A Wire‑Tap Approach to Enhance Security in Communication Systems Using the Encoding‑Encryption Paradigm

This document is downloaded from DR‑NTU (https://dr.ntu.edu.sg) Nanyang Technological University, Singapore.

A wire‑tap approach to enhance security in communication systems using the encoding‑encryption paradigm

Mihaljevic, Miodrag; Oggier, Frederique

2010

Mihaljevic, M. & Oggier, F. (2010). A wire‑tap approach to enhance security in communication systems using the encoding‑encryption paradigm. Information and Coding Theory Workshop, International Conference on Telecommunications (ICT) 2010. https://hdl.handle.net/10356/93759

Downloaded on 28 Sep 2021 14:24:25 SGT A Wire-tap Approach to Enhance Security in Communication Systems using the Encoding-Encryption Paradigm

Miodrag Mihaljevic´ Fred´ erique´ Oggier Mathematical Institute Division of Mathematical Sciences Serbian Academy of Sciences and Arts, Belgrade, Serbia School of Physical and Mathematical Sciences and Research Center for Information Security (RCIS) Nanyang Technological University Institute of Advanced Industrial Science and Technology (AIST), Singapore Tokyo, Japan Email: [email protected] Email:[email protected].yu

Abstract—Motivated by the GSM system, we consider com- the redundant data from the cryptographic security point of munication systems which employ the encoding-encryption view has been pointed out even in [6] where the cryptography paradigm of first encoding the data before encrypting it for as a scientific topic has been established. Performing error- transmission. We add one level of security to the existing system designs by introducing a wiretap encoder. We analyze the security correction coding of a message before encryption introduces a from an information theoretical point of view, and prove the structured redundancy, which could be an origin for mounting enhanced security of the proposed scheme, focusing on the certain attacks against the employed keystream generator. case of known plain text attacks that can endanger not only The question that we address in this work is a generic the confidentiality of some messages but also the safety of the approach for enhancing the security of communication systems key used for encryption, and thus the security of the whole communication system. where the data is first encoded and then encrypted, of which GSM is maybe the most famous motivating example. We are I. INTRODUCTION mainly focusing on the security of the keystream generator, Reliability in wireless communication systems has been more important than the security of a given confidential extensively studied in the past decades. Recently, more and message. This is done by employing an additional dedicated more attention has been paid to the fact that wireless channels wire-tap channel coding. Similar ideas have recently appeared are by nature more vulnerable to eavesdropping. Accordingly in the context of stream ciphers designs [3], [4], but the focus wireless systems should include coding algorithms for proof this paper is very different since we deal with existing viding error-corrections as well as ciphering algorithms for (given) encryption schemes. encryption and decryption. The contribution of this paper is to propose and elaborate An illustrative example where the coding and ciphering an approach for improving the security of communication are of high importance is GSM (see [2]-[1]), which is the systems which utilize the “first encoding then encryption” most widespread system of mobile communications. GSM paradigm, employing a stream cipher and an error correcting must use error correction to withstand reception errors, as code. As a starting point for our study, we consider the case well as encryption to provide privacy for the users. The GSM of certain discrete memoryless channels (DMCs). We involve protocol uses the encoding-encryption paradigm: a message is into an existing system an additional block which performs a first subjected to an error-correction code which considerably dedicated wire-tap channel like coding. This dedicated coding increases the size of the message. The encoded message is then provides origin for enhancing the security as a trade-off with a encrypted and transmitted (see [1], Annex A). This approach slight/moderate increase of the implementation complexity and contradicts to the common practice of first encrypting a the communications overhead. The improved security appears message, and only then subjecting it to error-correction codes. as a consequence of joint impact of the proposed dedicated Note that an advantage of encoding and then encrypting wire-tap channel coding based on a linear mapping controlled is that even in a known plaintext attacking scenario, a wire- by a pure randomness and a noise which is inherent in the tapper can learn only a noisy version of the keystream which communication channel. makes, generally speaking, the cryptanalysis of the employed We study the security of the proposed approach from an keystream generator more complex. On the other hand, this information-theoretic point. More precisely, we show that approach implies encryption of more data because the error- the information-theoretic security of the keystream is a de- correction encoding generates redundant data in order to creasing function of the sample available for cryptanalysis. provide possibility of the errors correction. Undesirability of The achieved trade-off between the enhanced security and • operators of the homophonic wire-tap channel encoding Transmitter Keystream −1 Generator CH (·) and decoding C (·). secret key H {xi} {yi} {ai} Error-Correction A. Encoding and encryption at the transmitter Encoding encryption message {b } i The transmitter goes through the following steps:

