Difference between revisions of "Patwari"
| Line 28: | Line 28: | ||
The elements of <math>y_a or y_b</math> are uncorrelated, but there is a covariance between <math>y_a</math> and <math>y_b</math>. There is a relation between those parameters. In fact a high positive correlation is important to exchange the secret between both parties. The correlationvalue r can be calculated with the covariance matrix of <math>y_c</math> after the execution of KLT. A low noise ratio leads to a maximal value (positive) and the solution of the secret is good. | The elements of <math>y_a or y_b</math> are uncorrelated, but there is a covariance between <math>y_a</math> and <math>y_b</math>. There is a relation between those parameters. In fact a high positive correlation is important to exchange the secret between both parties. The correlationvalue r can be calculated with the covariance matrix of <math>y_c</math> after the execution of KLT. A low noise ratio leads to a maximal value (positive) and the solution of the secret is good. | ||
| + | |||
| + | ==Multi-Bit Adaptive Quantization== | ||
| + | After the calculation of <math>y_c<math> in the previous step, the secret can be derived. This appropriates the quantizers. It is the aim to get a preferably long (referring to the bits) secret and to keep the possibility of getting different secrets for A and B as small as possible. | ||
| + | |||
| + | Patwari et al presents a MAQ algorithm, which quantizes adaptively every measurement, which means he transfers it to a sequence of bits. This algorithm changes its quantizing-strategy based on the certain measurement of the parties A and B. This avoids, that a measurement in the border area gets negative for one party and positive for the other. For this algorithm he calls party A as "leader" and party B as "follower". | ||
| + | The MAQ algorithm calculates several <math> K = 4*2^{m_i}</math> equal distributed quantizing - container based on <math>y_a(i)</math> (the solution of the decorrelation transformation of party A. The container can be calculated with the distribution function (CDF, known from stochastics) or the invers CDF of <math>y_a(i)</math>. The thresholds are: | ||
| + | |||
| + | <math>n_k=F_i^{-1}(\frac{k}{4 x 2^{m_i}}), for k=1, ..., K-1</math> | ||
Revision as of 15:24, 3 November 2017
Patwari et al. presents a framework, called high rate uncorrelated bit extraction (HRUBE), which interpolates the signal first. After that it is decorrelated by transformation. In the last step a multi-bit quantization is used, where several Bits are quanitzed at once. This can reach 22 Bits/s with a inconsistency of 2.2%.
Contents
Introduction
Secret key can be calculated by two parties via Radio-Channel. With the raising entropy in calculations (caused by external influences like the texture of the room, noise), the solution of the calculations get better. E.g. reflections have a big influence on a good result. In addition to that the reciprocity of the channel, the fact, that both parties can notice the identical parameters at the same time in the channel, lead to better results. The fact, that the signal is different in every location, helps to exchange a secret. The problem is, that the channel offers reciprocity, but the measurement does not. In this case both parties get different results. This is caused by bigger noise on the channel, or by different hardware, which is used by the communicating partners. The secret (in Bits) has to be calculated out of the received signals. This is done with a quantizer. In this page we will describe the quantizer by Patwari et al.
Adversary Modell
For the presented modell of Patwari et al. it is assumed, that there is a passive attacker, that only listens and calculates. The attacker is not able to attack one party directly. The attacker is allowed zu listen to each communication between parties Aand B. Furthermore the attacker is allowed to make measurements of the channel from himself to A and to B, while A and B do Measurements of channels A to B or B to A. The attacker knows the algorithm to extract the keys including their parameters. It is assumed, that the attacker is not in close proximity, while A and B are calculating the key. This ensures, that the attacker measures an uncorrelated channel. Another assumption is, that the attacker is not able to jam the communicationchannel between A and B. Furthermore the attacker cannot do a MITM Attack against A or B.
