Secure Broadcasting : The secrecy Rate Region

Abstract

In this paper, we consider a scenario where a source node wishes to broadcast two confidential messages for two respective receivers, while a wire-tapper also receives the transmitted signal. This model is motivated by wireless communications, where individual secure messages are broadcast over open media and can be received by any illegitimate receiver. The secrecy level is measured by equivocation rate at the eavesdropper. We first study the general (non-degraded) broadcast channel with confidential messages. We present an inner bound on the secrecy capacity region for this model. The inner bound coding scheme is based on a combination of random binning and the Gelfand-Pinsker bining. This scheme matches the Marton's inner bound on the broadcast channel without confidentiality constraint. We further study the situation where the channels are degraded. For the degraded broadcast channel with confidential messages, we present the secrecy capacity region. Our achievable coding scheme is based on Cover's superposition scheme and random binning. We refer to this scheme as secret superposition scheme. In this scheme, we show that randomization in the first layer increases the secrecy rate of the second layer. This capacity region matches the capacity region of the degraded broadcast channel without security constraint. It also matches the secrecy capacity for the conventional wire-tap channel. Our converse proof is based on a combination of the converse proof of the conventional degraded broadcast channel and Csiszar lemma.

Full text

1
Secure Broadcasting: The Secrecy Rate Region
Ghadamali Bagherikaram, Abolfazl S. Motahari, Amir K. Khandani
Coding and Signal Transmission Laboratory,
Department of Electrical and Computer Engineering,
University of Waterloo, Waterloo, Ontario, N2L 3G1
Emails: {gbagheri,abolfazl,khandani}@cst.uwaterloo.ca
1
Abstract
In this paper, we consider a scenario where a source node wishes to broadcast two confidential messages for two respective
receivers, while a wire-tapper also receives the transmitted signal. This model is motivated by wireless communications, where
individual secure messages are broadcast over open media and can be received by any illegitimate receiver. The secrecy level
is measured by the equivocation rate at the eavesdropper. We first study the general (non-degraded) broadcast channel with
confidential messages. We present an inner bound on the secrecy capacity region for this model. The inner bound coding scheme
is based on a combination of random binning, and the Gelfand-Pinsker bining. This scheme matches Marton’s inner bound on the
broadcast channel without confidentiality constraint. We further study the situation in which the channels are degraded. For the
degraded broadcast channel with confidential messages, we present the secrecy capacity region. Our achievable coding scheme
is based on Cover’s superposition scheme and random binning. We refer to this scheme as Secret Superposition Scheme. In this
scheme, we show that randomization in the first layer increases the secrecy rate of the second layer. This capacity region matches
the capacity region of the degraded broadcast channel without security constraint. It also matches the secrecy capacity for the
conventional wire-tap channel. Our converse proof is based on a combination of the converse proof of the conventional degraded
broadcast channel and Csiszar Lemma. We then assume that the channels are Additive White Gaussian Noise (AWGN) and show
that secret superposition scheme with Gaussian codebook is optimal. The converse proof is based on the generalized entropy power
inequality. Finally, we use a broadcast strategy for the slowly fading wire-tap channel when only the eavesdropper’s channel is
fixed and known at the transmitter. We derive the optimum power allocation for the layers which maximizes the total average
rate.
I. INTRODUCTION
The notion of information theoretic secrecy in communication systems was first introduced by Shannon in [1]. The information
theoretic secrecy requires that the received signal of the eavesdropper not provide even a single bit information about the
transmitted messages. Shannon considered a pessimistic situation where both the intended receiver and the eavesdropper have
direct access to the transmitted signal (which is called ciphertext). Under these circumstances, he proved a negative result
showing that perfect secrecy can be achieved only when the entropy of the secret key is greater than, or equal to the entropy
of the message. In modern cryptography, all practical cryptosystems are based on Shannnon’s pessimistic assumption. Due to
practical constraints, secret keys are much shorter than messages. Therefore, these practical cryptosystems are theoretically
susceptible of breaking by attackers. The goal of designing such practical ciphers, however, is to guarantee that no efficient
algorithm exists for breaking them.
Wyner in [2] showed that the above negative result is a consequence of Shannon’s restrictive assumption that the adversary
has access to precisely the same information as the legitimate receiver. Wyner considered a scenario in which a wire-tapper
receives the transmitted signal over a degraded channel with respect to the legitimate receiver’s channel. He further assumed
that the wire-tapper has no computational limitations and knows the codebook used by the transmitter. He measured the
level of ignorance at the eavesdropper by its equivocation and characterized the capacity-equivocation region. Interestingly, a
non-negative perfect secrecy capacity is always achievable for this scenario.
The secrecy capacity for the Gaussian wire-tap channel is characterized by Leung-Yan-Cheong in [3]. Wyner’s work is
then extended to the general (non-degraded) broadcast channel with confidential messages by Csiszar and Korner [4]. They
considered transmitting confidential information to the legitimate receiver while transmitting common information to both
the legitimate receiver and the wire-tapper. They established a capacity-equivocation region of this channel. The BCC has
recently been further studied in [5]–[7], where the source node transmits a common message for both receivers, along with
two additional confidential messages for two respective receivers. Here,the confidentiality of each message is measured with
respect to the other user, and there is no external eavesdropper.
The fading wire-tap channel is investigated in [8] where the source-to destination channel and the source-to-eavesdropper
channel are corrupted by multiplicative fading gain coefficients, in addition to additive white Gaussian noise terms. In this
work, channels are fast fading and the channel state information of the legitimate receiver is available at the transmitter. The
1Financial support provided by Nortel and the corresponding matching funds by the Natural Sciences and Engineering Research Council of Canada (NSERC),
and Ontario Centres of Excellence (OCE) are gratefully acknowledged.

