
Modern authentication systems store hashed values of passwords of users using
cryptographic hash functions. Therefore, to crack a password an attacker needs
to guess a hash function input that is mapped to the hashed value, as opposed
to the password itself. We call a hash function that maps the same number of
inputs to each bin, as \textbf{unbiased}. However, cryptographic hash functions
in use have not been proven to be unbiased (i.e., they may have an unequal
number of inputs mapped to different bins). A cryptographic hash function has
the property that it is computationally difficult to find an input mapped to a
bin. In this work we introduce a structured notion of biased hash functions for
which we analyze the average guesswork under certain types of brute force
attacks. This work shows that the level of security depends on the set of
hashed values of valid users as well as the statistical profile of a hash
function, resulting from bias. We examine the average guesswork conditioned on
the set of hashed values, and model the statistical profile through the
empirical distribution of the number of inputs that are mapped to a bin. In
particular, we focus on a class of statistical profiles (capturing the bias) ,
which we call typeclass statistical profiles, that has an empirical
distribution related to the probability of the type classes defined in the
method of types. For such profiles, we show that the average guesswork is
related to basic measures in information theory such as entropy and divergence.
We use this to show that the effect of bias on the conditional average
guesswork is limited compared to other system parameters such as the number of
valid users who store their hashed passwords in the system.

We study the role of caches in wireless interference networks. We focus on
content caching and delivery across a Gaussian interference network, where both
transmitters and receivers are equipped with caches. We provide a
constantfactor approximation of the system's degrees of freedom (DoF), for
arbitrary number of transmitters, number of receivers, content library size,
receiver cache size, and transmitter cache size (as long as the transmitters
combined can store the entire content library among them). We demonstrate
approximate optimality with respect to informationtheoretic bounds that do not
impose any restrictions on the caching and delivery strategies. Our
characterization reveals three key insights. First, the approximate DoF is
achieved using a strategy that separates the physical and network layers. This
separation architecture is thus approximately optimal. Second, we show that
increasing transmitter cache memory beyond what is needed to exactly store the
entire library between all transmitters does not provide more than a
constantfactor benefit to the DoF. A consequence is that transmit zeroforcing
is not needed for approximate optimality. Third, we derive an interesting
tradeoff between the receiver memory and the number of transmitters needed for
approximately maximal performance. In particular, if each receiver can store a
constant fraction of the content library, then only a constant number of
transmitters are needed. Our solution to the caching problem requires
formulating and solving a new communication problem, the symmetric multiple
multicast Xchannel, for which we provide an exact DoF characterization.

We develop a characterization of fading models, which assigns a number called
logarithmic Jensen's gap to a given fading model. We show that as a consequence
of a finite logarithmic Jensen's gap, approximate capacity region can be
obtained for fast fading interference channels (FFIC) for several scenarios.
We illustrate three instances where a constant capacity gap can be obtained as
a function of the logarithmic Jensen's gap. Firstly for an FFIC with neither
feedback nor instantaneous channel state information at transmitter (CSIT), if
the fading distribution has finite logarithmic Jensen's gap, we show that a
ratesplitting scheme based on average interferencetonoise ratio (inr) can
achieve its approximate capacity. Secondly we show that a similar scheme can
achieve the approximate capacity of FFIC with feedback and delayed CSIT, if
the fading distribution has finite logarithmic Jensen's gap. Thirdly, when this
condition holds, we show that pointtopoint codes can achieve approximate
capacity for a class of FFIC with feedback. We prove that the logarithmic
Jensen's gap is finite for common fading models, including Rayleigh and
Nakagami fading, thereby obtaining the approximate capacity region of FFIC
with these fading models. For Rayleigh fading the capacity gap is obtained as
1.83 bits per channel use for nonfeedback case and 2.83 bits per channel use
for feedback case. Our analysis also yields approximate capacity results for
fading 2tap ISI channel and fading interference multiple access channel as
corollaries.

We study the caching problem when we are allowed to match each user to one of
a subset of caches after its request is revealed. We focus on nonuniformly
popular content, specifically when the file popularities obey a Zipf
distribution. We study two extremal schemes, one focusing on coded server
transmissions while ignoring matching capabilities, and the other focusing on
adaptive matching while ignoring potential coding opportunities. We derive the
rates achieved by these schemes and characterize the regimes in which one
outperforms the other. We also compare them to informationtheoretic outer
bounds, and finally propose a hybrid scheme that generalizes ideas from the two
schemes and performs at least as well as either of them in most memory regimes.