Discrete Memoryless 1) Employing the random vector u, it performs the homo- Channel (DMC) phonic (wire-tap channel) encoding of the plain text a

Receiver to get { } {a } zi i Error-Correction decryption CH (a||u), Decoding message {bi} {x } i where || denotes the concatenation. How the wire-tap Keystream channel coding is concretely done will be discussed later secret key Generator on. 2) The transmitter then does the error-correction encoding Fig. 1. Model of the communications system under consideration. of the resulting vector:

CE(CH (a||u)). (1) the increased implementation and communications overheads 3) Finally, it generates the ciphertext in form of an n- appears as very appropriate in a number of scenarios where dimensional binary vector y given by the security is a high priority. y = CECC (CH (a||u)) ⊕ x, (2) II. COMMUNICATION SYSTEMS MODEL where x is the output of the keystream generator and ⊕ We consider a class of communications systems which denotes XOR or addition modulo 2. employs coding and ciphering for providing the reliability and The vector y is then sent over the channel. secrecy of the transmissions, as shown in Fig. 1. The system is composed of: B. Decryption and decoding at the receiver • an ℓ-dimensional binary vector of message/plaintext data ℓ Assuming transmission over a class of binary discrete a = [ai]i=1 to be sent; n memoryless channel (DMC), the receiver gets the noisy vector • an n-dimensional binary vector x = [xi]i=1 of the keystream generator output bits used to protect the vector z given by a of data; z = y ⊎ v • a noisy binary channel, represented by an n-dimensional n binary vector v = [vi]i=1 of random noise, where each = CECC (CH (a||u)) ⊕ x ⊎ v, (3) coefficient vi is the output of a random variable Vi where stands for the operations of complementation and/or satisfying that Pr(Vi = 1) = p and Pr(Vi = 0) = 1 − p; ⊎ −1 erasures controlled by the vector v in the considered class of • CECC (·) and CECC (·): operator of the error-correction encoding and decoding, respectively. binary DMCs. Upon reception, the receiver first computes We assume the employed encryption is a stream ciphering. Indeed, the trick of reversing the order of encryption and z ⊕ x = C (C (a||u)) ⊎ v error-correction is not possible if a block-cipher were to be ECC H used for encryption. Accordingly, modulo 2 addition of the and then decode z ⊕ x: corrupted binary sequence of ciphertext and the keystream −1 −1 yields a corrupted version of the error-correction encoded CECC (z ⊕ x) = CECC (CECC (CH (a||u)) ⊎ v) plaintext where the employed encoding provides possibility for = CH (a||u) recovering the error-free plaintext. As such, the above given system is already able to provide reliability via error correcting since by assumption the error correcting code can correct the codes and some security via the use of the keystream generator. errors introduced by v. The only things left are thus to decode To enhance the security without having to change the the wire-tap code, and to remove the random bit string u, existing system, we incorporate a wire-tap encoder, composed namely of: −1 −1 a = tcatℓ(CH (CECC (z ⊕ x))) • an (m−ℓ)-dimensional binary vector of random data u = m−ℓ [ui]i=1 where each ui is the realization of the random where tcatℓ(·) denotes truncation of the argument vector to variable Ui such that Pr(Ui = 1) = Pr(Ui = 0) = 1/2; the first ℓ bits. the employed codeword inside the coset u(s) ⊕ C. The Transmitter Keystream Generator transmitted word c is specified by: secret key {xi} C C C {y } c = s1h1 ⊕s2h2 ⊕. . .⊕slhl ⊕u1g1 ⊕u2g2 ⊕. . .⊕ukgk {ai} i Homophonic Error-Correction encryption Encoding Encoding message { } where u = [u1,u2,...,uk] is a uniformly distributed {u } bi i random k-bit vector and k ≤ n − l. Source of Discrete Randomness Memoryless Channel We can now summarize the overall encoding operation: (DMC) Receiver h1 {z } {a } i i Homophonic Error-Correction decryption h2 Decoding Decoding message  .  {bi} c = [s||u] . = [s||u]G , {x } . H i   Keystream  hl  Generator  C  secret key  G      where GH is a (l + k) × n binary matrix corresponding to Fig. 2. A framework for enhancing security employing dedicated wire-tap CH (·). channel like coding and pure randomness. B. Encoding via coset coding In our scenario, we need to combine wiretap encoding with III.WIRE-TAP CODING error correction encoding, both being linear operations. Recall A. Generic coset coding from (1) that the encoded vector at the transmitter is

