# Program of "Mathematical Tools of Information-Theoretic Security Workshop"

## 23rd of September - Wednesday

Session Chairs: Vincent Y. F. Tan (VT), Yingbin Liang (YL), Mérouane Debbah (MD) and Frederique Oggier (FO)

 Time Talk Speaker(s) Chair 08h50 - 09h00: Welcome Speech Matthieu Bloch, Vincent Y. F. Tan and Mérouane Debbah 09h00 - 10h00 Multiple Secret Key Generation: Models and Key Capacity Regions Yingbin Liang VT 10h00 - 10h30 Break 10h30 - 11h00 Secret Key Agreement: General Capacity and Second-Order Asymptotics Shun Watanabe YL 11h00 - 11h30 MIMO Wiretap Channel with a Cooperative Jammer Aylin Yener YL 11h30 - 11h45 Break 11h45 - 12h15 Secure Degrees of Freedom of Wireless Networks with and without Eavesdropper CSI Sennur Ulukus YL 12h15 - 12h45 A Numerical Study on the Wiretap Network with a Simple Network Topology Fan Cheng YL 12h45 - 14h00 Lunch 14h00 - 15h00 Coset Coding for Wiretap Channels Frederique Oggier MD 15h00 - 15h30 Break 15h30 - 16h00 Achieving Secrecy Capacity with Polar Codes and Polar Lattices Cong Ling FO 16h00 - 16h30 A wiretap analysis of lattice codes at low and medium dimensions Jean-Claude Belfiore FO 16h30 - 16h45 Break 16h45 - 17h15 Recent results on powers of codes Gilles Zemor FO 17h15 - 17h45 Secret key generation for Gaussian sources using lattices Laura Luzzi FO

## 24th of September - Thursday

Session Chairs: Vincent Y. F. Tan (VT) and Zhenjie Zhang (ZZ)

 Time Talk Speaker Chair 09h00 - 10h00 Differential Privacy: Is It the Dawn of Data Science Tomorrow? Zhengjie Zhang VT 10h00 - 10h30 Break 10h30 - 11h00 From the applied pi calculus to broken Internet protocols Ben Smyth ZZ 11h00 - 11h30 Differential privacy, approximation, and learning Anand D. Sarwate ZZ 11h30 - 11h45 Break 11h45 - 12h15 Information-theoretic Privacy Mechanisms Lalitha Sankar ZZ 12h15 - 12h45 Secure Communication in K-user Broadcast Channel with State Feedback Mari Kobayashi ZZ Social Event Break(The afternoon is dedicated to participants who are interested to visit Paris freely)

## 25th of September - Friday

Session Chairs: Mérouane Debbah (MD), Andreas Winter (AW), Ejder Baştuğ (EB) and Shlomo Shamai (SS)

 Time Talk Speaker Chair 09h00 - 10h00 Quantum information security Andreas Winter MD 10h00 - 10h30 Break 10h30 - 11h00 The strong converse theorem in quantum information theory Ciara Morgan AW 11h00 - 11h30 Sharing and verifying quantum information with differing degrees of trust Damian Markham AW 11h30 - 11h45 Break 11h45 - 12h15 Classical and Quantum Information Theoretical Analysis for Security Masahito Hayashi AW 12h15 - 12h45 Benchmarking quantum channels for private communications: the problem of regularization David Elkouss AW 12h45 - 14h00 Lunch 14h00 - 15h00 Layered Secrecy on Broadcast Networks Shlomo Shamai (Shitz) EB 15h00 - 15h30 Break 15h30 - 16h00 Secure Gray-Wyner Source Coding Abdellatif Zaidi SS 16h00 - 16h30 The Wiretap Channel with Generalized Feedback: Secure Communication and Key Generation Pablo Piantanida SS 16h30 - 16h45 Break 16h45 - 17h15 Authentication at the Physical Layer: from Device-to-Device to Networks Stefano Tomasin SS 17h15 - 17h45 Communication with Low Probability of Detection Ligong Wang SS

