Code-Hopping Based Transmission Scheme for Wireless Physical-Layer Security

Due to the broadcast and time-varying natures of wireless channels, traditional communication systems that provide data encryption at the application layer suffer many challenges such as error diffusion. In this paper, we propose a code-hopping based secrecy transmission scheme that uses dynamic nonsystematic low-density parity-check (LDPC) codes and automatic repeatrequest (ARQ) mechanism to jointly encode and encrypt source messages at the physical layer. In this scheme, secret keys at the transmitter and the legitimate receiver are generated dynamically upon the sourcemessages that have been transmitted successfully. During the transmission, each source message is jointly encoded and encrypted by a parity-check matrix, which is dynamically selected from a set of LDPC matrices based on the shared dynamic secret key. As for the eavesdropper (Eve), the uncorrectable decoding errors prevent her from generating the same secret key as the legitimate parties. Thus she cannot select the correct LDPC matrix to recover the source message. We demonstrate that our scheme can be compatible with traditional cryptosystems and enhance the security without sacrificing the error-correction performance. Numerical results show that the bit error rate (BER) of Eve approaches 0.5 as the number of transmitted source messages increases and the security gap of the system is small.


Introduction
Information security and reliability are two crucial issues in wireless communications.Traditionally, communication systems correct transmission errors at the physical layer based on channel codes and cope with eavesdropping at the application layer based on cryptographic algorithms.In practical scenarios, there will be residual errors in the decoded messages due to the time-varying nature of wireless channels, which may cause severe error diffusion in the decryption.In addition, with the rapid increase of the eavesdropper's computing power, these computational-complexity based encryption algorithms will be easier to break, such as A5/1 in the GSM.
Alternatively, the schemes based on physical-layer security aim to tackle these two crucial issues at the physical layer.Shannon [1] first studied secure communication from an information theoretic perspective in which a preshared secret key between the legitimate parties is used to encrypt the source message.To avoid the key agreement and exploit the inherent randomness of wireless channels, Wyner [2] presented the degraded wiretap channel model in which a transmitter wants to send a secret message to a legitimate receiver through the main channel.This message is also perceived by an eavesdropper through the degraded wiretap channel.The secrecy capacity is defined as the supremum of all the achievable secure and reliable transmission rates.Then, Wyner's original work was generalized to broadcast channels [3] and Gaussian channels [4].Moreover, the secrecy capacity of fading wiretap channels [5], MIMO wiretap channels [6], and multiuser wiretap channels [7,8] has been derived in the literature.In these works, the equivocation of Eve is a widely accepted metric for security, which is defined as the conditional entropy of the source message given her noisy observation [9].
Many coding techniques are applied to wiretap channels to make the secrecy transmission rate approach the secrecy capacity, in other words, for the equivocation of Eve to approximate the entropy of the source message.For binary erasure wiretap channels, Thangaraj et al. [10] proposed a coding technique based on the dual of LDPC codes and showed that the secrecy capacity can be achieved by this technique.For symmetric discrete memoryless wiretap channels, Andersson et al. [11] proved that nested polar codes can achieve the whole rate-equivocation region.In addition, this coding technique is further applied to relayeavesdropper channels [12], block fading channels [13], and multiuser channels [14].These schemes are really effective when the code length is sufficient, but may be difficult to implement in practical systems.
When we consider the design of practical coding schemes, another valuable metric is the BER [15,16].In fact, it is difficult for the eavesdropper to recover any information from the decoded message when she experiences a BER of about 0.5 and the errors are randomly distributed.Security gap is defined as the quantity difference between Bob's and Eve's channels required to achieve a sufficient level of physical-layer security, while ensuring that Bob reliably receives the information [17].In [17], punctured systematic LDPC codes were exploited to obtain a small security gap.Furthermore, a nonsystematic solution based on scrambled systematic LDPC codes was proposed in [18].It was proved that the achievable security gap of the scrambled scheme is smaller than that of the punctured method.In [19], scrambling, concatenation, and hybrid automatic repeatrequest (HARQ) were combined to reduce the security gap even further.In addition, dynamic LDPC codes are used to enhance the security of the communication system [20].And protograph LDPC codes [21,22] can also be used to guarantee the security of the transmission.
In this paper, we propose a scheme based on codehopping for secrecy transmission over wireless wiretap channels.In the proposed scheme, with ARQ mechanism, the transmitter and the legitimate receiver can select the source messages in real time to distill the secret key.This secret key is then mapped into the parity-check matrix of LDPC codes, which is used to encode the source message.As for the eavesdropper, the uncorrectable decoding errors prevent her from generating the same secret key as the transmitter and the legitimate receiver.Therefore, she cannot obtain the correct parity-check matrix to recover the source message.Theoretical analysis demonstrates that it is difficult for the eavesdropper to generate the same secret key as legitimate parties.Simulation results show that the BER of Eve approaches 0.5 as the number of transmissions increases and the security gap of the system is small.
The remainder of the paper is organized as follows.We introduce our system model and the design of the encoder and decoder in Section 2. In Section 3, the dynamic secret key generation algorithm is proposed and the security of the secret key is well examined.In Section 4, we construct a large number of parity-check matrices of LDPC codes based on the technique we called structured-random protograph expanding.Encoder and Decoder implementation of structuredrandom LDPC codes are discussed in Section 5.In Section 6, we analyze the reliability and the security performance of our scheme.And some numerical results are given in Section 7. Finally, concluding remarks are provided in Section 8.

