Wiretap Channel with Strictly Causal Side Information at Encoder Amir Sonee ∗† and Ghosheh Abed Hodtani ∗ ∗ Department of Electrical Engineering, Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Iran † Communications and Computer Research Center Email: Amir.Sonee@stu.um.ac.ir, ghodtani@gmail.com Abstract—In this paper, the wiretap channel with side infor- mation studied in [2] is revisited for the case in which the side information is available only at the encoder and in a strictly causal manner. We derive a lower bound on the secrecy capacity of the channel based on a coding scheme which consists of block Markov encoding and key generation using the strictly causal state information available at the encoder. In order to provide the secrecy of messages, at the end of each block a description of the state sequence obtained by the encoder is used to generate the key which encrypts the whole or part of the message to be transmitted in the next block. Moreover, for the decoder to be able to decrypt the messages, the description of the sate sequence of each block is sent in common with the message of that block. Also, an upper bound on the secrecy capacity is developed which assumes that the state is noncausally known at the encoder and we prove that it would coincide the lower bound for a special case and results in the secrecy capacity. I. I NTRODUCTION Recently, it has been shown that side information can increase the secrecy rate of wiretap channel. For the case in which side information is known noncausally at the encoder, it has been proved that the perfect secrecy rate can be increased in compression with the case that side information does not exist [1]. For the single user with secrecy constraints, it has been shown in [2] that causal side information not only helps to increase the secrecy rate but also there are some cases that it can outperform the case in which noncausal side information is available at the encoder. The coding scheme presented in [2] makes use of the common causal information available at both the encoder and decoder to generate a key that is used to encrypt the transmitted message. The case in which the causal side information is available only at the encoder is discussed in [3] for which inner and outer bounds on the capacity-equivocation region are obtained. In this paper, we reconsider the wiretap channel with causal side information in [2] for a new setting in which strictly causal side information is available only at the encoder. In this case since side information is not available at the decoder we have to provide it with a description or compressed version of the side information and then make use of that description to generate a key. Also, since here the encoder has access to only the past instances of the side information, Gelfand- Pinsker (GP) coding and shannon strategy can not be used. So, We derive a lower bound for the secrecy capacity using block markov encoding. The encoder, at the end of each block, makes a description of the state of that block and then generates a key with respect to this description which is used to encrypt the message of the next block. While the encoder knows the state, the decoder is not aware of it. Therefore, the encoder sends the key generated in each block simultaneously with the message to make the decoder capable of decrypting the recovered message. What makes this work different from that of [2] where side information is also known at the decoder, is that since here the decoder is uniformed of the state, the encoder needs to provide it with a description of the state of each block. The paper is organized as follows. In section II a brief review of the model and necessary definitions are presented. Section III includes our main results including the lower bound and upper bounds on the secrecy capacity of the channel. Next, we show that these bounds match for a special case satisfying special constraints. Finally, the whole paper is concluded in section VI. The proofs of the theorems are given in appendices A and B. II. SYSTEM MODEL The discrete memoryless wiretap channel (DM-WTC) with strictly causal side information at the encoder (DM-WTC- SCSIE) is a three terminal discrete memoryless channel con- sisting of an encoder, a decoder and an eavesdropper. The model is specified with a channel transition distribution matrix P Y,Z|X,S (y,z|x, s) with (x, s, y, z) ∈X×S×Y×Z where X is the channel input random variable at the encoder; S is the side information governing the channel input-output relation; and Y and Z are the channel output random variables at the decoder and eavesdropper, respectively. Also, X, S, Y and Z take value over discrete alphabets X , S , Y and Z , respectively. A (2 nR ,n) code for the DM-WTC-SCSIE consists of a set of uniformly distributed message indices M = {1, ..., 2 nR }; a sequence of encoding functions f i : M×S i−1 →X for i =1, 2, ..., n; and a decoder g : Y n →M. The average error probability for this code is defined as P (n) e = P [g(y n ) = M ]. The information leakage rate at the eavesdropper is defined as R L = 1 n I (M ; Z n ), which is a measure of the amount of message information M that is obtained by the eavesdropper [2]. A secrecy rate R for the DM-WTC-SCSIE is said to be achievable if there exists a sequence of (2 nR ,n) codes such that P (n) e ≤  and R L ≤  for any > 0 and sufficiently large n. Also, the secrecy capacity C SCSIE S of this channel is 2014 Iran Workshop on Communication and Information Theory (IWCIT) 978-1-4799-4877-2/14/$31.00 ©2014 IEEE