A Practical Viewpoint on the Performance of LDPC ... - Semantic Scholar

A Practical Viewpoint on the Performance of LDPC Codes over the Fast Rayleigh Fading Wire-Tap Channel Marco Baldi, Marco Bianchi, Nicola Maturo, Franco Chiaraluce, DII, Universit`a Politecnica delle Marche, Ancona, Italy Email: {m.baldi, m.bianchi, n.maturo, f.chiaraluce}@univpm.it

Abstract—In this paper, we carry out a practical assessment of the performance of finite-length LDPC codes over the wiretap channel with fast Rayleigh fading. Classical metrics for physical layer security, like the secrecy capacity, are based on information theoretic arguments, and provide the ultimate security bounds for these schemes. However, it is difficult to design practical schemes, using some specific finite-length code, able to approach such a performance. Then we use a more practical metric, based on the error probability, which allows assessing the performance achieved in terms of both reliability and security over the fast Rayleigh fading wire-tap channel. Keywords-Fast fading wire-tap channel, LDPC codes, physical layer security, security gap.

I. I NTRODUCTION The wire-tap channel [1] is a very simple model for any transmission technique aimed at achieving physical layer security. In the wire-tap channel, Alice encodes a confidential message (u) into a codeword (c) and transmits it to the authorized receiver (Bob). There is no shared secret between Alice and Bob, since the encoding technique used by Alice is public. An eavesdropper (Eve) observes Alice transmission through her channel. Since Bob’s and Eve’s channels are different, their received messages are usually different as well, and this is the basis for security. When the wire-tap channel is impaired by Additive White Gaussian Noise (AWGN), security can be achieved on condition that Bob has a higher signal-to-noise ratio (SNR) than Eve [2]. Otherwise, a feedback mechanism is needed from Bob to Alice in order to achieve security [3]. In this paper, we focus on a wire-tap channel model in which the AWGN impairment is still present, but in conjunction with a fast Rayleigh fading on both channels. This kind of channel has already been characterized from the information theoretic standpoint [4], which provides the ultimate bounds achievable in terms of physical layer security. Differently from that approach, we aim at evaluating the performance achievable by practical codes and, for this purpose, we use another security metric, based on the error probability achieved by Bob and Eve. For this purpose, as a security metric we use the security gap [5], This work was supported in part by the MIUR project “ESCAPADE” (Grant RBFR105NLC) under the “FIRB – Futuro in Ricerca 2010” funding program.

that is, an explicit evaluation of Bob’s and Eve’s channel quality difference which is required to achieve a fixed level of security, while ensuring that Bob’s reliably receives the secret message. As a state-of-the-art coding technique, we consider the use of low-density parity-check (LDPC) codes, which are a near-optimum coding scheme, able to approach the channel capacity under belief propagation (BP) decoding [6]. The interest for cryptographic applications of LDPC codes is continuously increasing [7]–[9], and they have already been shown to be useful also in secret key agreement schemes [10]. LDPC codes are able to achieve small security gaps over the AWGN wire-tap channel through puncturing [11], [12]. We have recently shown that, over the same channel, the security gap can be kept as small, or even reduced, by using scrambled transmission instead of puncturing, and this also allows reducing the power consumption by requiring smaller SNRs [13]–[15]. The same principle can also be used in wireless networks compliant with the IEEE 802.11 standard, with minor modifications, though LDPC codes have to be replaced with the recommended convolutional codes [16]. Application to the IEEE 802.11 standard thus provides a meaningful example of a possible practical application of the considered concepts. In this paper, we further elaborate on the proposed approach and extend it to the wire-tap channel affected by fast Rayleigh fading. We show that the security gap can still be used as a security metric and estimate its value for some practical LDPC codes over this channel. We consider both the case in which Eve uses the best LDPC softdecision iterative decoder as Bob and in which Eve reaches optimum performance through maximum likelihood (ML) decoding. We show that the use of LDPC coding allows to significantly reduce the security gap with respect to an uncoded transmission. The organization of the paper is as follows. In Section II, we define the system and introduce the tools for its analysis. In Section III, we describe some classes of LDPC codes we wish to compare, and the decoding strategies adopted. In Section IV, we provide examples of security gap evaluation for the different codes considered. Finally, Section V concludes the paper.

hB

Alice u

Encoder

nB

Bob cB

c

Decoder

uB

averaging over all sk , which are assumed to be equally probable, so that: Ps =

Eve cE

hE

Figure 1.

