W_1,W_2,F_1,F_2,X^n)+H\left(V_2^n\right|V_1^n,W_1,W_2,F_1,F_2,X^n)\hfill \\ \hfill & \stackrel{\left(c\right)}{\le }H(W_1,W_2,F_1,F_2|Z^n)-H(W_{u_1},F_{u_1},W_{u_2},F_{u_2},V_1^n,V_2^n|X^n)+2n{ϵ}_n^{\prime }\hfill \\ \hfill & \stackrel{\left(d\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-H(U_1^n,U_2^n,V_1^n,V_2^n|X^n)\hfill \\ \hfill & +H\left(U_1^n\right|W_{u_1},F_{u_1},W_{u_2},F_{u_2},V_1^n,V_2^n,X^n)\hfill \\ \hfill & +H\left(U_2^n\right|U_1^n,W_{u_1},F_{u_1},W_{u_2},F_{u_2},V_1^n,V_2^n,X^n)+2n{ϵ}_n^{\prime }\hfill \\ \hfill & \stackrel{\left(e\right)}{\le }H(W_1,W_2,F_1,F_2|Z^n)-H(U_1^n,U_2^n,V_1^n,V_2^n|X^n)+4n{ϵ}_n^{\prime }\hfill \\ \hfill & \stackrel{\left(f\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-nH(U_1,U_2,V_1,V_2|X)+4n{ϵ}_n^{\prime }\hfill \end{array}$$

(80)

where $\left(a\right)$ follows because $(W_1,W_2,F_1,F_2)-X^n-Z^n$ form a Markov chain, $\left(b\right)$ follows since $(V_1^n,V_2^n)$ determine $(F_{v_1},W_{v_1},F_{v_2},W_{v_2})$, $\left(c\right)$ follows for some ${ϵ}_n^{\prime }>0$ such that ${ϵ}_n^{\prime }\to 0$ when $n\to \infty$ because $(F_{v_1},W_{v_1},X^n)$ can reliably recover $V_1^n$ by (58), and similarly because $(F_{v_2},W_{v_2},V_1^n,X^n)$ can reliably recover $V_2^n$ by (59) both due to the Markov chain $(V_1^n,V_2^n)-X^n-Y^n$, $\left(d\right)$ follows because $(U_1^n,U_2^n)$ determine $(F_{u_1},W_{u_1},F_{u,2},W_{u_2})$, $\left(e\right)$ follows because $(F_{u_1},W_{u_1},V_1^n,V_2^n,X^n)$ can reliably recover $U_1^n$ by (60) and the inequality

$$\begin{array}{c}\hfill H\left(U_1\right|V_1,V_2,Y)\ge H\left(U_1\right|V_1,V_2,X)\end{array}$$

(81)

that follows from

$$\begin{array}{cc}\hfill & I(U_1;V_1,V_2,X)-I(U_1;V_1,V_2,Y)\ge I(U_1;V_1,V_2,X)-I(U_1;V_1,V_2,Y,X)=0\hfill \end{array}$$

(82)

since $U_1-(V_1,V_2,X)-Y$ form a Markov chain. Furthermore, $(F_{u_2},W_{u_2},V_1^n,V_2^n,U_1^n,X^n)$ can reliably recover $U_2^n$ by (61) and the inequality

$$\begin{array}{c}\hfill H\left(U_2\right|V_1,V_2,U_1,Y)\ge H\left(U_2\right|V_1,V_2,U_1,X)\end{array}$$

(83)

that can be proved entirely the same as (82) by using the Markov chain $U_2-(V_1,V_2,U_1,X)-Y$, and $\left(f\right)$ follows because $(U_1^n,U_2^n,V_1^n,V_2^n,X^n)$ are i.i.d.

In (80), obtaining single-letter bounds on the term $H(W_1,W_2,F_1,F_2|Z^n)$ requires analysis of numerous decodability cases, whereas there are only six different decodability cases analyzed in [20] for secure function computation with a single transmitting node. To simplify our analysis by applying the results in [20], we combine the decoding order Steps 1 and 2 given above such that $(V_1,V_2)$ are treated jointly, and, similarly, we combine Steps 3 and 4 such that $(U_1,U_2)$ are treated jointly. Using the combined steps, we can consider the six decodability cases analyzed in Section V-A of [20] by replacing $V^n$ with $(V_1^n,V_2^n)$ and $U^n$ with $(U_1^n,U_2^n)$, respectively, in the proof. Since in (80) the second term $-nH(U_1,U_2,V_1,V_2|X)$ can be obtained by applying the same replacement to the second term in Equation (54) of [20], we obtain from (80) and these decodability analyses that

$$\begin{array}{cc}\hfill & I(X^n;W_1,W_2,F_1,F_2|Z^n)\hfill \\ \hfill & \le n({[I(U_1,U_2;Z|V_1,V_2)-I(U_1,U_2;Y|V_1,V_2)+ϵ]}^{-}\hfill \\ \hfill & +I(U_1,U_2;X|Z)+4{ϵ}_n^{\prime }+{ϵ}_n^{\prime \prime })\hfill \end{array}$$

(84)

for some ${ϵ}_n^{\prime \prime }>0$ such that ${ϵ}_n^{\prime \prime }\to 0$ when $n\to \infty$.

