On the gradual deployment of random pairwise key distribution schemes (Extended Version)

In the context of wireless sensor networks, the pairwise key distribution scheme of Chan et al. has several advantages over other key distribution schemes including the original scheme of Eschenauer and Gligor. However, this offline pairwise key distribution mechanism requires that the network size be set in advance, and involves all sensor nodes simultaneously. Here, we address this issue by describing an implementation of the pairwise scheme that supports the gradual deployment of sensor nodes in several consecutive phases. We discuss the key ring size needed to maintain the secure connectivity throughout all the deployment phases. In particular we show that the number of keys at each sensor node can be taken to be $O(\log n)$ in order to achieve secure connectivity (with high probability).

💡 Research Summary

The paper addresses a practical limitation of the random pairwise key predistribution scheme originally proposed by Chan et al. While this scheme offers perfect resilience against node capture and enables node‑to‑node authentication, it assumes that the total number of sensor nodes n is known in advance and that all nodes are provisioned simultaneously. In many real‑world wireless sensor network (WSN) deployments, nodes are added gradually in several phases, which makes the original offline pairing mechanism unsuitable.

To overcome this, the authors propose an implementation that pre‑computes key rings for a maximal network size n but only installs the appropriate subset of keys on the nodes that are actually deployed in each phase. The deployment is described by a sequence of fractions 0 < γ₁ < γ₂ < … < γ_ℓ ≤ 1; in phase k the first ⌊γ_k n⌋ nodes are activated and receive their pre‑computed key rings Σ_{n,i}. This approach allows new nodes to be added later without re‑issuing keys, while preserving the pairwise nature of the keys (each key is unique to a specific node pair).

The technical contribution consists of two intertwined analyses: (i) the size of the key ring stored at each node, and (ii) the probability that the induced subgraph H_{γ}(n;K) — the graph formed by the nodes deployed up to a fraction γ of the total—remains connected.

Regarding memory, Lemma 4.1 shows that when the pairing parameter K grows without bound, the average key‑ring size converges to 2K. Theorem 4.2 refines this by proving that if K scales as λ log n with λ > λ*≈2.6, then the maximum key‑ring size over all nodes is tightly concentrated around 2K ± c log n with high probability. Consequently, each sensor needs only O(log n) keys, matching the memory requirement of the classic EG scheme.

For connectivity, the authors first recall the known zero‑one law for the full graph H(n;K): it is almost surely connected when K ≥ 2. However, the subgraph H_{γ}(n;K) behaves differently because edges that involve nodes not yet deployed are absent. Theorem 4.3 establishes a one‑law: if K_n ≈ c log n with c > 1, then for any fixed γ ∈ (0,1) the probability that H_{γ}(n;K_n) is connected tends to 1 as n → ∞.

Theorem 4.4 provides a complementary zero‑law for the absence of isolated nodes. It defines a threshold function
 r(γ) = (1 − log(1 − γ))/γ − 1,
and shows that if c < r(γ) the probability of having no isolated nodes goes to 0, while if c > r(γ) it goes to 1. Since a connected graph must have no isolated nodes, this yields a necessary condition for connectivity. Corollary 4.5 combines the two results, revealing a small gap between the zero‑law threshold r(γ) (which lies between ½ and 1) and the one‑law threshold 1. In practice, choosing K = Θ(log n) ensures that every deployment phase yields an almost surely connected network.

The overall conclusion is that, even under gradual deployment, the pairwise key distribution scheme remains feasible: by setting K on the order of log n, each node stores only O(log n) keys, and the network stays securely connected throughout all phases with high probability. This matches the memory efficiency of the EG scheme while preserving the superior security properties of pairwise keys (perfect resilience and built‑in authentication). The authors acknowledge that the analysis assumes full visibility (all nodes within communication range), which is optimistic for real wireless links, but they argue that the derived scaling laws provide valuable design guidelines for practical WSN deployments.