1. Introduction
With the continued deployment of digital devices, wireless communications are experiencing rapid evolutions. However, due to the inherent broadcast nature of wireless communications, security has become a significant problem during wireless transmissions. To prevent eavesdropping and to ensure the security of transmitted data, traditional security relies on upperlayer encryption. However, the higherlayer secret key exchange requires extra communication resources, reducing the throughput. Fortunately, this can be addressed by employing physical layer security (PLS) techniques [
1,
2] that utilize the inherent randomness of wireless channels.
PLS has been widely studied as a technique to protect the confidentiality of wireless communications, which uses the uniqueness and reciprocity of the physical channel to encrypt information and enhance the security of the system. There are now two main categories of PLS techniques: the first uses the public channel to generate keys [
3]; the second uses link signatures to generate physical layer keys [
4]. Due to the reciprocity of uplink and downlink transmissions in timedivision duplex (TDD) systems, legitimate users have access to identical channel characteristics, which is the basis for legitimate usergenerated keys [
5,
6]. In addition, to reduce the resource consumption associated with the sharing and management of keys in wireless networks by exploiting the reciprocity of wireless channels with mutual information (MI) from channel measurements between legitimate users [
7], researchers have proposed a number of PLS methods to generate cryptographic keys using channel state information (CSI) to ensure the security of communication systems [
8,
9,
10].
In addition, PLS techniques for visible light communication (VLC) systems were investigated by many researchers as well [
11]. A highly accurate and low computational burden noncoherent detection algorithm was proposed in [
12]. The use of highdimensional (HD) constructions of ultraviolet signal geometrical features that are insensitive to intersymbol interference (ISI) contamination provides better detection performance. Additionally, [
13] proposed a spatial constellation design method based on generalized spatial shift keying for the PLS of multiuser (MU) multipleinput multipleoutput (MIMO) VLC systems, where the transmit power of randomly selected lightemitting diodes is adjusted by using the CSI of the user at the transmitter. Interuser security is ensured while providing minimum bit error rate (BER) for legitimate users.
However, the disadvantage of using CSI to generate keys is that when the wireless channel changes slowly, the rate of key generation becomes small as well [
14]. In addition, most key generation schemes assume that the eavesdropper’s channel is independent of the legitimate channel, ignoring the influence of the eavesdropper. However, when the eavesdropper’s channel is correlated with the legitimate channel, the eavesdropper may be able to extract enough information to generate the same key as the legitimate user, resulting in the disclosure of confidential information [
14]. To further ensure communication security, artificial noise and beamforming techniques have been proposed in existing research, which have been demonstrated to be effective in increasing the secrecy capacity between legitimate users [
15,
16]. Furthermore, in relay communication scenarios, cooperative jamming and cooperative forwarding are proposed in [
17] to ensure the security of the communication systems.
The use of artificial noise to improve physical layer security was first proposed by R. Negi et al. [
18]. Specifically, the transmitter splits a fraction of the transmit power to send artificial noise that is directed at the eavesdropper and aimed at the zero space of the legitimate receiver, artificially increasing the gap in noise levels between the legitimate user and the eavesdropping user.
When the transmitter has the perfect knowledge of the CSI of the eavesdropping channel, joint optimization of information and artificial noise covariance can be performed [
19], which better achieves secure communications. However, in practical engineering applications, obtaining a complete and accurate CSI is difficult due to limitations such as time delay, Doppler offset and the finite length of feedback information. A power allocation scheme for artificial noise injection is proposed in [
20], in which the transmitter does not need to know the CSI of the eavesdropping channel. The work of [
21] developed a new layered PLS model to protect confidential information and proposed an artificial noiseassisted PLS scheme to maximize information security while maintaining low information confidentiality.
Furthermore, artificial noise can also be generated in a cooperative manner, that is, other nodes in the communication system assist in sending noise to interfere with the eavesdropper while sending information by a single antenna node [
22], where the system security is ensured by adding spatial artificial noise to the relay forwarding signal in a collaborative manner. Although the design scheme based on artificial noise improves the security communication rate of the system, it also inevitably increases the peak average power ratio.