Secrecy Leakage (to Eve): We obtain

$$\begin{array}{cc}\hfill & I({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n;W_1,W_2,F_1,F_2|Z^n)\hfill \\ \hfill & \stackrel{\left(a\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-H(W_1,W_2,F_1,F_2|{\tilde{X}}_1^n,{\tilde{X}}_2^n)\hfill \\ \hfill & \stackrel{\left(b\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-H(W_{u_1},W_{u_2},F_{u_1},F_{u_2},V_1^n,V_2^n|{\tilde{X}}_1^n,{\tilde{X}}_2^n)\hfill \\ \hfill & +H\left(V_1^n\right|W_1,W_2,F_1,F_2,{\tilde{X}}_1^n,{\tilde{X}}_2^n)+H\left(V_2^n\right|V_1^n,W_1,W_2,F_1,F_2,{\tilde{X}}_1^n,{\tilde{X}}_2^n)\hfill \\ \hfill & \stackrel{\left(c\right)}{\le }H(W_1,W_2,F_1,F_2|Z^n)-H(W_{u_1},W_{u_2},F_{u_1},F_{u_2},V_1^n,V_2^n|{\tilde{X}}_1^n,{\tilde{X}}_2^n)+2n{ϵ}_n^{\prime }\hfill \\ \hfill & \stackrel{\left(d\right)}{=}H(W_1,W_2,F_1,F_2|Z^n)-H(U_1^n,U_2^n,V_1^n,V_2^n|{\tilde{X}}_1^n,{\tilde{X}}_2^n)+2n{ϵ}_n^{\prime }\hfill \\ \hfill & +H\left(U_1^n\right|W_{u_1},W_{u_2},F_{u_1},F_{u_2},V_1^n,V_2^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n)\hfill \\ \hfill & +H\left(U_2^n\right|U_1^n,W_{u_1},W_{u_2},F_{u_1},F_{u_2},V_1^n,V_2^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n)\hfill \\ \hfill & \stackrel{\left(e\right)}{\le }H(W_1,W_2,F_1,F_2|Z^n)-H(U_1^n,U_2^n,V_1^n,V_2^n|{\tilde{X}}_1^n,{\tilde{X}}_2^n)+4n{ϵ}_n^{\prime }\hfill \\ \hfill & \stackrel{\left(f\right)}{\le }H(W_1,W_2,F_1,F_2|Z^n)-nH(U_1,U_2,V_1,V_2|{\tilde{X}}_1,{\tilde{X}}_2)+4n{ϵ}_n^{\prime }\hfill \end{array}$$

(85)

where $\left(a\right)$ follows from the Markov chain $(W_1,W_2,F_1,F_2)-({\tilde{X}}_1^n,{\tilde{X}}_2^n)-(Y^n,Z^n)$, $\left(b\right)$ follows since $(V_1^n,V_2^n)$ determine $(F_{v_1},W_{v_1},F_{v_2},W_{v_2})$, $\left(c\right)$ follows because $(F_{v_1},W_{v_1},{\tilde{X}}_1^n,{\tilde{X}}_2^n)$ can reliably recover $V_1^n$ by (58), and similarly because $(F_{v_2},W_{v_2},V_1^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n)$ can reliably recover $V_2^n$ by (59) both due to the Markov chain $(V_1^n,V_2^n)-({\tilde{X}}_1^n,{\tilde{X}}_2^n)-Y^n$, $\left(d\right)$ follows since $(U_1^n,U_2^n)$ determine $(F_{u_1},W_{u_1},F_{u_2},W_{u_2})$, $\left(e\right)$ follows because $(F_{u_1},W_{u_1},V_1^n,V_2^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n)$ can reliably recover $U_1^n$ by (60) and the inequality

$$\begin{array}{c}\hfill H\left(U_1\right|V_1,V_2,Y)\ge H\left(U_1\right|V_1,V_2,{\tilde{X}}_1,{\tilde{X}}_2^n)\end{array}$$

(86)

that can be proved similarly to (82) due to the Markov chain $U_1-(V_1,V_2,{\tilde{X}}_1,{\tilde{X}}_2)-Y$. Furthermore, $(F_{u_2},W_{u_2},V_1^n,V_2^n,U_1^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n)$ can reliably recover $U_2^n$ by (61) and the inequality

$$\begin{array}{c}\hfill H\left(U_2\right|V_1,V_2,U_1,Y)\ge H\left(U_2\right|V_1,V_2,U_1,{\tilde{X}}_1,{\tilde{X}}_2)\end{array}$$

(87)

that can be proved by using the Markov chain $U_2-(V_1,V_2,U_1,{\tilde{X}}_1,{\tilde{X}}_2)-Y$, and $\left(f\right)$ follows because $(U_1^n,U_2^n,V_1^n,V_2^n,{\tilde{X}}_1^n,{\tilde{X}}_2^n)$ are i.i.d.

