A Secure Communication Scheme Based on Equivalent Interference Channel Assisted by Physical Layer Secret Keys

Due to the channel estimation error, most of the physical layer secret key generation schemes need information reconciliation to correct error key bits, resulting in reduced efficiency. To solve the problem, this work proposes a novel secure communication scheme based on a equivalent interference channel. Different keys generated from imperfect channel state information are directly applied to signal scrambling and descrambling, which is equivalent to the process of a signal passing through an interference channel. Legitimate communication parties can reduce interference with the help of similar keys and channel coding without sending additional signals, while the eavesdropper channel is deteriorated due to the spatial decorrelation. For this kind of schemes, we first establish a discrete memoryless broadcast channel model to derive the expressions of bit error rate (BER), channel capacity, and security capacity for performance analysis. Simulation results verify the derivations that the proposed scheme achieves secure communication with a correlated eavesdropping channel and has a higher upper bound of transmission rate. Furthermore, we design a new metric to evaluate the efficiency and the result shows that the proposed scheme has superior performance on error reconciliation efficiency, despite its slight increase in BER.


Introduction
With the rapid popularization of the 5th generation wireless systems (5G), the confidentiality of wireless communications is also receiving extensive attention. e mainstream approach to information protection is the modern cryptography based on preagreed key [1]. Most of the cryptographic protocols are implemented in two ways: public-key encryption [2] and symmetric-key encryption (e.g., AES [3]). e theoretical basis of both works on the same implicit assumption that eavesdroppers have insufficient computational capabilities of solving a certain mathematical problem in feasible time. However, quantum computers may break this principle because of their powerful computing capabilities. On the other hand, complex key distribution protocols may be limited by the hardware conditions of the lowpower terminals, such as wireless sensors [4,5]. To address the above challenges, physical layer secure transmission (ST) [6] and physical layer secret key generation (SKG, also called secret key distribution) [7] emerge and have caused a wide concern. Based on information theoretic security, the two methods can ensure unconditional security even if the eavesdropper has unlimited computational power [8]. us, they can be examined as an alternative complement to traditional cryptography for wireless communication security.

Related Works.
e realization of information theoretic security, i.e., one-time-pad encryption, was first proposed by Shannon in [8], which requires that the information rate cannot exceed the secret key rate. On this basis, Wyner proposed a secure transmission approach based on wiretap channel model on the condition that the channel capacity of the legal channel must be larger than that of the eavesdropping channel [9]. After that seminal work, many studies focused on how to create the above-mentioned favourable conditions for achieving information theoretic security. e source model based SKG exploits inherent characteristics of wireless channels (i.e., reciprocity, spatial decorrelation, and temporal variation) to provide security solutions [10]. e statistics of channel state information (CSI), such as Received Signal Strength (RSS) [11], Channel Impulse Response (CIR) [12], and Channel Frequency Response (CFR) [13], can be utilized as common random source to extract secret keys. In those studies, the two legal parties simultaneously measure the same noise channel to obtain highly correlated but not completely consistent CSI samples and then quantize them into secret bits. Due to the asymmetric noise and the evaluated error in half-duplex mode, legal parties have to correct the disagreement bits through the information reconciliation process [14] and then eliminate the influence of key leakage caused by sending reconciliation signals through privacy amplification [15].
Although research on physical layer security has been conducted for several years, there are still few applications because most schemes cannot meet the requirement of lowcost implementation. As proved in [16,17], ST have strict requirements for the number of antennas to inject artificial interference while transmitting confidential information, which inevitably increases energy consumption. As for SKG, interactively sending reconciliation signal is necessary for both legal parties to reduce the negative impact of imperfect CSI and correct error key bits, which also results in large overhead [18]. e authors in [19,20] try to reduce the estimation error of random sources by common signal processing techniques, such as PCA or Kalman filter. But these algorithms have higher requirements on computational ability of the communication devices. e authors in [13,21] improved the quantization algorithm to reduce the key bit mismatch rate (BMR) with lower complexity, but they must send additional signals to transmit the quantization information. Moreover, sending additional reconciliation signals not only consumes resources originally used for normal wireless communication but also may leak some key information.

