Secure Polar Coding with Delayed Wiretapping Information
Yizhi Zhao, Hongmei Chi

TL;DR
This paper develops secure polar coding schemes for wiretap channels with delayed channel state information, achieving near-optimal secrecy capacity under different channel conditions.
Contribution
It introduces explicit weak and strong security polar coding schemes for delay CSI scenarios, extending secure coding theory to more realistic, time-varying wiretap channels.
Findings
The weak security scheme approaches secrecy capacity with delay CSI.
The strong security scheme guarantees strong security with delay CSI.
Simulations confirm the effectiveness of both schemes.
Abstract
In this paper, we investigate the secure coding issue for a wiretap channel model with fixed main channel and varying wiretap channel, by assuming that legitimate parties can obtain the wiretapping channel state information (CSI) after some time delay. For the symmetric degraded delay CSI case, we present an explicit weak security scheme by constructing secure polar codes on a one-time pad chaining structure, and prove its weak security, reliability and capability of approaching the secrecy capacity of perfect CSI case with delay CSI assumption. Further for the symmetric no-degraded delay CSI case, we present a modified multi-block chaining structure in which the original subset of frozen bit is designed for conveying functional random bits securely. Then we combine this modified multi-block chaining structure with the weak security scheme to construct an explicit strong security polar…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsError Correcting Code Techniques · Wireless Communication Security Techniques · Cooperative Communication and Network Coding
Secure Polar Coding with Delayed Wiretapping Information
Yizhi Zhao and Hongmei Chi Y. Zhao was with the College of Informatics, Huazhong Agricultural University, Wuhan, Hubei, China. E-mail: [email protected]. Chi was with the College of Science, Huazhong Agricultural University, Wuhan, Hubei, China. E-mail: [email protected].
Abstract
In this paper, we investigate the secure coding issue for a wiretap channel model with fixed main channel and varying wiretap channel, by assuming that legitimate parties can obtain the wiretapping channel state information (CSI) after some time delay. For the symmetric degraded delay CSI case, we present an explicit weak security scheme by constructing secure polar codes on a one-time pad chaining structure, and prove its weak security, reliability and capability of approaching the secrecy capacity of perfect CSI case with delay CSI assumption. Further for the symmetric no-degraded delay CSI case, we present a modified multi-block chaining structure in which the original subset of frozen bit is designed for conveying functional random bits securely. Then we combine this modified multi-block chaining structure with the weak security scheme to construct an explicit strong security polar coding scheme, and prove its strong security, reliability and also the capability of approaching the secrecy capacity of perfect CSI case with delay CSI assumption. At last, we carry out stimulations to prove the performance of both secure schemes.
Index Terms:
polar codes, wiretap channel, strong security, secrecy capacity.
I Introduction
I-A The Delay CSI Assumption
Physical layer secure coding is an important and effective approach for secure and reliable communication over the wiretap channel (WTC)[1]. In the last decade, after the invention of polar code[2], secure polar coding schemes had successfully achieved the secrecy capacities of Wyner’s wiretap channel[3, 4] and several extended wiretap channel models[5, 6, 11, 8, 9, 7, 10]. All these studies are based on an idealized perfect channel state information (CSI) assumption that channels of the WTC model are fixed and known by the legitimate parties during the entire communication process.
However, in practical communication there are always limitation and uncertainties of CSI due to realistic reasons such as estimation inaccuracy or eavesdropper’s initiative[13]. Since perfect CSI cannot hold for practical concerns, WTC models with uncertain CSI are proposed and studied. For instance, the compound wiretap channel[14] and the arbitrarily varying wiretap channel[15] are the two typical uncertain CSI WTC models and their secrecy capacities are characterized in [16, 17]. Comparing with the perfect CSI, secure coding with uncertain CSI is much more difficult. In [18, 19], a hierarchical polar coding has been proposed which can achieve the secrecy capacity without any instantaneous CSI. However, this technique can only be applied in the case of block fading channels that the CSI is varying with degraded relations and keep constant within each blocks. In [20], an explicit secure polar coding has been proposed which can achieve the lower bounds of the secrecy capacities for both compound wiretap channel and arbitrarily varying wiretap channel with fixed and publicly known main channels. But achieving the upper bounds of these secrecy capacities are still open problems.
Although the actual CSI cannot be known instantly in practical uncertain CSI cases, there are feasible approaches to obtain it with delay. Existing studies have already begun to consider such delay cases. In [21], a delay CSI model has been studied that varying state is sent back to the legitimate transmitter by the legitimate receiver through a feedback channel after some time delay. In [22], a detectable assumption has been presented that legitimate parties can detect the physical effect in the environment caused by the varying of CSI and then learn the CSI from the detected information with high probability. In [23], deep learning algorithms are employed to learn the CSI of the time-varying massive MIMO channels from the feedback information. Accordingly, study the delay CSI could be a possible direction for the uncertain CSI problem.