We remark that the terms in (86) are entirely similar to the terms in (80). One can show that all steps of the decodability analysis from Section V-A of [20] that is applied to (80) can be applied also to (86) by replacing X with $({\tilde{X}}_1,{\tilde{X}}_2)$, so we obtain

$$\begin{array}{cc}\hfill & I({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n;W_1,W_2,F_1,F_2|Z^n)\hfill \\ \hfill & \le n{[I(U_1,U_2;Z|V_1,V_2)-I(U_1,U_2;Y|V_1,V_2)+ϵ]}^{-}\hfill \\ \hfill & +nI(U_1,U_2;{\tilde{X}}_1,{\tilde{X}}_2|Z)+5n{ϵ}_n^{\prime }.\hfill \end{array}$$

(88)

We consider that the public indices $(F_1,F_2)$ are generated uniformly at random and the encoders generate $(V_1^n,U_1^n)$ and $(V_2^n,U_2^n)$ according to $P_{V_1^n{U}_1^n{V}_2^n{U}_2^n|{\tilde{X}}_1^n{F}_1{\tilde{X}}_2^n{F}_2}$ obtained from the binning scheme above. This procedure induces a joint probability distribution that is almost equal to $P_{V_1{V}_2{U}_1{U}_2{\tilde{X}}_1{\tilde{X}}_{2}XYZ}$ fixed as in (19) Section 1.6 in [37]. Since the privacy and secrecy leakage metrics considered above are expectations over all possible realizations $F=f$, applying the selection lemma (Lemma 2.2 of [38]), these results prove the achievability for Theorem 1 by choosing an $ϵ>0$ such that $ϵ\to 0$ when $n\to \infty$. We remark that the achievable region is convexified by using a time-sharing random variable Q such that $P_{Q{V}_1{V}_2}=P_Q{P}_{V_1|Q}{P}_{V_2|Q}$, required because of the ${[·]}^{-}$ operation.□

5.2. Outer Bound

Proof Sketch 

Assume that for some $n\ge 1$ and ${\delta }_n>0$, there exist two encoders and a decoder such that (2)–(7) are satisfied for some tuple $(R_{\mathrm{s}},R_{{\mathrm{w}}_1},R_{\mathrm{w},2},R_{\ell ,\mathrm{Dec}},R_{\ell ,\mathrm{Eve}})$. Let

$$\begin{array}{cc}\hfill & V_{1,i}\triangleq (W_1,Y_{i+1}^n,Z^{i-1})\hfill \end{array}$$

(89)

$$\begin{array}{cc}\hfill & V_{2,i}\triangleq (W_2,Y_{i+1}^n,Z^{i-1})\hfill \end{array}$$

(90)

$$\begin{array}{cc}\hfill & U_{1,i}\triangleq (X^{i-1},W_1,Y_{i+1}^n,Z^{i-1})\hfill \end{array}$$

(91)

$$\begin{array}{cc}\hfill & U_{2,i}\triangleq (X^{i-1},W_2,Y_{i+1}^n,Z^{i-1})\hfill \end{array}$$

(92)

that satisfy the Markov chains

$$\begin{array}{cc}\hfill & V_{1,i}-U_{1,i}-{\tilde{X}}_{1,i}-X_i-({\tilde{X}}_{2,i},Y_i,Z_i)\hfill \end{array}$$

(93)

$$\begin{array}{cc}\hfill & V_{2,i}-U_{2,i}-{\tilde{X}}_{2,i}-X_i-({\tilde{X}}_{1,i},Y_i,Z_i).\hfill \end{array}$$

(94)

Admissibility of $({\mathbf{U}}_{\mathbf{1}},{\mathbf{U}}_{\mathbf{2}})$: Define

$$\begin{array}{c}\hfill n{ϵ}_n=n{\delta }_n|{\tilde{\mathcal{X}}}_1\left|\right|{\tilde{\mathcal{X}}}_2\left|\right|\mathcal{Y}|+H_b\left({\delta }_n\right)\end{array}$$