Decoder

uE

nE

Fast fading wire-tap channel model.

II. FAST FADING WIRE - TAP CHANNEL MODEL The wire-tap channel model we consider is shown in Fig. 1. Both Bob’s and Eve’s channels are Rayleigh fading, with fading coefficients hB and hE , respectively, and affected by additive Gaussian noise, n B and nE , with signal-to-noise Eb Eb ratio per bit equal to N and N , respectively. The 0 0 B E fading of the two channels is fast, which means that each transmitted symbol may experience a different fading coefficient. Because of the different channels, the two vectors received by Bob and Eve, cB and cE , will be different, as well as, in general, their decoded messages uB and uE . Focusing on each of the two channels, the fading coefficient is a Rayleigh random variable whose real and imaginary parts are Gaussian random variables with mean 0 and variance 1/2. It follows that its squared modulus, α2 , is chi-square distributed, and the overall channel gain 2 γ = αNE0 b is chi-square distributed as well, with probability density function: pγ (x) =

1 −x/γ e , γ

x≥0

(1)

where γ = E(α2 )Eb /N0 and E(·) denotes the expectation. Since we use Gaussian random variables with mean 0 and variance 1/2, we have E(α2 ) = 1, and γ = Eb /N0 . Let us first suppose that Alice uses an uncoded transmission, that is, c = u. In this case, the average error probability at each receiver can be easily estimated by using the concept of pairwise error probability (PEP) [17]. Let us suppose that the transmitted constellation symbol was sk and the received constellation symbol was sj 6= sk , that is, transition sk → sj has occurred, due to the channel. This event is denoted as Ej , and its probability of occurrence is the PEP P (sj , sk ). The probability of a symbol error conditioned on the transmission of sk can be expressed as:   [ X X P (e|sk ) = P  Ej  ≤ P (Ej ) = P (sj , sk ), j6=k

j6=k

j6=k

(2) where the well known union bound approximation has been used. The symbol error probability can hence be found by

M −1 1 X P (e|sm ), M m=0

(3)

where M is the number of symbols. The considered channel can be seen as an AWGN channel with gain α; so the PEP can be computed as [17]: s  α2 d2jk , P (sj , sk ) = Q  (4) 4N0

where djk = ksj − sk k is the Euclidean distance between sj and sk . Without loss of generality, we can assume that Alice uses a binary shift keying (BPSK) modulation with constellation √ 2E signals s = −s = . In this case, d01 = d10 = 0 1 b √ 2 2Eb , and (4) and (3) simplify to: s  p  2 2α Eb  Pb = P (s1 , s0 ) = P (s0 , s1 ) = Q  2γ , =Q N0

(5) where Pb is the bit error probability. By taking into account the statistical distribution of the channel gain, we can estimate the average bit error probability as: r   Z ∞ √ γb 1 1 1− ≈ , Q( 2x)pγb (x)dx = Pb = 2 1 + γb 4γb 0 (6) where the approximation is good for γb ≫ 1. If we consider that Alice sends messages divided into frames of n bits each, we can get an estimate of the average frame error rate (FER) as:
n Pf = 1 − 1 − Pb . (7)

Over this channel, we define the reliability and security targets by fixing two suitable thresholds on the frame error cE B probability, Pc f and Pf , and by imposing that Bob’s average frame error probability P B is ≤ PcB , while Eve’s average f

f

E frame error probability PfE is ≥ Pc f . If Alice’s message is suitably scrambled before transmission, these conditions translate in the following two constraints on Bob’s and Eve’s cE E B bit error probability: PbB ≤ Pc f /2 and Pb ≥ Pf /2 [15]. The same conditions can also be translated in terms of c Eb Eb signal-to-noise ratio per bit, that is, N0 ≥ N0 and B B c Eb Eb ≤ . Then, the security gap is computed as: N0 N0 E E c Eb N0 B . Sg = (8) c Eb N0 E