In addition to artificial noise techniques, more practical PLS designs were proposed over the past years. For example, by encoding the source message, PLS secure encoding not only eliminates the need for a key but also avoids the resource overhead associated with multiple interactions between the communicating parties. A spatial modulation scheme for channelquality indicator (CQI) mapping was proposed in [
4], which changes the spatial modulation mapping pattern for generating physical layer keys based on the instantaneous CQI in the legitimate channel and shares the spatial modulation pattern with the legitimate receiver, which not only improves the data rate of the legitimate channel but also reduces the detection performance of the eavesdropper. Because the eavesdropper is not aware of the CQIbased spatial modulation mapping pattern, the correct demodulation method cannot be obtained.
Due to the advantages of channel coding with high decoding performance, the combination of highperformance codes with the characteristics of the wireless system itself has become a hot spot for the exploration of secure coding. Ref. [
23] proposed a secrecy coding based on the randomness of the wireless channel, which can guarantee the security and reliability of the communication system at the same time. Ref. [
24] proposed a coding design guideline for Rayleigh fading eavesdropping channels, using lattice codes to achieve confidential communication. In [
25], a new wired eavesdropping channel code construction with security and error correction guarantees was proposed to protect important confidential messages while protecting legitimate users from errors when receiving them. Ref. [
26] used discretetime fully analog joint sourcechannel coding over wireless channels to prevent eavesdropping. These secrecy coding schemes have theoretically proven to be close to the secrecy capacity. However, the design of more practical secrecy coding schemes remains to be addressed.
Polar code [
27] has been studied for decades and has been used in Enhanced Mobile Bandwidth (EMBB) control channels for 5G communication systems. Corresponding decoding algorithms such as successive cancellation (SC) [
28], successive cancellation list (SCL) and cyclic redundancy checkaided (CRC) SCL [
29] algorithms perform recursive decoding based on the concatenated structure of polarized codes, which greatly improves decoding accuracy. The characteristics of the channel polarization make it suitable for PLS, and hence attract numerous researchers’ attention. For instance, the authors in [
30] designed a PLS key generation scheme by selecting a frozen bits mapping pattern according to instantaneous CQI. Additionally, the strong and weak secrecy limits of PLS polarization codes are studied in [
31,
32], respectively.
To the best of our knowledge, there are currently no designs based on frozen bit constructions of polar codes in PLS. Against this background, in this paper, we propose a polar code construction scheme based on the CQI for wireless communication systems operating on the TDD mode, where the construction of the frozen bits in this scheme is determined by the instantaneous gain in the legal link. Due to the reciprocity of TDD systems, the transmitter and the legitimate receiver can obtain the same CSI of the legitimate channel without using the feedback channel, so the legitimate receiver always knows the instantaneous gain of the legitimate channel and its mapped frozen bit pattern, which ensures that the legitimate receiver can perform accurate decoding using a lowcomplexity decoding algorithm. At the same time, the eavesdropper does not have access to the instantaneous gain of the legitimate channel and therefore is not able to determine the frozen bit construction used by the transmitter, and thus the eavesdropper is not be able to decode in the correct way, which greatly reduces the accuracy of the eavesdropper’s decoding. We provide a bold and clear comparison with the literature in
Table 1, and our novel contributions are summarized below:
We introduce a frozen bit construction scheme that is determined by the instantaneous channel gain of the legitimate link. The range of instantaneous channel gain is first divided into multiple nonrepeating continuous intervals. Due to the adaptive nature of polar codes, different channel gain intervals generate different frozen bit construction patterns as a way to match the reliability of the channel. Since the eavesdropper does not know the frozen bit pattern selected by the transmitter, he/she is not able to complete the decoding of the legitimate link information. Therefore, this scheme improves the decoding performance of legitimate receivers, degrades the performance of eavesdroppers and breaks the condition of the single construction pattern.
In contrast to the work in [
30], which considers the 01 mapping patterns of the frozen bits, we investigate the frozen bit generation by adopting the Gaussian approximation (GA). Specifically, we employ the GA construction algorithm to generate different frozen bit patterns depending on the instantaneous CQI of the legal channel. We demonstrate that different channel gains have relatively large differences in the frozen bit structure constructed by the GA algorithm. The eavesdropper decodes the information propagated by the transmitter according to a different frozen bit pattern, which leads to a higher bit error rate (BER) performance.
Assuming that the eavesdropper has strong computational power, the eavesdropper can rely on the brute force search of the frozen bit construction used by the transmitter for strong detection capabilities to obtain confidential information transmitted over the legitimate link. Simulation results demonstrate that as the signaltonoise ratio (SNR) increases, the chances of the eavesdropper relying on powerful computational power to find the correct frozen bits location information do not show much prominence, confirming that the PLS scheme proposed in this paper shows strong stability against powerful eavesdroppers.