The fact that Millimeter Wave (mmWave) communication needs to be directional
is usually perceived as a challenge; in this paper we argue that it enables
efficient secret key sharing that are unconditionally secure from passive
eavesdroppers, by building on packet erasures. We showcase the potential of our
approach in two setups: beam sweeping to align receiver/transmitter pairs, and
vehicle platooning. We show that in the first case, we can establish a few
hundred secret bits at virtually no additional transmission cost; and in the
second case, we can potentially establish keys in the order of tenths of Mbps.
These first results are based on some simplifying assumptions, yet we believe
they give incentives to further explore such techniques.

Performance of distributed optimization and learning systems is bottlenecked
by "straggler" nodes and slow communication links, which significantly delay
computation. We propose a distributed optimization framework where the dataset
is "encoded" to have an overcomplete representation with builtin redundancy,
and the straggling nodes in the system are dynamically left out of the
computation at every iteration, whose loss is compensated by the embedded
redundancy. We show that oblivious application of several popular optimization
algorithms on encoded data, including gradient descent, LBFGS, proximal
gradient under data parallelism, and coordinate descent under model
parallelism, converge to either approximate or exact solutions of the original
problem when stragglers are treated as erasures. These convergence results are
deterministic, i.e., they establish sample path convergence for arbitrary
sequences of delay patterns or distributions on the nodes, and are independent
of the tail behavior of the delay distribution. We demonstrate that equiangular
tight frames have desirable properties as encoding matrices, and propose
efficient mechanisms for encoding largescale data. We implement the proposed
technique on Amazon EC2 clusters, and demonstrate its performance over several
learning problems, including matrix factorization, LASSO, ridge regression and
logistic regression, and compare the proposed method with uncoded,
asynchronous, and data replication strategies.

Nanopore sequencing is an emerging new technology for sequencing DNA, which
can read long fragments of DNA (~50,000 bases) in contrast to most current
shortread sequencing technologies which can only read hundreds of bases. While
nanopore sequencers can acquire long reads, the high error rates (20%30%) pose
a technical challenge. In a nanopore sequencer, a DNA is migrated through a
nanopore and current variations are measured. The DNA sequence is inferred from
this observed current pattern using an algorithm called a basecaller. In this
paper, we propose a mathematical model for the "channel" from the input DNA
sequence to the observed current, and calculate bounds on the information
extraction capacity of the nanopore sequencer. This model incorporates
impairments like (nonlinear) intersymbol interference, deletions, as well as
random response. These information bounds have twofold application: (1) The
decoding rate with a uniform input distribution can be used to calculate the
average size of the plausible list of DNA sequences given an observed current
trace. This bound can be used to benchmark existing basecalling algorithms, as
well as serving a performance objective to design better nanopores. (2) When
the nanopore sequencer is used as a reader in a DNA storage system, the storage
capacity is quantified by our bounds.

There is a vast body of work on the capacity bounds for a "coherent" wireless
network, where the network channel gains are known, at least at the
destination. However, there has been much less attention to the case where the
network parameters (channel gains) are unknown to everyone, i.e., the
noncoherent wireless network capacity. In this paper, we study the generalized
degrees of freedom (gDoF) of the blockfading noncoherent diamond (parallel
relay) network with asymmetric distributions of link strengths, and a coherence
time of T symbol duration. We first derive an outer bound for this channel and
then derive the optimal signaling structure for this outer bound. Using the
optimal signaling structure we solve the outer bound optimization problem for
gDoF. Using insights from our outer bound signaling solution, we devise an
achievability strategy based on a novel scheme that we call trainscale
quantizemapforward. This uses training in the links from source to relays,
scaling and quantizing at relays combined with nontraining based schemes. We
show the optimality of this scheme with respect to the outer bound in terms of
gDof. In noncoherent pointtopoint MIMO, where the fading channel is unknown
to transmitter and receiver, an important tradeoff between communication and
channel learning was revealed by Zheng and Tse, by demonstrating that not all
antennas available might be used as it is suboptimal to learn all their
channel parameters. Our results in this paper for the diamond network
demonstrates that in certain regimes the optimal scheme uses a subnetwork,
demonstrating a similar tradeoff between channel learning and communications.
However, in other regimes it is useful to use the entire network and not use
training at all in the signaling, as traditional training based schemes are
suboptimal in these regimes.