A generic technique for performing homophonic/wire-tap CECC (CH (a||u)), coding is the coset encoding as proposed by Wyner [7] recently also employed in a cryptographic framework in [5]. where a is a l-dimensional data vector, and u is a m−l random vector. Using generic coset coding as discussed above with a • To transmit a l-bit message, we first select a (n, k) code (m,m − l) code, we now know that C, that is, a binary error correcting code that maps a k-bit message into a n-bit codeword, such that l ≤ n − k. CH (a||u) = [a||u]GH , k • Since C is formed of 2 codewords contained in the space {0, 1}n of 2n vectors, we can partition {0, 1}n into a where GH is an m × m matrix, and thus disjoint union of cosets of C, that is CECC (CH (a||u)) = CECC ([a||u]GH ) n−k 2 = [a||u]GH GECC {0, 1}n = (u ⊕ C) i = [a||u]G (4) i=1 [ n where ui are vectors in {0, 1} \C, and the union is where GECC is an m × n binary generator matrix corre- over a set of representatives ui. Since each coset is sponding to CECC (·), and G = GH GECC is an m × n just a translation of C, it contains the same number of binary matrix summarizing the two successive encodings at vectors, namely 2k, and thus there must be 2n−k cosets the transmitter. l of C, among which we choose 2 cosets and let each Since GH multiplies the vector [a||u] where a is an l- message correspond to a chosen coset. This is the key dimension vector and u an (m−l) dimension vector, it makes to homophonic coding: instead of mapping one message sense to write the m × m matrix GH by blocks of size to one codeword, we map one message to a set of depending on l and m − l: codewords, namely, to a coset. (1) (2) • The selection of the cosets is done in a linear fashion as G G G = H H (5) explained below: H (4) " Im−l GH # – Suppose GC is a k × n generator matrix for C with C C C where G(1) is an l × (m − l) matrix, G(2) is an l × l matrix, rows g1 , g2 ,..., gk . H H – We select l linearly independent row vectors Im−l denotes the (m − l) × (m − l) identity matrix and finally n (4) h1, h2,..., hl from {0, 1} \C. GH is an (m − l) × l matrix. – The coset u(s)⊕C corresponding to an l-bit message The requirement for the matrix GH are two-fold: s is determined as follows: −1 = [s1,s2, ..., sl] • In order for the decoding operator CH to exist, we need GH to be invertible. s 7→ s1h1 ⊕ s2h2 ⊕ . . . ⊕ slhl ⊕ C. −1 • Both matrices GH and GH should be as sparse as • The above correspondence is deterministic, but the en- possible in order to avoid implementation complexity coding has a random component in the selection of overheads. IV. INFORMATION THEORETICAL ANALYSIS OF THE Example 1: Consider the case of a known plaintext attack SECURITY IMPROVEMENT when a = 0. We then have This section analyzes the security of the proposed scheme m−ℓ from an information theoretical prospective. The system we zi = xi ⊕ ( gℓ+k,iuk) ⊎ vi, i = 1, 2, ..., n. k consider already uses a keystream generator to protect the M=1 confidentiality of the data. Thus though an adversary may Without the wiretap encoding, the keystream xi is corrupted try to still mount an attack to discover a secret message, and so protected as well by the noise on the channel, while more dangerous is an attack against the keystream, which with addition of the wiretap encoder, the key is further would endanger all the transmissions. We will show how the protected by the pure randomness added. introduction of the wiretap encoding increases the protection The lemma below gives a bound on the resistance of the of the key. scheme to a known plain text attack where the adversary In what follows, we use as notation that knows both a and z. Lemma 1: The entropy of the keystream output knowing • ui, random bits used in the wiretap encoder, the plaintext and the received signal can be lower bounded as • xi, output bits of the keystream generator, follows: • vi, random components of the additive noise n l n are realizations of certain random variables Ui, Xi and Vi, re- H(X |A , Z ) ≥ spectively, i = 1, 2, ..., n. We can further assume that the plain min{H(Um−l), H(Xn) + H(Vn)} + text is generated randomly, and thus see ai as a realization n n min{H(V ), H(X )} − δ(CECC ), of a random variable Ai as well. The corresponding vectors l ℓ of random variables are denoted as follows: A = [Ai]i=1, where m−l m−ℓ n n n n U = [Ui]i , X = [Xi]i=1, and V = [Vi]i=1. =1 m−l Recall from (3) and (4) that the received vector at the δ(CECC ) = H(ǫ) + ǫ log(2 − 1) receiver is given by → 0