The remainder of this paper consists of the following sections.
Section 2 describes the system model and the compiled code for the transmitter and receiver.
Section 3 details the proposed CQIbased PLS design scheme, and
Section 4 presents simulation results and evaluates the performance of the scheme. Finally, the paper is concluded in
Section 5.
3. Physical Layer Secret Key Generation
In this section, we introduce the proposed CQIbased PLS scheme for polarcoded systems.
3.1. Polar Encoding at Alice
At Alice, an $N={2}^{n}$bit vector $\mathbf{u}$ can be encoded into an Nbit encoded vector $\mathbf{x}$, where $\mathbf{u}$ contains K information bits and $(NK)$ frozen bits, and the location of the frozen bits is defined in terms of ${\mathbf{u}}_{\mathcal{F}}$, while the complementary set of $\mathcal{F}$ is $\mathcal{M}$ representing the information bit position. Accordingly, ${\mathbf{u}}_{\mathcal{M}}$ represents the information bit locations.
Due to the channel reciprocity in the TDD systems, both Alice and Bob are able to obtain the channel gain
${h}_{b}{}^{2}$. However, Eve cannot obtain any information about the legitimate link
${h}_{b}$ between Alice and Bob by eavesdropping. Therefore, Alice uses the random channel gain
${h}_{b}{}^{2}$ and performs the GA algorithm to determine the number and the positions of frozen bits. The range of the channel gain is
$[0,+\infty )$, which is divided into
P consecutive intervals
$\left[{\phi}_{p1},{\phi}_{p}\right)$, where
$p=1,2,3\dots P$. In order to make the probability of the channel gain be in each interval the same
$1/P$, the probability density function (pdf) of the channel gain is set to
${f}_{X}\left(x\right)={e}^{x}$. Then, we have
Thus, the range of channel gain
$[0,+\infty )$ is divided into
P nonoverlapping consecutive intervals according to (11); therefore, Alice has
P candidate constructions for frozen bits, denoted as
${\mathbf{u}}_{\mathcal{F}}^{\left(1\right)},{\mathbf{u}}_{\mathcal{F}}^{\left(2\right)},\cdots ,{\mathbf{u}}_{\mathcal{F}}^{\left(P\right)}$. Alice selects the frozen bit pattern corresponding to the
${p}^{\mathrm{th}}$ interval for polar encoding. In this case, the frozen bits construction is used to match the reliability of the channel using the GA algorithm to achieve the current channel capacity, as shown in Algorithm 1. Different channel intervals correspond to different frozen bits patterns, as shown in
Table 2. Here, we list the situation of
$N=32$ when
$P=4$ and
$P=8$ and represent the frozen bit patterns as hexadecimal. Furthermore, to prevent Eve from observing the modulation and thus obtaining the gain level of the legitimate channel, Alice takes the same
MQAM, thus using
${log}_{2}\left(1+{h}_{b}{}^{2}{E}_{s}/{\sigma}_{Z}^{2}\right)$ bits per channel, where
${E}_{s}$ is the energy of each quadrature amplitude modulation (QAM) symbol and
${\sigma}_{Z}^{2}$ is the noise power.