Therefore, in this paper we setup a specific delay CSI assumption for the WTC model as follow:
- •
Main channel is fixed and publicly known.
- •
Wiretap channel can be either block varying (similar as the compound wiretap channel model) or arbitrarily varying.
- •
Main channel and all the possible wiretap channel states are symmetric discrete memoryless channels without necessarily degraded relations.
- •
Legitimate parties can accurately obtain the wiretap channel state information only after times channel transmission, thus we can divide the entire transmission by -length channel blocks.
- •
We do not assume that legitimate parties know the uncertain set of CSI or decoder know the CSI when decoding.
I-B Contributions of This Paper and Organization
The objective of this paper is to investigate explicit information theoretical secure and reliable codes for the delay CSI WTC model. Since by our delay CSI assumption the main channel is fixed, achieving the reliability alone is not difficult. The real problem is to achieve reliability and security simultaneously without knowing the current wiretapping CSI over the entire encoding and decoding process, although the CSI can be obtained after.
First, we have constructed a secure polar coding scheme based on the one-time pad (OTP) chaining structure of [22]. To polarize the channel blocks, we use standard channel polarization on block varying model, and irregular channel polarization on arbitrarily varying model. Since this OTP chaining method has a similar sub-channel index partition structure as the secure polar coding of perfect CSI case, we can combine them together to form the secure polar coding scheme for the delay CSI cases. Theoretical analysis shows that this combined secure scheme achieves reliability and weak security in degraded delay CSI cases. However, it fails to achieve strong security in either degraded or non-degraded delay CSI cases.
Then based on the weak security scheme, we further construct a strong security polar coding scheme for the non-degraded delay CSI cases. Because the original multi-block chaining structure[4] cannot applied in the delay CSI cases, we have proposed a new modified multi-block chaining structure, in which part of the original frozen bit subset is designed for conveying functional random bits securely for the unreliable and insecure polarized sub-channels. Theocratical analysis indicates that the proposed strong security polar coding scheme achieves both reliability and strong security in non-degraded delay CSI cases. Also we have proven that the secrecy rate of our secure coding schemes can approach the secrecy capacity of the perfect CSI assumption in the delay CSI cases.
At last, we carry out stimulations to prove the performance of both secure schemes.
The outline of this paper is as follow. Section II presents the notations, communication models of delay CSI assumption and the main results of the paper. Section III presents the construction of a weak security polar coding scheme with discussions of the performance and remaining problems. Section IV presents the construction of a strong security polar coding scheme with a modified multi-block chaining structure, and then analyzes its performance theoretically. Section V presents the simulation results of both weak and strong security schemes. Finally, Section VI concludes the paper.
II Problem Statements and Main Results
II-A Notations
We define the integer interval as the integer set between and . For , define . Denote , , ,… random variables (RVs) taking values in alphabets , , ,… and the sample values of these RVs are denoted by , , ,… respectively. Then denotes the joint probability of and , and , denotes the marginal probabilities. Also we denote vector and when the context makes clear that we are dealing with vectors, we write in place of for simplification. And for any index set , we define . For the polar codes, we denote the generator matrix , the bit reverse matrix, , the Kronecker product, and have . denotes the average.
II-B Problem Statements
In this paper we consider the scenario of our delay CSI assumption as follow: two legitimate users are communicating over a publicly known and fixed main channel while an eavesdropper is wiretapping through a block varying or arbitrarily varying wiretap channel; legitimate users do not know the current wiretapping state when encoding and decoding, but they can obtain the state after times channel transmission by certain approaches. For this delay CSI case, we first define the system model.
Definition 1**.**
The system model of delay CSI assumption is defined as . is the input alphabet of main channel . is the output alphabet of main channel. is the output alphabet of the varying wiretap channel . is the set of potential wiretap channel states (uncertainty set). For each , represents a potential transition probability of wiretap channel as . is the transition probability of main channel. For main channel and all potential wiretap channels, they are symmetric but with no necessarily degraded relations. Then for each -length channel blocks, , the main channel block have
[TABLE]
For the varying wiretap channel, we define two different sub-models:
- •
block varying sub-model: denote the state of -th wiretap channel block chosen by the eavesdropper from with realization . Then this state remains constant during the block communication. For the block transition probability, have
[TABLE]
- •
arbitrarily varying sub-model: denote the state of the -th wiretap channel block chosen by the eavesdropper from with realization . Each represents the state for the -th wiretap channel in the block. Then for the block transition probability, have
[TABLE]
For legitimate parties, they can know the precise CSI only after each block communication. Besides, we use to represent the CSI realization of both block varying and arbitrarily varying cases, that
[TABLE]
The communication process of the system model for -th channel block is illustrated in Fig. 1.