2
perfect secrecy capacity is derived for two different scenarios regarding the availability of the eavesdropper’s CSI. Moreover,
the optimal power control policy is obtained for the different scenarios. The effect of the slowly fading channel on the secrecy
capacity of a conventional wire-tap channel was studied in [9], [10]. In these works, it is assumed that the fading is quasi-static
and the transmitter does not know the fading gains. The outage probability, which is the probability that the main channel is
stronger than the eavesdropper’s channel, is defined in these works. In an outage strategy, the transmission rate is fixed and
the information is detected when the instantaneous main channel is stronger than the instantaneous eavesdropper’s channel;
otherwise, either nothing is decoded at the legitimate receiver, or the information is leaked to the eavesdropper. The term
outage capacity refers to the maximum achievable average rate. In [11], a broadcast strategy for the slowly fading Gaussian
point to point channel is introduced. In this strategy, the transmitter uses a layered coding scheme and the receiver is viewed
as a continuum of ordered users.
In [12], the wire-tap channel is extended to the parallel broadcast channels and the fading channels with multiple receivers.
Here, the secrecy constraint is a perfect equivocation for each of the messages, even if all the other messages are revealed to
the eavesdropper. The secrecy sum capacity for a reverse broadcast channel is derived subject to this restrictive assumption.
The notion of the wire-tap channel is also extended to multiple access channels [13]–[16], relay channels [17]–[20], parallel
channels [21] and MIMO channels [22]–[27]. Some other related works on the communication of confidential messages can
be found in [28]–[32].
In this paper, we consider a scenario where a source node wishes to broadcast two confidential messages for two respective
receivers, while a wire-tapper also receives the transmitted signal. This model is motivated by wireless communications, where
individual secure messages are broadcast over shared media and can be received by any illegitimate receiver. In fact, we simplify
the restrictive constraint imposed in [12] and assume that the eavesdropper does not have access to the other messages. We
first study the general broadcast channel with confidential messages. We present an achievable rate region for this channel. Our
achievable coding scheme is based on a combination of random binning and the Gelfand-Pinsker bining [33]. This scheme
matches Marton’s inner bound [34] on the broadcast channel without confidentiality constraint. We further study the situation
wherein the channels are physically degraded and characterize the secrecy capacity region. Our achievable coding scheme
is based on Cover’s superposition coding [35] and the random binning. We refer to this scheme as the Secret Superposition
Coding. This capacity region matches the capacity region of the degraded broadcast channel without anys security constraint. It
also matches the secrecy capacity of the wire-tap channel. We also characterize the secrecy capacity region when the channels
are additive white Gaussian noise. We show that the secret superposition of Gaussian codebooks is the optimal choice. Based
on the rate characterization of the secure broadcast channel, we then use broadcast strategy for the slow fading wire-tap channel
when only the eavesdropper’s channel is fixed and known at the transmitter. In broadcast strategy, a source node sends secure
layers of coding and the receiver is viewed as a continuum of ordered users. We derive optimum power allocation for the
layers which maximizes the total average rate.
The rest of the paper is organized as follows: in section II we introduce the system model. In section III we provide an
inner bound on the secrecy capacity region when the channels are not degraded. In section IV we specialize our channel to the
degraded ones and establish the secrecy capacity region. In section V we derive the secrecy capacity region when the channels
are AWGN. Based on the secrecy capacity region of the AWGN channel, in section VI we use a broadcast strategy for the
slow fading wire-tap channel when the transmitter only knows the eavesdropper’s channel. Section VII concludes the paper.
II. PR EL IM INA RI ES
In this paper, random variables are denoted by capital letters (e.g. X) and their realizations are denoted by corresponding
lower case letters (e.g. x). The finite alphabet of a random variable is denoted by a script letter (e.g. X) and its probability
distribution is denoted by P(x). The vectors will be written as xn= (x1, x2, ..., xn), where subscripted letters denote the
components and superscripted letters denote the vector. Bold capital letters represent matrices (e.g. A). The notation xi−1
denotes the vector (x1, x2, ..., xi−1)and the notation exidenotes the vector (xi, xi+1, ..., xn). A similar notation will be used
for random variables and random vectors.
Consider a Broadcast Channel with Confidential Messages (BCCM) as depicted in Fig. 4. In this confidential setting, the
transmitter wishes to send two independent messages (W1, W2)to the respective receivers in nuses of the channel and prevent
the eavesdropper from having any information about the messages. A discrete memoryless broadcast channel with confidential
messages is represented by (X, P, Y1,Y2,Z)where, Xis the finite input alphabet set, Y1,Y2and Zare three finite output
alphabet sets, and Pis the channel transition probability P(y1, y2, z|x). The input of the channel is xn∈ X nand the outputs
are yn
1∈ Yn
1,yn
2∈ Yn
2,and zn∈ Znfor Receiver 1, Receiver 2, and the eavesdropper, respectively. The channel is discrete
memoryless in the sense that
P(yn
1, yn
2, zn|xn) =
n
Y
i=1
P(y1,i, y2,i , zi|xi).(1)
A((2nR1,2nR2), n)code for a broadcast channel with confidential messages consists of a stochastic encoder
f: ({1,2, ..., 2nR1} × {1,2, ..., 2nR2})→ X n,(2)

3
Decoder1
Eavesdropper
Encoder Decoder2
Xn
Yn
1
d
W2
Yn
2
d
W1
P(y1, y2, z|x)(W1, W2)
Zn
Fig. 1. Broadcast Channel with Confidential Messages
and two decoders,
g1:Yn
1→ {1,2, ..., 2nR1}(3)
and
g2:Yn
2→ {1,2, ..., 2nR2}.(4)
The average probability of error is defined as the probability that the decoded messages are not equal to the transmitted
messages; that is,
P(n)
e=P(g1(Yn
1)6=W1∪g2(Yn
2)6=W2).(5)
The knowledge that the eavesdropper gets about W1and W2from its received signal Znis measured by
I(Zn, W1) = H(W1)−H(W1|Zn),(6)
I(Zn, W2) = H(W2)−H(W2|Zn),(7)
and
I(Zn,(W1, W2)) = H(W1, W2)−H(W1, W2|Zn).(8)
Perfect secrecy revolves around the idea that the eavesdropper cannot get even a single bit information about the transmitted
messages. Perfect secrecy thus requires that
I(Zn, W1) = 0 ⇔H(W1) = H(W1|Zn),
I(Zn, W2) = 0 ⇔H(W2) = H(W2|Zn),
and
I(Zn,(W1, W2)) = 0 ⇔H(W1, W2) = H(W1, W2|Zn).
The secrecy levels of confidential messages W1and W2are measured at the eavesdropper in terms of equivocation rates which
are defined as follows.
Definition 1 The equivocation rates Re1,Re2and Re12 for the Broadcast channel with confidential messages are:
Re1=1
nH(W1|Zn),
Re2=1
nH(W2|Zn),
Re12 =1
nH(W1, W2|Zn).
The perfect secrecy rates R1and R2are the amount of information that can be sent to the legitimate receivers in a reliable
and confidential manner.
Definition 2 A secrecy rate pair (R1, R2)is said to be achievable if for any ² > 0, ²1>0, ²2>0, ²3>0, there exists a
sequence of ((2nR1,2nR2), n)codes, such that for sufficiently large n, we have:
P(n)
e≤², (9)
Re1≥R1−²1,(10)
Re2≥R2−²2,(11)
Re12≥R1+R2−²3.(12)

4
1
2
1
2
.
.
.
2nR2
.
.
.
· · ·· · ·
2nR1
(Vn
1, V n
2)∈A(n)

Fig. 2. The Stochastic Encoder
In the above definition, the first condition concerns the reliability, while the other conditions guarantee perfect secrecy for each
individual message and both messages as well. The capacity region is defined as follows.
Definition 3 The capacity region of the broadcast channel with confidential messages is the closure of the set of all achievable
rate pairs (R1, R2).
III. ACHI EVAB LE RATE S FO R GEN ER AL BCCM
In this section, we consider the general broadcast channel with confidential messages and present an achievable rate region.
Our achievable coding scheme is based on a combination of the random binning and Gelfand-Pinsker bining schemes [33].
The following theorem illustrates the achievable rate region for this channel.
Theorem 1 Let RIdenote the union of all non-negative rate pairs (R1, R2)satisfying
R1≤I(V1;Y1)−I(V1;Z),
R2≤I(V2;Y2)−I(V2;Z),
R1+R2≤I(V1;Y1) + I(V2;Y2)−I(V1, V2;Z)−I(V1;V2),
over all joint distributions P(v1, v2)P(x|v1, v2)P(y1, y2, z|x). Any rate pair (R1, R2)∈RIis then achievable for the broadcast
channel with confidential messages.
Remark 1 If we remove the secrecy constraints by removing the eavesdropper, then the above rate region becomes Marton’s
achievable region for the general broadcast channel.
Remark 2 If we remove one of the users, e.g. user 2, then we get Csiszar and Korner’s secrecy capacity for the other user.
Proof:
1) Codebook Generation: The structure of the encoder is depicted in Fig.2. Fix P(v1),P(v2)and P(x|v1, v2). The stochastic
encoder generates 2n(I(V1;Y1)−²)independent and identically distributed sequences vn
1according to the distribution P(vn
1) =
Qn
i=1 P(v1,i). Next, randomly distribute these sequences into 2nR1bins such that each bin contains 2n(I(V1;Z)−²)codewords.
Similarly, it generates 2n(I(V2;Y2)−²)independent and identically distributed sequences vn
2according to the distribution P(vn
2) =
Qn
i=1 P(v2,i). Randomly distribute these sequences into 2nR2bins such that each bin contains 2n(I(V2;Z)−²)codewords. Index
each of the above bins by w1∈ {1,2, ..., 2nR1}and w2∈ {1,2, ..., 2nR2}respectively.
2) Encoding: To send messages w1and w2, the transmitter looks for vn
1in bin w1of the first bin set and looks for vn
2in bin
w2of the second bin set, such that (vn
1, vn
2)∈A(n)
²(PV1,V2)where A(n)
²(PV1,V2)denotes the set of jointly typical sequences vn
1
and vn
2with respect to P(v1, v2). The rates are such that there exist more than one joint typical pair. The transmitter randomly
chooses one of them and then generates xnaccording to P(xn|vn
1, vn
2) = Qn
i=1 P(xi|v1,i, v2,i ). This scheme is equivalent to
the scenario in which each bin is divided into subbins and the transmitter randomly chooses one of the subbins of bin w1and
one of the subbins of bin w2. It then looks for a joint typical sequence (vn
1, vn
2)in the corresponding subbins and generates
xn.

