Pre-coded LDPC coding for physical layer security

Alice sends an n-bit transmitted sequence X ⁿ ∈{x ₁,x ₂,⋯,x _n } after encoding a k-bit pre-coded message M ^k ∈{m ₁,m ₂,⋯,m _k } (M ^k is the pre-coded message of the s-bit secret message U ^s ∈{u ₁,⋯,u _s }). The received sequences of Bob and Eve are denoted as Y ⁿ and Z ⁿ , respectively. Alice sends message X using binary phase-shift keying (BPSK) modulation. The Gaussian wiretap channel model can then be generalized [9, 10] as follows:

where \(N_{i}^{Bob}\) and \(N_{i}^{Eve}\) are independent and identically distributed (i.i.d) zero-mean Gaussian random variables of variance \({\sigma _{B}^{2}}\) and \({\sigma _{E}^{2}}\), respectively, and κ is a positive constant that models the gain advantage of the eavesdropper over the destination.

Let n _ch be the number of transmitted bits over the channel, and n _code denote the codeword block length of the LDPC code. Define the design rate \(R_{d}=\frac {k}{n_{ch}}\), the secret rate \(R_{s}=\frac {s}{n_{ch}}\), and the code rate \(R_{c}=\frac {k}{n_{code}}\). In general, if the number of the secret message bits s is equal to the dimension of the LDPC code k, then R _s =R _d . If R _s <R _d in [7], it may help to achieve the reduced security gap but higher power should be needed to achieve the reliability condition. Since the power saving is important in many applications, R _s ≈R _d is preferred.

In [7], D.Klinc et al. proposed punctured LDPC codes to achieve security over the Gaussian wiretap channel. The punctured LDPC codes are employed to remove the exposure of the secret message to Eve. The puncturing fraction is denoted by p, which implies the fraction of the punctured secret message. To construct the R _s =R _d code, the mother code with rate R _c =p<0.5 must be used, since the secret rate R _s =p/(1−p). The authors of [7, 8] demonstrated that the punctured code can remarkably reduce the security gap compared with the non-punctured code. However, the punctured code has less reliable performance than the non-punctured code and requires higher power to achieve good performance over the main channel. To overcome these vulnerabilities, non-systematic codes using scrambling schemes were proposed by Baldi et al. [16, 17]. In the scrambling scheme, Alice generates the pre-coded message m by multiplying the secret message vector u and scrambling matrix S. Alice then sends the encoded message x by a product of the pre-coded message m=u·S and the generator matrix G to Bob. The scrambling procedure transforms the systematic code to the non-systematic code. Unlike the previous puncturing scheme, the scrambling scheme maintains that the secret and code rates are equal, that is R _s =R _c , and the scheme requires the same signal power to achieve reliability. The expression of scrambling can be written as

A 1×n pre-coded codeword x is generated by multiplying a k×n generator matrix G and 1×k pre-coded message m constructed by multiplying a 1×k secret message u and a k×k scrambling matrix S. Figure 2 illustrates a simple example of the puncturing and scrambling schemes. The received signal is first decoded using the channel decoder. The decoded message \(\hat {u}\) is solved through multiplication by the inverse scrambling (descrambling) matrix S ⁻¹ and the decoded message m, and the expression of descrambling can be written as

It is possible to recover the secret message with correct decoding. However, if decoding fails, an error propagation phenomenon is observed due to the density of the descrambling matrix S ⁻¹ in the right-side term of the above equation. In [17], perfect scrambling is denoted by a descrambling matrix with row and column weight >1 and a density close to 0.5. Thus, perfect scrambling with one (or more) error(s) causes an error rate around 0.5 in the final decoded message. Since the BER of Eve is very close to 0.5 (if errors are randomly distributed), it would be difficult to extract much information about the message. In terms of the gain of signal power, Baldi et al. showed that the puncturing scheme has worse error correcting performance than the scrambling scheme with respect to systematic LDPC coding. This is because the puncturing scheme increases the code rate and has a negative impact on the code minimum distance which is reduced [23, 24]. However, the scrambling scheme can only provide an error propagation effect, not error correction. The use of the scrambling scheme without FEC (as unitary rate coding, section 3-A in [17]) guarantees security performance on average, though it does not provide improved reliability.