Algorithm 1 Generate frozen bits patterns ${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$ 
 Input :

Code length $N={2}^{n}$ 
The number of channel interval P 
Channel gain ${h}_{b}{}^{2}$ 
Information bits length K 
Signaltonoise ratio $\mathit{SNR}$  Output :

Frozen bit pattern ${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$  1:
Calculate P different channel intervals $\left[{\phi}_{p1},{\phi}_{p}\right)$ according to (11);  2:
Obtain $\left[{\varphi}_{p1},{\varphi}_{p}\right)$ by matching the channel interval with ${h}_{b}{}^{2}$;  3:
Calculate initial $\delta ={\left({10}^{\left(\frac{\mathit{SNR}}{10}\right)}\xb7\left(\frac{{\varphi}_{p1}+{\varphi}_{p}}{2}\right)\right)}^{\frac{1}{2}}$;  4:
Initialize the LLR mean value of channel W ${m}_{1}^{\left(1\right)}=\frac{2}{{\delta}^{2}}$;  5:
for$0\le j\le n1$do  6:
Calculate the mean LLR ${m}_{{2}^{n}}^{\left(i\right)}$ of the subchannel iteratively according to [ 27];  7:
for$1\le i\le {2}^{j}$do  8:
${m}_{{2}^{j+1}}^{(2i1)}={\varphi}^{1}\left[1{\left(1\varphi \left({m}_{{2}^{j}}^{\left(i\right)}\right)\right)}^{2}\right]$;  9:
${m}_{{2}^{j+1}}^{\left(2i\right)}=2{m}_{{2}^{j}}^{\left(i\right)}$;  10:
end for  11:
end for  12:
Sort ${m}_{{2}^{n}}^{\left(i\right)}$ from smallest to largest;  13:
${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$ takes the first $NK$ values of ${m}_{{2}^{n}}^{\left(i\right)}$

Alice then encodes the original sequence $\mathbf{u}$ to $\mathbf{x}$ by XOR operation through (3),(4) and modulates the encoded $\mathbf{x}$ with MQAM to obtain $S=E/{log}_{2}M$ symbols $\mathbf{t}=\left[{t}_{1},{t}_{2},\cdots ,{t}_{S}\right]$ for transmission; Bob receives the signal and decodes it successfully. However, Eve is not able to decode the message in the correct way because she does not know the frozen bit pattern used by Alice. This greatly enhances the security of the information transmitted over the legitimate channel.
3.2. Polar Decoding at Bob
Due to the reciprocity of TDD systems, Bob is already fully aware of the channel gain
${h}_{b}{}^{2}$ in each block of the legitimate channel, and therefore Bob also knows the frozen bits construction
${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$ chosen by Alice. According to (12), when Bob receives the signal, he/she can decode it using the SC [
28], SCL or CRCSCL [
29] decoding algorithms to obtain the information bits. For any polarcoded bit sequence
$\mathbf{x}=\left[{x}_{1},{x}_{2},\cdots ,{x}_{N}\right]$, Bob calculates the LLR of the
${i}^{th}$ bit
${x}_{i}$ by
where
${y}_{\mathrm{B}}$ is the signal received by Bob and
${x}_{i}$ represents Alice’s
${i}^{\mathrm{th}}$ transmitted bit, where
$i=1,2,3\dots N$.
Through these LLRs, Bob’s SC decoding process depends on (6), (7) and (8). As shown in
Figure 4,
${\widehat{u}}_{i},i\in {\mathbf{u}}_{\mathcal{M}}$ can be completely estimated, and the confidential information transmitted by Alice can be successfully obtained.
In addition, Bob can also use the SCL algorithm to decode, which can further improve the decoding performance of legitimate links. Furthermore, by adding a CRC check code to the transmitted source signal, after the SCL decoding obtains a variety of decoding results, the CRC check is performed on these decoding results. The decoding results with the minimum PM value are the actual output decoding results through CRC check. In this way, the decoding performance is improved.
3.3. Polar Decoding at Eve
Eve tries to eavesdrop on confidential information from a legitimate link, according to (2) received the signal
${\mathbf{y}}_{\mathrm{E}}$, and uses SC algorithm to decode the same as Bob, as shown in
Figure 4; the LLRs on the right side of its XOR is represented as
where
${y}_{\mathrm{E}}$ is the signal received by Eve.
Eve combines these LLRs and performs three different XOR operations like Bob, and finally successfully estimates information bits transmitted by Alice ${u}_{i},i\in {\mathbf{u}}_{\mathcal{F}}\cup {\mathbf{u}}_{\mathcal{M}}$. Furthermore, Eve can also decode by adding candidate decoding paths and a CRC check, using SCL and CRCSCL. However, the biggest difference from Bob is that Eve determines the construction of frozen bits in the signal according to the gain of eavesdropping channel ${h}_{e}{}^{2}$, and then estimates the bits transmitted by Alice through (7), which cannot obtain the legitimate channel gain ${h}_{b}{}^{2}$. Therefore, Eve adopts the wrong frozen bit construction for decoding.
4. Simulation Results
In this section, the design of the proposed PLS scheme is verified by comparing the error correction capability of Bob and Eve. Considering the worstcase security performance evaluation of our scheme, Eve is assumed to have strong eavesdropping capability and full knowledge of the eavesdropping channel gain. In addition, in the TDD system, we assume that Alice and Bob also have full knowledge of the legitimate channel gain
${h}_{e}{}^{2}$. Under this condition, simulations are carried out. The simulation parameters are summarized in
Table 3.