Since Sg measures the quality difference between Bob’s and Eve’s channels which is needed to achieve both the

reliability and security targets, the design of the transmission technique used by Alice should aim at reducing it as much E as possible. For example, by considering Pc f = 0.9 and c −5 B P = 10 , we obtain through (7) that an uncoded transf

mission over the fast Rayleigh fading channel with 1024-bit c c Eb Eb frames yields N0 = 20.43 dB and N0 = 74.09 dB. E B Hence, the security gap results in Sg = 53.66 dB, which is a very high value. A solution to reduce Sg consists in using coded transmissions. In [11], [12] punctured codes are proposed, with the secret bits associated to punctured bits. An alternative solution is to implement non-systematic transmission through scrambling [13], which achieves similar or even better reductions in the security gap without needing any substantial increase in the transmitted signal power [14], [15]. Using scrambled transmissions allows translating the security gap into a requirement on the frame error rate, as already done in this section. This is because, under the perfect scrambling condition, the bit error rate equals half the frame error rate, and this effect is practically achievable by using suitably designed scrambling matrices [15]. III. LDPC CODED TRANSMISSIONS OVER THE FAST R AYLEIGH FADING WIRE - TAP CHANNEL An LDPC code is a linear block code defined by a parity-check matrix H which has a low density of non-zero symbols and no more than one overlapping non-zero symbol between any two rows and columns. These characteristics are those which mostly influence the performance of BP soft-decision decoding algorithms, like the sum-product algorithm (SPA) [18]. Hence, LDPC codes are able to achieve very good performance under BP decoding. The code design should aim at maintaining such properties, while taking into account encoding and decoding complexity issues. A very efficient code design technique is the progressive edge growth (PEG) algorithm [19], which maximizes the length of the local cycles in the Tanner graph associated with an LDPC code. This allows achieving very good decoding performance, but the resulting code paritycheck matrix has no inner structure, which may result in a high implementation complexity. On the contrary, other design techniques aim at achieving good graph properties while obtaining structured parity-check matrices [20]–[23]. A. Structured code design We consider two families of structured LDPC codes: quasi-cyclic (QC) codes and multiple serially-concatenated multiple-parity-check (M-SC-MPC) codes. QC-LDPC codes have gained an increasing attention since they allow to achieve very good performance under LDPC iterative decoding while ensuring low complexity encoding, thanks to the QC nature.

They have generator and parity-check matrices formed by circulant blocks. A classical solution for designing the matrix H of a QC-LDPC codes is to use circulant permutation blocks, which also allows obtaining array LDPC codes [24] as a special case. An alternative solution consists in using more general sparse circulant blocks, and a matrix H formed by a single row of circulant blocks [20]: H = [H0 |H1 |...|Hn0 −1 ],

(9)

where each Hi , i = 0, 1, . . . , n0 − 1 is an r × r sparse circulant matrix. We consider QC-LDPC codes with H as in (9) and constant column weight equal to dv . It can easily be shown that the minimum distance of these codes is ≤ 2dv
and the corresponding multiplicity is ≈ r n20 [21]. M-SC-MPC codes are another family of structured LDPC codes which exploit the serial concatenation of very simple component codes, named multiple parity-check codes. This allows obtaining sparse parity-check matrices with good graph properties, which are able to achieve very good performance under LDPC iterative decoding. Introducing some slight variation on the regularity of the parity-check matrices allows to further improve their performance [25], [26]. In M-SC-MPC codes, the i-th component code, i = 1, 2, . . . , M appends its ri redundancy bits to its input vector, having length ki , and hence produces at its output a vector of length ni = ki + ri . Since M component MPC codes are serially concatenated, the overall code PMdimension is k = k1 and the overall redundancy is r = i=1 ri . Concerning the component codes, an MPC code can be defined as a code which computes its j-th redundancy bit as the EX-OR of the codeword bits whose indexes are smaller than j by an integer multiple of ri . From this definition, it follows that the M-SC-MPC code has a lower triangular parity-check matrix with a very simple inner structure. It is formed by M layers of ri ×n elements each, and the elements in any layer are all null except for a series of diagonals full of ones. The latter are aligned on the overall rightmost diagonal, and all the elements over such diagonal are null. This provides H with the lower triangular form, which is also a desirable property from the encoding complexity standpoint. B. Decoding strategies All the code constructions techniques we consider, namely PEG, QC-LDPC and M-SC-MPC, allow to obtain LDPC matrices with good graph properties. Hence, the most natural and efficient way to decode these codes is to use belief propagation soft-decision iterative algorithms, like the SPA. Due to the parity-check matrix sparsity, the code Tanner graph has a small number of edges, and this allows to perform iterative decoding with very limited complexity. We consider the log-likelihood ratio (LLR) version of the SPA, working on logarithmic likelihood values, whose convergence is less affected by finite precision problems [27]

