Iterative method for improvement of coding and decryption

Modern communication systems use an encryptor and decryptor as standard components. Feedback is also used between the elements of the receiver [1], in order to improve demodulation and decoding results (Fig. 1). Unfortunately, the presence of a decryptor between source and channel decoder interupts and disables cooperation between these two decoding elements, which is known as joint source-channel decoding [2,3]. For that reason two feedback loops instead of one should be realized: one from the source decoder to the decryptor and the other one from the decryptor to the channel decoder. The main problem by using cryptographic elements is that they need errorless input: if only one bit of the input of the decryptor is wrong, in average 50 % of its output bit are wrong and the received information is useless. In very noisy enviroments, as by wireless or satellite communications for example, errorless decoding is impossible and errors at the input of decryptor are present very often. A possible solution for improved decoding applies a cooperation between coding and cryptography (chapter 2). Using the Soft Input Decryption method which is presented in chapter 3, many errors after decoding can be corrected. Soft Input Decryption is a combination of SISO convolutional channel decoding and decrypting. Soft Input Decryption with feedback (chapter 4) includes the feedback between the decryptor and SISO convolutional decoder (see Fig. 1). The feedback enables the correction of bit decoded by a SISO decoder, using bit which have been previously corrected by Soft Input Decryption. Iterative Soft Input Decryption is a method of Soft Input Decryption with feedback, which is extended by another Soft Input Decryption. Iterative Soft Input Decryption with is analyzed in chapter 5, using two strategies: serial and parallel. The results of the simulations are presented in chapter 6. Chapter 7 gives an overview of the results and suggestions for the expansion of Iterative Soft Input Decryption to Turbo Soft Input Decryption, using logical analogy to turbo decoding [4]. As this area of telecommunications is relatively new, there are no much publications which examine the sinergy of cryptography and channel coding. This paper is based on the idea to use the soft output (reliability values or L-values) of SISO (Soft Input Soft Output) channel decoding to correct the input of inverse cryptographic mechanisms (decrypting) providing cryptographic redundancy. The channel code can be considered as an inner code and the output of the cryptographic mechanism as an outer code (Fig. 2). Cryptographic mechanisms are used for security reasons for the recognition of modifications by errors or different types of attacks. Digital signatures (digital signatures with appendix [5] and digital signatures giving message recovery [6]), MACs (Message Authentication Codes [7]) and H-MACs (Hashed Message Authentication Codes [8]) are used in this paper as cryptographic check values because all of them are applied in practice and they have different lengths, which result in different coding gains. If the correction of a cryptographic check value is successful, feedback to the SISO channel decoder is accomplished for its improvement. The concatenation of codes, presented as an outer and inner code was already devised by Forney in 1966 [9]. In literature, it is known as concatenated codes [10], general concatenated codes [11] or codes of a superchannel [12]. A general schema of a communication system using concatenated codes is presented in Fig. 3 Fig. 3 Communication system using concatenated codes In most cases a convolutional code is used as an inner code in combination with a Reed Solomon code or another convolutional code as an outer code. Such a type of concatenated codes can be compared to the combination of codes investigated in this work (Fig. 2). Two good characteristics are the result of such a concatenated schema: good error performance because of the use of the SISO principle and good security performance as result of the use of the cryptographic mechanisms. A requirement for Soft Input Decryption is the usage of Soft Input -Soft Output (SISO) convolutional decoding. The output values of the SISO decoder (L-values) are used as information for the decryptor of Soft Input Decryption: a lower |L|-value indicates a higher probability that the decoded bit is wrong (if |L| = 0, the probability is 0.5), while a higher |L|-value indicates a lower probability that the decoded bit is wrong (if |L| = ∞, the bit is correctly decoded). The Soft Input Decryption algorithm (Fig. 4) works as follows [13]: if the verification of a cryptographic check value is negative, the soft output of the SISO decoder is analyzed and the bits with the lowest |L|-values are flipped (XOR 1) [14]; then the decryptor