z = CECC (CH (a||u)) ⊕ x ⊎ v with ǫ → 0. = [a||u]G ⊕ x ⊎ v Proof: Employing the entropy chain rule, we have that l m−l n n n m n H(A , U , X , V , Z ) where G = [gi,j ]i j is an m × n matrix containing both =1 =1 l n l m−l l n the wiretap and the error correction encoding. = H(A ) + H(Z |A ) + H(U |A , Z ) + n n l m−l n n l m−l n n Let z = [zi]i=1, so that z can be written componentwise as H(V |A , U , Z ) + H(X |A , U , V , Z ) l n l m−l l n ℓ m−ℓ = H(A ) + H(Z |A ) + H(U |A , Z ) n l m−l n zi = (( gk,iak) ⊕ ( gℓ+k,iuk) ⊕ xi) ⊎ vi, i = 1, 2, ..., n, +H(V |A , U , Z ), k=1 k=1 M M since H(Xn|Al, Um−l, Vn, Zn) = 0 using (6). and zi appears as the realization of a random variable Zi: Repeating the entropy chain rule but we another decompo- ℓ m−ℓ sition, we further get that Z = (( g A )⊕( g U )⊕X )⊎V , i = 1, 2, ..., n. l m l n n n i k,i k ℓ+k,i k i i H(A , U − , X , V , Z ) k=1 k=1 M M = H(Al) + H(Zn|Al) + H(Xn|Al, Zn) + We further denote Zn = [Z ]n , and i i=1 H(Um−l|Al, Xn, Zn) + H(Vn|Al, Um−l, Xn, Zn) n l m−l n n l n l n l n Z = CECC (CH (A ||U )) ⊕ X ⊎ V . (6) = H(A ) + H(Z |A ) + H(X |A , Z ) m−l l n n l m−l l m−l +H(U |A , X , Z ), Note that since CH (A ||U ) = [A , U ]GH , we can rewrite the wiretap encoder as noticing that H(Vn|Al, Um−l, Xn, Zn) = 0 again using (6). By combining the two decompositions, we deduce that l m−l l m−l CH (A ||U ) = CH,a(A ) ⊕ CH,u(U ), H(Xn|Al, Zn) where C and C are the operators for the wiretap m l l n n l m l n H,a H,u = H(U − |A , Z ) + H(V |A , U − , Z ) encoding restricted to a, resp. u, so that −H(Um−l|Al, Xn, Zn). Zn = C (C (Al)) ⊕ C (C (Um−l)) ⊕ Xn ⊎ Vn ECC H,a ECC H,u We now reformulate Um−l Al Zn and (7) H( | , ) Vn Al Um−l Zn . First, using (7) and that conditioning since the error correcting encoding is also linear. H( | , , ) reduces entropy, namely, Before starting the analysis itself, let us give a motivating example. H(Um−l|Al, Zn) ≤ H(Um−1), we compute that We now move to a more realistic scenario. Transmission takes place over time t = 1, 2,..., and the keystream generator Um−l Al Zn Um−l Xn Vn H( | , ) = min{H( ), H( , )} uses a key K based on which it computes its outputs X(t) = = min{H(Um−1), H(Xn) + H(Vn)} (t) n [Xi ]i=1 in a deterministic way f for a time period of length since Xn and Vn are mutually independent. τ: (t) (t) Similarly, again using (7) and that X = f (K), t = 1,...,τ. H(Vn|Al, Um−l, Zn) ≤ H(Vn), Correspondingly, we can rewrite the whole system in terms of realizations of random variables that depends on time, over we obtain that the time interval t = 1,...τ: (t) n l m−l n n n (t) ℓ H(V |A , U , Z ) = min{H(V ), H(X )}. • A = [Ai ]i=1 for the plain text, (t) (t) m−ℓ • U = [U ] for the pure randomness used in the m−l l n n i i=1 We are finally left with bounding H(U |A , X , Z ). wiretap encoder, m−l l n n Recovering U when A , X and Z are given is the (t) (t) n • V for the channel noise, n = [Vi ]i=1 decoding problem of removing the noise V employing the (t) (t) n • Z = [Zi ]i=1 for the received signal. code CECC with error probability Pe. This can be bounded using Fano’s inequality: Similarly as above, we have (t) (t) (t) (t) (t) m−l l n n m−l Z = CECC (CH,a(A ) ⊕ CH,u(U )) ⊕ f (K) ⊎ V . H(U |A , X , Z ) ≤ H(Pe) + Pe log(2 − 1) ≤ H(ǫ) + ǫ log(2m−l − 1) → 0 The key K is represented as a vector of random variables drawn independently from a uniform distribution over {0, 1}, since by design of the system, we may assume P = ǫ → 0. e so that H(K) = |K|. We further use the following block This concludes the proof. notations: Let us make a few remarks about the above lemma. The interpretation of the lemma is a bound on the resistance Aτl = [A(1)||A(2)|| . . . ||A(τ)] of the scheme to a known plain text attack. This clearly Uτ(m−l) = [U(1)||U(2)|| . . . ||U(τ)] depends on two parameters: Vτn = [V(1)||V(2)|| . . . ||V(τ)] • the keystream generator: if the output of the keystream Zτn Z(1) Z(2) Z(τ) generator has a very high entropy H(Xn) ≥ = [ || ||...