Secure Adaptive Group Testing

Group Testing (GT) addresses the problem of identifying a small subset of defective items from a large population, by grouping items into as few test pools as possible. In Adaptive GT (AGT), outcomes of previous tests can influence the makeup of future tests. Using an information theoretic point of view, Aldridge 2012 showed that in the regime of a few defectives, adaptivity does not help much, as the number of tests required is essentially the same as for non-adaptive GT. Secure GT considers a scenario where there is an eavesdropper who may observe on average a fraction $\delta $ of the tests results, yet should not be able to infer the status of the items. In the non-adaptive scenario, the number of tests required is 1/(1-delta) times the number of tests without the secrecy constraint. In this paper, we consider Secure Adaptive GT. Specifically, when during the makeup of the pools one has access to a private feedback link from the lab, of rate R-f . We prove that the number of tests required for both correct reconstruction at the legitimate lab, with high probability, and negligible mutual information at the eavesdropper is 1/min{1.1-delta+ R-f} times the number of tests required with no secrecy constraint. Thus, unlike non-secure GT, where an adaptive algorithm has only a mild impact, under a security constraint it can significantly boost performance. A key insight is that not only the adaptive link should disregard the actual test results and simply send keys, these keys should be enhanced through a "secret sharing" scheme before usage. We derive sufficiency and necessity bounds that completely characterizes the Secure Adaptive GT capacity. Moreover, we consider additional models of Secure Adaptive GT, where we make a clear distinction between the lab performing the tests, and the doctor analyzing the results. Specifically, we consider curious but non-malicious, non-cooperating labs. Each lab gets a fraction $\delta $ of pool-tests to perform. Yet, we want to keep each lab ignorant regarding the status of the items. In contrast, the doctor who gets all outcomes, should successfully decode. When there is a feedback from each lab, we show that even if a curious lab obviously sees its own feedback (i.e., it is locally-public to Eve), secure adaptive GT is still possible, and at a rate that can be equal to the one without a security constraint at all, by an application of the Leftover Hash Lemma, using the data of one lab to protect against another.