repeats the verification process and proves the result of the verification again. If the verification is again negative, bits with another combination of the lowest |L|-values are changed. This testing process is finished when the verification is successful or the provided resources are consumed e.g. maximal number of tests. A sequence of bits of the output of the SISO channel decoder forms a so called SID block (Soft Input Decryption block). A SID block contains a digital signature (digital signature with appendix or digital signature giving message recovery), a message with its MAC, or a message with its H-MAC. If the first verification of cryptographic check values after starting Soft Input Decryption is not successful, the bit with the lowest |L|-value of the SID block is flipped, assuming that the wrong bits are probably those with the lowest |L|-values (it is also assumed that there are no intentional manipulations). If the verification is again not successful, the bit with the second lowest |L|-value is changed. The next try will flip the bits with the lowest and the second lowest |L|-value, then the bit with the third lowest | L|-value, etc. The process is limited by the number of bits with the lowest |L|-values, which should be tested. The strategy follows a representation of an increasing binary counter, whereby the lowest bit corresponds to the bit with the lowest |L|-values, and the marked bits correspond to the bits which have to be flipped. The results of Soft Input Decryption for 320 bit long SID blocks presented in [13] have shown a remarkable coding gain comparing to the results without using Soft Input Decryption. In [13] the coding gain is computed using SER (signature error rate), as a measure for correction of digital signatures. In this paper the coding gain is calculated using BER, as usual in literature and coding theory. This type of realization of the Soft input Decryption algorithm has been used by the simulations of this paper. Other possible realizations, which could speed up or improve the results of testing the L-values, are not examined in this paper (for example a L-value group strategy or BER based strategy). A corrected SID block can be used for the improved error correction of channel decoding of another SID block using feedback [16]. The source encoder outputs data, which are segmented into blocks. Two data blocks are considered as message ma (of length m 1 ) and message mb (of length m 2 ). Each message is extended by a cryptographic check value na (of length n 1 ) rsp. nb (of length n 2 ) using a cryptographic check function CCF (Fig. 5), forming blocks a and b For simplicity and without limitation of generality, it is further assumed that m 2 ≥ m 1 , n 1 ≥ n 2 , and (m 2 + n 2 ) mod (m 1 + n 1 ) = 0. The interleaved blocks a and b form the joint message u (Fig. 5): The feedback method achieves two steps (Fig. 6): in step 1 the output u' of the channel decoder with BER cd1 (= BER of the SISO channel decoder) is segmented into blocks a' and b', and block a' is tried to be corrected by Soft Input Decryption using the L-values of a'. If Soft Input Decryption is successful, block a' is corrected, the L-values of the bits of a' are set to ± ∞ and the L-values of the bits of block b' are set to 0. These Lvalues are "fed back" to the channel decoder. In case that Soft Input Decryption is not successful, the 2 nd step is skipped and BER remains BER cd1 . BER 1.SID is BER after the 1 st step and it is lower than BER cd1 because of coding gain introduces by successful Soft Input Decryption of the block a'. In the 2 nd step of the feedback method u' is decoded again, but now with the fed back Lvalues. The resulted BER cd2 is lower than BER cd1 : the bits of block a' are correct and the bits of block b' have a lower BER compared to the 1 st round of channel decoding. The fact, that BER cd2 < BER cd1 , can be exploited by extension of the length of block b, i.e.: Simulations are performed by using lengths of block a and b of 320 bit, i.e. m 1 + n 1 = m 2 + n 2 = 320. The individual length of m 1 and n 1, rsp. m 2 and n 2 are not important, because they have no impact on BER (they have to be considered under security aspects). This corresponds to a signature giving message recovery or with appendix using ECC (Elliptic curve cryptography) over GF(p) with ld p = 160, rsp. over GF (2 160 ) (ECNR [17] rsp. ECDSA [4']), or to 256 data bits plus MAC/H-MAC of 64 bit. The transfer is simulated by use of an AWGN channel. The implemented convolutional encoder has a code rate of 1/2 and a constraint length of 2. The decoder uses a MAP [15] algorithm. All simulations are programmed in C/C++ programming language. For each point of the curves 50 000 tests are performed. The results in [13] have shown that the coding gain of Soft Input Decryption using convolutional and turbo codes is similar. Therefore, only