## Progam in Detail

### Multiple Secret Key Generation: Models and Key Capacity Regions

Wednesday 23 September 2015, 09h00 - 10h00
Yingbin Liang, Syracuse University, NY, USA
Abstract: Information theoretic approach for secret key generation via source-type models is emerging as an exciting topic due to its promising applications in wireless networks, particularly in those with minimum infrastructures. While generation of a single secret key over source networks has been intensively studied with the key capacity being characterized for various source models, the problem of simultaneous generation of multiple secret keys is much less explored. This talk will discuss technical challenges of multiple secret key generation and review recent information theoretic studies of the topic.

More specificially, in this talk, I will start with introducing the basic source-type model for single secret key generation, the measure of secrecy, and the information theoretic approaches to designing key generation schemes and characterizing the key capacity. I will then introduce a basic model on two secret key generation, a random binning and joint decoding scheme for multiple key generation, and characterization of the key capacity region for the model. I will then further present various other source-type models for multiple key generation, and review recent studies of these models. As conclusion of the talk, I will identify new directions and potential applications of multiple secret key generation problems.

### Secret Key Agreement: General Capacity and Second-Order Asymptotics

Wednesday 23 September 2015, 10h30 - 11h00
Shun Watanabe, Tokyo University of Agriculture and Technology, Japan
Abstract: We revisit the problem of secret key agreement using interactive public communication for two parties and propose a new secret key agreement protocol. The protocol attains the secret key capacity for general observations and attains the second-order asymptotic term in the maximum length of a secret key for independent and identically distributed observations. In contrast to the previously suggested secret key agreement protocols, the proposed protocol uses interactive communication. In fact, the standard one-way communication protocol used prior to this work fails to attain the asymptotic results above. Our converse proofs rely on a recently established upper bound for secret key lengths. Both our lower and upper bounds are derived in a single-shot setup and the asymptotic results are obtained as corollaries.

It is a joint work with M. Hayashi and H. Tyagi (arXiv:1411.0735).

### MIMO Wiretap Channel with a Cooperative Jammer

Wednesday 23 September 2015, 11h00 - 11h30
Aylin Yener, Pennsylvania State University, USA
Abstract: We consider the classical Alice-Bob-Eve wiretap channel setting with an additional terminal (Charles) that can transmit with the goal of improving secrecy for Alice to Bob communication. The terminals involved in the model are all equipped with multiple antennas. We characterize the precise high-SNR capacity of this MIMO wiretap model for varying relative number of antennas at each terminal. Of particular interest is the achievability techniques that in certain configurations need to synergistically employ signal scale alignment (a complex field extension of real interference alignment) and spatial alignment along with proper interference cancellation. Having Charles employ cooperative jamming, i.e., inject judicious interference into the model, improves secrecy capacity scaling of the MIMO wiretap channel, with differing amounts depending on the relative number of antennas at Alice, Charles, Bob and Eve.

Joint work with Mohamed Nafea.

### Secure Degrees of Freedom of Wireless Networks with and without Eavesdropper CSI

Wednesday 23 September 2015, 11h45 - 12h15
Sennur Ulukus, University of Maryland at College Park, USA
Abstract: Secrecy capacities of many practically important wireless networks are still unknown today. In the absence of exact secrecy capacities, secure degrees of freedom (s.d.o.f.) is a useful measure that determines the high SNR secrecy capacities of the networks. In this talk, I will summarize our recent results on the s.d.o.f. of several fundamental wireless network structures. In particular, the s.d.o.f. of an M-helper network is M/(M+1), the sum s.d.o.f. of a K-user multiple access wiretap channel is K(K-1)/(K(K-1)+1), and the sum s.d.o.f. of a K-user interference channel with secrecy constraints is K(K-1)/(2K-1). These are the exact s.d.o.f.s when the legitimate transmitters know the eavesdropper CSI. When the legitimate transmitters do not know the eavesdropper CSI, the exact s.d.o.f.s of the corresponding networks are as follows: the s.d.o.f. of an M-helper network is still M/(M+1), the sum s.d.o.f. of a K-user multiple access wiretap channel reduces to (K-1)/K, and the sum s.d.o.f. of a K-user interference channel with secrecy constraints reduces to (K-1)/2. Interestingly, in the absence of eavesdropper CSI, a multiple access network reduces to a helper network.

