Multiterminal Secrecy by Public Discussion

This monograph describes principles of information theoretic secrecygeneration by legitimate parties with public discussion in the presenceof an eavesdropper. The parties are guaranteed secrecy in the form ofindependence from the eavesdropper's observation of the communication.Part I develops basic technical tools for secrecy generation, many ofwhich are potentially of independent interest beyond secrecy settings.Various information theoretic and cryptographic notions of secrecy arecompared. Emphasis is placed on central themes of interactive communicationand common randomness as well as on core methods ofbalanced coloring and leftover hash for extracting secret uniform randomness.Achievability and converse results are shown to emerge from"single shot" incarnations that serve to explain essential structure.Part II applies the methods of Part I to secrecy generation in twosettings: a multiterminal source model and a multiterminal channelmodel, in both of which the legitimate parties are afforded privilegedaccess to correlated observations of which the eavesdropper has onlypartial knowledge. Characterizations of secret key capacity bring outinherent connections to the data compression concept of omniscienceand, for a specialized source model, to a combinatorial problem of maximalspanning tree packing in a multigraph. Interactive common informationis seen to govern the minimum rate of communication needed toachieve secret key capacity in the two-terminal source model. Furthermore,necessary and sufficient conditions are analyzed for the securecomputation of a given function in the multiterminal source model.Based largely on known recent results, this self-contained monographalso includes new formulations with associated new proofs. Supplementingeach chapter in Part II are descriptions of several openproblems.