Security processing with error propagation must be provided to achieve security. Thus, in this paper, we propose the FF code as a pre-code, which is the inverse form of a differential coding (DC) scheme. The proposed code has low complexity and a feed-forward structure, not a recursive form. Its generator polynomial is g _FF (D)=1+D with a memory order of 1. Figure 4 presents the block diagram of the FF encoder.

The FF encoder is a reversed form of the differential encoder, i.e., the FF encoder and differential decoder constructions are the same structure. The matrix equation of the proposed encoder is expressed as follows:

and the pre-coded sequence m _n can be directly expressed as

Unlike the differential encoder, the output message of the FF encoder consists of the modulo-2 addition between the previous input symbol and the present input symbol. The density of the descrambling matrix \(G_{FF}^{-1}\) is close to 0.5 due to the full upper triangular matrix. For arbitrary n, the density of \(G_{FF}^{-1}\), D _FF , can be written as:

where n is the length of the secret message. If n approaches infinity,

On the case of binary phase shift keying (BPSK), the bit and frame error probability are given as

Therefore, an upper bound (UB) of FF hard decision decoding is guaranteed as

From [6], it is easily proved that the bit error probability after FF hard decision decoding approaches half the frame error probability, as in [16, 17]. Let j be the number of errors, P _j be the probability that a received n-bit vector contains j errors before FF hard decision decoding, m _i be the ith error position in an n-bit string which contains j errors, and ξ _j be the number of all possible cases after FF hard decision decoding in the n-bit string which contains j errors. Ω _e denotes the expectation value of the number of errors after FF hard decision decoding. Under such assumptions, the bit error probability after FF hard decision decoding can be expressed as follows:

with

In Fig. 5, the BER performance of the FF hard decision decoding with the number of transmitted bits n=10 is evaluated by the upper bound, error probability of perfect scrambling, error probability of FF hard decision decoding, and simulation. The upper bound and error probabilities are computed from [7–9]. The simulation results show that the performances of equations [7–9] are very close to the simulation result. From the figure, the performance and the descrambling density of the proposed FF code are close to the conventional scrambling scheme.

The inverse generator polynomial is \(g_{FF}^{-1}(D)=\frac {1}{1+D}\) because the pre-coded message \(\hat {M}=(\hat {m}_{1},\hat {m}_{2},\cdots,\hat {m}_{n})\) consists of the generator polynomial g _FF (D)=1+D. The FF decoder is a recursive form of the encoder. Because of this construction, the FF-decoded message \(\hat {U}=(\hat {u}_{1},\hat {u}_{2},\cdots,\hat {u}_{n})\) has a regularity as follows:

The recursive form of a decoder can continuously propagate a bit error when an error occurs in the received message. The construction of the FF code is based on the convolutional code. Thus, the FF code can be expressed using a trellis diagram. The FF code can be decoded using a soft-input soft-output (SISO) decoder or symbol-by-symbol maximum a posteriori (MAP) algorithm. The representative MAP decoding algorithm is the BCJR algorithm [26] used in classical turbo decoding. By applying the symbol detection of the BCJR algorithm using soft decision, the performance loss of the sequence detection from hard decision can be reduced. The trellis diagram of the FF code is presented in Fig. 6.

Figure 6 describes the nth FF-decoded message \(\hat {u}_{n}\) value 0 (1) as a solid (dotted) line. When the decoding is performed, the FF-decoded bit is correlated with all of the incoming bits. It has a coding gain in the high SNR region owing to the correlation property. Figure 7 presents the BER and frame error rate (FER) of the proposed scheme compared to the conventional scrambling scheme.

While the scrambling scheme only has error propagation capability, the proposed FF code, with increased minimum Hamming distance (d _min =2) using redundant bit (tail bit) and coding gain using the BCJR algorithm, has a noticeable performance gain in the high SNR region. In the low SNR region, this code demonstrates a BER of 0.5. Security as defined in this paper is achieved. Moreover, this code has an improved performance of about 0.4 dB compared to the uncoded system at the BER of 10⁻⁷, owing to the BCJR decoding algorithm. Compared with the conventional scrambling scheme, the proposed code has a performance improvement of approximately 1.4 dB at the BER of 10⁻⁷.

If information from other symbols with low reliability is incorrect, errors accumulate for the entire code sequence, which cause error propagation. Unlike channel errors, the error positions after FF decoding (or descrambling) are not exactly i.i.d. Moreover, the operation of the FF code employs the correlation effect between consecutive symbols and each symbol is dependent on other symbols. Therefore, we cannot state that this system has a perfect secrecy even though Eve’s BER is equal to 0.5. This does not ensure the maximum entropy for Eve, since the error positions are not i.i.d.