Our achievable schemes are based on real interference alignment, cooperative jamming and channel prefixing, which together render the message signals and the cooperative jamming signals separable at the legitimate receivers, but align them perfectly at the eavesdroppers preventing any reliable decoding of the message signals. Our converses are based on two key lemmas. The first lemma quantifies the secrecy penalty by showing that the net effect of an eavesdropper on the system is that it eliminates one of the independent channel inputs. The second lemma quantifies the role of a helper by developing a direct relationship between the cooperative jamming signal of a helper and the message rate. In the case of no eavesdropper CSI, we additionally use a blind alignment scheme for the achievability and a recent least alignment result for the converse.

This is joint work with Jianwei Xie and Pritam Mukherjee.

### A Numerical Study on the Wiretap Network with a Simple Network Topology

Wednesday 23 September 2015, 12h15 - 12h45
Fan Cheng, ECE, NUS, Singapore.
Abstract: The perfect secrecy theorem of Shannon, which states that the size of the key is lower bounded by the size of the message, has been known for over six decades. The result was generalized later in the context of wiretap channel II and wiretap network, where various bounds have been obtained so far. In principle, all these bounds can be regarded as some special cut-set bounds, which are quite loose in general. How to "beat" the cut-set bound is a question of fundamental interest. In this talk, we will introduce our result on a very simple wiretap network, consisting of a source node S, an intermediate node T, and a destination R. There are only three noiseless channels connecting (S, T) and (T, R), respectively. However, our study will show that the problem is not as simple as the network model. Some interesting results will be presented and open problem will be discussed.

It is a joint work with Prof. Vincent Y. F. Tan.

### Coset Coding for Wiretap Channels

Wednesday 23 September 2015, 14h00 - 15h00
Frederique Oggier, Nanyang Technological University, Singapore
Abstract: This talk is an introduction to coset coding in the context of wiretap channels. Two cases will be considered: the wiretap II channel which involves classical error correction codes, and the AWGN channel with lattice codes.

### Achieving Secrecy Capacity with Polar Codes and Polar Lattices

Wednesday 23 September 2015, 15h30 - 16h00
Cong Ling
, Imperial College, London, UK

Abstract: Dating back to Wyner’s seminal work on the wiretap channel, information theory predicted the existence of coding schemes that allow both reliable and confidential communications. However, the actual construction of such codes is a challenging problem. The advent of polar codes offers a new, powerful approach to secrecy coding. In this talk, an overview of the construction of polar codes/lattices for discrete/Gaussian wiretap channels will be presented. Further, we show that it is possible to obtain semantic security from polar codes/lattices, thereby providing security on the physical layer as strong as classic cryptography.

### A wiretap analysis of lattice codes at low and medium dimensions

Wednesday 23 September 2015, 16h00 - 16h30
Jean-Claude Belfiore, Télécom ParisTech, France
Abstract: Analysis of lattice codes for the wiretap Gaussian channel shows the key role of theta series of a lattice. However, theta series are very difficult to compute, which means that finding a good lattice code for the wiretap channel is not easy. We give here two methods to compute theta series: The first one is based on methods coming from structure results of modular forms while the second one is based on various constructions of lattices from codes.