Motivation and Contributions.
To address this challenge, we focus on developing more efficient physical layer security solutions. Our previous work [22] first proposed the notion of equivalent channel for authentication and key distribution. e equivalent channel is built by asymmetric physical layer secret keys generated from CSI. It is a cascade channel composed of encryption, decryption, and noiseless public channel. e scheme in [22] guarantees a secure and reliable transmission of private information without information or artificial noise, but it still needs to send additional hash signals to verify the message, and the assumption of noiseless channel is too ideal. Recent studies have applied similar ideas to physical layer authentication in [23,24] and to ST in [25,26]. But they still need to send additional signals for secret key quantization or verification, thus increasing overhead. In addition, although research studies such as [10,27] have done a lot of work in key generation and secure channel capacity, the analysis of these new solutions that directly scramble signals by asymmetric secret keys is still rare, which makes it difficult to evaluate or optimize system performance. Furthermore, the impact of correlated eavesdropping channel on the security capacity is not considered.
Based on the previous work, this paper proposes a novel secure communication scheme based on equivalent interference channel (EIC). Specifically, legal parties first generate physical layer secret keys and then scramble encoded signals according to the keys to establish the equivalent scrambling channel. e legal receiver can generate similar keys to reduce the interference due to channel reciprocity. However, because of the spatial decorrelation of the wireless channel, the bit mismatch rate (BMR) of the keys of illegal eavesdropper in different location is much higher than that of the legal parties, so that the interference cannot be eliminated.
e main contributions of this paper are as follows: (i) e physical layer keys in proposed scheme are used to scramble the encoded signal instead of encrypting original confidential information, and the error bits in received signals can be corrected by channel coding. erefore, we save the overhead of sending additional signals for quantization, information reconciliation, or key verification. (ii) We first establish a discrete memoryless broadcast channel (DMBC) model for this kind of schemes to evaluate the performance. e entire process of scrambling, descrambling, and noisy public channel is equivalent to an equivalent interference channel, and the expressions of BER, channel capacity, and security capacity are derived. Based on the deductions, we jointly design the SKG and secure communication method to optimize the channel capacity. e numerical and simulation results verify our theoretical analysis that the proposed scheme has a higher upper bound of transmission rate. (iii) A new metric is proposed for defining and evaluating the efficiency of different schemes. e simulation results show that the efficiency of this scheme is higher than existing SKG and encrypted transmission schemes.

Organization and
Notation. e rest of this paper is organized as follows. Section 2 describes the typical wireless channel model of SKG scheme. Section 3 outlines the existing schemes and the proposed scheme. e detailed description of the program flow is in Section 4. Section 5 presents the performance evaluation and optimization of the scheme. Section 6 presents the numerical and simulation results. e concluding remarks of this paper are given in Section 7. e corresponding proofs are deferred to the Appendix. e notations used in this paper are shown in Table 1. Figure 1 shows the correlated eavesdropping channel model of SKG. e wireless channel between Alice and Bob is assumed to be an insecure Rayleigh fading channel with an eavesdropper denoted by Eve. All of them are equipped with a single antenna and work in time-division duplex (TDD) mode. Channel gains h AB , h BA , and h AE are identically distributed random variables that satisfy h ∼ CN(0, σ 2 h ). We consider two types of eavesdroppers: the uncorrelated eavesdropper is far away from Alice or Bob but can receive signals from them; the correlated eavesdropper not only can receive all signals but also attempts to approach Bob in order to eavesdrop more information. As shown in Figure 1, the channel between Alice and Eve (or Alice-Eve channel for short) is correlated with the Alice-Bob channel, and ρ is the correlation coefficient between the channel gains h AB and h AE . In Rayleigh fading channel, ρ can be calculated in Jakes model as

Wireless Channel Model
where J 0 (·) is a zeroth-order Bessel function of the first kind; d is the distance between Eve and Bob; and λ is the length of waveform. For an uncorrelated eavesdropper, ρ � 0.