- •
Eavesdropper Eve chooses the CSI of the block as and then obtains from her chosen wiretap channel with .
- •
Legitimate transmitter Alice encodes the message into and transmits it to Bob over the main channel with , but she does not know the actual CSI for the wiretap channel only until the end of -th block communication.
- •
Legitimate receiver Bob receives the main channel outputs and decodes it into . He also does not know the actual CSI for the wiretap channel only until the end of -th block communication.
Definition 2**.**
(Performance) Consider a code for the communication model of the delay CSI assumption, then the performance of this code can be measured by
- •
error probability:
[TABLE]
- •
information leakage to Eve:
[TABLE]
Definition 3**.**
(Criterions) A rate is achievable if sequence of code exists under the criterions listed below:
- •
reliability criterion:
[TABLE]
- •
weak security criterion:
[TABLE]
- •
strong security criterion:
[TABLE]
*For multi state cases, above criterions take the maximum over all possible channel realizations. *
Then based on the delay CSI model defined above, our aim is to construct explicit secure polar codes to achieve a secure and reliable communication. Particularly we consider the information theoretical security and reliability that our secure polar codes have to achieve both reliability criterion and security criterion of Definition 3.
II-C Main Results
Considering a perfect CSI case of our varying WTC model that legitimate parties can directly know the precise CSI when the wiretapping state is varying. Then the system model equals to a basic WTC model. Thus according to the capacity result in [24], for any CSI realization in this perfect CSI case, the current secrecy capacity of current channels is
[TABLE]
In case of block varying, the state realization for the block remains constant as , so the average secrecy capacity of the length block with perfect CSI is
[TABLE]
In case of arbitrarily varying, the state realization of the block is , so the average secrecy capacity of the length block with perfect CSI is
[TABLE]
For delay CSI cases, let be the average secrecy capacity for block varying case and for arbitrarily case. Then we can observe that
[TABLE]
Note that in our delay CSI WTC model, all channels are set symmetric. This is because in delay CSI case it is almost impossible to know the optimal distribution of a asymmetric channel for achieving the asymmetric secrecy capacity. In fact if we could know the optimal distribution, we can directly add the mature asymmetric channel polar coding technique of [25, 26, 27] in our proposed secure coding scheme, which barely changes the structure.
Then here is the main results of the paper:
- •
For the degraded delay CSI WTC model, we propose a weak security polar coding scheme which satisfies and . And with delayed CSI, the secrecy rate of the weak security scheme approaches the secrecy capacity of perfect CSI in (11) for block varying case and (12) for arbitrarily varying case.
- •
For the non-degraded delay CSI WTC model, we propose a strong security polar coding scheme which satisfies and . And with delayed CSI, the secrecy rate of the strong security scheme also approaches the secrecy capacity of perfect CSI in (11) for block varying case and (12) for arbitrarily varying case.
- •
We carry out stimulations to prove the performance of both secure schemes.
III Weak Security Polar Coding Scheme
In this section, we construct a secure polar coding scheme based on the one-time pad (OTP) chaining structure in [22] for the delay CSI WTC model with both block varying and arbitrarily varying cases. Then we theoretically analyze its performance of the scheme and discuss the remaining problems.
III-A Polarized Subsets Partition
First we present the channel polarization for both main channel and wiretap channel.
Definition 4**.**
(Bhattaharyya parameter) Consider a pair of random variables , where is a binary random variable and is a finite-alphabet random variable. To measure the amount of randomness in given , the Bhattaharyya parameter is defined as
[TABLE]
For the main channel, we have the publicly know and fixed channel block with same transition probability . Then according to the standard channel polarization theory in [2], the main channel block can be polarized into almost full noise subset and almost noiseless subset , that for , , have
[TABLE]
Then for the wiretap channel, we respectively consider the block varying case and arbitrarily varying case.
In the case of block varying, fory , we have the wiretap channel block as with same transition probability . Then according to the standard channel polarization theory, the wiretap channel block can be polarized into almost full noise subset and almost noiseless subset , that for , , have
[TABLE]
In the case of arbitrarily varying, we have the states for the wiretap channel block as with transition probability for the -th channel . Note that in the arbitrarily varying case, the wiretap channel block is non-stationary, so that the basic channel polarization theory cannot be applied. The polarization of such non-stationary channels has been first proofed in [28] and further studied in [29, 30].