with respect to the linear version. In the channel model we consider, the symbol received upon transmission of x is obtained as y = hx + n. For the BPSK modulation, the corresponding a priori LLR is computed as L(y) = 4yγRc , 2 where γ = αNE0 b and Rc is the code rate. The values of L(y) for each received symbols are the starting point for the LLR-SPA iterative decoding algorithm. We assume that the receiver is able to reconstruct the received signal phase, which is a necessary condition to use phase shift keying modulation, but it does not have complete channel state information to compute the value of γ per each received symbol. Hence, the a priori LLR is obtained by using γ = Eb /N0 and results in L(y) = 4yEs /N0 , where Es is the energy per coded symbol. This expression of L(y) is the same as for the AWGN channel. It is well known that LDPC iterative decoding provides suboptimal performance with respect to ML decoding. However, for the code lengths which are common for LDPC codes, the complexity needed to perform ML decoding is prohibitive. Nevertheless, in a security analysis, it is often requested to assume that Eve has a very high computing power; so, for estimating the security gap, we are also interested in considering the ideal scenario in which Eve uses ML decoding. In this case, we can obtain a lower bound on Eve’s performance over the AWGN channel by using the sphere packing bound [28]. So, we can compute the SNR working point ML c Eb under ML decoding, noted by N , which corresponds 0 E to PcE under this hypothesis, from which a more conservative f

estimate of the security gap follows as: c Eb N 0 B SgML = ML . c Eb N0

(10)

E

In order to extend this reasoning to the fast Rayleigh fading channel, we consider also an outage approach, that is, we focus on the maximum value of Eve’s average channel cE E gain, γ E max , such that the probability that Pf < Pf is not greater than a given value ζ. For this purpose, we consider a best-case estimate of Eve’s error probability, by looking at the maximum value of the channel gain experienced over the n transmitted symbols, that is γM =  max γ1 E , γ2 E , . . . , γn E , and its probability distribution. Since the FER experienced by Eve is lower bounded by the FER she would achieve when the channel gain is equal to γM over the whole transmission, we can estimate γ E max as:    ML    d Eb  E γ¯max = max γ¯ E : P γM > ≤ ζ , (11)   N0 E

E

where γ¯ is Eve’s average channel gain.

ML c Eb Let us denote by Gi the event that γi E > N . 0 E According to (1), its probability of occurrence is P (G i) =   ML c Eb exp − N /γ E . Hence, the complementary cumula0 E

tive distribution function for the random variable γM results in:  ML  ! n [ d E  b n  =P Gi = 1 − [1 − P (Gi )] . P γM > N0 E

i=1

(12) Based on this derivation, we can define an outage secrecy gap for the fast Rayleigh fading wire-tap channel with ML decoding as follows: c Eb N0 SgML,ζ = E B . (13) γ¯max IV. S ECURITY GAP A SSESSMENT