Overview of Existing and Proposed Schemes
In the above wireless channel model, the process of existing physical layer secret key generation and encrypted transmission scheme is shown in Figure 2. First, Alice and Bob send pilot signals to estimate CSI to generate secret keys K A and K B , where ψ q (·) denotes the generation algorithm. Due to channel estimation errors, K A and K B are not consistent. erefore, Alice and Bob need information reconciliation to correct wrong bits. Without loss of generality, we consider that Alice calculates the reconciliation signal V A according to the preagreed generation matrix of linear block code and its own key K A , where ϕ(·) is the calculation function of reconciliation information.
en, Alice sends V A to Bob through the public channel. Based on K B and V A , Bob decodes the reconciliation signal to get K A . Finally, Alice and Bob encrypt and decrypt the original confidential information M by a pair of identical keys. For most existing schemes, sending reconciliation information to obtain a consistent key is an essential step. However, this method has the following adverse effects: (i) sending additional quantization and reconciliation signals V A will increase the overhead; (ii) the extra coding and decoding process will also increase the calculation cost; (iii) since coding method is overt, transmitting V A on a public channel may reveal some key information. ese shortcomings motivate us to develop a new secret key generation and application method. e secure communication process of this scheme is shown in Figure 3. e main difference is that we directly use different keys to scramble the encoded signal instead of encrypting M with the same key. We perform channel decoding after descrambling to correct all wrong bits caused by different keys and noise. Instead of sending hash information, we verify the message with CRC check bits. Furthermore, apart from adding the key generation and scrambling module, we do not change the existing communication process. e specific steps of the scheme are detailed in Section 4.

Security and Communication Networks
Based on this scheme, an equivalent interference channel model is established to derive performance evaluation functions. As shown in the black-dashed frame in Figure 3, we refer to the entire process between scrambling and descrambling as an equivalent interference channel, which is a DMBC denoted by (X, p(y, z | x), Y × Z), where p(y, z | x) denotes channel transition probability, x ∈ X denotes encoded message of Alice, and y ∈ Y and z ∈ Z denote the received codewords of Bob and Eve, respectively, after descrambling. e data transmission channels of Alice-Bob and Alice-Eve are discrete memoryless channels (DMC) denoted by (X s , p(y s | x s ), Y s ) and (X s , p(z s | x s ), Z s ), where x s ∈ X s denotes the data signals sent by Alice after scrambling and y s ∈ Y s and z s ∈ Z s denote the received signals of Bob and Eve, respectively. Note that we estimate CSI in Rayleigh channel and evaluate the system in DMC model. e derivation results guide the design and optimization of the scheme, so there is no need to transmit signals for quantization or information verification like [22,26]. e details of the performance analysis are presented in Section 5.

Secret Key
Generation. For TDD wireless system, there are two mainstream approaches for legal partners to obtain relevant common random source to generate secret key. One is to estimate the CSI by the received pilot signal; the other is sending random signals to mix the random signals and the channel gains [28]. e former is selected in this scheme. Figure 3, Alice and Bob send pilot signals to each other for estimating CSI. Similarly, Eve obtains the CSI without sending pilot. When they measure the channel gain of the ith received pilot signal with zero forcing (ZF) algorithm, the results can be expressed as follows:

Extraction of Common Random Source. As shown in
where n A,i , n B,i , and n E,i are the estimated errors of ZF algorithm. ey are independent and identically distributed (i.i.d.) complex Gaussian random variables. Let σ 2 a and σ 2 b denote the pilot signal powers of Alice and Bob, respectively, and let σ 2 n denote the noise power. en, according to the channel estimation error model in [29,30], the probability distributions of n B,i and n E,i are CN(0, σ 2 n /(σ 2 a σ 2 p )) and n A,i ∼ CN(0, σ 2 n /(σ 2 b σ 2 p )). For a correlated eavesdropper, h AE,i can be rewritten as Descrambling and signal processing where n h,i is independent of h AB,i , which satisfies n h,i ∼ CN(0, σ 2 h ). To ensure the maximum independence of random sources, Alice and Bob send pilot signals to each other only once in each coherent time. Assume that the Alice-Bob channel in the same coherent time remains unchanged because of the reciprocity. en it can be inferred that h AB,i � h BA,i . After N coherent times, Alice, Bob, and Eve hold N channel estimation results as samples of common random source, i.e.,