Theorem 1**.**
([30]) for any non-stationary B-DMC block , by applying the irregular channel transformation , the generated channels can be polarized in the sense that, for any fixed , as , the fraction of indices for which goes to and the fraction for which goes to . Also can be write as
[TABLE]
*where is the average of the initial for all the . *
Theorem 2**.**
([30]) For any non-stationary B-DMC blocks with , and any fixed and constant , there exists index set , that
[TABLE]
and
[TABLE]
Thus according to the irregular channel polarization theory, the non-stationary wiretap channel block of arbitrarily varying case can be polarized into almost full noise subset and almost noiseless subset , that for , , have
[TABLE]
Note the transition probability of the main channel is known and fixed over the entire multi-block communication, so that legitimate parties directly have the polarization result of main channel. But they cannot know the polarization result of current wiretap channel block until they obtain the block state by the end of current block communication. For eavesdropper Eve, she directly knows all the polarization results of main channel block and wiretap channel block.
Next based on the above channel polarization results with block CSI , defined in (4), we can divide the channel block index for both block varying case and arbitrarily varying case as follow:
[TABLE]
Note that for both block varying and arbitrarily varying cases, subset is secure and reliable, subset is secure but unreliable, subset is reliable but insecure, subset is neither secure nor reliable. Subset reliable for Bob is fixed to , subset unreliable for Bob is fixed to , and have
[TABLE]
And for degraded wiretap channel cases, have
[TABLE]
and
[TABLE]
III-B *OTP Chain Based Secure Polar Coding Scheme *
With the polarized subsets partition in (21), now we construct the secure polar coding scheme for the delay CSI case. The basic idea of our construction is to embed the OPT chaining structure[22] in the secure polar coding scheme. Note that in the rest of the paper, we use simplified expression to represent the partition .
Fig. 2 illustrates the entire structure of our proposed OTP chain based secure polar coding scheme which contains -length block communication from block [math] to block . For block with the CSI realization , the actual partition of polarized subsets is denoted as . For legitimate parties, since they do not have the CSI realization of the current wiretap channel at the point of encoding and decoding, they can only guarantee the reliability of the transmitted information by the fixed reliable polarized subset of the main channel. But every time when the current block communication is complete, they can accurately have the CSI realization and then obtain the polarized subsets . Therefore they can identify the bits that have just been reliably and securely transmitted, as the part in , and also the bits that have just been reliably but insecurely transmitted, as the part in .
According to the idea of the OTP chaining structure in [22], legitimate users can identify the secure and reliable part of the just completed communication block by the delay CSI and then use it as the key stream for the next block communication.
It seems that the polarized subset partition of secure polar codes can perfectly match the idea of the OTP chaining structure: bits in are secure and reliable, so they can be used as the key stream to one-time-pad the message for -th block communication by the legitimate transmitter, then the legitimate receiver can correctly decode the corresponding bits for decrypting the received message in -th block communication.
Unfortunately, there are serious flaws for this combined structure. In the non-degraded delay CSI cases, since the realization of CSI can only be obtained by the legitimate parties after each block communication, the unreliable and insecure subset of the current block can not be identified from the unreliable subset at the time of encoding. Thus for reliability consideration, as a preliminary solution for the structure, subset is assigned with the publicly known frozen bits together with the original frozen subset . However, this preliminary solution may compromise the security in non-degraded cases, which will be discussed in the next section.
Now we present the construction of the OTP chain based secure polar coding scheme in Fig. 2. Note that polarized subsets remain constant during the entire times communication, and for any , have , thus subset is reliable for both and , where represents the of -th time block transmission
Block [math]:
- •
Legitimate parties obtain the polarized subsets of the known and fixed main channel as and ;
- •
Assigning the for polar coding:
- –
uniformly distributed random bits are assigned to the reliable subset , also as ;
- –
publicly known frozen bits are assigned to the unreliable subset , also as ;
- •
Alice encodes into the channel input by polar encoding , and then transmits to Bob over the main channel block;
- •
Bob receives from the main channel block and then decodes it into the estimated by using the succussive cancelation (SC) decoding [2]:
[TABLE]
- •
After the block communication, both Alice and Bob obtain the CSI of block [math] as and subset . Then Alice extracts as the key stream for next block’s encryption and Bob extracts as the key stream for next block’s decryption.
Block , :
- •
Legitimate parties obtain the divided subsets of last block as ;
- •
Assume a binary message that satisfies . Then encrypt into ciphertext by , where is the XOR operation;
- •
Assigning the for polar coding:
- –
ciphertext is assigned to subset ;
- –
uniformly distributed random bits are assigned to subset ;
- –
publicly known frozen bits are assigned to subset ;
- •
Alice encodes into the optimally distributed channel input by polar encoding , then transmits to Bob over the main channel block;
- •
Bob receives from the main channel block and decodes it into the estimated by using the SC decoding:
[TABLE]
- •
Bob extracts as the ciphertext and decrypts it by ;
- •
After the block communication, both Alice and Bob obtain the CSI of block as and subset . Then Alice extracts as the key stream for next block’s encryption and Bob extracts as the key stream for next block’s decryption.
