MXPA97005431A - Establishment of cryptographic keys in radio networks - Google Patents

Abstract

Characteristics of the radio channel are used to establish key sequences for use in encrypting communicated information. These characteristics are the short-term reciprocity and rapid spatial decorrelation of phase of the radio channel. The keys can be established with computations equivalent to a bounded distance decoding procedure, and the decoder used to establish a key may be used for processing the subsequent data transmission. Compared to classical and public-key systems, an alternative mechanism for establishing and sharing key sequences that depends on a physical process is provided in which each party need not generate a pseudorandom quantity because the necessary randomness is provided by the temporal and spatial non-stationarity of the communication channel itself. By using a channel decoder, the probability of two users establishing the same secret key is substantially unity, and the probability of an eavesdropper establishing the same key is substantially zero. Also, the number of possible keys is large enough that finding the correct one by exhaustive search is impractical.

Description

"ESTABLISHMENT OF CRYPTOGRAPHIC KEYS IN RADIO NETWORKS" BACKGROUND Applicants' invention relates to apparatuses and methods for communicating information in a secure manner, that is, with reduced susceptibility to being heard furtively. The broad need to ensure communication in radiocommunication systems is evident. As just two examples, information related to financial transactions is exchanged by radio routinely, and law enforcement officials must frequently communicate the voice and / or data by radio. In both examples, it is critical that communication be carried out with an almost perfect secret, despite potential sneaky listeners who have access to intense information signals. The users of the cellular radiotelephones also want privacy in their communications, which can go on links between mobile phones and base stations, or on direct links between mobile phones. One way to provide security is to encrypt information communicated according to some system that previously agreed to use the users. Several encryption methods have been described in the literature, such as the data encryption standard (DES) and the public data cristography (PKC). As explained in the article by W. Diffie et al., "Privacy and Authentication: An Introduction to Cryptography," Proc. IEEE, volume 67, pages 397 to 427 (March of 1979), a classic cryptographic system is usually a set of instructions, a piece of hardware, or a computer program that can convert a simple text (unencrypted information) in an encrypted text, or vice versa, in a variety of ways, one of which is selected by a specific key that is known to users, but is kept secret from others. DES is a classic cryptographic system. Popular PKC systems use the fact that the discovery of large prime numbers is easy to compute on a computer, but that factoring two large prime numbers is difficult to compute on a computer. PKC systems have an advantage in relation to other cryptographic systems, such as DES since the PCK system uses a key for the description (two large prime numbers) that is different from the key for encryption (the product of two prime numbers and an associated number), Therefore, the encryption key of a user of the PKC system can be published for use by others, and the difficulty of safely distributing the keys is avoided. See, eg, the article by R.I. Rivest et al., "A Method of Obtaining Digital Signatures and Public-Key Cryptosystems", Commun. of the ACM, volume 21, pages 120 to 126 (February 1978); and W. Diffie's article, "The First Ten Years of Public-Key Cryptography", Proc. IEEE, volume 76, pages 560 to 577 (May 1988). For a classic PKC system, the security of a message depends to a considerable extent on the length of the key, as described in the CE article. Shannon, "Communication Theory of Secrecy Systems", Bell Sys. Tech. J. volume 28, pages 656 to 715 (October 1949). Unfortunately, it is often the case that two users (two police officers, for example) do not share a secret a priori key, making secure real-time communication impossible through a classic cryptographic system. Even a PKC system requires a user to generate a pseudo-random quantity. In addition, popular PKC systems are unlikely to be safe and suffer from serious requirements in computer calculation complexity and an amount of information that must be exchanged. As new ways are mounted to attack PKC systems, PKC systems are reduced to longer exchange vectors (in fact, larger prime numbers) and more complicated computer calculations. As a result, the PKC and classic cryptographic systems are less than ideal for many communication situations. Complicating the task of any radio communication system, there is the variability of the radio channel caused by atmospheric disturbances, relative movement of the users of the system, change of reflections of the radio signal of structures and vehicles etc. This channel variability contributes to errors in the information reported, and great effort is made to overcome these errors. For example, some cellular radiotelephone systems convert the analog information to be transmitted into digital information, which is then transformed according to a block error correction code. These cellular radio systems are North America's advanced digital mobile phone service (D-AMPS), some of which are specified by the IS-54B and IS-136 standards published by the Electronic Industries Association and the Association of Electronics Industries. Telecommunications (EIA / TIA), and the European GSM system.