The Proposed Secrecy Transmission Scheme
In this section, we will first introduce the wiretap channel model with public feedback and the concept of security gap.Then, we will propose our secrecy transmission scheme along with the design of encoder and decoder.

System Model.
As shown in Figure 1, for  = 1, 2, . .., message   is a sequence of uncoded bits and the length of   is .A transmitter named Alice wants to send   to a legitimate receiver named Bob through the main channel, but her transmission is also perceived by an eavesdropper named Eve through the wiretap channel.To keep   as secret as possible, Alice encodes each length- message   to a length- codeword   by her encoder.The corresponding received codewords by Bob and Eve are denoted by   and   , which are recovered by the decoder as m and   , respectively.Additionally, in our model, Bob can use a public feedback channel to inform Alice whether the current codeword is decoded successfully with a feedback signal   .If there occurs a decoding error at Bob, Alice will retransmit the source message until Bob successfully recovers it or the number of retransmissions reaches the maximum.Taking into account the application in practical scenarios, both channels are assumed to be Gaussian or fading channels:  2, to guarantee the reliability,    should be lower than a given threshold   err,max (≈0).And to achieve the confidentiality,    should be larger than a given threshold   err,min (≈0.5).Particularly, if    is close to 0.5 and the errors are randomly distributed, Eve cannot extract any information from the decoded messages.Based on this observation, the reliability and security of the transmission are guaranteed if conditions (2) and (3) can be satisfied [17], respectively: where SNR  min is the lowest signal-to-noise ratio at Bob to guarantee reliability, SNR  max is the highest signal-to-noise ratio at Eve to guarantee security, and   (⋅) denotes the BER as the function of SNR.Then, the security gap is defined as follows [17]: where the SNRs are expressed in decibels (dB).Without sacrificing the error-correcting performance of the transmission system, our design targets are making the BER of Eve approach 0.5 and reducing the security gap as much as possible.

Design of the Coding Scheme.
To exploit the inherent randomness of wireless channels and the uncorrectable decoding errors of Eve, our scheme is implemented such that the secret keys are distilled from the un-retransmitted source messages, which are then used to generate the parity-check matrices of LDPC codes.During the transmission, the source messages are encoded and decoded by these dynamic parity-check matrices.The block diagrams of the encoder and the decoder are illustrated in Figures 3 and 4, respectively.

Secret key generator
In the encoder of Alice, the secret key   is updated dynamically according to the received feedback signal  −1 and the source message  −1 .If  −1 = ACK, then   will be updated according to  −1 .If  −1 = NACK,   will remain unchanged.The detailed procedure of key update will be discussed in Section 3.Then, the secret key   will be used to generate the parity-check matrix of LDPC codes as follows: where   (⋅) is the mapping from the secret key to the paritycheck matrix.For each source message   , it will be encoded by the corresponding H  .
In the decoder of Bob, the integrity of the decoded source message m will be checked.If m is recovered without errors, the public feedback signal   = ACK; otherwise,   = NACK.Instead of using the syndrome of the decoded codeword to determine the correctness of m , we use the cyclic redundancy check (CRC) algorithm to perform integrity check.This is because when the decoded codeword converges to another valid codeword of H  , the method based on the syndrome cannot detect errors.As for the symmetric key   and the

K i
Parity-check matrix generator  parity-check matrix H  , they will be generated as in Alice's encoder.