The security performance using security gap is presented in Fig. 8 and Table 1, where the number of transmitted bits is 480, and Bob’s maximum BER, \(P_{e,max}^{B}\), is 10⁻⁵. From the figure, we can observe that Eve’s BER converges very slowly toward the ideal value of 0.5; hereafter, \(P_{e,min}^{E}\geq 0.4\). Moreover, the security gap performances at \(P_{e,min}^{E}\geq 0.48\) are almost the same. We will refer to “\(P_{e,min}^{E}\geq 0.4\)” as a sufficient amount of physical layer security in this paper, but our schemes still apply to stricter security thresholds (\(P_{e,min}^{E}=0.5\)). Consider that when the Eve’s minimum BER is \(P_{e,min}^{E}=0.4\), the uncoded scheme (only BPSK {+1,−1}) requires a large (>20 dB) security gap to achieve security performance. In the case of the scrambling scheme, to achieve \(P_{e,min}^{E}=0.4\), only a 6.29 dB security gap is required. However, the proposed FF code, unlike in the scrambling scheme, yields a security gap gain of approximately 0.74 dB at \(P_{e,min}^{E}=0.4\) compared to perfect scrambling. A security gap of only a 5.55 dB is required to achieve \(P_{e,min}^{E}=0.4\).

One way to compare the complexity of the perfect scrambling and the pre-code (FF hard and soft decoding) is to compare the type of operations and count the number of times each operation is performed. The BCJR algorithm of the pre-code involves the following operations:

To compute the perfect scrambling scheme (randomly generated), 1×n hard decision vector and n×n descrambling matrix are needed. For the 1st decoded (descrambled) bit, n multiplication operations and n−1 addition operations are needed. In total, n ² multiplication and n(n−1) addition operations are needed to obtain the descrambled message.

The computational complexity could be decreased by using \(G_{FF}^{-1}\) as perfect scrambling matrix (FF hard decoding). In the previous section, we provide that the matrix \(G_{FF}^{-1}\) guarantees the consideration of perfect scrambling. From the Eq. (11), the sequence detection can be used. Then, in total, only n−1 addition operations are needed to compute the descrambled message. The type of operations required by these algorithms (randomly generated perfect scrambling, FF hard, soft decoding) and the number of times each operation is executed are summarized in the Table 2.

From Table 2, it is possible to incorrectly evaluate that the perfect scrambling scheme (random matrix) has more complexity than the FF soft decoding, since it only provides the types and numbers of operations for real value computation. In terms of the hardware implementation, the perfect scrambling only uses binary operations (modulo-2 operations); however, BCJR algorithm of FF soft decoding requires the operations of the real values and it needs more cost per one operation than the perfect scrambling. For those reasons, it is difficult to precisely compare the algorithms with the data in Table 2. Therefore, the matrix \(G_{FF}^{-1}\) is used as perfect scrambling for a fair comparison in this paper.

Both the α and β values are adopted to control the effect of the extrinsic messages, E ₁ and E ₂. As mentioned above, E ₂ has an error propagation property and causes performance loss when it is used as a priori knowledge without any corrections of LDPC code. The extrinsic output E ₁ used for correction of E ₂ can also cause performance loss when LDPC output messages are taken as input messages because this would then oppose the general iterative decoding rule. Thus, the correction factor α must be less than one, 0≤α<1. Since LDPC code as FEC used in this paper is linear, we can assume without loss of generality that the all-zero codeword is transmitted for a simple analysis. For the FF decoder, channel error (L(y _{c h,i} )<0) or LDPC decoding failure (L(y _{c h,i} )+L(E ₁)<0) can cause error propagation. To reduce the loss by these impacts, the correction factor α should be taken as

For joint iterative decoding, we assume 10 inner iterations (LDPC itr =l _i =10) and the extrinsic message E ₁ is the value after the inner iterations. To reduce the channel error and decoding failure after the inner iterations, the corrections factor α is chosen as

The value of the scaling factor β is derived based on α. Both α and β must be larger than zero and can take the maximum value of one. The channel error or decoding failure should be minimized by using the correction and scaling factors with extrinsic messages E ₁ and E ₂, respectively, so we have

Since we assume that all-zero codeword modulated into x=+1=[+1,+1,⋯,+1] by BPSK {+1,−1} is transmitted, the left-side of (17) must be larger than zero for the next iteration without errors.