In these Time Division Multiple Access (TDMA) systems, each radio channel or frequency of the radio carrier is divided into a series of time slots, each of which contains a burst of information from a data source. , e.g., a digitally coded portion of a voice conversation. The successive time intervals assigned to the same user, which are usually not consecutive time intervals in the radio carrier, constitute the digital traffic channel of the user which can be considered a logical channel assigned to the user. During each time slot, 324 bits can be tranted, of which the predominant portion, 260 bits is due to the speech performance of an encoder / decoder (codec), including bits due to word performance error correction coding. The remaining bits are used for protection times and higher signals for purposes such as synchronization. Other current cellular mobile phone systems use analog FM to convey a word. The three main standards are AMPS systems in the United States that use broadband FM with a channel spacing of 30 KHz, the TACS system in the United Kingdom that uses 25 KHz channel separations, and the NMT system in Scandinavia, which uses narrow band FM with channel spacings of 12.5 KHz. In an effort to alleviate the capacity constraints of current analog FM systems, the D-AMPS and GSM systems, as well as the systems in Japan, use digital transion as described above. Another approach to increasing the capacity of the system by reducing the bandwidth requirements is a narrow band FM system according to the NAMPS specification, which specifies a channel separation of 10 KHz that is achieved by dividing each 30 KHz channel. AMPS in three parts. Figures IA, IB illustrate an exemplary multiple layer cell system. An umbrella macrocell 10 represented by a hexagonal configuration (see FIG. IA), is part of an overlying cellular structure comprising many macrocells A1-A7, B1-B7 (see Figure IB). Each umbrella cell may contain an underlying microcell structure. The radio coverage of the umbrella cell and an underlying microcell may overlap or may not essentially overlap. The umbrella cell 10 includes microcells 20 represented by the area enclosed within the dotted line and microcells 30 represented by the area enclosed within the dashed line corresponding to the areas along the streets of the city, and picocells 40. , 50 and 60, which cover the individual floors of a building.

By abbreviating, control channels are used to establish calls, informing base stations about the location and parameters associated with mobile stations, and informing mobile stations about the location and parameters associated with base stations. The base stations listen for call access requests via mobile stations and the mobile stations in turn listen to determine the radiolocation messages. Once the call access message has been received, it must be determined which cell should be responsible for the call. In general, this is determined by the signal strength of the mobile station received in the neighboring cells. Then, the assigned cell is ordered, by means of for example the mobile switching center (MSC) that tunes to an available voice channel that is assigned from the set of accessible voice channels to the assigned cell. Figures 2A-2C show exemplary time slot formats in a digital control channel (DCC) according to the IS-136 standard. Two possible formats for information sent from a mobile station to a base station are shown in Figures 2A and 2B, and a format for information sent from a base station to a mobile station is shown in Figure 2C. These formats are essentially the same as the formats used for digital traffic channels (DTCs) under the IS-54B standard, but new functionalities are agreed to the fields at each interval in accordance with US Patent Application Number 08 / 331,703 filed on October 31, 1994, which is expressly incorporated herein by reference. In Figures 2A-2C, the number of bits in each field is indicated above the field. The bits sent in the fields G, R, PREAM, SYNC, SYNC + and AG are used in a conventional manner to help ensure accurate reception of the CSFP and DATA fields, eg, for synchronization, protection times , etc. For example, the SYNC field could be the same as that of a DTC according to the IS-54B standard and carry it a predetermined bit pattern used by the base stations to find the beginning of the interval. Also, the SYNC + field will include a fixed bit pattern to provide additional synchronization information for the base stations, which would graduate their receiver gains during the PRAM field in order to avoid signal distortions. Figure 3 is a functional diagram of an exemplary cellular mobile radiotelephone communication system for use with the cellular structure shown in Figures IA, IB, and time slot formats shown in Figures 2A to 2C. The communication system includes a base station 110 that is associated with a respective cell of macrocell, microcell and picocell; a mobile station 120; and an MSC 140. Each base station has a control and processing unit 130, which communicates with the MSC 140, which in turn connects to the public switched telephone network (not shown). Each base station also includes at least one voice channel transceiver 150 and one control channel transceiver 160, which are controlled by the control and processing unit 130. The mobile station 170 includes a voice channel transceiver 170 and similar control to exchange the information with the transceivers 150, 160 and a similar control and processing unit 180 to control the voice channel and control transceiver 170. The transceiver 170 of the mobile station can also exchange information with the transceiver 170 in another mobile station. Other approaches to communication use systems are called code division multiplexing (CDM) and code division multiple access (CDMA) In a conventional CDMA system, a digital information sequence to be communicated is dispersed or prepared in the form of a map to a longer digital sequence by combining the information sequence with a scatter sequence. As a result, one or more bits of - lu ¬ the sequence of information is represented by a sequence of values of "integrated circuit" N. In one form of this process, called "direct dispersion", each scatter symbol is essentially the product of an information symbol and the dispersion sequence. In a second form of dispersion called "indirect dispersion", the different possible information symbols are replaced by different dispersion sequences, not necessarily related. It will be understood that the information symbols can be produced by previous stages of channel modification and / or dispersion. An advantage of this dispersion is that information from many sources can be transmitted at the same time in the same frequency band, as long as the dispersion sequences used represent information sequences from different sources that do not interfere too much with one another. In fact, the different scattering sequences correspond to different communication "channels". In general, there are 2N possible binary dispersion sequences of lengths of integrated circuits of length N, which result in a very large number of possible CDMA channels. This property of a CDMA system is sometimes called "soft capacity" because the number of channels is not restricted to N, as would be done in a multiple-division-by-frequency (FDMA) multiple access system or division-by-division multiple access. time (TDMA) of the same bandwidth and data rate. Different aspects of conventional CDMA communications are described in the article by K. Gilhousen et al., "On the Capacity of a Cellular CDMA System", IEEE Trans. Veh. Technol. volume 40, pages 303 to 312 (May 1991); and the following North American patent documents which are expressly incorporated herein by reference: U.S. Patent Nos. 5,151,919 issued to Dent; and Number 5,353,352 issued to Dent et al .; and US Patent Application Number 08 / 155,557 filed on November 22, 1993.