### Recent results on powers of codes

Wednesday 23 September 2015, 16h45 - 17h15
Gilles Zemor, Bordeaux University, France
The Schur product of two codes $C$ and $D$ is the linear span of all componentwise products of pairs of vectors of $C$ and $D$. Schur products of codes have come lately under renewed scrutiny, in part because of their applications to secret sharing, multiparty computation, cryptanalysis, to quote just some. All these applications implicate pairs of codes whose Schur products have large distances. This talk will  focus on recent structural results on pairs of such codes and mention some consequences for applications.

### Secret key generation for Gaussian sources using lattices

Wednesday 23 September 2015, 17h15 - 17h45
Laura Luzzi, ETIS (ENSEA - Cergy-Pontoise University - CNRS), France
Abstract: In this talk, we consider secret key generation between two terminals, Alice and Bob, who observe correlated Gaussian sequences X and Y, in the presence of an eavesdropper, Eve, who also obtains a correlated sequence Z. To establish a common key, Alice and Bob can exchange messages on a public channel, which are witnessed by Eve. We present a key-generation scheme based on a lattice hashing technique, achieving rates up to 1/2 nat from the secret-key capacity.

(This talk is based on a joint work with Cong Ling and Matthieu Bloch.)

### Differential Privacy: Is It the Dawn of Data Science Tomorrow?

Thursday 24 September 2015, 09h00 - 10h00
Zhengjie Zhang, Advanced Digital Sciences Center, University of Illinois at Urbana Champaign
Abstract: The emergence of differential privacy is considered as the most important breakthrough in privacy preservation research in the new century. It attracts huge attentions from both academia and industry, because of its elegant theory enabling a well-calibrated balance between data utility and privacy leakage risk. After a decade, both theorists and applied researchers have gained much deeper insights into differential privacy. On the theoretical side, new results show that it is almost impossible to improve the accuracy of existing approaches enforcing differential privacy. On the practice side, a large number of tricks are proposed to exploit specific domain characteristics to enhance the usefulness of the methods. These results together have generated a much clearer boundary between what we can and what we cannot support with differential privacy. In this talk, we will discuss a number of use cases to illustrate the boundary of practical differential privacy mechanisms.

### From the applied pi calculus to broken Internet protocols

Thursday 24 September 2015, 10h30 - 11h00
Ben Smyth, Huawei R&D France, Paris, France
Slides available upon request to Ben Smyth.
Abstract: In this talk, I will demonstrate how the applied pi calculus can be used to evaluate whether cryptographic protocols satisfy security properties such as authentication and secrecy. I will also demonstrate how ProVerif can be used for automated evaluation. The talk is structured around a worked-example which is intended to establish a secure channel. We will see how to model the worked-example in the applied pi and how this model enables the detection of attacks against authentication and secrecy. Moreover, we will see how to patch the worked-example and how to prove that the revised model is secure.

The talk is loosely based upon: Mark D. Ryan & Ben Smyth (2011) Applied pi calculus. Chapter in Véronique Cortier & Steve Kremer (editors) Formal Models and Techniques for Analyzing Security Protocols, IOS Press. And: Bruno Blanchet, Ben Smyth, & Vincent Cheval (2015) ProVerif 1.90: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial

### Differential privacy, approximation, and learning

Thursday 24 September 2015, 11h00 - 11h30
Anand D. Sarwate, Rutgers University, USA
Abstract: Differential privacy is a framework for understanding how to prevent someone from using analyses of a database to discover whether any particular individual is part of that database. A particular computation on the data can be made differentially private by introducing noise somewhere in the computation: the noise masks individual data points. The noise affects the accuracy of the computation, thus reducing the utility of the output. Computations which are stable with respect to small perturbations are easier to make differentially private, and larger sample sizes often lead to greater stability. In this talk I will discuss some examples of the sample size-privacy-utility tradeoff, provide some perspectives on distribution estimation, and give some open questions relevant for practical applications of differential privacy.