|| ]. m−l n H(U , V ), then the lemma tells that We can now state the main theorem of this paper, which m l n m−l n describes the security of the enhanced system against known H(X |A , Z ) ≥ H(U ) + H(V ) − δ(CECC ). plain text attacks. (j) (j) • the pure randomness put in the wiretap encoder: if we do Theorem 1: When Pr(Vi = 0) 6= Pr(Vi = 1) 6= 1/2, not add it in the system, the lemma shows that i = 1, 2, ..., n, j = 1, 2, ..., τ, there exists a threshold τthres such that H(Xm|Al, Zn) ≥ H(Vn) τl τn > 0 for τ <τthres that is, as already mentioned in Example 1, the security H(K|A , Z ) → 0 for τ ≥ τthres . of the scheme depends on the channel noise. (1) (1) The special case where the channel is noisefree is detailed Proof: When τ = 1, X = X = f (K) and (1) in the corollary below. This further illustrates the effect of pure accordingly H(X ) = H(K), thus Lemma 1 directly implies τl τn randomness involved in the wire-tap channel coding. that H(K|A , Z ) > 0 is achievable. Corollary 1: In a noisefree channel, we have When τ > 1 grows, we employ the following analysis. By using two different decompositions of n l n m−l n H(X |A , Z ) ≥ min{H(U ), H(X )}. H(Aτl, Uτ(m−l), Xτn, Vτn, Zτn) via the entropy chain rule as done in Lemma 1, we get Proof: Since the channel is noisefree, V = 0 and consequently H(V ) = Pe = 0. Lemma 1 can be rewritten H(K|Aτl, Zτn) as = H(Uτ(m−l)|Aτl, Zτn) + H(Vτn|Aτl, Uτ(m−l), Zτn) n l n H(X |A , Z ) −H(Uτ(m−l)|Aτl, K, Zτn). (8) ≥ min{H(Um−l), H(Xn)} + Note that Zτn can be considered as a τn-length degraded n min{0, H(X )} − δ(CECC ) version of a binary codeword with τ(m−ℓ)+|K| information = min{H(Um−l), H(Xn)}. bits which is corrupted by a noise vector Vτn. Assuming ∗ that the decoding error probability of this code is Pe , Fano’s inequality implies that So far, we have discussed the security analysis of a given keystream generator output, for one instance of transmission. H(Uτ(m−l)|Aτl, Zτn) < H(Uτ(m−l), K|Aτl, Zτn) ∗ ∗ τ(m−ℓ)+|K| ≤ H(Pe ) + Pe log(2 − 1) . analysis of the security was provided to show the security gain offered by the wiretap encoder. Combining the decoding ability of C with a minimum ECC Consequently, the proposal includes a trade-off between distance decoding yields a decoding error for the aggre- the enhanced security and the communication as well as gated code of size 2τ(m−ℓ)+|K| that tends to zero provided implementation overheads which in a number of scenarios long enough codewords, that is P ∗ → 0, and accordingly e appear as a suitable one. H(Uτ(m−l)|Aτl, Zτn) → 0 when τ is large enough. The implementation overhead due to the employed dedi- In a similar manner and employing cated coding is implied by the complexity of one vector-matrix H(Vτn|Aτl, Uτ(m−l), Zτn) < H(Vτn, K|Aτl, Uτ(m−l), Zτn), multiplication over GF(2) when the matrix has dimension ℓ × m where ℓ is dimension of the initial data vector. This the decoding ability of CECC with a minimum distance decod- expansion also implies additional implementation and com- τn τl τ(m−l) τn ing as used above implies that H(V |A , U , Z ) → munication overheads for the factor m/ℓ, and in a number of 0 when τ is large enough. scenarios this factor is less than two. To take care of H(Uτ(m−l)|Aτl, K, Zτn), we again use τn A natural future research direction for this work is the a decoding argument, since Z is known. However, it is evaluation of the cryptographic security based on a compu- important to note here that K is known too. Thus even though tational complexity