III-C Performance Discussion
Now we analyze the performance of the proposed OTP chain based secure polar coding scheme and discuss its existing problems.
In the scheme, ciphertext is carried by , and key stream is carried by , thus the reliability of the secure polar coding scheme is measured by the error probability of decoding the ciphertext and key stream from time [math] to time .
Lemma 1**.**
([2])Considering an arbitrary subset of block index for DMC , in case of used as the information set and used as frozen set for polar coding with
[TABLE]
then for the successive cancellation decoding, , , the block error probability is bounded by
[TABLE]
Proposition 1**.**
The proposed OTP chain based secure polar coding scheme, with setting as frozen bit set, achieves reliability over the delay CSI WTC model.
Proof:
In the entire times block communication, there are times ciphertext transmissions from time to time , and times key stream transmissions from time [math] to time . Let be the decoding error probability of Bob for both ciphertext and key stream, have
[TABLE]
*where is due to Lemma 1 and . Therefore the reliability can be achieved with a fixed . *
Next we discuss the security of the polar coding based encrypted chaining structure under the reliability criterion.
Lemma 2**.**
Considering a single block transmission with polar subset division in (21) that , in case that Eve have received and knows , and , then for , , have
[TABLE]
Proof:
Define the SC decoding for Eve. Since , from Lemma 1, have
[TABLE]
Thus by applying the Fano’s inequality, have
[TABLE]
Note that in the structure, message are encrypted by one-time pad, thus the security can be measured by the information leakage of the key streams which are carried by . Let be the information leakage of block , then have . Since for the entire blocks the transmission of key streams are independent between each blocks, the overall information leakage of key streams is .
Proposition 2**.**
The proposed OTP chain based secure polar coding scheme, with setting as frozen bit set, achieves weak security over the degraded delay CSI WTC model, but fails to achieve strong security over either degraded or non-degraded delay CSI WTC models.
Proof:
To simplify the expression, we omit most of the subscript in the following discussion. Note that in the structure, in order to maintain the reliability, subsets and are set for the publicly known frozen bits together. Therefore Eve can have the when she decodes the wiretapped message. Thus for the single block information leakage , have
[TABLE]
where is because is the publicly known frozen bits, is due to Lemma 2 and are uniformly distributed random bits. From (22), have
[TABLE]
Thus we have
[TABLE]
In the case of degraded delay CSI WTC model, we can have by (24), which implies that only the weak security can be achieved by the proposed scheme.
*However in the case of non-degraded delay CSI WTC model, neither nor is vanishing when , thus the security criterions cannot be achieved for either the single block or the entire blocks. *
Since the proposed OTP chain based secure polar coding scheme achieves reliability and weak security over the degraded delay CSI WTC model, we analyze the corresponding achievable secrecy rate.
Proposition 3**.**
Over the degraded delay CSI WTC model, with a large enough , the achievable secrecy rate of the proposed OTP chain based secure polar coding scheme can approach the secrecy capacity of perfect CSI case.
Proof:
Let be the secrecy rate of entire block communication. Since in -th block communication encrypted messages are transmitted in the subset , we have
[TABLE]
*where is due to (23) of degraded wiretap channel cases. Then by comparing with (11) and (12), we can observe that can reach the perfect CSI average secrecy capacity of a block with state . Thus the secrecy rate of blocks can approach the average secrecy capacity of perfect CSI case by choosing a large enough . *
In the next section, we will discuss the remaining problem of subset and explore a new strong security solution for the non-degraded delay CSI WTC model.
IV Strong Security Polar Coding Scheme
As previously discussed, the proposed OTP chain based secure polar coding scheme fail to achieve strong security over the delay CSI WTC model because of the neither secure nor reliable subset . Thus in this section, we will present a new solution for this remaining problem and construct a modified secure polar coding scheme which can achieve strong security and reliability simultaneously.
IV-A Further Discussions on Strong Security
In our preliminary solution for subset of the delay CSI WTC, is assigned with publicly known frozen bits for achieving the reliability, which however has been proven for compromising the security.
For the non-degraded WTC with perfect CSI, this conflict between reliability and security has already been solved by the technique of polar code based multi-block chaining structure proposed in [4]. The basic idea of this strong security solution is to convey the bits of to legitimate receiver Bob separately while keeping it safe from the eavesdropper Eve. Therefore, in the original multi-block chaining structure, for any channel block , a reliable and secure subset that satisfies is separated from the subset . Then is set for carrying uniformly distributed random bits which will be used for assigning the subset in block . Thus when decoding, Bob can directly decode the bits in subset by the decoded random bits of from block .