Assessing the performance in terms of security gap needs to consider some specific code with fixed code length and rate. For this purpose, we have designed a first LDPC code having length n = 1024 and rate Rc = 3/4 through the PEG algorithm, which results in an unstructured code. The parity-check matrix column weight for this code is equal to 5. Then, by fixing the same parameters, we have designed two other structured LDPC codes. The first structured code is a QC-LDPC code with paritycheck matrix in the form (9), formed by four 256 × 256 circulant matrices, each with row and column weight equal to 5. This code has been designed through the approach based on random difference families [29], ensuring the absence of short cycles in the associated Tanner graph. The second structured code is obtained as an M-SC-MPC code with M = 5 component MPC codes. Their redundancy is, respectively, r1 = 45, r2 = 47, r3 = 52, r4 = 53, r5 = 59, and the information word length is k = 768; hence the overall code parameters are exactly the same as for the other two codes. As a first step, we have assessed the performance achieved by these three codes over the AWGN channel, under LLRSPA iterative decoding. This is reported, in terms of the FER, in Fig. 2. The figure also reports the curve of the SPB for the same parameters, obtained from [28], which provides a lower bound on the performance achievable through optimal ML decoding. We observe that the performance achieved by the three LDPC codes under iterative decoding is more than 2 dB away from the SPB. The performance of the three codes has been then assessed over the fast Rayleigh fading channel, according to the wire-tap channel model. The FER performance has been estimated through numerical simulations, by using again the LLR-SPA for LDPC decoding. The results, so obtained, are reported in Fig. 3, where we observe that, as expected, the

Table I S ECURITY GAP OVER THE AWGN C HANNEL ( VALUES ARE IN dB)

0

10

SPB(1024, 768) PEG(1024, 768) M-SC-MPC(1024, 768) QC-LDPC(1024, 768)

-1

10



Code PEG M-SC-MPC QC-LDPC

Frame Error Rate

-2

10

E

2.3 2.04 2.33

ML cb E N0 E

cb E N0



0.43 0.43 0.43

4.09 3.89 4.14

Sg

SgML

1.79 1.85 1.81

3.66 3.46 3.71

B

-3

10

Table II S ECURITY GAP OVER THE R AYLEIGH CHANNEL ( VALUES ARE IN dB)

-4

10



Code

-5

10

PEG M-SC-MPC QC-LDPC

-6

10

0

1

2

3 Eb/N0 [dB]

4

5

0

10

PEG(1024, 768) M-SC-MPC(1024, 768) QC-LDPC(1024, 768)

-1

10

-2

10

E γ ¯max E

7.2 6.46 7.14

−10.98 −10.98 −10.98

-4

10

-5

10

-6

0

2

4

6

8 10 Eb/N0 [dB]

12



cb E N0

Sg

SgML,ζ

4.23 4.53 4.65

22.41 21.97 22.77

B

11.43 10.99 11.79

E 10−5 , while the security target is Pc f = 0.9. For the AWGN case, we can obtain, from Fig. 2, the corresponding values c c Eb Eb of N0 and N0 , when both Bob and Eve use the LLRB E SPA decoder, from which the security gap Sg is easily computed. In addition, we can suppose that Eve is equipped with an ML decoder, and obtain a lower bound on her FER performance by looking at the SPB curve in Fig. 2. This ML c Eb way, we determine the SNR working point N , from 0

which SgML is easily computed.

-3

10

10

cb E N0

6

Figure 2. Frame error rate performance of the considered codes over the AWGN channel and comparison with the sphere packing bound.

Frame Error Rate

cb E N0

14

16

Figure 3. Frame error rate performance of the considered codes over the fast Rayleigh fading channel with AWGN.

SNR required to achieve the same FER levels is significantly increased with respect to the case with AWGN only. From Figs. 2 and 3, we notice that the PEG and QCLDPC codes have almost the same performance over both channels, while the M-SC-MPC code exhibits some gain in the SNR with respect to them. This is due to the irregular structure of the M-SC-MPC parity-check matrix, which gives some advantage in performance. Nevertheless, this does not necessarily yields an advantage in terms of the reliability-security targets, since the security gap is affected by the SNR only in relative (not absolute) terms. B As done before, we fix the reliability target as Pc f =

E

The results for the AWGN channel, so obtained, are reported in Table I. We notice that the best result, in terms of security gap, is achieved by the PEG code, though the QC-LDPC code exhibits a very small loss. The M-SC-MPC code requires a security gap Sg increased by 0.06 dB with respect to the PEG code, but it achieves the smallest security gap SgML . In general, the fact that Eve is able to use the ML decoder produces an increase in the security gap on the order of 1.8 dB, as expected.