### Information-theoretic Privacy Mechanisms

Thursday 24 September 2015, 11h45 - 12h15
Lalitha Sankar, Arizona State University, USA
Abstract: An information-theoretic privacy mechanism is a randomized mapping that provides statistical guarantees on privacy leakage, quantified via mutual information, while ensuring a measure of fidelity of the published data (distortion). Such a mechanism exploits the statistics of the data to provide better privacy for outliers while guaranteeing privacy on average for all entries of a database. This approach is particularly suitable for streaming data (e.g., electric grid, sensor data in IoT, etc.) where specific features have to be kept hidden while sharing other public features of the data and no single piece of data needs strong privacy guarantees. In this talk we will present a formal framework for information-theoretic privacy and specifically focus on the achievable utility-privacy tradeoff in an interactive setting and the value of interaction on privacy leakage.

### Secure Communication in K-user Broadcast Channel with State Feedback

Thursday 24 September 2015, 12h15 - 12h45
Mari Kobayashi, CentraléSupelec, Gif-sur-Yvette, France
Abstract: In this talk, we consider the secure communication in two types of K-user broadcast channels (BC) with state feedback: multi-antenna BC and erasure BC. First we revisit well-known schemes achieving the optimal DoF/rate region in multi-antenna/erasure BC without secrecy constraints. Then, we provide secured counterparts and quantify how much resource overhead is necessary to guarantee the secrecy. The secrecy schemes for both channels are very simple in the sense that they just require an additional phase of secrecy key generation compared to the non-secured setup.  Interestingly, it is found that secrecy comes almost for free’’ in the multi-antenna BC when the number of transmit antennas grows accordingly.

### Quantum information security

Friday 25 September 2015, 09h00 - 10h00
Andreas Winter, Universitat Autònoma de Barcelona, Spain
Abstract: Quantum information theory has the peculiar and privileged feature that the "physical layer" security is built into the probabilistic structure of quantum theory itself. I will present an overview of quantum key distribution, quantum wire tap channels and other cryptographic primitives in the quantum setting, and exhibit some of the main technical tools used to analyze the security of protocols, specifically the calculus of smooth conditional min-entropies, and time permitting, Renyi entropic analogues.

### The strong converse theorem in quantum information theory

Friday 25 September 2015, 10h30 - 11h00
Ciara Morgan, University College Dublin, Ireland
Abstract: Establishing the strong converse theorem for general quantum channels would imply that there is no trade-off possible between the rate of communication over the quantum channel and the coding error, and would confirm the quantum capacity as the ultimate rate for communication over memoryless quantum channels. Despite its position amongst the most important open problems, proving the strong converse theorem for arbitrary quantum channels remains one of the most elusive tasks in quantum information theory today. At the heart of the problem lies entanglement, a fundamental property of quantum systems, which gives rise to numerous, often counter-intuitive departures from classical information theory, including the so-called superactivation of quantum channel capacities. Here we introduce the above notions and report on progress made towards establishing the strong converse theorem for both the quantum capacity and the private classical capacity of a certain class of quantum channels, known as degradable channels.

This work is in collaboration with Andreas Winter.

### Sharing and verifying quantum information with differing degrees of trust

Friday 25 September 2015, 11h00 - 11h30
Damian Markham, CNRS - Telecom ParisTech, France
Abstract: Various quantum information protocols involve sharing and verifying the correctness of quantum information. This can be achieved in various ways depending on the amount of trust put on the devices which are being used. In this talk we will give an overview of some quantum secret sharing, verification and related protocols, and highlight the key 'quantum' features that give rise to different levels of security (information theoretic security with trusted devices, untrusted devices and semi-trusted devices).