The BER and block error rate (BLER) are compared in
Figure 5 and
Figure 6 for Bob and Eve, respectively, where Alice uses quadrature phaseshift keying (QPSK) with a polar code length of
$N=256$ and a code rate of
$R=0.5$, and the channel gain
$[0,+\infty )$ is divided into
$P=16$ consecutive nonrepeating intervals. Under this condition, Bob and Eve may adopt SC, SCL or CRCSCL decoding algorithms, where the candidate list size is
$L=12$ in the SCL decoder and a 24bit CRC is employed in the CRCSCL decoder. As shown in
Figure 5, through the design of our proposed PLS scheme, under the same condition, as the SNR increases, the BER of the eavesdropper Eve differs from that of Bob. The difference between Eve’s BER and Bob’s BER is over 9 dB at the BER of
${10}^{1}$. The difference is even more significant in terms BLERs, as shown in
Figure 6, which verifies the reliability of the proposed PLS scheme. Note also that by comparing the case of Bob with only a single frozen bit pattern versus multiple frozen bit patterns, we can observe that our proposed PLS scheme improves the decoding performance of legitimate receivers; degrades the performance of eavesdroppers, and breaks the condition of the single construction pattern.
As expected, Bob was able to obtain better decoding performance using the SCL and CRCSCL decoding algorithms than Eve, who was unable to determine the frozen bit construction ${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$ selected by Alice due to its inability to obtain the legitimate channel gain ${h}_{b}{}^{2}$. He/she could only guess the frozen bit construction ${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$ based on the eavesdropping channel parameters ${h}_{e}{}^{2}$, and thus achieved worse performance when Eve used the SCL and CRCSCL decoders. The main reason for this is that Eve does not know the correct ${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$, resulting in an incorrect candidate path for the SCL decoder, and adding check bits to this results in a higher error rate. We can see that in BLER, Eve’s SCL decoder has almost the same performance as CRCSCL decoding, which is consistent with the intuition that Eve will pick the shortest path decoding result when the CRC checksum does not pass. Similarly, in terms of BLER, our proposed PLS solution not only reduces Eve’s performance but also improves Bob’s performance.
Figure 7 and
Figure 8 further investigate the PLS scheme proposed in this paper, using a longer polar code length
$N=512$. By comparing
Figure 5 with
Figure 7, we find that as the code length
N increases, Bob’s decoding performance improves, however, Eve’s performance decreases, with their BER performance differing from Bob by more than 10 dB. Similar conclusions can be drawn by comparing
Figure 6 with
Figure 8.
By definition, the physical layer secrecy capacity is the channel capacity difference between the legitimate channel and the eavesdropping channel. In the proposed scheme, Bob is able to reach a BLER of ${10}^{5}$, while Eve can barely decode a complete frame correctly, so the mutual information between Eve and Alice is almost zero, which makes the capacity capacity of the system asymptotically close to the legitimate channel capacity, thus verifying that this scheme achieves superior performance in terms of the secrecy capacity.
Furthermore, the number of channel gain intervals
P and the possible effect of the code rate
R on this scheme are investigated in
Figure 9. The formula (11) and
Table 2 give details of the different frozen bit constructions
${\mathbf{u}}_{\mathcal{F}}^{\left(p\right)}$ at different intervals of
P. As shown in
Figure 9, there is almost no difference between the BLER of Bob using
$P=16$ and
$P=32$ intervals. This is because Bob knows clearly about the corresponding frozen bit construction pattern of the
${p}^{th}$ interval every time. The only performance difference results from the GA construction at different SNRs. By contrast, by comparing Eve’s decoding performance at
$P=16$ and
$P=32$, it can be seen that Eve’s decoding performance decreases as
P increases because as the interval of channel gain becomes larger, Alice has more different frozen bit constructions, which leads to a lower probability that Eve’s perceived frozen bit construction is the same as the one used by Alice, thus leading to a worse decoding performance. On the other hand, when we lower the code rate
R, we can find that Bob’s performance improves at
$R=0.25$ compared with
$R=0.5$. The reason for this is that as the code rate decreases, there are fewer locations to transmit confidential information, and thus Bob’s performance improves somewhat. Eve also has the same effect. Overall, Eve’s performance is wellsuppressed and Bob’s performance is slightly improved as the number of channel gain intervals increases without changing the code rate.