(95)

such that ${ϵ}_n\to 0$ if ${\delta }_n\to 0$. Using Fano’s inequality and (2), we obtain

$$\begin{array}{cc}\hfill & n{ϵ}_n\ge H\left(f^n\right|\widehat{f^n})\hfill \\ \hfill & \stackrel{\left(a\right)}{=}H\left(f^n\right|f^n)=\sum _{i=1}^{n}H\left(f_i\right|f_i)\hfill \\ \hfill & \ge \sum _{i=1}^{n}H\left(f_i\right|f^n)\stackrel{\left(b\right)}{\ge }\sum _{i=1}^{n}H\left(f_i\right|W_1,W_2,Y^n)\hfill \\ \hfill & \ge \sum _{i=1}^{n}H\left(f_i\right|W_1,W_2,Y^n,X^{i-1},Z^{i-1})\hfill \\ \hfill & \stackrel{\left(c\right)}{=}\sum _{i=1}^{n}H\left(f_i\right|W_1,W_2,Y_{i+1}^n,X^{i-1},Z^{i-1},Y_i)\hfill \\ \hfill & \stackrel{\left(d\right)}{=}\sum _{i=1}^{n}H\left(f_i\right|U_{1,i},U_{2,i},Y_i)\hfill \end{array}$$

(96)

where $\left(a\right)$ follows from Lemma 2 of [39] that proves that when $n\to \infty$, there exists an i.i.d. random variable $f^n$ that satisfies both

$$\begin{array}{c}\hfill H\left(f^n\right|\widehat{f^n})=H\left(f^n\right|f^n)\end{array}$$

(97)

and the Markov chain

$$\begin{array}{c}\hfill \widehat{f^n}-f^n-(W_1,W_2,Y^n)\end{array}$$

(98)

$\left(b\right)$ follows from the data processing inequality because of the Markov chain

$$\begin{array}{c}\hfill f^n-(W_1,W_2,Y^n)-f^n\end{array}$$

(99)

and permits randomized decoding, $\left(c\right)$ follows from the Markov chain

$$\begin{array}{c}\hfill Y^{i-1}-(X^{i-1},Z^{i-1},W_1,W_2,Y_i,Y_{i+1}^n)-f_i\end{array}$$

(100)

and $\left(d\right)$ follows from the definitions of $U_{1,i}$ and $U_{2,i}$.

Public Message (Storage) Rates: We obtain

$$\begin{array}{cc}\hfill & n(R_{{\mathrm{w}}_1}+{\delta }_n)\stackrel{\left(a\right)}{\ge }log\left|{\mathcal{W}}_1\right|\hfill \\ \hfill & \ge H\left(W_1\right|Y^n)-H\left(W_1\right|{\tilde{X}}_1^n,Y^n)\hfill \\ \hfill & =H\left({\tilde{X}}_1^n\right|Y^n)-H\left({\tilde{X}}_1^n\right|W_1,Y^n)\hfill \\ \hfill & =H\left({\tilde{X}}_1^n\right|Y^n)-\sum _{i=1}^{n}H\left({\tilde{X}}_{1,i}\right|{\tilde{X}}_1^{i-1},W_1,Y^n)\hfill \\ \hfill & \stackrel{\left(b\right)}{=}H\left({\tilde{X}}_1^n\right|Y^n)-\sum _{i=1}^{n}H\left({\tilde{X}}_{1,i}\right|{\tilde{X}}_1^{i-1},W_1,Y_{i+1}^n,Y_i)\hfill \\ \hfill & \stackrel{\left(c\right)}{\ge }H\left({\tilde{X}}_1^n\right|Y^n)-\sum _{i=1}^{n}H\left({\tilde{X}}_{1,i}\right|X^{i-1},Z^{i-1},W_1,Y_{i+1}^n,Y_i)\hfill \\ \hfill & \stackrel{\left(d\right)}{=}nH\left({\tilde{X}}_1\right|Y)-\sum _{i=1}^{n}H\left({\tilde{X}}_{1,i}\right|U_{1,i},Y_i)=\sum _{i=1}^{n}I(U_{1,i};{\tilde{X}}_{1,i}|Y_i)\hfill \\ \hfill & \stackrel{\left(e\right)}{=}\sum _{i=1}^n[I(V_{1,i};{\tilde{X}}_{1,i}|Y_i)+I(U_{1,i};{\tilde{X}}_{1,i}|Y_i,V_{1,i})]\hfill \\ \hfill & =\sum _{i=1}^n[I(V_{1,i};{\tilde{X}}_{1,i},V_{2,i}|Y_i)-I(V_{1,i};V_{2,i}|{\tilde{X}}_{1,i},Y_i)+I(U_{1,i};{\tilde{X}}_{1,i},U_{2,i}|Y_i,V_{1,i})\hfill \\ \hfill & -I(U_{1,i};U_{2,i}|{\tilde{X}}_{1,i},Y_i,V_{1,i}\left)\right]\hfill \\ \hfill & \ge \sum _{i=1}^n[I(V_{1,i};{\tilde{X}}_{1,i}|Y_i,V_{2,i})-I(V_{1,i};V_{2,i}|{\tilde{X}}_{1,i},Y_i)+I(U_{1,i};{\tilde{X}}_{1,i}|Y_i,V_{1,i},U_{2,i})\hfill \\ \hfill & -I(U_{1,i};U_{2,i}|{\tilde{X}}_{1,i},Y_i,V_{1,i}\left)\right]\hfill \end{array}$$