Quantization.
In general, the purpose of quantization algorithm for Alice and Bob is to quantize the common random source into more secret key bits, while the probability of keeping key mismatch between them and the probability of key being successfully predicted by Eve are both low. Since different key bits can be corrected in the next channel decoding process, we pay more attention to increasing the obstacle of the key being predicted by the eavesdropper.
is is different from the traditional quantization algorithm in SKG, which focuses more on key consistency. erefore, we select q-bit equalprobability quantization algorithm to generate secret keys, where q represents quantization precision. Assume that the secret keys of Alice, Bob, or Eve are denoted by K u , where u � A, B or E. As for the shared random source with complex Gaussian distribution, let F(s) be the probability distribution function, and let F − 1 (z), z ∈ [0, 1] be its inverse function. To obtain more keys, the real part and the imaginary part of the channel gains are quantized, respectively. e quantization algorithm is shown in Table 2.
After converting the quantized key into binary gray code, the length of the output secret keys is Nq bits. To evaluate the BMR of the secret keys K A , K B , and K E , we take 1-bit quantization as an example to deduce the following theorem.

Theorem 1. If we perform 1-bit equal-probability quantization algorithm on the complex Gaussian random vectors H A and H B , the BMR between the outputs K
where e following relationship is satisfied: From (4), one can see that P AB (c a , c b , 1) decreases with the increase of c a and c b , and this conclusion is still valid on multibit quantization [31]. is shows that we can obtain more consistent keys by increasing the power of the pilot signal, thereby improving the robustness of our scheme. From (5) and (1), it is clear that P AE (c a , c b , 1, ρ) increases when Eve and Bob get farther. If we let d ⟶ ∞, then ρ ≈ 0 and P AE (c a , c b , 1, ρ) ≈ 0.5. is conclusion is consistent with most of the SKG experiments; that is, the channels of Alice-Bob and Alice-Eve can be considered approximately independent when d > 0.5λ in a scattering-rich channel environment. erefore, in most cases, spatial decorrelation of the wireless channel protects the legal party's secret key from being predicted by Eve. In practice, P AB (c a , c b , q) and P AE (c a , c b , q, ρ) can be solved by statistical counting. In Section 6, we get the statistical value of multibit quantization BER from the simulation result.
Assuming that the average acquisition time of each channel estimated sample is t s and the processing delay is ignored, the secret key generation rate of the proposed scheme is Note that the choice of q is crucial to BMR and secret key generation rate. In Section 5, we will introduce a method for dynamically selecting q according to SNR.

Construction of the Equivalent Interference Channel.
Unlike encrypting information with the same keys, scrambling and descrambling are performed to construct interference channel based on different keys. e interference can be injected in multiple steps of the signal processing, including spread spectrum, precoding, or changing constellation diagram in modulation like [32]. To facilitate hardware implementation, we XOR the key bits with the signal we want to scramble. As shown in Figure 3, the message M after encoding is denoted by X, and the codeword after scrambling is expressed as X s . en, Alice sends X s via the Alice-Bob data channel. After that, Bob receives Security and Communication Networks Y s and descrambles it by K B . Finally, Bob performs decoding to recover M. e reception capabilities of Bob and Eve in EIC will be discussed in Section 5.
Note that the proposed scheme is similar to ST schemes based on artificial noise [33]. For the latter, the interference in the received signal arises because the artificial noise injected into the null space is not eliminated completely. For this scheme, the reason for the increase of BER is that estimation error of CSI cannot be eliminated completely. e commonality is to deteriorate the eavesdropping channel.
en, the legal party can use the advantage of signal-to-noise ratio and well-designed channel coding to transmit large amounts of information without leaking to eavesdroppers. erefore, the careful design of channel coding is also necessary. It must fulfill the requirement that the error bits in Bob's received signal can be corrected while preventing Eve from effectively correcting them during the channel decoding. As shown in Figure 3, Alice first adds CRC check bits to the message M and then encodes it as X � encode(M). To prevent Eve from recovering M, Alice should encode M with the highest possible code rate on the premise of meeting the system BER requirements. We analyzed the BER of Bob and Eve after decoding in Section 6. After decoding and getting M′, if Bob's CRC does not match M ′ , the retransmission of M shall be carried out in accordance with ARQ protocol. us, the proposed scheme does not need to send verification information as [22].

Performance Evaluation
In this section, we evaluate the performance of the scheme based on the equivalent interference channel model by deriving BER, channel capacity, security capacity, and error reconciliation efficiency of the scheme. Such metrics are commonly used in the performance analysis of physical layer security technologies.