5
3) Decoding: The received signals at the legitimate receivers, yn
1and yn
2, are the outputs of the channels P(yn
1|xn) =
Qn
i=1 P(y1,i|xi)and P(yn
2|xn) = Qn
i=1 P(y2,i|xi), respectively. The first receiver looks for the unique sequence vn
1such that
(vn
1, yn
1)is jointly typical and declares the index of the bin containing vn
1as the message received. The second receiver uses
the same method to extract the message w2.
4) Error Probability Analysis: Since the region of (9) is a subset of Marton’s region, then the error probability analysis is
the same as [34].
5) Equivocation Calculation: The proof of secrecy requirement for each individual message (10) and (11) is straightforward
and may therefore be omitted.
To prove the requirement of (12) from H(W1, W2|Zn), we have
nRe12 =H(W1, W2|Zn)
=H(W1, W2, Zn)−H(Zn)
=H(W1, W2, V n
1, V n
2, Zn)−H(Vn
1, V n
2|W1, W2, Zn)−H(Zn)
=H(W1, W2, V n
1, V n
2) + H(Zn|W1, W2, V n
1, V n
2)−H(Vn
1, V n
2|W1, W2, Zn)−H(Zn)
(a)
≥H(W1, W2, V n
1, V n
2) + H(Zn|W1, W2, V n
1, V n
2)−n²n−H(Zn)
(b)
=H(W1, W2, V n
1, V n
2) + H(Zn|Vn
1, V n
2)−n²n−H(Zn)
(c)
≥H(Vn
1, V n
2) + H(Zn|Vn
1, V n
2)−n²n−H(Zn)
=H(Vn
1) + H(Vn
2)−I(Vn
1;Vn
2)−I(Vn
1, V n
2;Zn)−n²n
(d)
≥I(Vn
1;Yn
1) + I(Vn
2;Yn
2)−I(Vn
1;Vn
2)−I(Vn
1, V n
2;Zn)−n²n
≥nR1+nR2−n²n,
where (a)follows from Fano’s inequality, which states that for sufficiently large n,H(Vn
1, V n
2|W1, W2, Zn)≤h(P(n)
we )
+nP n
weRw≤n²n. Here Pn
we denotes the wiretapper’s error probability of decoding (vn
1, vn
2)in the case that the bin numbers
w1and w2are known to the eavesdropper and Rw=I(V1;Z)+I(V2;Z)≤I(V1, V2;Z)+I(V1;V2). Since the sum rate is small
enough, then Pn
we →0for sufficiently large n.(b)follows from the following Markov chain: (W1, W2)→(Vn
1, V n
2)→Zn.
Hence, we have H(Zn|W1, W2, V n
1, V n
2) = H(Zn|Vn
1, V n
2).(c)follows from the fact that H(W1, W2, V n
1, V n
2)≥H(Vn
1, V n
2).
(d)follows from that fact that H(Vn
1)≥I(Vn
1;Yn
1)and H(Vn
2)≥I(Vn
2;Yn
2).
IV. THE CA PACI TY RE GI ON O F TH E DEG RA DE D BCCM
In this section, we consider the degraded broadcast channel with confidential messages and establish its secrecy capacity
region.
Definition 4 A broadcast channel with confidential messages is said to be physically degraded, if X→Y1→Y2→Zforms
a Markov chain. In other words, we have
P(y1, y2, z|x) = P(y1|x)P(y2|y1)P(z|y2).
Definition 5 A broadcast channel with confidential messages is said to be stochastically degraded if its conditional marginal
distributions are the same as that of a physically degraded broadcast channel, i.e., if there exist two distributions P0(y2|y1)
and P0(z|y2), such that
P(y2|x)= X
y1
P(y1|x)P0(y2|y1),
P(z|x)= X
y2
P(y2|x)P0(z|y2).
Lemma 1 The secrecy capacity region of a broadcast channel with confidential messages depends only on the conditional
marginal distributions P(y1|x),P(y2|x)and P(z|x).
Proof: It suffices to show that the error probability P(n)
eand the equivocations H(W1|Zn),H(W2|Zn)and H(W1, W2|Zn)
are only functions of marginal distributions when we use the same codebook and encoding schemes. Note that
max{P(n)
e,1, P (n)
e,2} ≤ P(n)
e≤P(n)
e,1+P(n)
e,2.

6
1
2
1
2
.
.
.
2nR2
2nR1
.
.
.
xn
un
Fig. 3. Secret Superposition structure
Hence, P(n)
eis small if and only if both P(n)
e,1and P(n)
e,2are small. On the other hand, for a given codebook and encoding
scheme, the decoding error probabilities P(n)
e,1and P(n)
e,2and the equivocation rates depend only on marginal channel probability
densities PY1|X,PY2|Xand PZ|X. Thus, the same code and encoding scheme gives the same P(n)
eand equivocation rates.
In the following theorem, we fully characterize the capacity region of the physically degraded broadcast channel with
confidential messages.
Theorem 2 The capacity region for transmitting independent secret information over the degraded broadcast channel is the
convex hull of the closure of all (R1, R2)satisfying
R1≤I(X;Y1|U) + I(U;Z)−I(X;Z),(13)
R2≤I(U;Y2)−I(U;Z),(14)
for some joint distribution P(u)P(x|u)P(y1, y2, z|x).
Remark 3 If we remove the secrecy constraints by removing the eavesdropper, then the above theorem becomes the capacity
region of the degraded broadcast channel.
The coding scheme is based on Cover’s superposition coding and random bining. We refer to this scheme as the Secure
Superposition Coding scheme. The available resources at the encoder are used for two purposes: to confuse the eavesdropper
so that perfect secrecy can be achieved for both layers, and to transmit the messages into the main channels. To satisfy
confidentiality, the randomization used in the first layer is fully exploited in the second layer. This makes an increase of
I(U;Z)in the bound of R1.
Proof:
Achievablity: The formal proof of the achievablity is as follows:
1) Codebook Generation: The structure of the encoder is depicted in Fig.7. Let us fix P(u)and P(x|u). We generate
2n(I(U;Y2)−²)independent and identically distributed sequences unaccording to the distribution P(un) = Qn
i=1 P(ui). Next,
we randomly distribute these sequences into 2nR2bins such that each bin contains 2n(I(U;Z)−²)codewords. We index each
of the above bins by w2∈ {1,2, ..., 2nR2}. For each codeword of un, we also generate 2n(I(X;Y1|U)−²)independent and
identically distributed sequences xnaccording to the distribution P(xn|un) = Qn
i=1 P(xi|ui). We randomly distribute these
sequences into 2nR1bins such that each bin contains 2n(I(X;Z)−I(U;Z)−²)codewords. We index each of the above bins by
w1∈ {1,2, ..., 2nR1}.
2) Encoding: To send messages w1and w2, the transmitter randomly chooses one of the codewords in bin w2, say un. Then
given un, the transmitter randomly chooses one of xnin bin w1of the second layer and sends it.
3) Decoding: The received signal at the legitimate receivers, yn
1and yn
2, are the outputs of the channels P(yn
1|xn) =
Qn
i=1 P(y1,i|xi)and P(yn
2|xn) = Qn
i=1 P(y2,i|xi), respectively. Receiver 2determines the unique unsuch that (un, yn
2)are
jointly typical, and declares the index of the bin containing unas the message received. If there is none of such messages or
more than of one such, an error is declared. Receiver 1looks for the unique (un, xn)such that (un, xn, yn
1)are jointly typical
and declares the indices of the bins containing unand xnas the messages received. If there is none of such or more than of
one such, an error is declared.
4) Error Probability Analysis: Since each rate pair of (13) is in the capacity region of the degraded broadcast channel without
confidentiality constraint, then it can be readily shown that the error probability is arbitrarily small, c.f. [35].

