From Quantum to Wireless: A Step Towards Physical-Layer Security

Quantum information theory is widely recognized as an arguably powerful paradigm for physically secure communications. In general, any attack that an eavesdropper, say Eve, perpetrates in order to gain access to messages or keys exchanged by the legitimate parties, say Alice and Bob, will result in disturbances to quantum states that can be detected with overwhelming probability — security is guaranteed by exploiting the fundamental laws of quantum physics. Once a quantum channel is established, Alice and Bob can generate common randomness and use a mix of public communication and privacy amplification to distill a secret key from the correlated random bit strings they possess. Consider now a common wireless communications scenario in which Alice and Bob exchange messages by sending electromagnetic signals over the ether. Since the laws of physics governing such a communication system belong to the realm of classical physics, Eve may listen to the transmitted signals without being detected and it is not immediately clear how Alice and Bob can exploit the physical properties of the wireless channel to ensure secure communication. Answering this question requires us to go back to the foundations of information-theoretic security, which builds on Shannon’s notion of perfect secrecy [1]. In seminal papers, Wyner [2] and later Csiszár and Körner [3] prove that (quite remarkably) there exist channel codes guaranteeing both robustness to transmission errors and a prescribed degree of data confidentiality. A general setup for the so called wiretap channel is shown in Figure 1. In the original version, proposed by Wyner in [2], two legitimate users communicate over a main channel and an eavesdropper has access to degraded versions of the channel outputs that reach the legitimate receiver. In [4] it was shown that if both the main channel and the wiretap channel are additive white Gaussian noise (AWGN) channels, and the latter has less capacity than the former, the secrecy capacity (i.e. the maximum transmission rate at which the eavesdropper is unable to decode any information) is equal to the difference between the two channel capacities. Consequently, confidential communication is not possible unless the Gaussian main channel has a better signal-to-noise ratio (SNR) than the Gaussian wiretap channel. In the seventies and eighties, the impact of these works was limited, partly because practical wiretap codes were not available, but mostly due to the fact that a strictly positive secrecy capacity in the classical wiretap channel setup requires the legitimate sender and receiver to have some advantage (a better SNR) over the attacker. Moreover, almost at the same time, Diffie and Hellman [5] published the basic principles of public-key cryptography, which was to be adopted by nearly all contemporary security schemes.