(101)

where $\left(a\right)$ follows from (4), $\left(b\right)$ follows from the Markov chain

$$\begin{array}{c}\hfill Y^{i-1}-({\tilde{X}}_1^{i-1},W_1,Y_{i+1}^n,Y_i)-{\tilde{X}}_{1,i}\end{array}$$

(102)

$\left(c\right)$ follows from the data processing inequality applied to the Markov chain

$$\begin{array}{cc}\hfill & (X^{i-1},Z^{i-1})-({\tilde{X}}_1^{i-1},W_1,Y_{i+1}^n,Y_i)-{\tilde{X}}_{1,i}\hfill \end{array}$$

(103)

$\left(d\right)$ follows from the definition of $U_{1,i}$, and $\left(e\right)$ follows from (93). Similarly, one can show by symmetry that we have

$$\begin{array}{cc}\hfill & n(R_{{\mathrm{w}}_2}+{\delta }_n)\hfill \\ \hfill & \ge \sum _{i=1}^n[I(V_{2,i};{\tilde{X}}_{2,i}|Y_i,V_{1,i})-I(V_{2,i};V_{1,i}|{\tilde{X}}_{2,i},Y_i)\hfill \\ \hfill & +I(U_{2,i};{\tilde{X}}_{2,i}|Y_i,V_{2,i},U_{1,i})-I(U_{2,i};U_{1,i}|{\tilde{X}}_{2,i},Y_i,V_{2,i})].\hfill \end{array}$$

(104)

Now we consider the sum-rate bound such that

$$\begin{array}{cc}\hfill & n(R_{{\mathrm{w}}_1}+{\delta }_n)+n(R_{{\mathrm{w}}_2}+{\delta }_n)\hfill \\ \hfill & \stackrel{\left(a\right)}{\ge }log\left(\right|{\mathcal{W}}_1|·|{\mathcal{W}}_2\left|\right)\ge H(W_1,W_2)\hfill \\ \hfill & \ge I(W_1,W_2;{\tilde{X}}_1^n,{\tilde{X}}_2^n)-I(W_1,W_2;Y^n)\hfill \\ \hfill & \stackrel{\left(b\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2;{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|{\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},Y_{i+1}^n)-I(W_1,W_2;Y_i|{\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},Y_{i+1}^n)\right]\hfill \end{array}$$

$$\begin{array}{cc}\hfill & \stackrel{\left(c\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2,{\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},Y_{i+1}^n;{\tilde{X}}_{1,i},{\tilde{X}}_{2,i})-I(W_1,W_2,{\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},Y_{i+1}^n;Y_i)\right]\hfill \\ \hfill & \stackrel{\left(d\right)}{\ge }\sum _{i=1}^n\left[I(W_1,W_2,X^{i-1},Z^{i-1},Y_{i+1}^n;{\tilde{X}}_{1,i},{\tilde{X}}_{2,i})-I(W_1,W_2,X^{i-1},Z^{i-1},Y_{i+1}^n;Y_i)\right]\hfill \\ \hfill & \stackrel{\left(e\right)}{=}\sum _{i=1}^n\left[I(U_{1,i},U_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i})-I(U_{1,i},U_{2,i};Y_i)\right]\hfill \\ \hfill & \stackrel{\left(f\right)}{=}\sum _{i=1}^{n}I(U_{1,i},U_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i)\hfill \\ \hfill & \stackrel{\left(g\right)}{=}\sum _{i=1}^n\left[I(U_{1,i},U_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i,V_{1,i},V_{2,i})+I(V_{1,i},V_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i)\right]\hfill \\ \hfill & \stackrel{\left(h\right)}{=}\sum _{i=1}^n[I(U_{1,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i,V_{1,i},V_{2,i})+I(U_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i,U_{1,i},V_{2,i})\hfill \\ \hfill & +I(V_{1,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i)+I(V_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i,V_{1,i})]\hfill \\ \hfill & \ge \sum _{i=1}^n[I(U_{1,i};{\tilde{X}}_{1,i}|Y_i,V_{1,i},V_{2,i})+I(U_{2,i};{\tilde{X}}_{2,i}|Y_i,U_{1,i},V_{2,i})\hfill \\ \hfill & +I(V_{1,i};{\tilde{X}}_{1,i}|Y_i)+I(V_{2,i};{\tilde{X}}_{2,i}|Y_i,V_{1,i})]\hfill \end{array}$$