However, in the delay CSI WTC model, the original multi-block chaining structure cannot be applied. According to the delay CSI assumption, the subset cannot be identified by the legitimate parties only until -th block communication is complete. Thus without knowing the subset , bits in subset can not be assigned independently from , and the corresponding subset in -th block communication cannot be constructed as well. Therefore, to achieve both strong security and reliability over the delay CSI WTC, we have solve this unidentifiable problem of .
In fact, there is an easy way around this problem to achieve both reliability and security, but it will also cause unacceptable secrecy rate sacrifice. According to the delay CSI assumption, although subset is unidentifiable, subset is known and fixed over the blocks. Thus we can directly apply the multi-block chaining structure on the subset instead of the unknown subset . For example, considering the based multi-block chaining structure, for block , construct a subset from that satisfies . Then for the achievable secrecy rate of block , have
[TABLE]
where is the secrecy capacity of a single block, is the rate of subset . Thus as shown in (37), large part of the secrecy capacity is sacrificed if directly apply the multi-block chaining structure on the subset .
IV-B Modified Multi-block Chaining Structure
In order to achieve the strong security and reliability, we have to find a method to convey random bits for the known and fixed in the delay CSI WTC model without unacceptable rate sacrifice. Thus in this subsection, we present a new solution for this problem named as modified multi-block chaining structure.
Note that in our preliminary weak security solution, subset is set as publicly known frozen bits for maintaining reliability. But what if we use it to transmit random bits instead? Since , random bits in is secure from eavesdropper Eve. And with a delay CSI, by the end of every block communication, legitimate parties can know the actual subset and for identifying the secure part of the random bits in in the just completed block communication. Based on this point, we can use the subset to construct a modified multi-block chaining structure.
The modified multi-block chaining structure is illustrated in Fig. 3. Every time when legitimate parties obtain the CSI realization of the just completed block communication, they can know the actual divided subsets by (21). Assuming that over have (if , the secrecy capacity of state is [math]), then we can divide the subset into two parts, and , which satisfies
[TABLE]
At the beginning of time [math], set a secure pre-shared frozen bits between Alice and Bob for assigning the . Then random bits are assigned to . When the block communication of time [math] is completed, legitimate parties can obtain the CSI realization . Accordingly they can identify the part of the pre-shared frozen bits that remains secure in the just completed transmission as the . Also they can identify the securely and reliably transmitted bit of , as the and for Alice, and for Bob.
Then for the block communication of time , since , Alice can use the bits of and together to assign the . Since Bob already have the and , he can directly use these bits to decode .
After the block communication of time , legitimate parties can obtain the CSI realization . Then Alice can identify the bits in that remains secure as , and for Bob as . Also they can identify the securely and reliably transmitted bit in as the and for Alice, and for Bob. Then and can be used for the in the block communication of time .
Then the following blocks just repeat these operations. Therefore random bits of can be conveyed from Alice to Bob separately and securely over the blocks.
IV-C Strong Security Polar Coding Scheme
Now we combine this modified multi-block chaining structure with the OTP chain based secure polar coding scheme to construct the strong security polar coding scheme for the non-degraded delay CSI WTC model.
Block [math]:
- •
Legitimate parties obtain the polarized subsets of main channel as and ;
- •
Assigning the for polar coding:
- –
uniformly distributed random bits are assigned to subset ;
- –
pre-shared and secure frozen bits are assigned to subset ;
- •
Alice encodes into the optimally distributed channel input by polar encoding , and transmits to Bob over the known and fixed main channel block;
- •
Bob receives and decodes it into the estimated by using the SC decoding:
[TABLE]
- •
After the block communication, with the delay CSI realization .
- –
Alice identifies as the key stream for next block encryption, also identifies and as the random bits for assigning the in the next block;
- –
Bob identifies from the decoded message as the key stream for next block decryption, also identifies and as the random bits for decoding the in the next block;
Block , :
- •
Legitimate parties obtain the divided subsets of last block as by the CSI realization ;
- •
Assume a message that satisfies . Then encrypt into ciphertext by ;
- •
Assigning the for polar coding:
- –
ciphertext is assigned to subset ;
- –
uniformly distributed random bits are assigned to subset ;
- –
random bits of and are assigned to subset ;
- •
Alice encodes into the optimally distributed channel input by polar encoding , and transmit to Bob over the main channel;
- •
Bob receives and decodes it into the estimated by using the SC decoding:
[TABLE]
- •
Bob extracts as the ciphertext and decrypts it by ;
- •
After the block communication, with the delay CSI realization .
