Sengupta-Tandon-Clancy Secure Delivery Scheme

Theorem: STC Secure Delivery Rate

For the secure coded-caching problem with KK users, NN files, and cache size MM per user with Mβ‰₯1M \geq 1, the achievable secure delivery rate is Rsecβ€…β€Š=β€…β€ŠK(1βˆ’(Mβˆ’1)/N)1+K(Mβˆ’1)/N.R_\text{sec} \;=\; \frac{K(1 - (M-1)/N)} {1 + K(M-1)/N}. This is the MAN rate with effective memory Meff=Mβˆ’1M_\text{eff} = M - 1. For M<1M < 1: no secure scheme exists.

Cache splits into two parts: 1 file of random key bits for OTP masking + (Mβˆ’1)(M - 1) files of file-content subfiles (MAN structure). Delivery phase XORs each MAN transmission with a fresh key from the cache. Eavesdropper sees only XOR-with-key = uniform noise. Users decode using their cached key + MAN structure.

Proof
Placement

Reserve 1 file of cache for a random key Kk\mathbf{K}_k of size FF bits (uniform random, independent of library). Use remaining (Mβˆ’1)F(M-1)F bits for MAN-style subfile caching with effective memory Mβˆ’1M - 1.

Delivery

Run MAN delivery on demands with effective memory Mβˆ’1M - 1: output XMANX_\text{MAN}. Transmit X=XMANβŠ•KX = X_\text{MAN} \oplus \mathbf{K}, where K\mathbf{K} is a key shared by the relevant users (from an appropriate Shamir sharing or reused XOR, see Β§17.3).

Correctness

Each user kk knows K\mathbf{K} (constructed to be reconstructible from its cache). It undoes the mask, then decodes via MAN.

Secrecy

X=XMANβŠ•KX = X_\text{MAN} \oplus \mathbf{K} with K\mathbf{K} uniform β‡’\Rightarrow XX is uniform β‡’\Rightarrow I(W;X)=0I(\mathcal{W}; X) = 0. β– \blacksquare

Definition:

Two-Tier Placement for STC Scheme

STC placement. For secure delivery with cache size Mβ‰₯1M \geq 1:

  1. Tier 1 (key tier): Reserve FF bits (=1= 1 file) of cache for random key material Kk\mathbf{K}_k. The specific key value is user-dependent and shared-randomness-derived so that keys are correlated across users via a (t,n)(t, n)-secret sharing.
  2. Tier 2 (MAN tier): Use remaining (Mβˆ’1)F(M-1)F bits for MAN subfile caching. Apply MAN placement with memory Mβˆ’1M - 1.

In delivery, tier-1 provides the OTP mask; tier-2 provides the file-content subfiles for coded multicast.

The two-tier structure is essential: without tier-1 keys, tier-2 MAN delivery leaks file content to E\mathcal{E}. Without tier-2, no caching gain.

STC Secure Delivery

Complexity: Subpacketization: (Kt)\binom{K}{t}. Key material: (Kt+1)F/(Kt)=(Kβˆ’t)/(t+1)β‹…F\binom{K}{t+1}F/\binom{K}{t} = (K-t)/(t+1) \cdot F bits of key per delivery round. Amortized: ≀1\leq 1 file of key per user.
Input: Library W\mathcal{W}; users 1,…,K1, \ldots, K; cache size
Mβ‰₯1M \geq 1; demand vector d=(d1,…,dK)\mathbf{d} = (d_1, \ldots, d_K).
Output: Broadcast message XX with I(W;X)=0I(\mathcal{W}; X) = 0.
1. Placement (offline).
2. \quad Generate shared random keys {KS}\{\mathbf{K}_\mathcal{S}\}
for each (t+1)(t+1)-subset S\mathcal{S}, where t=K(Mβˆ’1)/Nt = K(M-1)/N.
3. \quad User kk stores KS\mathbf{K}_\mathcal{S} iff k∈Sk \in \mathcal{S} (reconstructible via tt-secret sharing).
4. \quad User kk stores MAN subfiles Wn,SW_{n, \mathcal{S}} for k∈Sk \in \mathcal{S}, with subpacketization (Kt)\binom{K}{t}.
5. Delivery (online).
6. \quad Compute MAN XOR XSβ€²=⨁k∈Sβ€²Wdk,Sβ€²βˆ–{k}X_\mathcal{S'} = \bigoplus_{k \in \mathcal{S}'} W_{d_k, \mathcal{S}' \setminus \{k\}} for each (t+1)(t+1)-subset.
7. \quad Mask: X~Sβ€²=XSβ€²βŠ•KSβ€²\tilde X_{\mathcal{S}'} = X_{\mathcal{S}'} \oplus \mathbf{K}_{\mathcal{S}'}.
8. \quad Broadcast X~Sβ€²\tilde X_{\mathcal{S}'} for all Sβ€²\mathcal{S}'.
9. User decoding.
10. \quad User kk reconstructs KSβ€²\mathbf{K}_{\mathcal{S}'} for k∈Sβ€²k \in \mathcal{S}' from its cache.
11. \quad Unmask: XSβ€²=X~Sβ€²βŠ•KSβ€²X_{\mathcal{S}'} = \tilde X_{\mathcal{S}'} \oplus \mathbf{K}_{\mathcal{S}'}.
12. \quad Apply MAN decoding to recover Wdk,Sβ€²βˆ–{k}W_{d_k, \mathcal{S}' \setminus \{k\}}.
13. \quad Reassemble WdkW_{d_k}.