approach. This is especially relevant since we look at a block we have proven that when the same key is used over a long Uτ(m−l) = [U(1)||U(2)|| . . . ||U(τ)], time interval, the security of the scheme then has to rely on computational complexity. the knowledge of K makes each block U(t) independent, and thus we can decode each of them separately and the probability ACKNOWLEDGMENTS τ of error is Pe . Fano’s equality finally yields The research of F. Oggier is supported in part by the Sin- gapore National Research Foundation under Research Grant H(Uτ(m−l)|Aτl, K, Zτn) ≤ H(P τ ) + P τ log(2τ(m−l) − 1) e e NRF-RF2009-07 and NRF-CRP2-2007-03, and in part by τ τ τ(m−1) ≤ H(ǫ ) + ǫ log(2 − 1) the Nanyang Technological University under Research Grant and M58110049 and M58110070. This work was done while M. H(Uτ(m−l)|Aτl, K, Zτn) → 0 (9) Mihaljevic´ was visiting the division of mathematical sciences, Nanyang Technological University, Singapore. since Pe = ǫ → 0 by design of CECC . The above consideration of the cases τ = 1 and τ >> 1 REFERENCES also implies the existence of a threshold τthres. [1] GSM Technical Specifications: European Telecommunications Standards Institute (ETSI), Digital cellular telecommunications system (Phase 2+); Physical layer on the radio path; General description, TS 100 573 (GSM The statement is intuitively clear. The security of the 05.01), http://www.etsi.org. keystream generator depends on the length K of the key. This [2] GSM Technical Specifications: European Telecommunications Standards length is fixed in the system, and then the keystream generator Institute (ETSI), Digital cellular telecommunications system (Phase 2+); Channel Coding, TS 100 909 (GSM 05.03), http://www.etsi.org. is used for a period τ that varies. As long as τ <τthresh, the [3] M.J. Mihaljevic´ and H. Imai, “An approach for stream ciphers design key is protected by the randomness of the noisy channel and based on joint computing over random and secret data”, Computing, vol. of the wiretap encoder, but that protection cannot last forever 85, no. 1-2, pp. 153-168, June 2009. [4] M.J. Mihaljevic,´ ”A Framework for Stream Ciphers Based on Pseudo- if the adversary collects too much data. randomness, Randomness and Error-Correcting Coding”, in Enhancing Note that all this analysis is true for “realistic channels” Cryptographic Primitives with Techniques from Error Correcting Codes, where the noise is not uniformly distributed. The uniformly B. Preneel, at al Eds., Vol. 23 in the Series Information and Communi- cation Security, pp. 117-139, IOS Press, Amsterdam, The Netherlands, distributed noise in the communication channel makes error- June 2009. DOI: 10.3233/978-1-60750-002-5-117 (ISSN: 1874-6268; correction infeasible, which explain the assumption in the ISBN: 978-1-60750-002-5) above theorem. [5] A. Thangaraj, S. Dihidar, A.R. Calderbank, S.W. McLaughlin, and J.-M. Merolla, ”Applications of LDPC Codes to the Wiretap Channel”, IEEE Theorem 1 directly implies the following corollary for noise- Trans. Information Theory, vol. 53, no. 8, pp. 2933-2945, August 2007. less channels. [6] C.E. Shannon, “Communication theory of secrecy systems”, Bell Sys- Corollary 2: When Vτn = 0 and the parameter τ is large tems Technical Journal, vol. 28, pp. 656-715, Oct. 1949. [7] A.D. Wyner,“The wire-tap channel,” Bell. Syst. Tech. Journal, vol. 54, enough we have: October 1975. H(K|Aτl, Zτn) = 0 . (10)

V. FUTURE WORK This paper proposed a generic approach for enhancing the cryptographic security of a class of communication systems which operate using the encoding-encryption paradigm. The enhanced security is achieved by employment of pure randomness via a dedicated wiretap coding. An information theoretical