7
5) Equivocation Calculation: To prove the secrecy requirement of (10), we have
nRe1=H(W1|Zn)
≥H(W1|Zn, U n)
=H(W1, Zn|Un)−H(Zn|Un)
=H(W1, Xn, Zn|Un)−H(Zn|Un)−H(Xn|W1, Z n, Un)
(a)
=H(W1, Xn|Un) + H(Zn|W1, Un, Xn)−H(Zn|Un)−n²n
(b)
≥H(Xn|Un) + H(Zn|Xn)−H(Zn|Un)−n²n
(c)
≥I(Xn;Yn
1|Un) + I(Un;Zn)−I(Xn;Zn)−n²n
(d)
≥nR1−n²n,
where (a)follows from Fano’s inequality, which states that H(Xn|W1, Zn, U n)≤h(P(n)
we ) + nP n
weRw≤n²nfor sufficiently
large n. Here Pn
we denotes the wiretapper’s error probability of decoding xngiven that the bin number and the codeword unare
known to the eavesdropper and Rw=I(X;Z)−I(U;Z). Since the rate Rwis less than I(X;Z), then Pn
we →0for sufficiently
large n.(b)follows from the fact that (W1, Un)→Xn→Znforms a Markov chain. Thus, we have H(Zn|W1, U n, Xn) =
H(Zn|Xn).(c)follows from two identities: H(Xn|Un)≥I(Xn;Yn
1|Un)and H(Zn|Xn)−H(Zn|Un) = I(Un;Zn)−
I(Xn;Zn). Similarly, we can prove (11). Thus, we only need to prove (12).
nRe12 =H(W1, W2|Zn)
=H(W1, W2, Zn)−H(Zn)
=H(W1, W2, U n, Xn, Z n)−H(Un, Xn|W1, W2, Zn)−H(Zn)
=H(W1, W2, U n, Xn) + H(Zn|W1, W2, U n, Xn)−H(Un|W1, W2, Z n)−H(Xn|W1, W2, Zn, U n)−H(Zn)
(a)
≥H(W1, W2, U n, Xn) + H(Zn|W1, W2, U n, Xn)−n²n−H(Zn)
(b)
=H(W1, W2, U n, Xn) + H(Zn|Un, X n)−n²n−H(Zn)
(c)
≥H(Un, Xn) + H(Zn|Un, Xn)−n²n−H(Zn)
=H(Un) + H(Xn|Un)−I(Un, Xn;Zn)−n²n
(d)
=I(Un;Yn
2) + I(Xn;Yn
1|Un)−I(Xn;Zn)−I(Un;Zn|Xn)−n²n
≥nR1+nR2−n²n,
where (a)follows from Fano’s inequality that H(Un|W1, W2, Zn)≤h(P(n)
we1)+nP n
we1Rw1≤n²n/2and H(Xn|W1, W2, Z n, Un)≤
h(P(n)
we2) + nP n
we2Rw2≤n²n/2for sufficiently large n. Here Pn
we1and Pn
we2denotes the wiretapper’s error probability
of decoding unand xnin the case that the bin numbers w1and w2are known to the eavesdropper, respectively. The
eavesdropper first looks for the unique unin bin w2of the first layer, such that it is jointly typical with zn. As the number
of candidate codewords is small enough, the probability of error is arbitrarily small for a sufficiently large n. Next, given
un, the eavesdropper looks for the unique xnin the bin w1which is jointly typical with zn. Similarly, since the number
of available candidates is small enough, then the probability of error decoding is arbitrarily small. (b)follows from the fact
that (W1, W2)→Un→Xn→Znforms a Markov chain. Therefore, we have I(W1, W2;Zn|Un, Xn)=0, where it is
implied that H(Zn|W1, W2, U n, Xn) = H(Zn|Un, X n).(c)follows from the fact that H(W1, W2, U n, Xn)≥H(Un, X n).
(d)follows from that fact that H(Un) = I(Un;Yn
2)and H(Xn|Un) = I(Xn;Yn
1|Un). This completes the achievablity proof
of (13) and (14).
Converse: The transmitter sends two independent secret messages W1and W2to Receiver 1and Receiver 2, respectively. Let
us define Ui= (W2, Y i−1
1). The following Lemma bounds the secrecy rates for a general case of (W1, W2)→Xn→Yn
1Yn
2Zn:
Lemma 2 For the broadcast channel with confidential messages, the perfect secrecy rates are bounded as follows,
nR1≤
n
X
i=1
I(W1;Y1i|W2, Zi, Y i−1
1,e
Zi+1) + nδ1+n²3,
nR2≤
n
X
i=1
I(W2;Y2i|Zi, Y i−1
2,e
Zi+1) + nδ1+n²2.

8
Proof: We need to prove the second bound. The first bound can similarly be proven. nR2is bounded as follows:
nR2
(a)
≤H(W2|Zn) + n²2
(b)
≤H(W2|Zn)−H(W2|Yn
2) + nδ1+n²2
=I(W2;Yn
2)−I(W2;Zn) + nδ1+n²2
where (a)follows from the secrecy constraint that H(W2|Zn)≥H(W2)−n²2.(b)follows from Fano’s inequality that
H(W2|Yn
2)≤nδ1. Next, we expand I(W2;Yn
2)and I(W2;Zn)as follows.
I(W2;Yn
2) =
n
X
i=1
I(W2;Y2i|Yi−1
2)
=
n
X
i=1
I(W2,e
Zi+1;Y2i|Yi−1
2)−I(e
Zi+1;Y2i|W2, Y i−1
2)
=
n
X
i=1
I(W2;Y2i|Yi−1
2,e
Zi+1) + I(e
Zi+1;Y2i|Yi−1
2)−I(e
Zi+1;Y2i|W2, Y i−1
2)
=
n
X
i=1
I(W2;Y2i|Yi−1
2,e
Zi+1)+∆1−∆2,
where, ∆1=Pn
i=1 I(e
Zi+1;Y2i|Yi−1
2)and ∆2=Pn
i=1 I(e
Zi+1;Y2i|W2, Y i−1
2). Similarly, we have,
I(W2;Zn) =
n
X
i=1
I(W2;Zi|e
Zi+1)
=
n
X
i=1
I(W2, Y i−1
2;Zi|e
Zi+1)−I(Yi−1
2;Zi|W2,e
Zi+1)
=
n
X
i=1
I(W2;Zi|Yi−1
2,e
Zi+1) + I(Yi−1
2;Zi|e
Zi+1)−I(Yi−1
2;Zi|W2,e
Zi+1)
=
n
X
i=1
I(W2;Zi|Yi−1
2,e
Zi+1)+∆∗
1−∆∗
2,
where, ∆∗
1=Pn
i=1 I(Yi−1
2;Zi|e
Zi+1)and ∆∗
2=Pn
i=1 I(Yi−1
2;Zi|W2,e
Zi+1). According to Lemma 7of [4], ∆1= ∆∗
1and
∆2= ∆∗
2. Thus, we have,
nR2≤
n
X
i=1
I(W2;Y2i|Yi−1
2,e
Zi+1)−I(W2;Zi|Yi−1
2,e
Zi+1) + nδ1+n²2
=
n
X
i=1
H(W2|Zi, Y i−1
2,e
Zi+1)−H(W2|Y2i, Y i−1
2,e
Zi+1) + nδ1+n²2
(a)
≤
n
X
i=1
H(W2|Zi, Y i−1
2,e
Zi+1)−H(W2|Y2i, Zi, Y i−1
2,e
Zi+1) + nδ1+n²2
=
n
X
i=1
I(W2;Y2i|Zi, Y i−1
2,e
Zi+1) + nδ1+n²2,
where (a)follows from the fact that conditioning always decreases the entropy.