Slow running or straggler tasks can significantly reduce computation speed in
distributed computation. Recently, codingtheoryinspired approaches have been
applied to mitigate the effect of straggling, through embedding redundancy in
certain linear computational steps of the optimization algorithm, thus
completing the computation without waiting for the stragglers. In this paper,
we propose an alternate approach where we embed the redundancy directly in the
data itself, and allow the computation to proceed completely oblivious to
encoding. We propose several encoding schemes, and demonstrate that popular
batch algorithms, such as gradient descent and LBFGS, applied in a
codingoblivious manner, deterministically achieve sample path linear
convergence to an approximate solution of the original problem, using an
arbitrarily varying subset of the nodes at each iteration. Moreover, this
approximation can be controlled by the amount of redundancy and the number of
nodes used in each iteration. We provide experimental results demonstrating the
advantage of the approach over uncoded and data replication strategies.

Eavesdropping attacks in inference systems aim to learn not the raw data, but
the system inferences to predict and manipulate system actions. We argue that
conventional information security measures can be ambiguous on the adversary's
estimation abilities, and adopt instead a distortion based framework that
enables to operate over a metric space. We show that requiring perfect
distortionbased security is more frugal than requiring perfect
informationtheoretic secrecy even for block length one codes, offering in some
cases unbounded gains. Within this framework, we design algorithms that enable
to efficiently use shared randomness, and show that each bit of shared random
key is exponentially useful in security.

We propose a cellular architecture that combines multiuser MIMO (MUMIMO)
downlink with opportunistic use of unlicensed ISM bands to establish
devicetodevice (D2D) cooperation. The architecture consists of a
physicallayer cooperation scheme based on forming downlink virtual MIMO
channels through D2D relaying, and a novel resource allocation strategy for
such D2Denabled networks. We prove the approximate optimality of the
physicallayer scheme, and demonstrate that such cooperation boosts the
effective SNR of the weakest user in the system, especially in the manyuser
regime, due to multiuser diversity. To harness this physicallayer scheme, we
formulate the cooperative user scheduling and relay selection problem using the
network utility maximization framework. For such a cooperative network, we
propose a novel utility metric that jointly captures fairness in throughput and
the cost of relaying in the system. We propose a joint user scheduling and
relay selection algorithm, which we prove to be asymptotically optimal. We
study the architecture through systemlevel simulations over a wide range of
scenarios. The highlight of these simulations is an approximately $6$x
improvement in data rate for celledge (bottom fifthpercentile) users (over
the stateoftheart SUMIMO) while still improving the overall throughput, and
taking into account various system constraints.

We investigate whether uncoded schemes are optimal for Gaussian sources on
multiuser Gaussian channels. Particularly, we consider two problems: the first
is to send correlated Gaussian sources on a Gaussian broadcast channel where
each receiver is interested in reconstructing only one source component (or one
specific linear function of the sources) under the mean squared error
distortion measure; the second is to send correlated Gaussian sources on a
Gaussian multipleaccess channel, where each transmitter observes a noisy
combination of the source, and the receiver wishes to reconstruct the
individual source components (or individual linear functions) under the mean
squared error distortion measure. It is shown that when the channel parameters
match certain general conditions, the induced distortion tuples are on the
boundary of the achievable distortion region, and thus optimal. Instead of
following the conventional approach of attempting to characterize the
achievable distortion region, we ask the question whether and how a match can
be effectively determined. This decision problem formulation helps to
circumvent the difficult optimization problem often embedded in region
characterization problems, and it also leads us to focus on the critical
conditions in the outer bounds that make the inequalities become equalities,
which effectively decouple the overall problem into several simpler
subproblems. Optimality results previously unknown in the literature are
obtained using this novel approach. As a byproduct of the investigation, novel
outer bounds are derived for these two problems.