(105)

where $\left(a\right)$ follows from (4) and (5), $\left(b\right)$ follows from Csiszár’s sum identity [40], $\left(c\right)$ follows because $({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)$ are i.i.d., $\left(d\right)$ follows from the data processing inequality applied to the Markov chains

$$\begin{array}{cc}\hfill & (X^{i-1},Z^{i-1})-({\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},W_1,W_2,Y_{i+1}^n)-({\tilde{X}}_{1,i},{\tilde{X}}_{2,i})\hfill \end{array}$$

(106)

$$\begin{array}{cc}\hfill & ({\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1})-(X^{i-1},Z^{i-1},W_1,W_2,Y_{i+1}^n)-Y_i\hfill \end{array}$$

(107)

$\left(e\right)$ follows from the definitions of $U_{1,i}$ and $U_{2,i}$, $\left(f\right)$ and $\left(g\right)$ follow from the Markov chain

$$\begin{array}{c}\hfill (V_{1,i},V_{2,i})-(U_{1,i},U_{2,i})-({\tilde{X}}_{1,i},{\tilde{X}}_{2,i})-Y_i\end{array}$$

(108)

$\left(h\right)$ follows from the Markov chain

$$\begin{array}{c}\hfill V_{1,i}-(U_{1,i},Y_i,V_{2,i})-(U_{2,i},{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}).\end{array}$$

(109)

Privacy Leakage to Decoder: We have

$$\begin{array}{cc}\hfill & n(R_{\ell ,\mathrm{Dec}}+{\delta }_n)\hfill \end{array}$$

(110)

$$\begin{array}{cc}\hfill & \stackrel{\left(a\right)}{\ge }H(W_1,W_2|Y^n)-H(W_1,W_2|X^n)\hfill \\ \hfill & \stackrel{\left(b\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2;X_i|X^{i-1},Y_{i+1}^n)-I(W_1,W_2;Y_i|Y_{i+1}^n,X^{i-1})\right]\hfill \\ \hfill & \stackrel{\left(c\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2;X_i|X^{i-1},Z^{i-1},Y_{i+1}^n)-I(W_1,W_2;Y_i|Y_{i+1}^n,X^{i-1},Z^{i-1})\right]\hfill \\ \hfill & \stackrel{\left(d\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2,X^{i-1},Z^{i-1},Y_{i+1}^n;X_i)-I(W_1,W_2,Y_{i+1}^n,X^{i-1},Z^{i-1};Y_i)\right]\hfill \\ \hfill & \stackrel{\left(e\right)}{=}\sum _{i=1}^n\left[I(U_{1,i},U_{2,i};X_i)-I(U_{1,i},U_{2,i};Y_i)\right]\hfill \\ \hfill & \stackrel{\left(f\right)}{=}\sum _{i=1}^{n}I(U_{1,i},U_{2,i};X_i|Y_i)\hfill \end{array}$$

(111)

where $\left(a\right)$ follows from (6) and from the Markov chain $(W_1,W_2)-X^n-Y^n$, $\left(b\right)$ follows from Csiszár’s sum identity, $\left(c\right)$ follows from the Markov chain

$$\begin{array}{cc}\hfill & Z^{i-1}-(X^{i-1},Y_{i+1}^n)-(X_i,Y_i,W_1,W_2)\hfill \end{array}$$

(112)

$\left(d\right)$ follows because $(X^n,Y^n,Z^n)$ are i.i.d., $\left(e\right)$ follows from the definitions of $U_{1,i}$ and $U_{2,i}$, and $\left(f\right)$ follows from the Markov chain

$$\begin{array}{c}\hfill (U_{1,i},U_{2,i})-X_i-Y_i.\end{array}$$

(113)