Channel Capacity.
First, we take the Alice-Bob channel as an example to calculate the channel capacity C xy , which characterizes the limit of transmission rate. Note that it incorporates the effect of modulation and signal processing methods. e equivalent interference channel of Alice-Bob denoted by (X, p(y | x), Y) with input X, output Y, and the transition probability matrix is as follows: where P xy (c d , c a , c b , q) is the bit error rate of Y with respect to X and c d is the SNR of the received data signal. As shown in the dashed box in Figure 3, it contains the transmission channel of the data signal. Similarly, assume that the BER of transmission channel (X s , p(y s | x s ), Y s ) is denoted by P d (c d ). To deduce P xy (c d , c a , c b , q) and C xy , the following theorem is stated.

Theorem 2.
For an equivalent interference channel (X, p(y | x), Y), it is equivalent to a cascade channel composed of (X s , p(y s | x s ), Y s ) and a virtual binary symmetric channel with bit error rate P AB (c a , c b , q). P xy (c d , c a , c b , q) is given as When the input X satisfies Pr(x � 0) � Pr(x � 1) � 0.5, the channel capacity is as follows: where H(·) is the entropy function.
Proof:. see Appendix B. C xy defines the upper limit of the amount of information transmitted on the Alice-Bob channel each time. From (9) and (10), we can find an obvious relationship that the effects of P d (c d ) and P AB (c a , c b , q) are the same for C xy , which inspires us to equate the processes of scrambling and descrambling with different keys to an equivalent interference channel. Obviously, the solution of capacity of Alice-Eve channel C xz is the same as C xy : where P xz (c d , c a , c b , q, ρ) is the bit error rate of Z with respect to X. □ 5.2. Security Capacity. Security capacity represents the theoretical upper limit of secure transmission rate [9]. It indicates the advantage of the legal parties in channel capacity compared with Eve. For DMBC channel model, it is expressed as follows [34]: where [·] + denotes max(0, ·). We derive security capacity in the following two different eavesdropping scenarios. Secret key K u Initialization (1) Calculate F − 1 (z) and the variance of H u (2) Set 2 q quantization partitions, where the lth partition is expressed as Q l � (F − 1 (l − 1/2 q ), F − 1 (l/2 q ))

Uncorrelated Eavesdropping Scenario.
In an uncorrelated eavesdropping scenario, Eve is far away from Alice and Bob. Based on previous analysis, this makes ρ approach zero and makes P AE (c a , c b , q, ρ) approach 0.5. erefore, Eve randomly generates K E to reduce interference in the Alice-Eve channel without any prior knowledge about common random source. Let P u � [P u,0 , P u,1 , . . . , P u,q ] denote the probability distribution of the random variables k u ∈ (0, 1, . . . , q), which are shown in Table 2. en we give Corollary 1 to illustrate the probability of Eve successfully predicting Alice key.

Corollary 1. For two independent and identically distributed sequences
of N random variables samples Table 2, the probability distribution of each quantized output k u is P u � [P u,0 , P u,1 , . . . , P u,q ].

by the quantization algorithm shown in
en, the following inequality holds: And if and only if P u,0 � P u,1 � · · · � P u,q , the equal sign holds.
Proof:. see Appendix C.
From (13), it can be inferred that when P u,0 � P u,1 � · · · � P u,q and H(k u ) � q, we can minimize the possibility of Eve successfully predicting K A . It is our motivation for choosing equal q-bit equal-probability quantization algorithm. After converting k u into gray code k u ′ of length Nq, (13) can be rewritten as and the bit error rate is given by Pr(k A ′ � k E ′ ) � 0.5. erefore, the capacity of Alice-Eve equivalent interference channel is given by C xz � 0 according to (11), and the security capacity is given by C s � [C xy ] + . □

Correlated Eavesdropping Scenario.
In a more dangerous scenario with an correlated eavesdropper, Eve increases the correlation between h AB and h AE by approaching Bob. In this way, Eve may obtain random source samples similar to the legal parties and generate K E as consistent as possible with K A . According to eorem 2 and (12), C s can be rewritten as Due to the fact that the entropy function H(·) is a rigid monotony increasing convex function at (0, 0.5), we can infer that C s > 0 when P AE (c a , c b , q, ρ) > P AB (c a , c b , q). Benefiting from the spatial decorrelation, the inequality P AE (c a , c b , q, ρ) > P AB (c a , c b , q) holds in most environments with multipath scattering even if Eve is extremely close to Bob [7]. erefore, our scheme can obtain a positive upper bound of secure transmission rate with correlated eavesdropping channel.