Based on Eqs. (16) and (17), the scaling factor β is computed as

To achieve the suitable values of α and β for real LLR values, we use Monte Carlo simulation for simplicity. We use Monte Carlo simulation to achieve the correction and scaling factors because error propagation property of FF code depends on error positions and the estimation of the error position is a difficult task. The inner and outer iterations, l _i and l _o are 10 and 1, respectively, and the number of transmitted frames (trials) is 10⁷. Figure 10 shows the obtained correction and scaling sequences via Eqs. (16) and (18) at each SNR when l _i =10 and l _o =1. The figure shows how the correction and scaling factors differ and how they change for different SNR values. By observing the correction factor α and the scaling factor β of the proposed JID scheme from Fig. 10, we can conclude that: (1) the correction factor α is generally smaller than the scaling factor β for every SNR region, which reflects the general iterative decoding rule; (2) the correction and scaling factor values reduce by increasing SNR because error propagation effect should be reduced; (3) as the value of SNR increases, the correction and scaling factors will become smaller and finally converge to minimum values (α→0.06, β→0.08), which infers that LDPC (FEC) decoding is becoming more reliable with the increase of SNR value.

The EXIT chart [20‐22] is a useful analysis tool of the iterative decoding system. EXIT charts indicate mutual information exchange between the extrinsic information of two constituent codes. In most cases, the output LLR messages of these codes can be assumed to follow the Gaussian distribution. The extrinsic information between the constituent codes can then be sequentially used to process the computation. In this paper, the information from the channel (intrinsic information) and the output knowledge from the previous iteration (extrinsic information) can be used as the input of the current iteration, and the output of the current iteration can be used as the input of the next iteration. We use LDPC code and FF code as two constituent codes and assume that their input and output LLR are approximated by the Gaussian distribution.

Now suppose that I _A is the average mutual information between the coded bits and the a priori information, and I _E is the average mutual information between the coded bits and the extrinsic output. Function T(I _A ,E _b /N ₀)=I _E is the EXIT chart function of the decoder and T(·) characterizes the information transfer in the decoder. Denoting the mutual information of the extrinsic information at the output of LDPC and the FF code by \(I_{E_{1}}\) and \(I_{E_{2}}\), and the mutual information of the a priori information at the input of LDPC and the FF code by \(I_{A_{1}}\) and \(I_{A_{2}}\), respectively, we have \(I_{E_{1}}=T(I_{A_{1}},E_{b}/N_{0})\) and \(I_{E_{2}}=T(I_{A_{2}},E_{b}/N_{0})\). To obtain the EXIT curve, we assume that the input LLR values, L(A ₁) and L(A ₂) are both symmetric. The symmetric conditions of LLR values are modeled as \(L(A_{1})\sim \mathcal {N}(m_{1},2m_{1})\) and \(L(A_{2})\sim \mathcal {N}(m_{2},2m_{2})\) such that m ₁ and m ₂ are the mean of the L(A ₁) and L(A ₂) messages, respectively. Therefore, the mutual information I _A between X and A can be written as \(I_{A}=I(X;A)\doteq J(\sigma _{A})\), as defined in equation (12) in [28]. Similarly, the mutual information I _E =I(X;E) is defined as

In general, an analytical evaluation of the mutual information I _E in Eq. (19) is a difficult task. For simplicity, we use an approximated equation of the mutual information. Following [28], Eq. (19) can be arbitrarily closely approximated as

where N is the number of samples, c _n is the n-th codeword, and L(c _n ) is the LLR value of the n-th codeword such that c _n ∈{+1,−1}. Figures 11 and 12 show the EXIT chart curve of the proposed system. In Fig. 11, the EXIT curves between LDPC and FF codes without α and β (α=0, β=0) are plotted. In this case, a pinch-off limit ¹ is finally at E _b /N ₀=2.62 dB. In Fig. 12, the EXIT curves between LDPC and FF codes are plotted with the obtained α and β in section IV-A. The pinch-off limit is then at E _b /N ₀=2.26 dB. As mentioned above, the FF code causes the error propagation. Without the input sequence of high reliability to the FF code, the error correction via the joint iterative decoding cannot be expected. For its error correction capability, we need the suitable correction and scaling factors.