9
Now according to the above Lemma, the secrecy rates are bound as follows:
nR1
(a)
≤
n
X
i=1
I(W1;Y1,i|W2, Zi, Y i−1
1,e
Zi+1) + nδ1+n²3
=
n
X
i=1
I(W1;Y1,i|Ui, Zi,e
Zi+1) + nδ1+n²3
(b)
≤
n
X
i=1
I(Xi;Y1,i|Ui, Zi,e
Zi+1) + nδ1+n²3
(c)
=
n
X
i=1
I(Xi;Y1,i, Ui, Zi|e
Zi+1)−I(Xi;Zi|e
Zi+1)−I(Xi;Ui|Zi,e
Zi+1) + nδ1+n²3
(d)
=
n
X
i=1
I(Xi;Y1,i|Ui,e
Zi+1) + I(Xi;Ui|e
Zi+1)−I(Xi;Zi|e
Zi+1)−I(Xi;Ui|Zi,e
Zi+1) + nδ1+n²3
(e)
=
n
X
i=1
I(Xi;Y1,i|Ui,e
Zi+1)−I(Xi;Zi|e
Zi+1) + I(Zi;Ui|e
Zi+1)−I(Zi;Ui|Xi,e
Zi+1) + nδ1+n²3
(f)
=
n
X
i=1
I(Xi;Y1,i|Ui,e
Zi+1)−I(Xi;Zi|e
Zi+1) + I(Zi;Ui|e
Zi+1) + nδ1+n²3,
where (a)follows from the Lemma (2). (b)follows from the data processing theorem. (c)follows from the chain rule. (d)
follows from the fact that I(Xi;Y1,i, Ui, Zi|e
Zi+1) = I(Xi;Ui|e
Zi+1)+I(Xi;Y1,i|Ui,e
Zi+1)+I(Xi;Zi|Y1,i, Ui,e
Zi+1)and from
the fact that e
Zi+1Ui→Xi→Y1,i →Y2,i →Ziforms a Markov chain, which means that I(Xi;Zi|Y1,i , Ui,e
Zi+1)=0.(e)
follows from the fact that I(Xi;Ui|e
Zi+1)−I(Xi;Ui|Zi,e
Zi+1) = I(Zi;Ui|e
Zi+1)−I(Zi;Ui|Xi,e
Zi+1).(f)follows from the
fact that e
Zi+1Ui→Xi→Ziforms a Markov chain. Thus, I(Zi;Uie
Zi+1|Xi) = 0 which implies that I(Zi;Ui|Xi,e
Zi+1) = 0.
For the second receiver, we have
nR2
(a)
≤
n
X
i=1
I(W2;Y2,i|Yi−1
2, Zi,e
Zi+1) + nδ2+n²1
=
n
X
i=1
H(Y2,i|Yi−1
2, Zi,e
Zi+1)−H(Y2,i |W2, Y i−1
2, Zi,e
Zi+1) + nδ2+n²1
(b)
≤
n
X
i=1
H(Y2,i|Zi,e
Zi+1)−H(Y2,i |W2, Y i−1
1, Y i−1
2, Zi,e
Zi+1) + nδ2+n²1
(c)
=
n
X
i=1
H(Y2,i|Zi,e
Zi+1)−H(Y2,i |Ui, Zi,e
Zi+1) + nδ2+n²1
=
n
X
i=1
I(Y2,i;Ui|Zi,e
Zi+1) + nδ2+n²1
=
n
X
i=1
I(Y2,i;Ui|e
Zi+1) + I(Y2,i ;Zi|Ui,e
Zi+1)−I(Y2,i ;Zi|e
Zi+1) + nδ2+n²1
=
n
X
i=1
I(Y2,i;Ui|e
Zi+1)−I(Zi;Ui|e
Zi+1) + I(Zi;Ui|Y2,i ,e
Zi+1) + nδ2+n²1
(d)
=
n
X
i=1
I(Y2,i;Ui|e
Zi+1)−I(Zi;Ui|e
Zi+1) + nδ2+n²1,
where (a)follows from the lemma (2). (b)follows from the fact that conditioning always decreases the entropy. (c)follows
from the fact that Yi−1
2→W2e
Zi+1Yi−1
1→Y2i→Ziforms a Markov chain. (d)follows from the fact that e
Zi+1Ui→
Y2,i →Ziforms a Markov chain. Thus I(Zi;Uie
Zi+1|Y2i)=0which implies that I(Zi;Ui|Y2i,e
Zi+1)=0. Now, following
[35], let us define the time sharing random variable Qwhich is uniformly distributed over {1,2, ..., n}and independent of
(W1, W2, Xn, Y n
1, Y n
2). Let us define U=UQ, V = ( e
ZQ+1, Q), X =XQ, Y1=Y1,Q , Y2=Y2,Q, Z =ZQ, then R1and
R2can be written as
R1≤I(X;Y1|U, V ) + I(U;Z|V)−I(X;Z|V),(15)
R2≤I(U;Y2|V)−I(U;Z|V).(16)