- –
Alice identifies as the key stream for next block encryption, also identifies and as the random bits for assigning the in the next block;
- –
Bob identifies from the decoded message as the key stream for next block decryption, also identifies and as the random bits for decoding the in the next block;
IV-D Performance Analysis
Now we analyze the performance of the proposed strong security polar coding scheme and theoretically discuss its reliability, security and secrecy rate under the delay CSI assumption.
IV-D1 Reliability
reliability of the proposed strong security polar coding scheme is on the error probability of decoding the ciphertext, key stream and the random bits of subset from time [math] to time .
Proposition 4**.**
The proposed strong security polar coding scheme achieves reliability over the delay CSI WTC model.
Proof:
Similar as in Proposition 1, for the error probability of entire block communication, have
[TABLE]
*which proves the reliability. *
IV-D2 Strong security
In the proposed strong security polar coding scheme, key streams are carried by while ciphertexts are carried by . Thus for the entire times block communication, the strong security can be measured by the overall information leakage of all the subset from time [math] to time .
Definition 5**.**
For arbitrary subset of index , define the corresponding indices of the elements , and
[TABLE]
Proposition 5**.**
The proposed strong security polar coding scheme achieves strong security over the non-degraded delay CSI WTC model.
Proof:
For block , denote , , and . Then for the entire times block communication, the general information leakage is
[TABLE]
Now we perform a similar analysis operation as in **[4]** on the for the modified multi-block chaining structure. Let
[TABLE]
then for , have
[TABLE]
where is due to Markov chain
[TABLE]
and is due to Markov chain
[TABLE]
Since Eve do not know the initially pre-shared frozen bits for at time [math], have
[TABLE]
Also because are set for transmitting random bits, have
[TABLE]
where is because each is independent; is due to , and . Therefore, we finally have
[TABLE]
*which proves the strong security. *
IV-D3 Secrecy rate
Now we discuss the achievable secrecy rate under the reliability and strong security criterions.
Proposition 6**.**
Over the non-degraded delay CSI WTC model, with a large enough , the achievable secrecy rate of the proposed strong security polar coding scheme can approach the secrecy capacity of perfect CSI case.
Proof:
According to the proposed strong security polar coding scheme, ciphertext are carried by for , hence for the secrecy rate, have
[TABLE]
According to (22), have
[TABLE]
Thus have
[TABLE]
Then by comparing with (11) and (12), we can observe that can reach the perfect CSI average secrecy capacity of a block with state . Thus with a large enough , we have
[TABLE]
*which indicates that under the delay CSI assumption, the achievable secrecy rate of the proposed strong security polar coding scheme can approach the average secrecy capacity of the perfect CSI case with a sufficiently large . *
V Simulation of the Schemes
In this section we present simulations of the proposed secure polar coding schemes.
V-A Simulation of the Weak Security Scheme
First, we setup a precise degraded delay CSI WTC model. Specifically, the main channel is a binary erase channel (BEC) with erase probability ; the degraded wiretap channel is varying BEC (block varying and arbitrarily varying) with uncertainty erase set .
Then on this model we carry out the performance stimulation of the weak security coding scheme by choosing , from to and from to . Results of the performance stimulation are illustrated Fig. 4. Note that all these results are the sum of entire blocks. Fig. 4a shows that when the block length increases, the theoretical upper bounds of the legitimate BER is vanishing, which meets the Proportion 1 for reliability. Fig. 4b and Fig. 4c shows that the information leakage is increasing but the information leakage rate is vanishing when increases, which meets the Proportion 2 for weak security. Fig. 4d shows the tendency of secrecy rate approaching the perfect CSI secrecy capacity with an increasing , which meets the Proportion 3 for secrecy rate. Also, by comparing the performance of different , we can observe that when the parameter gets larger, the weak security scheme can obtain a better legitimate BER, but a worse information leakage rate and secrecy rate, which indicates the significance of parameter for finite block length secure polar codes.
We also setup a test for the weak security communication process with , from to and from to . As illustrated in Fig. 5, when the block length increases, the experimental legitimate BER is dropping to an acceptable low level, and the experimental eavesdropper BER is approaching for uniformly distributed binary confidential message. Thus both reliability and security is obtained.
V-B Simulation of the Strong Security Scheme
Note that in degraded WTC model, subset unstably exists according to different parameter and block length . Thus to test the effectiveness of strong security scheme on subset , we built a stable subset on the degraded delay CSI WTC model.
Recall that for the precise degraded model in the previous subsection, we have a BEC main channel with erase probability and a varying BEC wiretap channel with uncertainty erase set . Then we fix three kinds of length wiretap channel blocks:
- •
block1: stationary BEC channel block with ;
- •
block2: stationary BEC channel block with ;
- •
block3: non-stationary BEC channel block with erase probabilities uniformly choosing from .