The lack of stability is one of the major limitations that constrains PUF
from being put in widespread practical use. In this paper, we propose a weak
PUF and a strong PUF that are both completely stable with 0% intradistance.
These PUFs are called Locally Enhanced Defectivity (LED)PUF. The source of
randomness of a LEDPUF is extracted from locally enhance defectivity without
affecting other parts of the chip. A LEDPUF is a pure functional PUF that does
not require any kinds of correction schemes as conventional parametric PUFs do.
A weak LEDPUF is constructed by forming arrays of Directed Self Assembly (DSA)
random connections is presented, and the strong LEDPUF is implemented by using
the weak LEDPUF as the key of a keyedhash message authentication code (HMAC).
Our simulation and statistical results show that the entropy of the weak LEDPUF
bits is close to ideal, and the interdistances of both weak and strong LEDPUFs
are about 50%, which means that these LEDPUFs are not only stable but also
unique. We develop a new unified framework for evaluating the level of security
of PUFs, based on password security, by using information theoretic tools of
guesswork. The guesswork model allows to quantitatively compare, with a single
unified metric, PUFs with varying levels of stability, bias and available side
information. In addition, it generalizes other measures to evaluate the
security level such as minentropy and mutual information. We evaluate
guessworkbased security of some measured SRAM and Ring Oscillator PUFs as an
example and compare them with LEDPUF to show that stability has a more severe
impact on the PUF security than biased responses. Furthermore, we find the
guesswork of three new problems: Guesswork under probability of attack failure,
the guesswork of idealized version of a message authentication code, and the
guesswork of strong PUFs that are used for authentication.

Most existing works on physicallayer (PHY) cooperation (beyond routing)
focus on how to best use a given, static relay networkwhile wireless networks
are anything but static. In this paper, we pose a different set of questions:
given that we have multiple devices within range, which relay(s) do we use for
PHY cooperation, to maintain a consistent target performance? How can we
efficiently adapt, as network conditions change? And how important is it, in
terms of performance, to adapt? Although adapting to the best path when routing
is a well understood problem, how to do so over PHY cooperation networks is an
open question. Our contributions are: (1) We demonstrate via theoretical
evaluation, a diminishing returns trend as the number of deployed relays
increases. (2) Using a simple algorithm based on network metrics, we
efficiently select the subnetwork to use at any given time to maintain a
target reliability. (3) When streaming video from Netflix, we experimentally
show (using measurements from a WARP radio testbed employing DIQIF relaying)
that our adaptive PHY cooperation scheme provides a throughput gain of 2x over
nonadaptive PHY schemes, and a gain of 6x over genieaided IPlevel adaptive
routing.

Embedded sensing systems are pervasively used in life and securitycritical
systems such as those found in airplanes, automobiles, and healthcare.
Traditional security mechanisms for these sensors focus on data encryption and
other postprocessing techniques, but the sensors themselves often remain
vulnerable to attacks in the physical/analog domain. If an adversary
manipulates a physical/analog signal prior to digitization, no amount of
digital security mechanisms after the fact can help. Fortunately, nature
imposes fundamental constraints on how these analog signals can behave. This
work presents PyCRA, a physical challengeresponse authentication scheme
designed to protect active sensing systems against physical attacks occurring
in the analog domain. PyCRA provides security for active sensors by continually
challenging the surrounding environment via random but deliberate physical
probes. By analyzing the responses to these probes, and by using the fact that
the adversary cannot change the underlying laws of physics, we provide an
authentication mechanism that not only detects malicious attacks but provides
resilience against them. We demonstrate the effectiveness of PyCRA through
several case studies using two sensing systems: (1) magnetic sensors like those
found wheel speed sensors in robotics and automotive, and (2) commercial RFID
tags used in many securitycritical applications. Finally, we outline methods
and theoretical proofs for further enhancing the resilience of PyCRA to active
attacks by means of a confusion phasea period of low signal to noise ratio
that makes it more difficult for an attacker to correctly identify and respond
to PyCRA's physical challenges. In doing so, we evaluate both the robustness
and the limitations of PyCRA, concluding by outlining practical considerations
as well as further applications for the proposed authentication mechanism.

Recent work has studied the benefits of caching in the interference channel,
particularly by placing caches at the transmitters. In this paper, we study the
twouser Gaussian interference channel in which caches are placed at both the
transmitters and the receivers. We propose a separation strategy that divides
the physical and network layers. While a natural separation approach might be
to abstract the physical layer into several independent bit pipes at the
network layer, we argue that this is inefficient. Instead, the separation
approach we propose exposes interacting bit pipes at the network layer, so that
the receivers observe related (yet not identical) quantities. We find the
optimal strategy within this layered architecture, and we compute the
degreesoffreedom it achieves. Finally, we show that separation is optimal in
regimes where the receiver caches are large.