Optimization of the Proposed Scheme.
Note that the unit in (10) and (11) is bit per channel use, and the utilization frequency (i.e., the scrambling rate) of the equivalent scrambling channel is determined by the scrambling method. e same as one-time-pad encryption, we have H(X) � H(K U ). Assuming that the newly generated key is immediately used to scramble X, the utilization frequency denoted by R f is equal to the bit rate of X, which can be given as where (a) holds due to the equal probability quantization and H(k u ) � q. en, according to (7), (10) and (11) can be rewritten in bits per second as Obviously, in order to maximize security capacity, q should be adjusted dynamically according to current c a , c b , and c d of Alice, Bob, and Eve. However, knowing Eve's SNR, BER or decoding method may not be easy. us, in this paper, we only discuss the optimization of C AB . For given c d , c a , c b , and t s , this problem can be described as Equation (19) provides a reference for the design of signal power and quantization precision of the scheme. From the simulation results in the next section, we find that the optimal value usually satisfies q * ≤ 5 in an actual environment (e.g., c d ≤ 10 dB and c a � c b ≤ 30 dB). erefore, (19) is solved by one-dimensional search.

Error Reconciliation Efficiency.
Channel coding is a common technique for correcting error bits in different schemes, although it reduces efficiency. However, the comparison of the efficiency in different schemes was rarely discussed in previous works, which inspires us to measure it with a new and unified metric. e error reconciliation efficiency denoted by ζ ∈ [0, 1] is expressed as follows: where L M is the length of initial information M transmitted by Alice; L is the total number of bits sent by both legal parties for the purpose of transmitting M safely and correctly. For ease of analysis, it is assumed that the channel for Security and Communication Networks transmitting confidential data or reconciliation signals is noiseless, while the pilot channel is noisy. e schemes in Figures 2 and 3 use the same linear block code (n s , k s ), and η � (k s /n s ) denotes the code rate. For our proposed scheme, the error bits in received signal will be corrected in the process of channel decoding. erefore, L is the length of codeword after encoding, and the error reconciliation efficiency is equal to the code rate; i.e., ζ EIC � η.
For existing schemes in Figure 2, information reconciliation is a necessary step to obtain the same keys. e mainstream is to use channel coding in two different ways. One is described in [35][36][37]. Assume that Alice calculates parity check bits based on the generator matrix of systematic linear block code and its keys of length k s . en, Alice sends them to Bob through the public channel. Since the generator matrix is well known, it divulges (n s − k s ) bits secret keys [17], so the length of available secret keys L key 1 after information reconciliation is L key 1 � k s − n s − k s , for η ∈ (0.5, 1), Under the condition of one-time-pad encryption, we have L M � L key 1 , and the error reconciliation efficiency is e other method is described in [38][39][40]. Supposing that Alice creates the check information by XOR a series of encoded random number with its keys of length n s and sends them to Bob, the length of available secret keys is L key 2 � k s . erefore, we have ζ k2 � k s n s + k s . (23) According to (20)- (23), it can then be inferred that the error reconciliation efficiency of the above three methods satisfies

Numerical and Simulation Results
is section shows our Monte Carlo simulation results and theoretical results. e experiment was repeated 5,000 times in each simulation; and, for each experiment, 10,000 channel gain and noise samples are randomly generated. To simplify the analysis, we omit other processes except modulation and take BPSK for an instance to calculate P d (c d ), which is only affected by the SNR of the received data signal c d . For the Rayleigh data channel with h ∼ CN(0, 1), P d (c d ) can be calculated by the following formula:

