On Secure Network Coding with Nonuniform or Restricted Wiretap Sets

The secrecy capacity of a network, for a given collection of permissible wiretap sets, is the maximum rate of communication such that observing links in any permissible wiretap set reveals no information about the message. This paper considers secure network coding with nonuniform or restricted wiretap sets, for example, networks with unequal link capacities where a wiretapper can wiretap any subset of $k$ links, or networks where only a subset of links can be wiretapped. Existing results show that for the case of uniform wiretap sets (networks with equal capacity links/packets where any $k$ can be wiretapped), the secrecy capacity is given by the cut-set bound, and can be achieved by injecting $k$ random keys at the source which are decoded at the sink along with the message. This is the case whether or not the communicating users have information about the choice of wiretap set. In contrast, we show that for the nonuniform case, the cut-set bound is not achievable in general when the wiretap set is unknown, whereas it is achievable when the wiretap set is made known. We give achievable strategies where random keys are canceled at intermediate non-sink nodes, or injected at intermediate non-source nodes. Finally, we show that determining the secrecy capacity is a NP-hard problem.