In this paper, we study the problem of obtaining $1$of$2$ string oblivious
transfer (OT) between users Alice and Bob, in the presence of a passive
eavesdropper Eve. The resource enabling OT in our setup is a noisy broadcast
channel from Alice to Bob and Eve. Apart from the OT requirements between the
users, Eve is not allowed to learn anything about the users' inputs. When Alice
and Bob are honestbutcurious and the noisy broadcast channel is made up of
two independent binary erasure channels (connecting AliceBob and AliceEve),
we derive the $1$of$2$ string OT capacity for both $2$privacy (when Eve can
collude with either Alice or Bob) and $1$privacy (when no such collusion is
allowed). We generalize these capacity results to $1$of$N$ string OT and
study other variants of this problem. When Alice and/or Bob are malicious, we
present a different scheme based on interactive hashing. This scheme is shown
to be optimal for certain parameter regimes. We present a new formulation of
multiple, simultaneous OTs between AliceBob and AliceCathy. For this new
setup, we present schemes and outer bounds that match in all but one regime of
parameters. Finally, we consider the setup where the broadcast channel is made
up of a cascade of two independent binary erasure channels (connecting
AliceBob and BobEve) and $1$of$2$ string OT is desired between Alice and
Bob with $1$privacy. For this setup, we derive an upper and lower bound on the
$1$of$2$ string OT capacity which match in one of two possible parameter
regimes.

The problem of multicasting two nested messages is studied over a class of
networks known as combination networks. A source multicasts two messages, a
common and a private message, to several receivers. A subset of the receivers
(called the public receivers) only demand the common message and the rest of
the receivers (called the private receivers) demand both the common and the
private message. Three encoding schemes are discussed that employ linear
superposition coding and their optimality is proved in special cases. The
standard linear superposition scheme is shown to be optimal for networks with
two public receivers and any number of private receivers. When the number of
public receivers increases, this scheme stops being optimal. Two improvements
are discussed: one using preencoding at the source, and one using a block
Markov encoding scheme. The rateregions that are achieved by the two schemes
are characterized in terms of feasibility problems. Both innerbounds are shown
to be the capacity region for networks with three (or fewer) public and any
number of private receivers. Although the inner bounds are not comparable in
general, it is shown through an example that the region achieved by the block
Markov encoding scheme may strictly include the region achieved by the
preencoding/linear superposition scheme. Optimality results are founded on the
general framework of Balister and Bollob\'as (2012) for submodularity of the
entropy function. An equivalent graphical representation is introduced and a
lemma is proved that might be of independent interest.
Motivated by the connections between combination networks and broadcast
channels, a new block Markov encoding scheme is proposed for broadcast channels
with two nested messages. The rateregion that is obtained includes the
previously known rateregions. It remains open whether this inclusion is
strict.

To address the exponentially rising demand for wireless content, use of
caching is emerging as a potential solution. It has been recently established
that joint design of content delivery and storage (coded caching) can
significantly improve performance over conventional caching. Coded caching is
well suited to emerging heterogeneous wireless architectures which consist of a
dense deployment of localcoverage wireless access points (APs) with high data
rates, along with sparselydistributed, largecoverage macrocell base stations
(BS). This enables design of coded cachinganddelivery schemes that equip APs
with storage, and place content in them in a way that creates codedmulticast
opportunities for combining with macrocell broadcast to satisfy users even
with different demands. Such codedcaching schemes have been shown to be
orderoptimal with respect to the BS transmission rate, for a system with
singlelevel content, i.e., one where all content is uniformly popular. In this
work, we consider a system with nonuniform popularity content which is divided
into multiple levels, based on varying degrees of popularity. The main
contribution of this work is the derivation of an orderoptimal scheme which
judiciously shares cache memory among files with different popularities. To
show orderoptimality we derive new informationtheoretic lower bounds, which
use a slidingwindow entropy inequality, effectively creating a noncutset
bound. We also extend the ideas to when users can access multiple caches along
with the broadcast. Finally we consider two extreme cases of user distribution
across caches for the multilevel popularity model: a single user per cache
(singleuser setup) versus a large number of users per cache (multiuser
setup), and demonstrate a dichotomy in the orderoptimal strategies for these
two extreme cases.