The same analysis can be performed for the wire-tap channel with fast Rayleigh fading, for which the security gap values are reported in Table II. We see that, when both Bob and Eve use the SPA-LLR iterative decoder, the PEG code achieves the smallest security gap, which is about 2.4 dB higher with respect to the AWGN channel. In Table II we have also reported the security gap estimate which can be obtained when Eve uses the ML decoder, through the outagebased approach described in Section III-B. In this case, by E = −10.98 dB. This considering ζ = 10−3 , we obtain γ¯max is indeed a highly conservative value, which produces a considerable increase in the security gap. In fact, as we observe from the table, SgML,ζ is on the order of 22 dB. Also in this case, the M-SC-MPC code achieves the best performance, due to the advantage it gives to Bob, under iterative decoding, at low SNR.

V. C ONCLUSION We have studied the wire-tap channel with fast Rayleigh fading, and assessed the performance of some LDPC code constructions in this setting. We have defined suitable reliability and security targets in terms of the error probability experienced by Bob and Eve, and used the security gap as a performance measure. Our results show that LDPC codes are actually able to meet the security and reliability targets with a small degradation of Eve’s channel with respect to Bob’s, thus confirming their very good performance also in this context, which was unexplored till now. For the sake of completeness, we have also investigated the ideal scenario in which Eve is able to use an optimal ML decoder. In this case, the security gap evaluation has been based on an outage rate analysis that, however, reveals to be highly conservative. Future work will concern improving this analysis, in such a way as to find more reliable estimates. R EFERENCES [1] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no. 8, pp. 1355–1387, Oct. 1975. [2] S. Leung-Yan-Cheong and M. Hellman, “The Gaussian wiretap channel,” IEEE Trans. Inform. Theory, vol. 24, no. 4, pp. 451–456, Jul. 1978. [3] L. Lai, H. El Gamal, and H. V. Poor, “The wiretap channel with feedback: Encryption over the channel,” IEEE Trans. Inform. Theory, vol. 54, no. 11, pp. 5059–5067, Nov. 2008. [4] P. K. Gopala, L. Lai, and H. El Gamal, “On the secrecy capacity of fading channel,” IEEE Trans. Inform. Theory, vol. 54, no. 10, pp. 4687–4698, Oct. 2008. [5] D. Klinc, J. Ha, S. McLaughlin, J. Barros, and B.-J. Kwak, “LDPC codes for the Gaussian wiretap channel,” in Proc. IEEE Information Theory Workshop (ITW 2009), Taormina, Italy, Oct. 2009, pp. 95–99. [6] T. J. Richardson and R. L. Urbanke, “The capacity of lowdensity parity-check codes under message-passing decoding,” IEEE Trans. Inform. Theory, vol. 47, no. 2, pp. 599–618, Feb. 2001. [7] M. Baldi, M. Bodrato, and F. Chiaraluce, “A new analysis of the McEliece cryptosystem based on QC-LDPC codes,” in Security and Cryptography for Networks, ser. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2008, vol. 5229, pp. 246–262. [8] M. Baldi, M. Bianchi, and F. Chiaraluce, “Security and complexity of the McEliece cryptosystem based on QCLDPC codes,” IET Information Security, 2013, in press. [Online]. Available: http://arxiv.org/abs/1109.5827 [9] R. Misoczki, J.-P. Tillich, N. Sendrier, and P. S. L. M. Barreto. (2012) MDPC-McEliece: New McEliece variants from moderate density parity-check codes. [Online]. Available: http://eprint.iacr.org/2012/409 [10] F. Renna, N. Laurenti, S. Tomasin, M. Baldi, N. Maturo, M. Bianchi, F. Chiaraluce, and M. Bloch, “Low-power secret key agreement over OFDM,” in Proc. ACM HotWiSec 2013, Budapest, Hungary, Apr. 2013, pp. 43–48. [11] D. Klinc, J. Ha, S. McLaughlin, J. Barros, and B.-J. Kwak, “LDPC codes for physical layer security,” in Proc. IEEE Global Telecommunications Conference (GLOBECOM 2009), Honolulu, HI, Nov. 2009, pp. 1–6.