Privacy Leakage to Eve: We have

$$\begin{array}{cc}\hfill & n(R_{\ell ,\mathrm{Eve}}+{\delta }_n)\hfill \\ \hfill & \stackrel{\left(a\right)}{\ge }[H(W_1,W_2|Z^n)-H(W_1,W_2|Y^n)]+[H(W_1,W_2|Y^n)-H(W_1,W_2|X^n)]\hfill \\ \hfill & \stackrel{\left(b\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2;Y_i|Y_{i+1}^n,Z^{i-1})-I(W_1,W_2;Z_i|Z^{i-1},Y_{i+1}^n)\right]\hfill \\ \hfill & +\sum _{i=1}^n\left[I(W_1,W_2;X_i|X^{i-1},Y_{i+1}^n)-I(W_1,W_2;Y_i|Y_{i+1}^n,X^{i-1})\right]\hfill \\ \hfill & \stackrel{\left(c\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2;Y_i|Y_{i+1}^n,Z^{i-1})-I(W_1,W_2;Z_i|Z^{i-1},Y_{i+1}^n)\right]\hfill \\ \hfill & +\sum _{i=1}^n\left[I(W_1,W_2;X_i|X^{i-1},Y_{i+1}^n,Z^{i-1})-I(W_1,W_2;Y_i|Y_{i+1}^n,X^{i-1},Z^{i-1})\right]\hfill \\ \hfill & \stackrel{\left(d\right)}{=}\sum _{i=1}^n\left[I(W_1,W_2,Y_{i+1}^n,Z^{i-1};Y_i)-I(W_1,W_2,Z^{i-1},Y_{i+1}^n;Z_i)\right]\hfill \\ \hfill & +\sum _{i=1}^n\left[I(W_1,W_2,X^{i-1},Y_{i+1}^n,Z^{i-1};X_i)-I(W_1,W_2,Y_{i+1}^n,X^{i-1},Z^{i-1};Y_i)\right]\hfill \\ \hfill & \stackrel{\left(e\right)}{=}\sum _{i=1}^n[I(V_{1,i},V_{2,i};Y_i)-I(V_{1,i},V_{2,i};Z_i)+I(U_{1,i},U_{2,i}{V}_{1,i},V_{2,i};X_i)\hfill \\ \hfill & -I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};Y_i)]\hfill \\ \hfill & =\sum _{i=1}^n[-I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};Z_i)+I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};X_i)\hfill \\ \hfill & +I(U_{1,i},U_{2,i};Z_i|V_{1,i},V_{2,i})-I(U_{1,i},U_{2,i};Y_i|V_{1,i},V_{2,i})]\hfill \\ \hfill & \stackrel{\left(f\right)}{\ge }\sum _{i=1}^n\left[I(U_{1,i},U_{2,i};X_i|Z_i)+{\left[I(U_{1,i},U_{2,i};Z_i|V_{1,i},V_{2,i})-I(U_{1,i},U_{2,i};Y_i|V_{1,i},V_{2,i})\right]}^{-}\right]\hfill \end{array}$$

(114)

where $\left(a\right)$ follows from (7) and from the Markov chain $(W_1,W_2)-X^n-Z^n$, $\left(b\right)$ follows from Csiszár’s sum identity, $\left(c\right)$ follows from the Markov chain in (112), $\left(d\right)$ follows because $(X^n,Y^n,Z^n)$ are i.i.d., $\left(e\right)$ follows from the definitions of $V_{1,i}$, $V_{2,i}$, $U_{1,i}$ and $U_{2,i}$, and $\left(f\right)$ follows from the Markov chain

$$\begin{array}{c}\hfill (V_{1,i},V_{2,i})-(U_{1,i},U_{2,i})-X_i-Z_i.\end{array}$$

(115)

Secrecy Leakage (to Eve): We obtain

$$\begin{array}{cc}\hfill & n(R_{\mathrm{s}}+{\delta }_n)\hfill \\ & \stackrel{\left(a\right)}{\ge }[H(W_1,W_2|Z^n)-H(W_1,W_2|Y^n)]+[H(W_1,W_2|Y^n)-H(W_1,W_2|{\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)]\hfill \\ \hfill & \stackrel{\left(b\right)}{=}\sum _{i=1}^n[I(W_1,W_2;Y_i|Y_{i+1}^n,Z^{i-1})-I(W_1,W_2;Z_i|Z^{i-1},Y_{i+1}^n)\hfill \\ \hfill & +H({\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i)-H({\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|{\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},W_1,W_2,Y_{i+1}^n,Y_i)]\hfill \\ \hfill & \stackrel{\left(c\right)}{\ge }\sum _{i=1}^n[I(W_1,W_2,Y_{i+1}^n,Z^{i-1};Y_i)-I(W_1,W_2,Z^{i-1},Y_{i+1}^n;Z_i)\hfill \\ \hfill & +H({\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i)-H({\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|X^{i-1},Z^{i-1},W_1,W_2,Y_{i+1}^n,Y_i)]\hfill \\ \hfill & \stackrel{\left(d\right)}{=}\sum _{i=1}^n\left[I(V_{1,i},V_{2,i};Y_i)-I(V_{1,i},V_{2,i};Z_i)+I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Y_i)\right]\hfill \\ \hfill & \stackrel{\left(e\right)}{=}\sum _{i=1}^n[I(V_{1,i},V_{2,i};Y_i)-I(V_{1,i},V_{2,i};Z_i)\hfill \\ \hfill & +I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i})-I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};Y_i)]\hfill \\ \hfill & =\sum _{i=1}^n[-I(U_{1,i},U_{2,i},V_{1,i},V_{2,i};Z_i)+I(U_{1,i}{U}_{2,i},V_{1,i},V_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i})\hfill \\ \hfill & +I(U_{1,i},U_{2,i};Z_i|V_{1,i},V_{2,i})-I(U_{1,i},U_{2,i};Y_i|V_{1,i},V_{2,i})]\hfill \\ \hfill & \stackrel{\left(f\right)}{\ge }\sum _{i=1}^n\left[I(U_{1,i},U_{2,i};{\tilde{X}}_{1,i},{\tilde{X}}_{2,i}|Z_i)+{\left[I(U_{1,i},U_{2,i};Z_i|V_{1,i},V_{2,i})-I(U_{1,i},U_{2,i};Y_i|V_{1,i},V_{2,i})\right]}^{-}\right]\hfill \end{array}$$