We consider the problem of estimating the state of a noisy linear dynamical
system when an unknown subset of sensors is arbitrarily corrupted by an
adversary. We propose a secure state estimation algorithm, and derive (optimal)
bounds on the achievable state estimation error given an upper bound on the
number of attacked sensors. The proposed state estimator involves Kalman
filters operating over subsets of sensors to search for a sensor subset which
is reliable for state estimation. To further improve the subset search time, we
propose Satisfiability Modulo Theory based techniques to exploit the
combinatorial nature of searching over sensor subsets. Finally, as a result of
independent interest, we give a coding theoretic view of attack detection and
state estimation against sensor attacks in a noiseless dynamical system.

We investigate how to exploit intermittent feedback for interference
management by studying the twouser Gaussian interference channel (IC). We
approximately characterize (within a universal constant) the capacity region
for the Gaussian IC with intermittent feedback. We exactly characterize the the
capacity region of the linear deterministic version of the problem, which gives
us insight into the Gaussian problem. We find that the characterization only
depends on the forward channel parameters and the marginal probability
distribution of each feedback link. The result shows that passive and
unreliable feedback can be harnessed to provide multiplicative capacity gain in
Gaussian interference channels. We find that when the feedback links are active
with sufficiently large probabilities, the perfect feedback sumcapacity is
achieved to within a constant gap. In contrast to other schemes developed for
interference channel with feedback, our achievable scheme makes use of
quantizemapandforward to relay the information obtained through feedback,
performs forward decoding, and does not use structured codes. We also develop
new outer bounds enabling us to obtain the (approximate) characterization of
the capacity region.

Motivated by the need to secure cyberphysical systems against attacks, we
consider the problem of estimating the state of a noisy linear dynamical system
when a subset of sensors is arbitrarily corrupted by an adversary. We propose a
secure state estimation algorithm and derive (optimal) bounds on the achievable
state estimation error. In addition, as a result of independent interest, we
give a coding theoretic interpretation for prior work on secure state
estimation against sensor attacks in a noiseless dynamical system.

We study opportunistic scheduling and the sum capacity of cellular networks
with a fullduplex multiantenna base station and a large number of
singleantenna halfduplex users. Simultaneous uplink and downlink over the
same band results in uplinktodownlink interference, degrading performance. We
present a simple opportunistic joint uplinkdownlink scheduling algorithm that
exploits multiuser diversity and treats interference as noise. We show that in
homogeneous networks, our algorithm achieves the same sum capacity as what
would have been achieved if there was no uplinktodownlink interference,
asymptotically in the number of users. The algorithm does not require
interference CSI at the base station or uplink users. It is also shown that for
a simple class of heterogeneous networks without sufficient channel diversity,
it is not possible to achieve the corresponding interferencefree system
capacity. We discuss the potential for using devicetodevice sidechannels to
overcome this limitation in heterogeneous networks.

It has been recently established that joint design of content delivery and
storage (coded caching) can significantly improve performance over conventional
caching. This has also been extended to the case when content has nonuniform
popularity through several models. In this paper we focus on a multilevel
popularity model, where content is divided into levels based on popularity. We
consider two extreme cases of user distribution across caches for the
multilevel popularity model: a single user per cache (singleuser setup)
versus a large number of users per cache (multiuser setup). When the capacity
approximation is universal (independent of number of popularity levels as well
as number of users, files and caches), we demonstrate a dichotomy in the
orderoptimal strategies for these two extreme cases. In the multiuser case,
sharing memory among the levels is orderoptimal, whereas for the singleuser
case clustering popularity levels and allocating all the memory to them is the
orderoptimal scheme. In proving these results, we develop new
informationtheoretic lower bounds for the problem.

We study oblivious transfer (OT) between Alice and Bob in the presence of an
eavesdropper Eve over a degraded wiretapped binary erasure channel from Alice
to Bob and Eve. In addition to the privacy goals of oblivious transfer between
Alice and Bob, we require privacy of Alice and Bob's private data from Eve. In
previous work we derived the OT capacity (in the honestbutcurious model) of
the wiretapped binary independent erasure channel where the erasure processes
of Bob and Eve are independent. Here we derive a lower bound on the OT capacity
in the same secrecy model when the wiretapped binary erasure channel is
degraded in favour of Bob.