# Difference between revisions of "Patwari"

Patwari et al. presents a framework, called high rate uncorrelated bit extraction (HRUBE), which interpolates the signal first. After that it is decorrelated by transformation. In the last step a multi-bit quantization is used, where several Bits are quanitzed at once. This can reach 22 Bits/s with a inconsistency of 2.2%.

## Introduction

Secret key can be calculated by two parties via Radio-Channel. With the raising entropy in calculations (caused by external influences like the texture of the room, noise), the solution of the calculations get better. E.g. reflections have a big influence on a good result. In addition to that the reciprocity of the channel, the fact, that both parties can notice the identical parameters at the same time in the channel, lead to better results. The fact, that the signal is different in every location, helps to exchange a secret. The problem is, that the channel offers reciprocity, but the measurement does not. In this case both parties get different results. This is caused by bigger noise on the channel, or by different hardware, which is used by the communicating partners. The secret (in Bits) has to be calculated out of the received signals. This is done with a quantizer. In this page we will describe the quantizer by Patwari et al.

For the presented modell of Patwari et al. it is assumed, that there is a passive attacker, that only listens and calculates. The attacker is not able to attack one party directly. The attacker is allowed zu listen to each communication between parties Aand B. Furthermore the attacker is allowed to make measurements of the channel from himself to A and to B, while A and B do Measurements of channels A to B or B to A. The attacker knows the algorithm to extract the keys including their parameters. It is assumed, that the attacker is not in close proximity, while A and B are calculating the key. This ensures, that the attacker measures an uncorrelated channel. Another assumption is, that the attacker is not able to jam the communicationchannel between A and B. Furthermore the attacker cannot do a MITM Attack against A or B.

## Description

The measured signal is transferred with three methods to the resulting Bitstring (shared secret). In the beginning the signle signals are interpolated (see following paragraph). In detail: After receiving of signals there is a delay, which offers the opportunity, that measurments of party A and B, which are not done simultaneously, are now simultaneously again. After that the result of the interpolation is decorrelated with the de-correlation transformation. The result is a vecotr with uncorrelated components, which is caluculated through the Karhunen-Loeve Transformation over the previous measurements. In the third and final step the values of the vector are converted to Bits with a quantization (multi-bit adaptive quantization (MAQ), which is equals the final result. This uses communication between A and B again, so that these get the same results.

## Fractional Interpolation Filtering

Since the sending of signals from A to B and from B to A cannot be parallel(due to the omnipresent minimal time variance, because most transceivers cannot parallel send and receive), it is attempted, with the help of the fractional interpolation (the interpolation in parts), to simulate, that signals are parallel sent or parallel measured. Patwari et al. wanted to reach a constant sending rate, so the set $\displaystyle T_{R,x} = T_{R,y} = T_R$ . With the usage of a farrow filter [1], delays can be built in. As parameter the filter takes the value of the delay for the certain patry, as well as the measurements of the party. The delay of party A equals the formula $\displaystyle \mu_a = 1/2 * (((t_b(i) - t_a(i)) / T_R);$ for party B $\displaystyle \mu_b = 1-\mu_a$ . The filter leads to:

$\displaystyle h_c = [\frac{\mu_c^3}6-\frac{\mu_c}6,-\frac{\mu_c^3}2+\frac{\mu_c^3}2+\mu_c,\frac{\mu_c^3}2-\mu_c^2-\frac{\mu_c}2,-\frac{\mu_c^3}6+\frac{\mu_c^2}2-\frac{\mu_c}3]^T$

c is here a placeholder for party A or B. Outputvectors are $\displaystyle x_a(i)$ and $\displaystyle x_b(i)$ .

## De-Correlation Transformation

With the Karhunen-Loeve Transformation (KLT[2] the vecotrs $\displaystyle x_a and x_b$ are converted in uncorrelated components by linear transformation. This leads to a bigger toughness against attacks. The average $\displaystyle m_c$ and the covariance Matrix $\displaystyle R_x of x_c$ are required. The average can be different in every point. This is caused by the variating power which is used for the sending of signals. In contrast to that the covariance matrix is always identical. The solution of KLT is calculated as $\displaystyle y_c =U^T(x_c-\mu_c). The matrix U consist of the eigenvectors of [itex]R_x$ .

The elements of $\displaystyle y_a or y_b$ are uncorrelated, but there is a covariance between $\displaystyle y_a$ and $\displaystyle y_b$ . There is a relation between those parameters. In fact a high positive correlation is important to exchange the secret between both parties. The correlationvalue r can be calculated with the covariance matrix of $\displaystyle y_c$ after the execution of KLT. A low noise ratio leads to a maximal value (positive) and the solution of the secret is good.

After the calculation of $\displaystyle y_c[itex] in the previous step, the secret can be derived. This appropriates the quantizers. It is the aim to get a preferably long (referring to the bits) secret and to keep the possibility of getting different secrets for A and B as small as possible. Patwari et al presents a MAQ algorithm, which quantizes adaptively every measurement, which means he transfers it to a sequence of bits. This algorithm changes its quantizing-strategy based on the certain measurement of the parties A and B. This avoids, that a measurement in the border area gets negative for one party and positive for the other. For this algorithm he calls party A as "leader" and party B as "follower". The MAQ algorithm calculates several [itex] K = 4*2^{m_i}$ equal distributed quantizing - container based on $\displaystyle y_a(i)$ (the solution of the decorrelation transformation of party A. The container can be calculated with the distribution function (CDF, known from stochastics) or the invers CDF of $\displaystyle y_a(i)$ . The thresholds are:
$\displaystyle n_k=F_i^{-1}(\frac{k}{4 x 2^{m_i}}), for k=1, ..., K-1$