Dynamic Secret Key Generation Scheme
In this section, we will introduce the dynamic secret key generation algorithm and the mathematical rationales behind it.With this algorithm, Alice and Bob can select the appropriate source messages during the transmission and then distill the secret key based on the universal hashing family.

Automatic Source Message Selection.
In this subsection, we will show how Alice and Bob select appropriate source messages in real time during the transmission, which is then hashed into the dynamic secret key.We define    and    as the source message set that is used to generate the secret key   at Alice and Bob, respectively.To give Alice and Bob an advantage over Eve, only un-retransmitted source messages will be included in    and    .Before the communication begins,   0 =   0 = ( 0,0 ,  0,1 , . . .,  0,−1 ), where  is the number of source messages in the set and  0, is the public agreed initialized binary vector of length-,  = 0, 1, . . ., −1.
As illustrated in Figure 5, during the transmission, Alice transmits a source message   and waits for the corresponding feedback signal   before transmitting any new source message.If the received feedback signal   = NACK,   +1 will remain unchanged compared to    : If the received feedback signal   = ACK,   +1 will be updated as follows: As for Bob, if he recovers the source message successfully, he will also update the set   +1 in the same way and send a feedback signal   = ACK.If he fails, he will keep   +1 =    and send a feedback signal   = NACK.This strategy guarantees that    =    =   .Because there are totally  elements in   and the length of each element is  bits, the space complexity of storing   is ().The update of   is similar to that of a queue.In the update process, the first element in   will be removed and discarded.The second element in   will be moved to the first location and so on.As for the new element, that is, the source message that has been successfully transmitted, it will be moved to the last location.Considering that the length of each element is  bits, only additional  bits of space are needed to store the element that is being moved.Therefore, the space complexity of updating   is ().
It is very difficult for Eve to reproduce   .She must eavesdrop on not only every source message, but also all of the feedback signals.Whenever the eavesdropper has uncertainty about   , the uncertainty is reflected in the corresponding secret key.

Secret Key Distillation.
In this subsection, we will introduce how to distill a secret key from the source message set   .Our target is retaining as much of the eavesdropper's information loss as possible in the secret key.The theory of universal hash family (UHF) provides a powerful solution for us.A UHF is a family of functions such that the random mapping obtained by uniformly choosing a function from this family is almost invertible [23].In other words, regardless of the actual input distribution, by uniformrandomly choosing a function from a universal hash family, the expected hash output distribution will be close to the uniform.In our considered scenario,   is hashed into a secret key   by using a function  key that is selected from the universal hash function families .And the conditional distribution of   given the eavesdropper's knowledge about   can be close to the uniform distribution.Because a nearly uniform distribution means nearly maximum entropy, the eavesdropper knows almost nothing about   .Based on the generalized result from [24], the security of   can be evaluated by where   =   is the eavesdropper's knowledge about   ,  is the length of   in bits, and  2 (⋅) is the Renyi entropy of order 2 [24].When the probability that   =   is at least (1 − ), formula (9) can be generalized as Formulas ( 9) and (11) show that if the length of the secret key does not exceed   ,   is secure because averagely Eve will have less than one-bit information about   .And   can be estimated as follows: It is noteworthy that ( 9) and ( 11) are averaged over all uniformly choices of hash functions.It is possible that, for some specific values of , (  | ,   ) is not negligible when  ≤   .However, it appears with negligible probability [24].Because of the randomness of the wireless channel, it is impossible for Eve to recover each source message in   . 2 (  |   =   ) can be calculated as follows [24]: where  =  is the length of   in bits.Figure 6 illustrates the relationship between Eve's BER and the number of secret key bits we can distill from each source message bit.We can see that, with the increase of Eve's BER, we can distill more secret key bits averagely from each source message bit.It shows that the eavesdropper's information loss is retained in the secret key.
In our considered wiretap channel model, Eve's BER can be calculated by Bob's maximum BER and the security gap: Then, we can calculate   as follows: Considering that  = , according to (16), we can choose the value of  as follows:

Implementation of UHF.
In this subsection, we will show how to implement the universal hash function  key (⋅) in Wireless Communications and Mobile Computing practical scenarios.A Toeplitz matrix is a matrix in which each descending diagonal from left to right is constant and is a kind of UHF that can be implemented with low complexity [25].In our proposed scheme, we try to generate secret key   with length  from the source message set   with length .The corresponding Toeplitz matrix is as follows: where  1 ,  2 , . . .,   , . . .,  +−1 is the randomly generated element over GF (2).The secret key can be generated by multiplying T and : The computational complexity of ( 19) is ( 2 ).To reduce the computational complexity, we can use the improved algorithm based on fast Fourier transformation (FFT) [26].Based on the Toeplitz matrix T, we can obtain a new circular matrix T  as follows: where R 1 , R 2 , and R 3 are the submatrices defined in [26], which make the extended matrix T  a circular matrix.Circu(⋅) denotes the circular matrix, which can be represented by its first row.Then, we generate a new vector ψ = (  , 0) by combining   with a zero vector 0, where the length of ψ equals the columns of T  .The secret key can be generated by multiplying T  and ψ , which can be calculated using the FFT-based method: where F(⋅) is the Fourier transform and F −1 (⋅) is the inverse, T  (1) is the first row of T  , and ∘ denotes the operation that multiplies the corresponding elements in the vector.The computational complexity of ( 21) is ( log ).

Design of Structure-Random LDPC Codes
In this section, we will show how to construct a large number of parity-check matrices of LDPC codes based on the technique we called structured-random protograph expanding.A protograph is a Tanner graph with a relatively small number of nodes [27], which can be used to construct the parity-check matrix of LDPC codes.Because systematic codes directly expose the secret message bits, all of the  information bits will be punctured and the  parity bits will be transmitted.We use the code doping method in [28] to design and optimize our protograph to ensure that the iterative decoding of the designed LDPC codes can be triggered successively.Figure 7 shows our optimized protograph  = (, , ) for a rate-1/2 nonsystematic LDPC code.We denote  as the set of variable nodes {V 1 , V 2 , . . ., V 6 },  as the set of check nodes { 1 ,  2 , . . .,  4 }, and  as the set of edges { 1 ,  2 , . . .,  16 }.In the designed protograph, we will puncture the information nodes denoted by V 1 and V 2 among all the variable nodes to avoid systematic transmission.
To guarantee the convergence of the brief propagation (BP) decoding algorithm, the connection relationship of the check node  4 is specially designed.In our designed protograph, the check node  4 is connected to only one punctured variable node V 2 .Equivalently, we can use a base parity-check matrix H ,0 with size 4 × 6 to represent this protograph.
A "copy-and-permute" operation can be applied to the protograph  to obtain a large derived Tanner graph.We define  as the expanded factor; the "copy-and-permute" operation firstly makes  copies of the protograph  and then permutes the endpoints of each edge among the  variable nodes and  check nodes connected to the set of  edges copied from the same edge from the original protograph .
After this operation, we can obtain a large Tanner graph, where the  copies of the original protograph are connected to each other.Equivalently, we can expand each element of value  in the base matrix H ,0 to a  ×  matrix with  ones in each row or column.As a result, we can obtain a large matrix with size 4 × 6.
Because random permutation is not easy to describe and implement efficiently, in our scheme, we adopt the structured type of permutation, such as cyclic permutation.In other words, we expand each element of value  in the base matrix H ,0 to × circulant permutation matrices I  ().As a result, the expanded parity-check matrix will become a -circulant matrix.
To construct a large number of parity-check matrices of LDPC codes, it is not enough to expand the protograph  with just one single stage.Therefore, we develop a structuredrandom protograph expanding technique.This technique expands the protograph  with  > 1 stages.We denote  1 ,  2 , . . .,   as the expanding factors for stages 1, 2, . . ., , respectively.The total expanding factor  can be calculated as  =  1  2 ⋅ ⋅ ⋅   .Finally, the base matrix H ,0 is expanded to the parity-check matrix H , .
(i) Structured expanding: in the procedure of structured expanding, we expand the protograph  in the first  − 1 stages to avoid parallel edges, short cycles, and low-weight codewords.As a result, all the nonzero elements in H ,−1 will be equal to 1.
(ii) Random expanding: in the procedure of random expanding, we expand H ,−1 in the  stage based on the value of the dynamic secret key   .For each zero element in H ,−1 , we will expand it by a   ×   zero matrix 0   ×  .For each nonzero element, we will expand it by a   ×   circulant permutation matrix I   ().The total number of zero and nonzero elements is  = ||/  .
As for the parameters that are used in the procedure of structured expanding, that is, all the shift values and expanding factors, they are constant and will be shared between Alice and Bob publicly in advance.Now, we rewrite the dynamic secret key   as a binary vector:   = ( ,0 ,  ,1 , . . .,  , , . . .,  ,−1 ) , (23) where each element  , ∈ ⟦0,   − 1⟧ is represented by log 2   bits.Regarding the parameters that are used in the procedure of random expanding, that is, all the random shift values, they are controlled by the dynamic secret key   , whose length is required to be  =  log 2   bits.
After expanding the protograph  with  > 1 stages, the base matrix H ,0 is expanded to an  × ( + ) parity-check matrix H  , where  = 4 and  = 2.As mentioned above, H  is a   -circulant matrix and can be written as The first  = 2 nodes are punctured as information nodes among all the  +  = 6 variable nodes.During the transmission, we randomly select a paritycheck matrix for each source message.The number of iterations is restricted by 63.In Figure 8, we show the average BER of the structured-random nonsystematic (2048, 1024) LDPC codes with different number of retransmissions .

