In this paper, the problem of securely computing a function over the binary modulo-2 adder multiple-access wiretap channel is considered. The problem involves a legitimate receiver that wishes to reliably and efficiently compute a function of distributed binary sources while an eavesdropper has to be kept ignorant of them. In order to characterize the corresponding fundamental limit, the notion of secrecy computation-capacity is introduced. Although determining the secrecy computation-capacity is challenging for arbitrary functions, it surprisingly turns out that if the function perfectly matches the algebraic structure of the channel and the joint source distribution fulfills certain conditions, the secrecy computation-capacity equals the computation capacity, which is the supremum of all achievable computation rates without secrecy constraints. Unlike the case of securely transmitting messages, no additional randomness is needed at the encoders nor does the legitimate receiver need any advantage over the eavesdropper. The results therefore show that the problem of securely computing a function over a multiple-access wiretap channel may significantly differ from the one of securely communicating messages.
Index TermsSecure distributed computation, computation coding, multiple-access wiretap channel, physical-layer security I. INTRODUCTION In their seminal work [1], Nazer and Gastpar lay the information-theoretic foundation of distributed computation over unreliable channels. The big difference between this approach and the standard theory dealing with reliable message transfer is that, in [1], the intended receiver decodes function values immediately from the channel output. In other words, the receiver does not care about individual messages and penalizes itself only when the function is incorrectly decoded.In this regard, Nazer and Gastpar show that in many cases, the performance gain over separation-based computation strategies is proportional to the number of source terminals. In a separation-based strategy, the receiver first reliably decodes all individual messages and subsequently computes the sought function value. It is remarkable that the gains over separation-based strategies stem from a match between the desired function and the algebraic structure of the channel. Since the publication of [1], the results and ideas have been extended in many different ways [2]-[6].Due to the trend towards large-scale decentralized networks consisting of many mutually distrusting terminals, security and integrity of computation results are of high priority in order to guarantee trustworthy operation. In this work, we therefore make a first attempt to extend the concept of computation coding [1] by taking information theoretic security aspects into account. In particular, we consider the problem of computing a function over the binary modulo-2 adder multiple-access wiretap channel (MAWC). The problem involves a legitimate receiver that wishes to reliably compute a function of distributed binary sources in the ...