### Classical and Quantum Information Theoretical Analysis for Security

Friday 25 September 2015, 11h45 - 12h15
Masahito Hayashi, Nagoya University, Japan

Abstract: Generating secure key from correlated random number is fundamental and important task in information theory. In the i.i.d. setting, it is known that the asymptotic optimal secure key generation rate is the conditional entropy when the leaked information is classical or quantum. On the other hand, source and channel coding problems, there are many results for the exponential decreasing rate of decoding error probability. In this talk, we adopt two kinds of security criteria, One is the modified mutual information, which is defined by the relative enetropy between the ideal distribution and true distribution. We show the validity of this criterion [8]. The other is the L_1 norm criterion, which is defined as the variational distance between the same distributions as the above. The former is used in the information theory community and the latter is used in the community of cryprography. As our result, we derive the optimal exponential decreasing rates for both criteria in the  i.i.d. case when the leaked information is classical [1,2,6,7]. In the latter security criterion, the collision entropy plays a more important role than the minimum entropy [8]. Further, in this case, we generalize the modified mutual information, and derive the asymptotic optimal secure key generation rate and the optimal exponential decreasing rates under the generalization [6]. Finally, we also consider the quantum case, i.e., the case when the leaked information is quantum. We discuss how can we generalize our results to the quantum case partially [3,4]. Further, we also discuss what kinds of hash function is effective for our purpose [5,8,9]. We also discuss the extension to the Markovian case [7]. Finally, we discuss the relation with blind comutation [10].

These results contain collaborations with Vincent Tan, Shun Watanabe, Toyohiro Tsurumaru, and Tomoyuki Morimae

[1] M. Hayashi, “Exponential decreasing rate of leaked information in universal random privacy amplification,” IEEE Transactions on Information Theory, Vol. 57, No. 6, 3989-4001, (2011)
[2] M. Hayashi, “Tight exponential analysis of universally composable privacy amplification and its applications,” IEEE Transactions on Information Theory, Vol. 59, No. 11, 7728–7746 (2013);
[3] M. Hayashi, “Large deviation analysis for quantum security via smoothing of Renyi entropy of order 2,” IEEE Transactions on Information Theory, Volume 60, Issue 10, 6702 - 6732 (2014)
[4] M. Hayashi, “Precise evaluation of leaked information with secure randomness extraction in the presence of quantum attacker,” Communications in Mathematical Physics, Volume 333, Issue 1, pp 335-350, (2015)
[5] T. Tsurumaru and M. Hayashi, “Dual Universality of Hash Functions and Its Applications to Quantum Cryptography” IEEE Transactions on Information Theory, Vol. 59, No. 7, 4700-4717, (2013)
[6] M. Hayashi and V. Tan, "Equivocations, Exponents and Second-Order Coding Rates under Various Rényi Information Measures" arXiv:1504.02536.
[7] M. Hayashi and S. Watanabe, "Uniform Random Number Generation from Markov Chains: Non-Asymptotic and Asymptotic Analyses" arXiv:1503.04371.
[8] M. Hayashi, "Security analysis of epsilon-almost dual universal2 hash functions: smoothing of min entropy vs. smoothing of Rényi entropy of order 2,"  arXiv:1309.1596.
[9] M. Hayashi and T. Tsurumaru, "More Efficient Privacy Amplification with Less Random Seeds via Dual Universal Hash Function," arXiv:1311.5322.
[10] M. Hayashi, T. Morimae, "Verifiable measurement-only blind quantum computing with stabilizer testing",  arXiv:1505.07535.

### Benchmarking quantum channels for private communications: the problem of regularization

Friday 25 September 2015, 12h15 - 12h45
David Elkouss, TU Delft, Netherlands
Abstract: The classical capacity of a classical channel is found by maximizing the mutual information between the input and output of a single use of the channel. In contrast, the different capacities of quantum channels are obtained by the infinite regularization of particular entropic quantities. This implies that we do not know the capacity except for a handful of channels. For instance, the private capacity of the depolarizing and the BB84 channels, which relate to the limits of the 6-state and the BB84 QKD protocols, are wide open.

In this talk I will review our current understanding of the need for regularization. In particular, I will present some constructions that show that it is not possible to stop the regularization at some finite universal constant independent of the channel and still evaluate the capacity with arbitrary precision.