10
Encoder
Decoder1
Decoder2
Eavesdropper
d
W2
Nn
3
(W1, W2)
Nn
1
Nn
2
Yn
2
Zn
Xn
Yn
1d
W1
Fig. 4. Gaussian Broadcast Channel with Confidential Messages (G-BCCM)
N0
3i
Xi
N1i
Y1iY2i
Zi
N0
2i
Fig. 5. Equivalent Channels for the G-BCCM
Since conditional mutual information are average of unconditional ones, the largest region is achieved when Vis a constant.
This proves the converse part.
Remark 4 As Lemma 2 bounds the secrecy rates for the general broadcast channel with confidential messages then, Theorem
2 is true when only the legitimate receivers are degraded.
V. CAPACI TY RE GI ON O F GAUS SI AN BCCM
In this section, we consider the Gaussian Broadcast Channel with Confidential Messages (G-BCCM). Note that optimizing
(13) and (14) for AWGN channels involves solving a nonconvex functional. Usually nontrivial techniques and strong inequalities
are used to solve the optimization problems of this type. In [3], Leung-Yan-Cheong successfully evaluated the capacity
expression of the wire-tap channel by using the entropy power inequality. Alternatively, it can also be evaluated using a
classical result from the Estimation Theory and the relationship between mutual information and minimum mean-squared error
estimation. On the other hand, the entropy power inequality is sufficient to establish the converse proof of a Gaussian broadcast
channel without secrecy constraint. Unfortunately, the traditional entropy power inequality does not extend to the secure multi-
user case. Here, by using the generalized version of the entropy power inequality, we show that secret superposition coding
with Gaussian codebook is optimal.
Fig.4 shows the channel model. At time ithe received signals are Y1i=Xi+N1i,Y2i=Xi+N2iand Zi=Xi+N3i,
where Nji is Gaussian random variable with zero mean and V ar(Nj i) = σ2
jfor j= 1,2,3. Here σ2
1≤σ2
2≤σ2
3. Assume
that the transmitted power is limited to E[X2]≤P. Since the channels are degraded, the received signals can alternatively be
written as Y1i=Xi+N1i,Y2i=Y1i+N0
2iand Zi=Y2i+N0
3i, where N1i’s are i.i.d N(0, σ2
1),N0
2i’s are i.i.d N(0, σ2
2−σ2
1),
and N0
3i’s are i.i.d N(0, σ2
3−σ2
2). Fig. 5 shows the equivalent channels for the G-BCCM. The following theorem illustrates
the secrecy capacity region of G-BCCM.
Theorem 3 The secrecy capacity region of the G-BCCM is given by the set of rates pairs (R1, R2)satisfying
R1≤CµαP
σ2
1¶−CµαP
σ2
3¶,(17)
R2≤Cµ(1 −α)P
αP +σ2
2¶−Cµ(1 −α)P
αP +σ2
3¶.(18)
for some α∈[0,1].
Proof:
Achievability: Let U∼ N (0,(1 −α)P)and X0∼ N (0, αP )be independent and X=U+X0∼ N (0, P ). Now consider
the following secure superposition coding scheme:

11
1) Codebook Generation: Generate 2nI(U;Y2)i.i.d Gaussian codewords unwith average power (1 −α)Pand randomly
distribute these codewords into 2nR2bins. Then index each bin by w2∈ {1,2, ..., 2nR2}. Generate an independent set of
2nI(X
0;Y1)i.i.d Gaussian codewords x0nwith average power αP . Then, randomly distribute them into 2nR1bins. Index each
bin by w1∈ {1,2, ..., 2nR1}.
2) Encoding: To send messages w1and w2, the transmitter randomly chooses one of the codewords in bin w2, (say un) and
one of the codewords in bin w1(say x0n). The transmitter then simply transmits xn=un+x0n.
3) Decoding: The received signal at the legitimate receivers are yn
1and yn
2respectively. Receiver 2determines the unique
unsuch that (un, yn
2)are jointly typical and declares the index of the bin containing unas the message received. If there is
none of such or more than of one such, an error is declared. Receiver 1uses the successive cancelation method; it first decodes
unand subtracts it from yn
1and then looks for the unique x0nsuch that (x0n, yn
1−un)are jointly typical and declares the
index of the bin containing x0nas the message received.
It can be shown that if R1and R2satisfy (17) and (18), the error probability analysis and equivocation calculation is
straightforward and may therefore be omitted.
Converse: According to the previous section, R2is bound as follows:
nR2≤I(Yn
2;Un|Zn) = h(Yn
2|Zn)−h(Yn
2|Un, Zn),(19)
where his the differential entropy. The classical entropy power inequality states that:
22
nh(Yn
2+N
0n
3)≥22
nh(Yn
2)+ 2 2
nh(N
0n
3)
Therefore, h(Yn
2|Zn)may be written as follows:
h(Yn
2|Zn) = h(Zn|Yn
2) + h(Yn
2)−h(Zn)
=n
2log 2πe(σ2
3−σ2
2) + h(Yn
2)−h(Yn
2+N0n
3)
≤n
2log 2πe(σ2
3−σ2
2) + h(Yn
2)−n
2log(2 2
nh(Yn
2)+ 2πe(σ2
3−σ2
2)).
On the other hand, for any fixed a∈ R, the function
f(t, a) = t−n
2log(2 2
nt+a)
is concave in tand has a global maximum at the maximum value of t. Thus, h(Yn
2|Zn)is maximized when Yn
2(or equivalently
Xn) has Gaussian distribution. Hence,
h(Yn
2|Zn)≤n
2log 2πe(σ2
3−σ2
2) + n
2log 2πe(P+σ2
2)−n
2log 2πe(P+σ2
3)
=n
2log µ2πe(σ2
3−σ2
2)(P+σ2
2)
P+σ2
3¶.(20)
Now consider the term h(Yn
2|Un, Zn). This term is lower bounded with h(Yn
2|Un, Xn, Zn) = n
2log 2πe(σ2
2)which is greater
than n
2log 2πe(σ2
2(σ2
3−σ2
2)
σ2
3
). Hence,
n
2log 2πe(σ2
2(σ2
3−σ2
2)
σ2
3
)≤h(Yn
2|Un, Zn)≤h(Yn
2|Zn).(21)
Inequalities (20) and (21) imply that there exists an α∈[0,1] such that
h(Yn
2|Un, Zn) = n
2log µ2πe(σ2
3−σ2
2)(αP +σ2
2)
αP +σ2
3¶.(22)
Substituting (22) and (20) into (19) yields the desired bound
nR2≤h(Yn
2|Zn)−h(Yn
2|Un, Zn)
≤n
2log µ(P+σ2
2)(αP +σ2
3)
(P+σ2
3)(αP +σ2
2)¶
=nC µ(1 −α)P
αP +σ2
2¶−nC µ(1 −α)P
αP +σ2
3¶.(23)
Note that the left hand side of (22), can be written as h(Yn
2, Zn|Un)−h(Zn|Un)which implies that
h(Yn
2|Un)−h(Zn|Un) = n
2log µαP +σ2
2
αP +σ2
3¶.(24)

12
0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2
0
0.5
1
1.5
2
2.5
R2 (bit/sec)
R1 (bit/sec)
Gaussian BC
Secure Gaussian BC
Fig. 6. Secret/Non-Secret Capacity Region of a Degraded Broadcast Channel
Since σ2
1≤σ2
2≤σ2
3, there exists a 0≤β≤1such that σ2
2=βσ2
1+ (1 −β)σ2
3or equivalently Yn
2=βY n
1+ (1 −β)Zn.
According to the entropy power inequality and the fact that h(aXn) = h(Xn) + log(an), we have
n
2log ³β22
nh(Yn
1|Un)+ (1 −β)2 2
nh(Zn|Uv )´−h(Zn|Un)
≤n
2log µαP +σ2
2
αP +σ2
3¶.(25)
After some manipulation on (25), we have
h(Yn
1|Un)−h(Zn|Un)
≤n
2log µαP +σ2
2+ (β−1)(αP +σ2
3)
β(αP +σ2
3)¶
=n
2log µαP +σ2
1
αP +σ2
3¶.(26)
The rate R1is bounded as follows
nR1≤I(Xn;Yn
1|Un)−I(Xn;Zn) + I(Un;Zn)(27)
=h(Yn
1|Un)−h(Yn
1|Xn, U n) + h(Zn|Xn)−h(Zn|Un)
=h(Yn
1|Un)−h(Zn|Un) + n
2log( σ2
3
σ2
1
)
(a)
≤n
2log µαP +σ2
1
αP +σ2
3
σ2
3
σ2
1¶
=nC µαP
σ2
1¶−nC µαP
σ2
3¶,
where (a)follows from (26).
Fig. 6 shows the capacity region of a degraded Gaussian broadcast channel with and without secrecy constraint. In this figure
P= 20,N1= 0.9,N2= 1.5and N3= 4.
VI. A MULTILEVEL CODING APPROACH TO T HE SL OWLY FADING WIRE-TAP CHA NN EL
In this section, we use the secure degraded broadcast channel from the previous section to develop a new broadcast strategy
for a slow fading wire-tap channel. This strategy aims to maximize the average achievable rate where main channel state
information is not available at the transmitter. By assuming that there are infinite number of ordered receivers which are
related to different channel realizations, we propose a secret multilevel coding that maximizes the objection. First, some
preliminaries and definitions are given, and then the multilevel coding approach is described. Here, we follow the steps of the
broadcast strategy for the slowly fading point-to-point channel of [11].

