Network Coding and Wireless Physical-layer ... - Jacobs University
Network Coding and Wireless Physical-layer ... - Jacobs University
Network Coding and Wireless Physical-layer ... - Jacobs University
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 7: <strong>Physical</strong>-<strong>layer</strong> Key Encoding for <strong>Wireless</strong> <strong>Physical</strong>-<strong>layer</strong> Secret-key<br />
Generation (WPSG) with Unequal Security Protection (USP) 95<br />
perfect secrecy of Y 1 is achieved.<br />
Now, in order to construct Z 2 , Z 3 , <strong>and</strong> so on, we perform a linear combination of I V K<br />
key symbols similar to (7.2). Therefore, our physical-<strong>layer</strong> key encoding can be defined by<br />
a linear block code C p transforming an I K -tuple K over GF (q I K<br />
) of key symbols obtained<br />
from the quantizer into an M-tuple codeword Z over GF (q M ). We propose the following<br />
theorem providing two necessary <strong>and</strong> sufficient conditions for perfect secrecy.<br />
Theorem 7.1 If I V K out of I K physical-<strong>layer</strong> key symbols generated by the quantizer can<br />
be correctly estimated by the eavesdropper, the cryptosystem in Fig. 7.1 still maintains<br />
perfect secrecy if <strong>and</strong> only if each member in the I K -dimensional vector K is statistically<br />
independent of one another <strong>and</strong> the physical-<strong>layer</strong> code C p has the following properties. [4]<br />
7.1.1. Every code symbol is a linear combination of at least I V K + 1 input symbols.<br />
7.1.2. Every linear combination of any subset of code symbols results in a linear combination<br />
of at least I V K + 1 input symbols.<br />
Proof From earlier discussion it should be clear that the first condition is necessary.<br />
The necessity of the second condition can be proved by contradiction as follows. If the<br />
combination of ν code symbols ∑ ν<br />
i=1 Z i yields a combination of I V K +1−δ input symbols,<br />
where δ is a positive integer, the eavesdropper who calculates ∑ ν<br />
i=1 Y i may know the exact<br />
value of ∑ ν<br />
i=1 Z i, since the number of input symbols in the combination does not exceed<br />
the number of vulnerable symbols. If ∑ ν<br />
i=1 Z i is known, perfect secrecy is not achieved<br />
because these ν encoded key symbols are not independent.<br />
As for the sufficiency, we can also prove it by contradiction. Now, we have to prove<br />
that if perfect secrecy is not achieved, either the condition 7.1.1 or 7.1.2 is not satisfied.<br />
By definition, perfect secrecy in a one-time-pad system is not achieved only if either 1)<br />
at least one Z i , i = 1, 2, ..., M is known or 2) any linear combination of some Z i is known<br />
implying linear dependence among key symbols. Since 1) <strong>and</strong> 2) will not happen if the<br />
condition 7.1.1 <strong>and</strong> 7.1.2 are, respectively, satisfied, the two conditions are sufficient.<br />
Now, we focus our attention on the special case when K <strong>and</strong> Z are vectors of binary