Part of the talk will be based in arXiv:1408.5115 and arXiv:1502.05326 which is joint work with Toby Cubitt, Will Matthews, Maris Ozols, David Perez-Garcia and Sergii Strelchuk.

### Layered Secrecy on Broadcast Networks

Friday 25 September 2015, 14h00 - 15h00
Shlomo Shamai (Shitz), Dept. Electrical Engineering, Technion, Israel

Abstract: We review the setting of layered secrecy, addressing the degraded broadcast channel. The basic framework facilitates for a legitimate receiver who enjoys a better channel quality (channel state information, unavailable to the transmitter) to decode more secret messages, while the  eavesdroppers with worse channel quality are kept ignorant of more messages. While this layered based secrecy coding approach (variable-to-fixed rate secrecy coding) is evaluated for degraded channels, the strategy is relevant to general settings, though not necessarily optimal. Examples of the approach for fading channels, where the legitimate and eavesdropping channels are corrupted by multiplicative random fading gains are presented.

We use a similar paradigm of a layered approach to address secret sharing problem, where groups of users are able to determine certain secrets by sharing their channel outputs, and other groups of users are kept ignorant of certain secrets even if they share their outputs.

In the concluding outlook we discuss secret communication designs for different models. We also present secret capacity region results for the novel paradigm, of secrecy outside of a bounded range, focusing on simple models, for which it is shown that the secret capacity requires combinations of superposition coding, binning, and embedded codes, as well as sharing designs (as rate splitting).

The talk is based on joint studies with S. Zou, Y. Liang, L. Lai and H.V. Poor.

### Secure Gray-Wyner Source Coding

Friday 25 September 2015, 15h30 - 16h00
Abdellatif Zaidi, Huawei R&D France, Paris, France
Abstract: We consider the Gray-Wyner source coding model with secrecy constraints. In this model, a source encoder observes a pair of sources (X,Y) and sends  three descriptions to two separate receivers, a common description that is intended to both receivers and individual descriptions that are intended to one of the receivers each.   The source X is to be recovered at the first receiver, to within some prescribed distortion level D1, and has to be kept as secret as possible at the second receiver (equivocation level Delta1). Similarly, the source Y is to be recovered at the second receiver, to within some prescribed distortion level D2, and has to be kept as secret as possible at the first receiver (equivocation level Delta2).

We establish a single letter characterization of the optimal region of rate-distortion-equivocation tuples of the model. Furthermore, we also discuss some insightful numerical examples.

Joint work with Meryem Benammar.

### The Wiretap Channel with Generalized Feedback: Secure Communication and Key Generation

Friday 25 September 2015, 16h00 - 16h30
Pablo Piantanida,  Laboratoire des Signaux et Systèmes (L2S),  CentraleSupélec-CNRS-Université Paris-Sud, France
Abstract: It is a well-known fact that feedback does not increase the capacity of point-to-point memoryless channels, however, its effect in secure communications is not fully understood yet. In this talk, two achievable schemes for the wiretap channel with generalized feedback are presented. One of the schemes, which is based on joint source-channel coding, correlates the codewords to be transmitted with the feedback signal in the hope of *hiding* them from the eavesdropper’s observations. The other scheme, which uses the feedback signal to generate a shared secret key between the legitimate users, encrypts the message to be sent at the bit level. These schemes recover previous known results from the literature, thus they can be seen as a generalization and hence unification of several results in the field. Additionally, we present new capacity results for a class of channels and, for the Gaussian wiretap channel with noisy feedback, the schemes are shown to achieve positive secrecy rates even in unfavorable scenarios where the eavesdropper experiences much better channel conditions than the legitimate user.

### Authentication at the Physical Layer: from Device-to-Device to Networks

Friday 25 September 2015, 16h45 - 17h15
Stefano Tomasin, Huawei R&D France, Paris, France