Network function computation with vector linear target function and security function

In this paper, we study the problem of securely computing a function over a network, where both the target function and the security function are vector linear. The network is modeled as a directed acyclic graph. A sink node wishes to compute a function of messages generated by multiple distributed sources, while an eavesdropper can access exactly one wiretap set from a given collection. The eavesdropper must be prevented from obtaining any information about a specified security function of the source messages. The secure computing capacity is the maximum average number of times that the target function can be securely computed with zero error at the sink node with the given collection of wiretap sets and security function for one use of the network. We establish two upper bounds on this capacity, which hold for arbitrary network topologies and for any vector linear target and security functions. These bounds generalize existing results and also lead to a new upper bound when the target function is the sum over a finite field. For the lower bound, when the target function is the sum, we extend an existing method, which transforms a non-secure network code into a secure one, to the case where the security function is vector linear. Furthermore, for a particular class of networks and a vector linear target function, we characterize the required properties of the global encoding matrix to construct a secure vector linear network code.

💡 Research Summary

This paper investigates secure network function computation in directed acyclic graphs where both the target function f and the security function g are vector‑linear over a finite field 𝔽_q. A set of source nodes each generates ℓ independent symbols, and a single sink must recover f(M_S) with zero error while an eavesdropper, who can observe any one wiretap set W from a prescribed collection, must learn nothing about g(M_S). The authors define the secure computing capacity C(N,f,g,𝓦) as the supremum of the ratio ℓ/n (ℓ source symbols per n symbols transmitted on each edge) achievable under these constraints.

The first major contribution is the derivation of two general upper bounds on C(N,f,g,𝓦) that hold for arbitrary network topologies and for any vector‑linear f and g. For any cut C separating the sink from a subset of sources, they define three source subsets: D_C (sources whose paths to the sink intersect C), I_C (sources completely cut off by C), and J_C = D_C \ I_C. Using the dimensions of the subspaces spanned by the rows of the coefficient matrices of f and g restricted to J_C, together with the size of the cut and the wiretap budget r, they obtain a bound of the form

C ≤ min_{W∈𝓦, C∈Λ(N)}  (|C| − r) / max{rank(F_{J_C}), rank(G_{J_C})}.

This expression generalizes earlier scalar‑linear bounds by replacing scalar ranks with matrix ranks. The second bound is obtained by selecting cuts that satisfy a stricter structural condition (essentially cuts that fully capture D_C and leave I_C empty). In the special case where f is the algebraic sum and g is the identity, this new bound is strictly tighter than previously known results, as demonstrated by a concrete network example.

The second contribution extends the “transform a non‑secure linear code into a secure one” technique, originally developed for sum functions with identity security, to the case where g is an arbitrary vector‑linear function. Each source is equipped with an independent random key K_i. The overall encoding is represented by a global matrix M such that the transmitted vector on every edge is Y = M·