convolutional codes are used in this paper. The results of the simulations after the 1 st and the 2 nd step of the feedback algorithm are shown in Fig. 7. For example, for E b /N 0 = 5 dB, BER 1.SID is about 10 -6 , but BER cd2 decreases under 10 -7 with the feedback method. After the 2 nd step of Soft Input Decryption with feedback, a 3 rd step is introduced -SID of block b'. There are two schemes of Iterative Soft Input Decryption: serial and parallel. If step 1 -3 are sequentially performed, the scheme is called serial scheme (Fig. 8). Following simulations of Serial Iterative Soft Input Decryption examine the influence of various lengths of blocks a and b, but with constant length of u, on the coding gain. Coding gains for a length of u of 640 bit are shown in Fig. 10 in comparison to channel decoding (BER cd1 ). The message u is divided into blocks a and b of following various lengths: - The results in Fig. 10 show no significant difference between BER for different lengths of block a and b. The reason is, that the advantage of a shorter block a (better results of Soft Input Decryption) is neutralized by the disadvantage of a longer block b (worse results of Soft Input Decryption) and vice versa. If the same length is chosen for block a and b, then it is more efficient to use parallel instead of sequential joint coding and cryptography. The algorithm of the parallel scheme is as follows: step 1 is performed for block a´ and b´ in parallel (Fig. 11). The parallel performance is shown in Fig. 11 using two branches: a and b. Steps 2 and 3 follow the 1 st step in one of the branches, depending on the branch, in which Soft Input Decryption is successful in step 1. In this way Soft Input Decryption with feedback of block a´ is used for an improved decoding of block b´ or, vice versa, Soft Input Decryption with feedback of block b´ is used for improved decoding of block a´. After the 1 st step is performed in parallel, the 2 nd and 3 rd step follow in the left or right branch of the scheme (depending on the success of Soft Input Decryption in the left or right branch). The advantage of the parallel scheme in comparison to the serial one is: 1. if the 1 st step is successful in both branches, the resulting BER is 0 (i.e. all errors are corrected) and no other steps are performed 2. if the 1 st step is not successful in branch a, it can be successful in branch b and the following steps are performed in branch b. The results in Fig. 13 show a significant difference of BER for various lengths of blocks a and b. The length of u influences the results of Soft Input Decryption [18] and therefore also the results of Parallel Iterative Soft Input Decryption. The results after the 3 rd step (BER 2.SID ) of the serial and the parallel scheme are presented for a length of u of 640 bit in Fig. 14: blocks a and b have the same length of 320 bit. Coding gains are obtained by comparison to BER 1.cd . The results show a big difference between the parallel and serial scheme: the coding gain of a parallel scheme is up to 0.82 dB higher than the coding gain of a serial scheme. For that reason the parallel scheme is recommended to be used. As both SID blocks have the same length, parallel scheme is easier for implementation (easier segmentation). Also, the same lengths of SID blocks imply the same security level and collision probability of SID blocks during verification. Error sensitivity of digital signatures and other cryptographic mechanisms call for correct cryptographic information for which the Soft Input Decryption is a very good approach, especially in environments with a low signal-noise ratio. Soft Input Decryption uses a channel code plus cryptographic check values as redundancy for improved decoding. Methods of Soft Input Decryption and Iterative Soft Input Decryption are described in this paper and results of simulations are presented. The results of the simulations show a significant coding gain of both methods compared to the case when the methods are not used. The coding gain of Iterative Soft Input Decryption of two SID blocks of length of 320 bit reaches 1.2 dB. If the cryptographic check values are used by security needs, the improvement of decryption and channel decoding is free of cost. Under coding aspects the coding gain is paid by a lower code rate. It is not aimed, that the use of cryptographic check values is the best way of improvement of channel coding just under channel coding aspects if the reduced code rate is considered. Iterative Soft Input Decryption can be extended to more than one iteration. In such a case, more than two SID blocks can be iteratively decoded for getting a higher coding (turbo principle). Analysis and simulations of a higher number of iterations are a suggestion for future work. International Journal of Network Security & Its Applications (IJNSA), Vol 1, No 2, July 2009