13
Encoder
Decoder1
Eavesdropper
Zn
W
Nn
1
Yn
1d
W1
Xn
Nn
2
Fig. 7. Gaussian Wire-tap Channel
Encoder
Eavesdropper
Decoder k+1
Decoder k
Decoder k−1
sk+1
Nn
1,(k+1)
Nn
1,k
Nn
1,(k−1)
Nn
2
.
.
.
.
.
.
sk−1
sk
s0
Fig. 8. Equivalent Broadcast Channel Model.
A. Channel Model
Consider a wire-tap channel as depicted in Fig.7. The transmitter wishes to communicate with the destination in the presence
of an eavesdropper. At time i, the signal received by the destination and the eavesdropper are given as follows
Yi=hMXi+N1i(28)
Zi=hEXi+N2i
where Xiis the transmitted symbol and hM,hEare the fading coefficients from the source to the legitimate receiver and
the eavesdropper, respectively. The fading power gains of the main and eavesdropper channels are denoted by s=|hM|2and
s0=|hE|2respectively. N1i,N2iare the additive noise samples, which are Gaussian i.i.d with zero mean and unit variance.
We assume that the channels are slowly fading, and also assume that the transmitter knows only channel state information
of the eavesdropper channel. For each realization of hMthere is an achievable rate. Since the transmitter has no information
about the main channel and the channels are slowly fading, then the system is non-ergodic. Here, we are interested in the
average rate for various independent transmission blocks. The average shall be calculated over the distribution of hM.
B. The Secret Multilevel Coding Approach
An equivalent broadcast channel for our channel is depicted in Fig. 8. where, the transmitter sends an infinite number of
secure layers of coded information. The receiver is equivalent to a continuum of ordered users. For each channel realization
hk
Mwith the fading power gain sk, the information rate is R(sk). We drop the superscript k, and the realization of the fading
power random variable Sis denoted by s. Therefore, the transmitter views the main channel as a secure degraded Gaussian
broadcast channel with infinite an number of receivers. The result of the previous section for the two receivers can easily be
extended to an arbitrary number of users. According to theorem 3, the incremental differential secure rate is then given by
dR(s) = "1
2log µ1 + sρ(s)ds
1 + sI(s)¶−1
2log Ã1 + s0ρ(s)ds
1 + s0I(s)!#+
,(29)

14
where ρ(s)ds is the transmit power of a layer parameterized by s, intended for receiver s. The log function may be discarded
according to the justifications of [37]. The function I(s)represents the interference noise of the receivers indexed by u>s
which cannot be canceled at receiver s. The interference at receiver sis therefore given by
I(s) = Z∞
s
ρ(u)d(u).(30)
The total transmitted power is the summation of the power assigned to the layers
P=I(0) = Z∞
0
ρ(u)d(u).(31)
The total achievable rate for a fading realization sis an integration of the incremental rates over all receivers, which can
successfully decode the respective layer
R(s) = 1
2Zs
0"uρ(u)du
1 + uI(u)−s0ρ(u)du
1 + s0I(u)#+
.(32)
Our goal is to maximize the total average rate over all fading realizations with respect to the power distribution ρ(s)(or
equivalently, with respect to I(u),u≥0) under the power constraint of 31. The optimization problem may be written as
Rmax= max
I(u)Z∞
0
R(u)f(u)du, (33)
s.t
P=I(0) = Z∞
0
ρ(u)d(u),
where f(u)is the probability distribution function (pdf) of the power gain S. Nothing that the cumulative distribution function
(cdf) is F(u) = Ru
0f(a)da, the optimization problem may be written as
Rmax=1
2max
I(u)Z∞
0
(1 −F(u))G(u)du, (34)
s.t
P=I(0) = Z∞
0
ρ(u)d(u),
where G(u) = hu
1+uI(u)−s
0
1+s0I(u)i+
ρ(u). Note that ρ(u) = −I0(u). The functional of (34), therefore, may be written as
J(x, I(x), I0(x)) =
−(1 −F(x)) "x
1 + xI(x)−s0
1 + s0I(x)#+
I0(x).(35)
The necessary condition for maximization of an integral of Jover xis
JI−d
dxJI0= 0,(36)
where JImeans derivation of function Jwith respect to I, and similarly JI0is the derivation of Jwith respect to I0. After
some manipulations, the optimum I(x)is given by
I(x) = (1−F(x)−(x−s
0)f(x)
s0(1−F(x))+x(x−s0)f(x),max{s0, x0} ≤ x≤x1;
0,otherwise,
where x0is determined by I(x0) = P, and x1by I(x1) = 0.
As a special case, consider the Rayleigh flat fading channel. The random variable Sis exponentially distributed with
f(s) = e−s, F (s) = 1 −e−s, s ≥0.(37)
Substituting of f(s)and F(s)into the optimum I(s)and taking the derivative with respect to the fading power syields to
the following optimum transmitter power policy
ρ(s) = −d
dsI(s) = (−s2+2(s
0+1)s−s
02
(s2−s0s+s0)2,max{s0, s0} ≤ s≤s1;
0,otherwise,