Security and Reliability Verification.
In this subsection, we prove the security and reliability of the scheme by calculating and simulating BER, channel capacity, and security capacity. Figure 4 shows that the BER of Bob's received signal is affected by quantization precision q, the SNR of the received pilot signal c a and c b , and the SNR of the received data signal c d . One can see that BER decreases with the increase of c a , c b , and c d . is phenomenon proves the inference based on eorem 2 that the equivalent interference and the noise in data transmission channel have similar effects on reception capability. It also confirms that c a and c b described have the same effect on P AB (c a , c b , q), which implies that increasing either of them will reduce the BER of the received signal. erefore, for ease of observation, in the following simulations, we let c p � c a � c b and c d � 10 dB.
In Figure 5, we analyze the BER of Eve. e trend of curves with respect to SNR is similar to that of the former. Note that, with the increase of d, the deterioration of Eve's BER performance is highly significant. Especially when d � 0.4λ, Eve's received signal is almost all wrong. As a common channel environment in 2.4 GHz band, we can infer that d � 0.4λ � (0.4 × 3 × 10 8 /(2.4 × 10 9 )) � 5 cm, and it is impractical for Eve to hide itself at such a close distance in our scheme. In Figures 4 and 5, the black-dashed lines represent the numerical results calculated by (4) and (5). As can be observed from the figures, the simulation and numerical results match very well. Figures 6 and 7 show the channel capacity of equivalent interference channel of Alice-Bob and Alice-Eve, where C AB and C AE are calculated according to (17) and (18). According to Figure 6, one can see that the increase in c p significantly improves C AB , and, for different c p , q is different when C AB is the maximum. erefore, to maximize C AB , q should be dynamically adjusted according to current c p and c d . Figure 7 is similar to Figure 5, where C AE is mainly affected by d. It can be inferred that the channel correlation of Alice-Bob and Alice-Eve is reduced due to larger d, which leads to a higher BER and a lower channel capacity of Eve. When d � 0.4λ, the keys are almost completely different and more interference is added to the equivalent interference channel of Eve, which results in Eve not receiving any useful information from Alice. In addition, we can also find that even if Bob is in an extremely harsh environment, such as d � 0.1λ, C AB is still larger than C AE .

Performance Comparison.
In this subsection, we compare the performance difference between the proposed scheme and the existing schemes through simulation. First, we compare the security capacity of the proposed method with the fixed quantization precision method in [22][23][24][25][26] in Figure 8. We assume that Eve fully knows the SNR of Alice and Bob and uses the same strategy to adjust or fix q. As shown in Figure 8, the dynamic q selection method according to (19) can obtain the largest C s in the entire c p interval, while the existing methods can only obtain the maximum C s within a certain SNR interval. is result means that even if our strategy is copied by Eve, it can still reach a higher upper for secure transmission rate because it is more adaptable to a real-time changing channel environment. In addition, although the decrease of Eve-Bob distance will slightly reduce C s , it does not have a significant impact on our optimization method of C AB . en, we take polar code as an example to simulate the BER performance loss of the scheme in Figure 9. e relevant codes refer to the application in MATLAB 5G Toolbox. In this simulation, L m � 100 and η � 0.33. For comparison, we also simulate the decoded BER of Bob without applying the scrambling method. If we take decoded BER ≤ 10 − 6 as the reference standard, one can see that, in the case of c p � 30 dB, the decoding BER performance deteriorates by less than one dB. In the case of c p � 20 dB, the decoding BER performance deteriorates by less than 3 dB.
Overall, this kind of BER performance loss is acceptable for Bob. For Eve, the BER cannot be reduced by decoding because the initial receiving BER is too large to correct error bits.
For comparison, we analyze the error reconciliation efficiency. Figures 10(a) and 10(b) show the trend of ζ versus various c p and η. As can be observed, the scheme based on      Security and Communication Networks 9 EIC has higher error reconciliation efficiency because it does not send any additional reconciliation signals. Note that when η is less than 0.5, we have ζ k1 � 0. is is because, for a linear block code such as BCH, when η ≤ 0.5, there is a oneto-one mapping relationship between the check bits and the key bits. Sending the check bits under this condition will leak all key bits to Eve [18]. Moreover, the fixed mapping relationship between the check bits and the information bits always exists even if other channel coding methods are used. When η is close to 1, ζ k1 is close to EIC-based scheme, but ζ k2 approaches 0.5. is is because the condition of η � 1 implies that no information reconciliation is needed to correct the key bits. At this time, sending a useless reconciliation signal of the same length as the confidential information will reduce the efficiency by half. erefore, these results indicate that the scheme based on EIC is more cost-saving and has higher error reconciliation efficiency.