Each (t+1)(t+1)-XOR message carries a fresh shared key; shared randomness amortizes over (Kt+1)\binom{K}{t+1} messages. Total key material per user stays at ≀F\leq F β€” matches the Mβ‰₯1M \geq 1 floor.

STC Rate Gap vs Non-Secure MAN

Absolute rate gap Rsecβˆ’RMANR_\text{sec} - R_\text{MAN} vs number of users KK, for several memory ratios ΞΌ\mu. Gap shrinks as KK grows β€” the fixed 1-file secrecy cost becomes negligible at scale.

Parameters
0.25
100

Example: STC Scheme Walkthrough: K=3K = 3, N=3N = 3, M=2M = 2

Concrete walkthrough for K=3K = 3 users, N=3N = 3 files, M=2M = 2 per user. Demands d=(1,2,3)\mathbf{d} = (1, 2, 3).

Solution
Effective memory

Meff=Mβˆ’1=1M_\text{eff} = M - 1 = 1. MAN parameter: t=Kβ‹…Meff/N=3β‹…1/3=1t = K \cdot M_\text{eff} / N = 3 \cdot 1/3 = 1.

Placement

MAN tier: split each file WnW_n into 3 subfiles Wn,{1},Wn,{2},Wn,{3}W_{n, \{1\}}, W_{n, \{2\}}, W_{n, \{3\}} (each F/3F/3 bits). User kk stores Wn,{k}W_{n, \{k\}} for all nn. Key tier: user kk also holds random key shares that allow reconstruction of pairwise keys K{k,j}\mathbf{K}_{\{k,j\}} for other jj.

MAN delivery

Three XOR messages (one per (t+1)(t+1)-pair):

  • X{1,2}=W1,{2}βŠ•W2,{1}X_{\{1,2\}} = W_{1, \{2\}} \oplus W_{2, \{1\}}
  • X{1,3}=W1,{3}βŠ•W3,{1}X_{\{1,3\}} = W_{1, \{3\}} \oplus W_{3, \{1\}}
  • X{2,3}=W2,{3}βŠ•W3,{2}X_{\{2,3\}} = W_{2, \{3\}} \oplus W_{3, \{2\}}
Secrecy masking

Broadcast: X~Sβ€²=XSβ€²βŠ•KSβ€²\tilde X_\mathcal{S'} = X_\mathcal{S'} \oplus \mathbf{K}_\mathcal{S'} for each pair. Eavesdropper sees three masked XORs β€” uniformly random, zero info about W\mathcal{W}.

User 1 decoding

User 1 has K{1,2}\mathbf{K}_{\{1,2\}} and K{1,3}\mathbf{K}_{\{1,3\}}. Unmasks X~{1,2}\tilde X_{\{1,2\}}, X~{1,3}\tilde X_{\{1,3\}}. Uses cached W2,{1},W3,{1}W_{2,\{1\}}, W_{3,\{1\}} to recover W1,{2},W1,{3}W_{1,\{2\}}, W_{1,\{3\}}. Combined with its cached W1,{1}W_{1, \{1\}}: full W1W_1.

Rate

Rsec=3(1βˆ’1/3)/(1+3β‹…1/3)=3β‹…2/3/2=1R_\text{sec} = 3(1 - 1/3)/(1 + 3 \cdot 1/3) = 3 \cdot 2/3/2 = 1 file/use. MAN without secrecy (effective M=2M = 2) would give R=3(1βˆ’2/3)/(1+3β‹…2/3)=1/3R = 3(1 - 2/3)/(1 + 3 \cdot 2/3) = 1/3. Cost of secrecy: 2/3 file per use.

⚠️Engineering Note

STC in Wireless Broadcast Systems

STC is natural for wireless broadcast where the medium is open:

  1. Wi-Fi and cellular. Open-air broadcast; legitimate user decodes via key, eavesdropper gets noise-like signal.
  2. Satellite distribution. DVB-S2 supports CW-C2 (physical layer encryption); STC-style caching could layer on top.
  3. 5G multicast (MBMS). Multicast delivery with per-UE keys is specified; adding coded-caching structure is active research.
  4. Comparison to TLS. TLS encrypts unicast with per-session key. STC is information-theoretic: immune to quantum attacks, but requires cache-resident key material.

Limits. Practical keys use pseudorandom generators (PRGs); information-theoretic secrecy requires true randomness. For large-scale deployment, PRGs typically suffice, with standard caveats about cryptographic assumptions.

Practical Constraints
  • β€’

    Wi-Fi: WPA3 is AES-based (computational security)

  • β€’

    5G: NAS/AS encryption is AES; info-theoretic uncommon

  • β€’

    Quantum-safe: STC is natively resistant (no public-key assumption)

  • β€’

    Key management: coded cache keys need fresh rotation

Key Takeaway

The STC scheme achieves the \R_\\text{sec} = K(1 - (M-1)/N)/(1 + K(M-1)/N) rate by two-tier placement. Tier 1 (1 file per user) provides OTP keys; tier 2 (remaining Mβˆ’1M - 1) is standard MAN. Secrecy costs 1 file of memory; the multicasting gain is preserved for the rest.

Security Model: Eavesdropper on the BroadcastSecret Sharing for Cache Placement