Description
The measured signal is transferred with three methods to the resulting Bitstring (shared secret). In the beginning the signle signals are interpolated (see following paragraph). In detail: After receiving of signals there is a delay, which offers the opportunity, that measurments of party A and B, which are not done simultaneously, are now simultaneously again. After that the result of the interpolation is decorrelated with the de-correlation transformation. The result is a vecotr with uncorrelated components, which is caluculated through the Karhunen-Loeve Transformation over the previous measurements. In the third and final step the values of the vector are converted to Bits with a quantization (multi-bit adaptive quantization (MAQ), which is equals the final result. This uses communication between A and B again, so that these get the same results.
Fractional Interpolation Filtering
Since the sending of signals from A to B and from B to A cannot be parallel(due to the omnipresent minimal time variance, because most transceivers cannot parallel send and receive), it is attempted, with the help of the fractional interpolation (the interpolation in parts), to simulate, that signals are parallel sent or parallel measured. Patwari et al. wanted to reach a constant sending rate, so the set Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle T_{R,x} = T_{R,y} = T_R} . With the usage of a farrow filter [1], delays can be built in. As parameter the filter takes the value of the delay for the certain patry, as well as the measurements of the party. The delay of party A equals the formula Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle \mu_a = 1/2 * (((t_b(i) - t_a(i)) / T_R);} for party B Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle \mu_b = 1-\mu_a} . The filter leads to:
Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle h_c = [\frac{\mu_c^3}6-\frac{\mu_c}6,-\frac{\mu_c^3}2+\frac{\mu_c^3}2+\mu_c,\frac{\mu_c^3}2-\mu_c^2-\frac{\mu_c}2,-\frac{\mu_c^3}6+\frac{\mu_c^2}2-\frac{\mu_c}3]^T}
c is here a placeholder for party A or B. Outputvectors are Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle x_a(i)} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle x_b(i)} .
De-Correlation Transformation
With the Karhunen-Loeve Transformation (KLT[2] the vecotrs Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle x_a and x_b} are converted in uncorrelated components by linear transformation. This leads to a bigger toughness against attacks. The average Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle m_c} and the covariance Matrix Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle R_x of x_c} are required. The average can be different in every point. This is caused by the variating power which is used for the sending of signals. In contrast to that the covariance matrix is always identical. The solution of KLT is calculated as Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_c =U^T(x_c-\mu_c). The matrix U consist of the eigenvectors of <math>R_x} .
The elements of Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_a or y_b} are uncorrelated, but there is a covariance between Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_a} and Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_b} . There is a relation between those parameters. In fact a high positive correlation is important to exchange the secret between both parties. The correlationvalue r can be calculated with the covariance matrix of Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_c} after the execution of KLT. A low noise ratio leads to a maximal value (positive) and the solution of the secret is good.
Multi-Bit Adaptive Quantization
After the calculation of Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_c<math> in the previous step, the secret can be derived. This appropriates the quantizers. It is the aim to get a preferably long (referring to the bits) secret and to keep the possibility of getting different secrets for A and B as small as possible. Patwari et al presents a MAQ algorithm, which quantizes adaptively every measurement, which means he transfers it to a sequence of bits. This algorithm changes its quantizing-strategy based on the certain measurement of the parties A and B. This avoids, that a measurement in the border area gets negative for one party and positive for the other. For this algorithm he calls party A as "leader" and party B as "follower". The MAQ algorithm calculates several <math> K = 4*2^{m_i}} equal distributed quantizing - container based on Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_a(i)} (the solution of the decorrelation transformation of party A. The container can be calculated with the distribution function (CDF, known from stochastics) or the invers CDF of Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle y_a(i)} . The thresholds are:
Failed to parse (MathML with SVG or PNG fallback (recommended for modern browsers and accessibility tools): Invalid response ("Math extension cannot connect to Restbase.") from server "https://api.formulasearchengine.com/wikimedia.org/v1/":): {\displaystyle n_k=F_i^{-1}(\frac{k}{4 x 2^{m_i}}), for k=1, ..., K-1}- ↑ C.Farrow "A continuously variable digital delay element"
- ↑ Karhunen-Loeve Transformation