[12] ——, “LDPC codes for the gaussian wiretap channel,” IEEE Trans. Inf. Forensics Security, vol. 6, no. 3, pp. 532–540, Sep. 2011. [13] M. Baldi, M. Bianchi, and F. Chiaraluce, “Non-systematic codes for physical layer security,” in Proc. IEEE Information Theory Workshop (ITW 2010), Dublin, Ireland, Aug. 2010. [14] ——, “Increasing physical layer security through scrambled codes and ARQ,” in Proc. IEEE International Conference on Communications (ICC 2011), Kyoto, Japan, Jun. 2011. [15] ——, “Coding with scrambling, concatenation, and HARQ for the AWGN wire-tap channel: A security gap analysis,” IEEE Trans. Inf. Forensics Security, vol. 7, no. 3, pp. 883– 894, Jun. 2012. [16] M. Baldi, M. Bianchi, N. Maturo, and F. Chiaraluce, “A physical layer secured key distribution technique for IEEE 802.11g wireless networks,” IEEE Wireless Commun. Lett., 2013, to appear. [17] G. L. St¨uber, Principles of Mobile Communication, 3rd ed. Springer, 2011. [18] J. Hagenauer, E. Offer, and L. Papke, “Iterative decoding of binary block and convolutional codes,” IEEE Trans. Inform. Theory, vol. 42, no. 2, pp. 429–445, Mar. 1996. [19] X. Y. Hu and E. Eleftheriou, “Progressive edge-growth Tanner graphs,” in Proc. IEEE Global Telecommunications Conference (GLOBECOM’01), San Antonio, Texas, Nov. 2001, pp. 995–1001. [20] S. J. Johnson and S. R. Weller, “A family of irregular LDPC codes with low encoding complexity,” IEEE Commun. Lett., vol. 7, no. 2, pp. 79–81, Feb. 2003. [21] M. Baldi, F. Bambozzi, and F. Chiaraluce, “On a family of circulant matrices for quasi-cyclic low-density generator matrix codes,” IEEE Trans. Inform. Theory, vol. 57, no. 9, pp. 6052–6067, Sep. 2011. [22] M. Baldi, M. Bianchi, G. Cancellieri, and F. Chiaraluce, “Progressive differences convolutional low-density parity-check codes,” IEEE Commun. Lett., vol. 16, no. 11, pp. 1848–1851, Nov. 2012. [23] M. Baldi, G. Cancellieri, and F. Chiaraluce, “Interleaved product LDPC codes,” IEEE Trans. Commun., vol. 60, no. 4, pp. 895–901, Apr. 2012. [24] M. Baldi, M. Bianchi, G. Cancellieri, F. Chiaraluce, and T. Kløve, “On the generator matrix of array LDPC codes,” in Proc. SoftCOM 2012, Split, Croatia, Sep. 2012. [25] M. Baldi, G. Cancellieri, F. Chiaraluce, and A. De Amicis, “Design of permuted serially concatenated multiple paritycheck codes,” in Proc. SoftCOM 2010, Split, Bol, Croatia, Sep. 2010, pp. 285–289. [26] ——, “Irregular M-SC-MPC codes for wireless applications,” in Proc. European Wireless Conference, Lucca, Italy, Apr. 2010, pp. 369–376. [27] M. Baldi, G. Cancellieri, and F. Chiaraluce, “Finite-precision analysis of demappers and decoders for LDPC-coded MQAM-systems,” IEEE Trans. Broadcast., vol. 55, no. 2, pp. 239–250, Jun. 2009. [28] G. Wiechman and I. Sason, “An improved sphere-packing bound for finite-length codes over symmetric memoryless channels,” IEEE Trans. Inform. Theory, vol. 54, no. 5, pp. 1962–1990, May 2008. [29] M. Baldi and F. Chiaraluce, “Cryptanalysis of a new instance of McEliece cryptosystem based on QC-LDPC codes,” in Proc. IEEE International Symposium on Information Theory (ISIT 2007), Nice, France, Jun. 2007, pp. 2591–2595.