Conclusion and Future Work
is paper proposes a novel secure communication scheme based on equivalent interference channel assisted by physical layer secret keys to improve efficiency. e proposed scheme scrambles the encoded signal with asymmetric physical layer keys and uses channel coding to correct the error bits caused  (b)ζ for various η when linear block code is used by the different keys and the traditional noise, so there is no need to send additional signals for information reconciliation. e quantization precision is adjusted according to the expected channel capacity, and the correctness of the confidential information is verified by CRC, so there is no need to send signals for quantization or consistency check. e expressions of BER, channel capacity, and security capacity were deduced and the simulation results prove that even when Eve is very close to the legal parties, our scheme is still available. Finally, results for the performance comparison are shown, which indicate that the proposed scheme has superior performance on the security capacity and the error reconciliation efficiency, although BER slightly increases.
For future work, we will investigate the problem of maximizing the security capacity under limited transmission power and quantification precision. On the other hand, optimizing secure transmission rate under a certain channel coding condition can be considered. In addition, the single-antenna secure communication system in this paper can be extended to MIMO system.

A. Proof of Theorem 1
As shown in Table 2, when performing 1-bit quantization of the channel gain of the i-th received pilot signal, the quantization threshold should be 0, and the real and imaginary parts of the shared random source will be quantized into key bits, respectively. Here, we first take the real part as an example and denote by f Re(h AB,i ) (s) the probability density function of Re(h AB,i ); then Pr[Re(h A,i ) < 0, Re(h B,i ) > 0 | Re(h AB,i ) > 0] can be calculated as (A.1), which is shown at the top of the next page, where (a) holds due to the fact that n A,i and n B,i are independent; (b) follows Gauss error function. Similarly, the BMR of Alice and Eve can be obtained as Due to the symmetry of the zero-mean Gaussian random variable, it can be inferred that (A.1) have the following relationship: For the error probability of Alice and Eve, it can be inferred that (A.2) have the following relationship:  , c b , 1, ρ) can be calculated as where (a) holds due to the fact that p AE (c a , c b , 1, ρ) decreases with the increase of ρ; and (b) holds due to the fact that h AB,i � h AE,i , when ρ � 1. So eorem 1 is proved.

B. Proof of Theorem 2
For ease of analysis, we add a pair of symmetrical virtual scramblers at both ends of the equivalent interference channel. As shown in Figure 11, it is a simplified flowprocess diagram of the scheme and the two virtual scramblers are, respectively, located before scrambling and after descrambling. ey use the same secret key K B and the scrambling method is XOR, so channel (X v , p(y v | x v ), Y v ) is also a DMC where the new input is x v ∈ X v and output is y v ∈ Y v . Since there is no new noise or interference added, the channel transition probability is unchanged; that is, p(y v | x v ) � p(y | x). According to the principles over the binary field, it can be inferred that Y s � Y v and p(y s | x v ) � p(y v | x v ) � p(y | x). Let the input probability satisfy p(x v ) � p(x); then the capacity of Alice-Bob C AB is given by We have that P(y s ) � X v P(x v )p(y s | x v ) and log is a base-2 logarithm. In this case, the solution for the capacity of channel (X, p(y | x), Y) is converted to the channel (X v , p(y s | x v ), Y s ), which can be equivalent to a virtual cascade channel that contains two parts. For the former (X v , p(x s | x v ), X s ), we have Similarly, Pr(x s � 0 | x v � 0) � 1 − P AB (c a , c b , q) and , c b , q). So, the BER of (X v , p(x s | x v ), X s ) is P AB (c a , c b , q). For the latter of the cascade channel, that is, (X s , p(y s | x s ), Y s ), the BER is P d (c d ). Since p(y s | x s ) is only related to the noise in data signals and p(x s |x v ) is only related to the estimation error of pilot signals, Y s is determined by X s and p(y s | x s ).
us, X v − X s − Y s is a Markov chain that satisfies p y s x s x v � p y s x v � Since the secret keys are equally distributing, ω � 0.5 is equivalent to Pr(x � 0) � Pr(x � 1) � 0.5.
So eorem 2 is proved: where (a) is due to Jensen's inequality; (b) is because key quantization is an independent and repeated experiment process and k u,i are i.i.d. random variables. So Corollary 1 is proved.

Data Availability
All data and results are generated by MATLAB, and they have been stored in the supplementary information files. Additional information can be obtained from the corresponding author upon request via email.

Conflicts of Interest
e authors declare that they have no conflicts of interest. Figure 11: e simplified process of the proposed scheme with virtual scramblers attached.