(116)

where $\left(a\right)$ follows from (3), $\left(b\right)$ follows because $({\tilde{X}}_1^n,{\tilde{X}}_2^n,Y^n)$ are i.i.d. and from Csiszár’s sum identity and the Markov chain

$$\begin{array}{c}\hfill Y^{i-1}-({\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},W_1,W_2,Y_{i+1}^n,Y_i)-({\tilde{X}}_{1,i},{\tilde{X}}_{2,i})\end{array}$$

(117)

$\left(c\right)$ follows because $(Y^n,Z^n)$ are i.i.d. and from the data processing inequality applied to the Markov chain

$$\begin{array}{c}\hfill (X^{i-1},Z^{i-1})-({\tilde{X}}_1^{i-1},{\tilde{X}}_2^{i-1},W_1,W_2,Y_{i+1}^n,Y_i)-({\tilde{X}}_{1,i},{\tilde{X}}_{1,i})\end{array}$$

(118)

$\left(d\right)$ follows from the definitions of $V_{1,i}$, $V_{2,i}$, $U_{1,i}$, and $U_{2,i}$, $\left(e\right)$ follows from the Markov chain given in (108), and $\left(f\right)$ follows from the Markov chain

$$\begin{array}{c}\hfill (V_{1,i},V_{2,i})-(U_{1,i},U_{2,i})-({\tilde{X}}_{1,i},{\tilde{X}}_{2,i})-Z_i.\end{array}$$

(119)

Introduce a uniformly distributed time-sharing random variable ${\displaystyle Q\sim \mathrm{Unif}[1:n]}$ that is independent of other random variables, and define $X=X_Q$, ${\displaystyle {\tilde{X}}_1={\tilde{X}}_{1,Q}}$, ${\displaystyle {\tilde{X}}_2={\tilde{X}}_{2,Q}}$, ${\displaystyle Y=Y_Q}$, ${\displaystyle Z=Z_Q}$, $V_1=V_{1,Q}$, $V_2=V_{2,Q}$, $U_1=(U_{1,Q},Q)$, $U_2=(U_{2,Q},Q)$, and $f=f_Q$, so

$$\begin{array}{cc}\hfill & (Q,V_1)-U_1-{\tilde{X}}_1-X-({\tilde{X}}_2,Y,Z)\hfill \end{array}$$

(120)

$$\begin{array}{cc}\hfill & (Q,V_2)-U_2-{\tilde{X}}_2-X-({\tilde{X}}_1,Y,Z)\hfill \end{array}$$

(121)

form Markov chains. The proof of the outer bound follows by letting ${\delta }_n\to 0$.

Cardinality Bounds: We use the support lemma Lemma 15.4 of [40] to prove the cardinality bounds and apply similar steps as in [18,20], so we omit the proof. □

6. Conclusions

We considered the function computation problem, where three nodes observe correlated random variables and aim to compute a target function of their observations at the fusion center node. We modeled the source of the correlation between these nodes by positing that all three random variables are noisy observations of a remote random source. Furthermore, we imposed one secrecy, two privacy, and two storage constraints with operational meanings on this function computation problem to define a lossless rate region by considering an eavesdropper that observes a correlated random variable. The lossless function computation problem was extended by allowing the function computed to be a distorted version of the target function, which defined the lossy function computation problem.

We proposed inner and outer bounds for the lossless and lossy rate regions. The secrecy leakage and privacy leakage rates that are measured with respect to the eavesdropper were shown to be different due to the remote source considered, unlike in the literature. Furthermore, we characterized a simplified rate region for functions that are partially invertible with respect to one of the transmitting node observations as well as for invertible functions. Moreover, we considered two different physical-degradation cases for the measurement channels of the eavesdropper and fusion center when the function computed was invertible. We derived the corresponding simplified rate regions, one of which is evaluated as an example scenario, and proved that no auxiliary or time-sharing random variable is necessary to characterize these regions.

In future work, we will propose inner and outer bounds for the lossless and lossy multi-function computation problems with multiple transmitting nodes and characterize the rate regions for multi-function computations when the function computed is invertible.