And we assume that eavesdropper uniformly chooses wiretap channel blocks from them.
According to (21), for each block fixed above, we have subsets . Next, we separate a same subset with fixed rate from each and satisfies . Note that , so it has a same reliability as the subset from eavesdropper’s perspective. Also, since bits in subset are directly decoded by the decoded bits of previous block, it can be pretended unreliable to legitimate parties (even though it is reliable). Therefore, we can have a stable subset for each block, which plays a same role as the original . Then we have the adjusted subsets for strong security scheme as , where , , and .
Next, based on this constructed model and subsets, we carry out the performance stimulation of the strong security coding scheme by choosing , from to and from to . Results of the stimulation are illustrated in Fig. 6. Note that all these results of strong security scheme are the sum of entire blocks. Fig. 6a shows that when the block length increases, the theoretical upper bounds of the legitimate BER is vanishing, which meets the Proportion 4 for reliability. Fig. 6b shows that the information leakage rate is vanishing when increases, which meets the Proportion 5 for strong security. Fig. 6c shows the tendency of secrecy rate approaching the perfect CSI secrecy capacity with an increasing , which meets the Proportion 6 for secrecy rate. Also, for the performance of different , we can observe that when the parameter gets larger, the strong security scheme can obtain a better legitimate BER and information leakage but worse secrecy rate.
Further, we perform a communication test for the strong security scheme with , from to and from to . As illustrated in Fig. 7, when the block length increases, the experimental legitimate BER is dropping to an acceptable low level, and the experimental eavesdropper BER is approaching for uniformly distributed binary confidential message. Thus both reliability and security is obtained.
VI Conclusion
In this paper, we have presented a practical delay CSI WTC model with varying wiretap channel, and then investigate the corresponding secure polar coding scheme to achieve a secure and reliable communication.
As the first step, we proposed a OTP chain based secure polar coding scheme with a preliminary solution for the unidentifiable problem of the neither secure nor reliable subset that we assign the subset with publicly known frozen bits. However, this preliminary solution can only achieve weak security over degraded delay CSI WTC.
In the aim of achieving both strong security and reliability over non-degraded delay CSI WTC, we have further discussed the remaining limitation for applying the multi-block chaining structure and presented an new solution named as modified multi-block chaining structure which uses the secure subset and subset for conveying the bits for . Finally by combining this modified multi-block chaining structure with weak security coding scheme, we have proposed a strong security polar coding scheme which can approach the secrecy capacity of perfect CSI case only with delay CSI assumption, with both reliability and strong security.
At last, we have carried out stimulations which has verified the performance of both weak and strong security coding schemes.
Acknowledgment
This work is supported in part by the Natural Science Foundation of Hubei Province (Grant No.2019CFB137) and the Fundamental Research Funds for the Central Universities (Grant No.2662017QD042, No.2662018JC007).
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] A. D. Wyner, “The wire-tap channel”, Bell System Tech. J. , vol. 54, no. 8, pp. 1355-1387, Oct. 1975.
- 2[2] E. Arıkan, “Channel polarization: a method for constructing capacity achieving codes for symmetric binary-input memoryless channels”, IEEE Trans. Inf. Theory , vol. 55, no. 7, pp. 3051-3073, Jul. 2009.
- 3[3] H.Mahdavifar and A.Vardy, “Achieving the secrecy capacity of Wiretap channels using Polar codes”, IEEE Trans. Inf. Theory , vol. 57, no. 10, pp. 6428-6443, Oct. 2011.
- 4[4] E. Şaşoğlu and A. Vardy, “A New Polar Coding Scheme for Strong Security on Wiretap Channels”, IEEE Int. Symp. Inf. Theory (ISIT) , pp. 1117-1121, Jul. 2013.
- 5[5] S. H. Hassani and R. Urbanke, “Universal polar code”, in IEEE Int. Symp. Inf. Theory (ISIT) , pp. 1451 - 1455, Jun. 2014.
- 6[6] Y.-P. Wei and S. Ulukus, “Polar coding for the general wiretap channel”, in Proc. IEEE Inf. Theory Workshop , pp. 1-5, Apr. 26/May 1 2015.
- 7[7] Y.-P. Wei and S. Ulukus, “Polar Coding for the General Wiretap Channel With Extensions to Multiuser Scenarios”, IEEE J. Sel. Areas Commu. , vol. 34, no. 2, pp. 278-291, Feb. 2016.
- 8[8] R. A. Chou, M. R. Bloch, and E. Abbe, “Polar coding for secret-key generation,” IEEE Trans. Inf. Theory , vol. 61, no. 11, pp. 6213-6237, November 2015.