15
where s0is the solution of the equation I(s0) = P, which is
s0=−1 + P s0+pP2s02+ 2P(1 −2P)s0+ 4P+ 1
2P,
and s1is determined by I(s1) = 0, which is
s1= 1 + s0.
VII. CONCLUSION
A generalization of the wire-tap channel in the case of two receivers and one eavesdropper was considered. We established an
inner bound for the general (non-degraded) case. This bound matches Marton’s bound on broadcast channels without security
constraint. Furthermore, we considered the scenario in which the channels are degraded. We established the perfect secrecy
capacity region for this case. The achievability coding scheme is a secret superposition scheme where randomization in the
first layer helps the secrecy of the second layer. The converse proof combines the converse proof for the degraded broadcast
channel without security constraint, and the perfect secrecy constraint. We proved that the secret superposition scheme with the
Gaussian codebook is optimal in AWGN-BCCs. The converse proof is based on the generalized entropy power inequality and
Csiszar lemma. Based on the rate characterization of the AWGN-BCCs, the broadcast strategy for the slowly fading wire-tap
channel were used. In this strategy the transmitter only knows the eavesdropper’s channel and the source node sends secure
layered coding. The receiver viewed as a continuum of ordered users. We derived optimum power allocation for the layers,
which maximizes the total average rate.
REFERENCES
[1] C. E. Shannon, “Communication Theory of Secrecy Systems”, Bell System Technical Journal, vol. 28, pp. 656-715, Oct. 1949.
[2] A. Wyner, “The Wire-tap Channel”, Bell System Technical Journal, vol. 54, pp. 1355-1387, 1975.
[3] S. K. Leung-Yan-Cheong and M. E. Hellman, “Gaussian Wiretap Channel”, IEEE Trans. Inform. Theory, vol. 24, no. 4, pp. 451-456, July 1978.
[4] I. Csiszar and J. Korner, “Broadcast Channels with Confidential Messages”, IEEE Trans. Inform. Theory, vol. 24, no. 3, pp. 339-348, May 1978.
[5] R. Liu, I. Maric, P. Spasojevic and R. D. Yates, “Discrete Memoryless Interference and Broadcast Channels with Confidential Messages”, IEEE Trans.
Inform. Theory, Vol. 54, Issue: 6, pp. 2493-2507, Jun 2008.
[6] J. Xu and B. Chen, “Broadcast Confidential and Public Messages”, in Proc. 42nd Conf. Information Sciences and Systems (CISS), Princeton, NJ, pp.
630-635 Mar. 2008.
[7] J. Xu, Y. Cao, and B. Chen ,“Capacity Bounds for Broadcast Channels with Confidential Messages”, available at
http://arxiv.org/PS cache/arxiv/pdf/0805/0805.4374v1.pdf.
[8] P. K. Gopala, L. Lai and H. El-Gamal, “ On the Secrecy Capacity of Fading Channels”, in IEEE Trans. on Info. Theory, Volume 54, Issue 10, pp.
4687-4698, Oct. 2008.
[9] P. Parada and R. Blahut, “Secrecy Capacity of SIMO and Slow Fading Channels,” in Proc. of ISIT 2005, pp. 2152-2155, Sep. 2005.
[10] J. Barros and M. R. D. Rodrigues, “Secrecy Capacity of Wireless Channels”, in Proc. of ISIT 2006, pp. 356-360, July 2006.
[11] S. Shamai, A. Steiner, “A Broadcast Approach for a Single-User Slowly Fading MIMO Channel”, in IEEE Trans. on Info. Theory, Volume 49, Issue
10, pp. 2617-2635, Oct. 2003.
[12] A. Khisti, A. Tchamkerten and G. W. Wornell, “Secure Broadcasting”, available at http://arxiv.org/PS cache/cs/pdf/0702/0702093v1.pdf.
[13] E. Tekin, S. Serbetli, and A. Yener, “On secure Signaling for the Gaussian Multiple Access Wire-tap Channel”, in Proc. 2005 Asilomar Conf. On Signals,
Systems, and Computers, Asilomar, CA, pp. 1747-1751, November 2005.
[14] E. Tekin and A. Yener, “The Gaussian Multiple Access Wire-Tap Channel”, in IEEE Trans. on Info. Theory, Volume 54, Issue 12, pp. 5747-5755, Dec.
2008.
[15] Y. Liang and V. Poor, “Generalized Multiple Access Channels with Confidential Messages”, in Proc. Of IEEE Int. Symp. Inf. Theory (ISIT), pp. 952-956,
July 2006.
[16] E. Tekin and A. Yener, “The Gaussian Multiple Access Wire-Tap Channel: Wireless Secrecy and Cooperative Jamming”, Information Theory and
Applications Workshop, pp. 404-413. Feb. 2007.
[17] Y. Oohama, “Coding for Relay Channels with Confidential messages”, in Proc. Of IEEE Information Theory Workshop, pp. 87-89, Sep. 2001.
[18] Y. Oohama, “Capacity Theorems for Relay Channels with Confidential Messages ”, in Proc. of ISIT 2007, pp. 926-930, Jun. 2007.
[19] L. Lai and H. El Gamal, “The Relay-Eavesdropper Channel: Cooperation for Secrecy”, IEEE Trans. Inf. Theory, Volume 54, Issue 9, pp. 4005-4019,
Sept. 2008.
[20] M. Yuksel and E. Erkip., “The Relay Channel with a Wiretapper”, in Proc. Forty-First Annual Conference on Information Sciences and Systems (CISS),
Baltimore, MD, USA, Mar. 2007.
[21] Z. Li, R. Yates, and W. Trappe, “Secrecy Capacity of Independent Parallel Channels”, in Proc. 44th Annu. Allerton Conf. Communication, Control and
Computing, Monticello, IL, pp. 841-848, Sep. 2006.
[22] F. Oggier, B. Hassibi, “ The MIMO Wiretap Channel”, Communications, Control and Signal Processing, 2008. ISCCSP 2008. 3rd International Symposium
on., pp. 213-218, Mar. 2008.
[23] S. Shafiee, L. Nan and S. Ulukus, “Secrecy Capacity of the 2-2-1 Gaussian MIMO Wire-tap Channel”, Communications, Control and Signal Processing,
2008. ISCCSP 2008. 3rd International Symposium on., pp. 207-212, Mar. 2008.
[24] A. Khisti, G. Wornell, A. Wiesel, and Y. Eldar, “On the Gaussian MIMO Wiretap Channel”, in Proc. IEEE Int. Symp. Information Theory (ISIT), Nice,
France, Jun. 2007.
[25] A. Khisti and G. Wornell, “Secure Transmission with Multiple Antennas: The MISOME Wiretap Channel”, available at
http://arxiv.org/PS cache/arxiv/pdf/0708/0708.4219v1.pdf.
[26] T. Liu and S. Shamai (Shitz), “A Note on the Secrecy Capacity of the Multi-antenna Wiretap Channel”, available at
http://arxiv.org/PS cache/arxiv/pdf/0710/0710.4105v1.pdf.
[27] R. Liu and H. V. Poor, “Multi-Antenna Gaussian Broadcast Channels with Confidential Messages ”, in Proc. of ISIT 2008, pp. 2202-2206, Jul. 2008.
[28] X. Tang, R. Liu, P. spasojevic and V. Poor, “The Gaussian Wiretap Channel with a Helping Interferer”, in Proc. of ISIT 2008, pp. 389-393, Jul. 2008.
[29] C. Chan, “Success Exponent of Wiretapper: A Tradeoff between Secrecy and Reliability”, available at
http://arxiv.org/PS cache/arxiv/pdf/0805/0805.3605v4.pdf.

16
[30] X. Tang, R. Liu, P. Spasojevic and V.Poor, “Interference-Assisted Secret Communication”, available at
http://arxiv.org/PS cache/arxiv/pdf/0804/0804.1382v1.pdf.
[31] L.Lai, H. El-Gamal, V. Poor, “The Wiretap Channel With Feedback: Encryption Over the Channel ”, IEEE Trans. Inf. Theory, Volume 54, Issue 11, pp.
5059-5067, Nov. 2008.
[32] O.Ozan Koyluoglu, H.El-Gamal, “On the Secure Degrees of Freedom in the K-User Gaussian Interference Channel”, in Proc. of ISIT 2008, pp. 384-388,
Jul. 2008.
[33] S. I. Gelfand and M. S. Pinsker, “Coding for Channel with Random Parameters”, Problemy Peredachi Informatsii, vol. 9, no. 1, pp. 19-31, 1980.
[34] K. Marton, “A Coding Theorem for the Discrete Memoryless Broadcast Channel”, IEEE Trans. on Inf. Theory, vol. 25, no. 1, pp. 306-311, May 1979.
[35] T. Cover and J. Thomas, Elements of Information Theory. John Wiley Sons, Inc., 1991.
[36] T. Liu, P. Viswanath, “An Extremal Inequality Motivated by Multiterminal Information Theoretic Problems”, IEEE Trans. on Inf. Theory, vol. 53, no.
5, pp. 1839-1851, May 2007.
[37] A. J. Viterbi, “Very Low Rate Conventional Codes for Maximum Theoretical Performance of Spread-Spectrum Multiple-Access Channels”, in IEEE J.
Select. Areas Commun., vol. 8, pp. 641-649, May 1990.