Encoder and Decoder Implementation of
Structured-Random LDPC Codes

Encoder Implementation.
To implement the encoder of structured-random LDPC codes, we need to derive the  ×  nonsystematic generator matrix G  according to the paritycheck matrix H  .According to (24), G  can be derived by where The multiplication between   and G  can be calculated in blocks:

Performance Analysis
In this section, we will analyze the security and reliability performances of our proposed scheme.As shown in the previous section, we can construct a large number of nonsystematic LDPC codes that have good error-correction performance.Therefore, we can guarantee that Bob's BER    will be lower than the given threshold by utilizing these nonsystematic LDPC codes.It guarantees the reliability of the transmission.We will analyze the security of our scheme in two aspects: the complexity when Eve tries to crack the dynamic secret key and Eve's average BER during the whole transmission.
Different from the traditional cryptosystems that have to distribute the secret key before communication begins, our scheme generates the secret key   dynamically from the source message set   .During the transmission, an event which is referred to as synchronization error may happen.That is, there exists an index  TH ∈ N, such that   TH is not correctly decoded by Eve, but   TH is successfully recovered by Bob.At this moment, Eve's source message set  +1 will be different from Alice's and Bob's source message set  +1 .Therefore, Eve cannot generate the same secret key as Alice and Bob.
As analyzed in Section 3, universal hash function makes the conditional distribution of   close to the uniform distribution as follows: From the information theoretic perspective, (27) means that the conditional entropy of   is close to its self-information Therefore, the computational complexity of Eve to crack a dynamic secret key is approximated to 2 |  | = 2  .Even if Eve cracks the secret key by the exhaustive search, the similar synchronization error may happen again and she has to repeat the cracking process.
To evaluate the probability that the synchronization error happens, we denote   (⋅) as the frame error rate (FER) as the function of SNR.Bob's FER and Eve's FER can be expressed as    =   (SNR  ) and    =   (SNR  ), respectively.And  TH is distributed geometrically;  TH ∼ ( 0 ), where  0 = (1 −    )   .Thus, the probability distribution of  TH can be calculated as As analyzed above, it is difficult for Eve to generate the same secret key as Alice and Bob once the synchronization error happens.In other words, Eve cannot generate the correct parity-check matrix to decode   TH .To evaluate Eve's BER during the whole transmission, we can divide the source messages that Eve fails to recover into two categories.The first category contains the source messages that Eve fails to recover before the synchronization error happens.For the messages in the first category, they are recovered by Eve using the correct parity-check matrix.The number of messages in the first category  1 ( TH ) obeys the binomial distribution,  1 ( TH ) ∼ ( TH − 1,  1 ), where  1 =       /(1 − (1 −    )   ).Thus, the average of  1 ( TH ) can be calculated as And the average number of error bits in each error message can be calculated as For the messages in the second category, half of their bits are wrong, because Eve cannot generate the correct paritycheck matrix as Alice and Bob.Finally, Eve's BER can be calculated as Based on (30),    can be further calculated as where  TH is defined as follows: Finally,    can be lower bounded as follows: From the above analysis, we can know that Eve's BER    will approach 0.5 when the number of the transmitted messages goes to infinity.In addition, when the security gap of the system increases, (1 −    ) and    will increase, and thus  0 will increase.Therefore, we can make Eve's BER    approach 0.5 with faster speed by increasing the security gap of the system.