In the previous subsections, it is suggested that the proposed scheme needs the correction and scaling factors in MTN for joint iterative decoding, and the joint iterative decoding of the proposed system is evaluated through EXIT chart curves. In this subsection, we evaluate the proposed system through BER and security gap performance.

As noted in Fig. 10, the values of α and β are sensitive functions of the signal-to-noise ratio. It may cause the entire system to become very complex and lead to performance loss when both values are wrongly evaluated. Therefore, the simulation results for the fixed values are also presented to avoid the impact of wrong evaluation. The fixed values are selected in the SNR region having the gain of the joint iterative decoding compared to the perfect scrambling. The fixed values selected at low SNR region (≤1.5 dB) may cause critical error propagation at high SNR. In addition, the fixed values selected at high SNR region (≥2.8 dB) render it difficult to achieve the joint iterative decoding gain since the values are too small. Based on these rules, the values are selected as α=0.07 and β=0.18, which are optimized at 2.4 dB. The reasons for these values are as follows: (i) the JID at high SNR region has some of iterative decoding gain compared to the perfect scrambled LDPC code. For use of the fixed values, S N R _{B,m i n} should possibly be kept as small as S N R _{B,m i n} for use of the optimized values. That is, despite the use of the fixed values, outstanding reliability performance should be achieved at high SNR region; ii) error propagation effect is properly maintained at low SNR region by using these values. That is, the S N R _{E,m a x} for use of the fixed values should be kept as close to the S N R _{E,m a x} as possible for use of the optimized values. These optimized values shown in Fig. 12 are evaluated for the best security performance at each SNR. Although the fixed values (α=0.07, β=0.18) are experimentally selected to show the prevention of the wrong evaluation impact as an example, the security performance will differ following the values that are selected. In summary, these values (α=0.07, β=0.18) are relevantly selected by considering error propagation at low SNR and error correction at high SNR.

For comparison purposes, LDPC codes are considered to have the same parameters as those mentioned in Section 3, k=480 and n=960. The secrecy rate is R _s ≈R _d =R _c =0.5 and the BPSK modulation {+1,−1} is used in our simulations. The maximum LDPC iteration is 100. For the joint iterative decoding, the number of inner and outer iterations, l _i and l _o are 10 and 10, respectively. Figure 13 and Table 3 show the BER performances of the systematic, perfect scrambled, serially concatenated JID scheme through MTN with optimized α and β, and the JID scheme with fixed α and β values. From Fig. 13 and Table 3, it is observed that the proposed concatenated and JID systems have performance improvements of about 0.205 and 0.51 dB over the perfect scrambling scheme in [16, 17] at a BER of 10⁻⁶. We can observe that the joint iterative effect of the proposed JID scheme eventually increases SNR, which is in good agreement with the respective EXIT curve (pinch-off limit) of Fig. 12. A performance improvement at high SNR means that it can achieve a steep BER curve and a reduced security gap.

The security gap performances for the various systems are plotted in Fig. 14, while Table 3 shows the security gap performances. Due to error floor phenomenon of LDPC code, Bob’s maximum bit error probability \(P_{e,max}^{B}\) is set to 10⁻⁶, and the improved security of the proposed system is thus more tangible. From Fig. 14 and Table 3, the security gap performances of the JID system using MTN (with optimized/fixed α and β) at \(P_{e,min}^{E}=0.4\) are about 2.26 and 2.37 dB. The security gap performance of the LDPC and FF concatenation at \(P_{e,min}^{E}=0.4\) is about 2.615 dB. It is observed that the proposed systems of serial concatenation and JID using optimized α and β have performance improvements of about 0.19 dB and 0.545 dB over the perfect scrambling scheme, respectively. In the case of the JID scheme using MTN with the fixed α and β, the performance improvement for the security gap is about 0.435 dB over the perfect scrambling scheme.

In conclusion, the SISO decoder of the FF code provides a performance improvement over the scrambled scheme and we can achieve a better performance improvement using the proposed JID scheme. Furthermore, the proposed system using the fixed factors has similar security/reliability performances to that using the optimized factors and can still achieve the performance improvement over the scrambled scheme. From the figure, we can also observe that the security gap advantage vanishes as Eve’s BER tends toward the ideal value of 0.5, hereafter \(P_{e,min}^{E}\geq 0.45\). However, since \(P_{e,min}^{E}\geq 0.4\) is sufficiently significant for a practical system, physical layer security as defined in this paper can be achieved.

Although the proposed JID scheme has the advantage of enhanced reliability/security performances, this is achieved from an extra complexity/decoding delay. Basically, extra decoding complexity is needed since the FF decoding procedure is performed l _o times for JID. If more JID is demanded, the extra complexity will be increased.

In [17], Baldi et al. demonstrated that physical layer security can be achieved by using a very simple feed-back mechanism based on Hybrid Automatic Repeat reQuest (Hybrid ARQ or HARQ) when Bob’s channel is not “less noisy" than Eve’s channel. They used the soft-combining scheme of HARQ so that Bob can exploit a number of transmissions Q<Q _max for decoding each frame and Eve receives all retransmissions requested by Bob. Similarly, we provide a simulation result on the use of the HARQ scheme with the perfect scrambled LDPC and the proposed FF-LDPC JID scheme using fixed factors. The maximum number of transmissions is Q _max =3. The numerical results similar to that provided in [17] are observed for HARQ with the proposed scheme. The FER performances with HARQ (soft-combining) for the perfect scrambled LDPC and the proposed JID scheme are plotted in Fig. 15. From the figure, the FER performances of the perfect scrambled LDPC and the proposed JID scheme are the dotted and solid lines, respectively. The fluctuations are observed in the figure because an average number of transmissions is a decreasing function for Bob’s received SNR. Also, in this case, we could observe the improved reliability of the proposed JID scheme for each result. The error correction capability of the proposed scheme could be improved, while the correction capability of the scrambled scheme depends only on LDPC code. Hence, the proposed JID scheme allows us to achieve the desired level of physical layer security.

The proposed precode includes operations between consecutive symbols. From these operations, the proposed precode has a correlation effect and is able to employ soft decision decoding. Due to the correlation effect and soft decision decoding, Eve’s decoding performance is better than that of the perfect scrambling scheme. However, the security gap between Bob and Eve is maintained since both performances are equally enhanced. The proposed scheme may have a negative impact on the randomness of the produced sequence since the FF code is highly structured. For this reason, the entire distribution of errors should be analyzed since Eve’s average error rate does not guarantee the randomness of the decoded sequence.

From Fig. 3, Eve’s received Z decodes LDPC decoded message \(\hat {M}_{E}=M+\mathbf {E}\) by using the BP decoder, where M and E are LDPC codeword and the error vector after LDPC decoding, respectively. In addition, through the FF decoder, Eve’s FF decoder outputs the FF decoded message \(\hat {U}_{E}=U+\mathbf {e}\), where U and e are the information message and error vector after FF decoding, respectively. For the erroneous frame, let \({e_{i}^{l}}\) be the number of errors for the ith position in the l-th erroneous frame, l _max be the total number of erroneous frames, t _i be the total number of errors at the ith position, \(t_{i}=\sum _{l=1}^{l_{max}}{e_{i}^{l}}\), and T be the total number of errors, \(T=\sum _{i=1}^{n}t_{i}\), where n is the length of the information bits. Therefore, the error expectation value (or bit error probability) at the i-th position for an erroneous frame is \({P_{m}^{i}}=t_{i}/l_{max}\). Therefore, \({P_{m}^{i}}\) is the bit error probability for each position when e≠0.

Figure 16 shows the results of randomness measurement (the entire distribution of errors) of the final decoded message \(\hat {U}_{E}\) with errors for the perfectly scrambled LDPC and the proposed JID scheme. In the case of the perfectly scrambled LDPC, error positions after descrambling are randomly distributed since the descrambling matrix is randomly generated with the density of 0.5. Uniform error distribution is observed for every position, even though error positions are not i.i.d. In the case of the LDPC-FF JID, \({P_{m}^{i}}\) at the front and tail parts has relatively low values since the FF decoder employs BCJR algorithm which is set up with a high probability for the zero state at the first and last step. However, even in the high SNR region, the randomness is kept to \({P_{m}^{i}}\approx 0.5\) for the positions of most of the parts, except a few of the front and last positions. In other words, when Eve uses the same decoder as that used by Bob, she cannot extract any useful information since error positions of the proposed scheme are as randomly distributed as the perfectly scrambled scheme for most of the parts. Because \({P_{m}^{i}}\geq 0.4\) means that the error probability over 0.4 has fairly high uncertainty at the ith position (we cannot state about entropy since error positions are not independent).