Simulation Results
In this section, we will evaluate the performance of our proposed scheme by Monte-Carlo simulations.
Figure 9 illustrates the number of secret key bits we can distill averagely from each transmitted source message bit.In the region with very low or very high   / 0 , we can see that the number of secret key bits decreases.The reasons are as follows: in the region with very low   / 0 , the retransmission happens frequently and the proportion of un-retransmitted source messages is small; in the region with very high   / 0 , the BER of Eve is very low and therefore the number of secret key bits we can distill averagely from each source message bit is small.In addition, we can see that the more the channel of Eve is degraded compared to that of Bob, the more secret key bits we can distill.In Figure 10, the BER of Eve versus the number of transmitted source messages  for different security gaps   is plotted.We can see from Figure 8 that Bob's BER will be lower than 10 −6 in four conditions:  = 0 and   / 0 = 2.2 dB,  = 1 and   / 0 = 1.7 dB,  = 2 and   / 0 = 1.5 dB, or  = 3 and   / 0 = 1.4 dB.Therefore, to guarantee the reliability of the transmission (  ,max < 10 −6 ), the quality of the main channel can be fixed to   / 0 = 1.7 dB and the maximum transmission number can be fixed to  = 1.For different security gaps, we can see that the BER of Eve will always approach 0.5 as the number of transmitted source messages increases.This is owing to the fact that the secret keys generated by Eve are the same as the keys generated by Alice and Bob before the first synchronization error happens.Therefore, she can recover the corresponding source messages successfully.After the first synchronization error happens, Eve can no longer decode the following source messages anymore, because the uncorrected decoding errors prevent her from generating the correct secret key.Thus, as the number of transmitted source messages increases, Eve's average BER will approach 0.5.

Wireless Communications and Mobile Computing
In Figure 11(a), the BER curves of Bob and Eve are plotted when  = 1000 for different security gaps   .The maximum retransmission number is fixed to  = 3.If Bob's BER threshold is set to   ,max < 10 −6 and Eve's BER threshold is set to   ,min = 0.49, the security gap   = 0 dB can be achieved.In Figure 11(b), the BER curves of Bob and Eve are plotted when  = 10000.We can see that security gap   can be further reduced to lower than 0 dB.It means that security of the source message can be guaranteed even when the wiretap channel is better than the main channel.We can see that the security gap performance of our scheme is really small and can be improved by increasing .

Conclusions
In this paper, we have proposed a secrecy transmission scheme based on code-hopping to encrypt and encode the source messages at the physical layer for wireless communications.First, we present a dynamic secret key generation algorithm based on ARQ mechanism.With this algorithm, Alice and Bob can distill the secret keys from the unretransmitted source messages based on the universal hash families.Second, we present a structured-random LDPC codes design algorithm.Based on this algorithm, we generate a large amount of parity-check matrices of LDPC codes.During the transmission, Alice and Bob dynamically select the parity-check matrices of LDPC codes to encode and recover the source messages based on the dynamic secret keys.Theoretical analysis demonstrates that it is difficult for Eve to generate the same secret key as Alice and Bob.Simulation results show that the BER of Eve will approach 0.5 as the number of transmitted source messages increases and the security gap of our system is small.

Figure 3 :
Figure 3: Block diagram of the encoder.Note that the  −1 block denotes a delay unit.

Figure 4 :
Figure 4: Block diagram of the decoder.Note that the  −1 block denotes a delay unit.

Figure 5 :
Figure 5: The process of automatic source massage selection.

Figure 6 :
Figure 6: The number of secret key bits we can distill from each source message bit versus Eve's BER.

4. 1 .
An Example.In this subsection, we construct a large number of nonsystematic (2048, 1024) LDPC codes via  = 3 stages.The total expanding factor  =  1  2  3 = 4 × 4 × 32 = 512.With the factor  1 = 4, the first stage aims to separate all the parallel edges.With the factor  2 = 4, the second stage aims to avoid the existence of the cycle of girth 4. With the factor  3 = 32, the third stage aims to randomly expand all the ||/ 3 = 256 edges.Finally, we get a set of parity-check matrices H = {H(r) : r ∈ ⟦0, 2 256 − 1⟧}.

Figure 11 :
Figure 11: BER of our framework for Gaussian wiretap channel using (2048, 1024) nonsystematic LDPC codes for different security gaps when  = 1000 and  = 10000 source message are transmitted with maximum retransmission number  = 3.