COMPENDIUM In accordance with the invention of the applicants, the characteristics of the radio channel are used to establish and intersperse cryptographic keys with almost perfect secrecy. These characteristics are the short-term reciprocity and rapid spatial de-correlation of the radio channel phase. In other words, for a short period of time (within the order of a few milliseconds), the impulse response of a radio channel seen from an antenna placed in a position A with respect to the antenna placed in a position B, is same as the response to the channel impulse and viewed from position B to position A, excluding thermal noise. The keys can be established with calculations equivalent to a limited distance decoding procedure, and the decoder used to establish a key can be used to process the subsequent data transmission. Therefore, in comparison with the classic and cryptographic systems of PKC, the invention of the applicants provides an alternative mechanism for establishing and sharing cryptographic keys that depends on a physical process. With the applicants system, there is no need for each party to generate a pseudo-random amount because the necessary randomness is provided by the temporary and spatial non-stationary relationship of the communication channel itself. Using a channel decoder, the probability of two users to establish the same secret key is close to one, and the probability of a furtive listener to establish in the same key is essentially zero. This is called "probabilistic secret"Also, the number of possible keys is large enough so that it is impractical to discover the correct one by exhaustive search. This is called "computer calculation secret". These probabilistic measures are different from the Shannon measure that is perfect secret. In one aspect, the invention of the applicants provides a method for establishing a key sequence for secure communication between a first radio transceiver and a second radio transceiver comprising the steps of, in the first radio transceiver, transmitting a plurality of sinusoidal signals, each sinusoidal signal has a respective predetermined frequency and a predetermined initial phase; and on the second radio transceiver, detecting the probality of sinusoidal signals transmitted by the first radio transceiver, and transmitting the plurality of sinusoidal signals after a predetermined period of time. This method further includes, in each of the first and second radio transceivers, the steps of determining a phase of each of the plurality of sinusoidal signals received from the other radio transceiver; determine the differences between the phases of pairs of sinusoidal signals received; quantify each difference in a respective value of a plurality of phase decision values; and decoding a plurality of quantized differences in a key sequence according to a predetermined block code.

The method may further include the step of determining a magnitude of each of the plurality of sinusoidal signals, wherein the magnitudes are used in the decoding step as soft information. Also, the method may further include, in at least one of the first and second radio transceivers, the step of encrypting the information to be transmitted according to the key sequence; and in at least the other of the first and second radio transceivers, the step of describing the transmitted information encrypted according to the key sequence. In another aspect, the invention of the applicants provides a method for establishing a key sequence for secure communication between the first radio transceiver and a second radio transceiver comprising the steps of, transmitting a predetermined digital word on the first radio transceiver. including a plurality of bits; and on the second radio transceiver, detecting the predetermined digital word transmitted by the first radio transceiver, and transmitting the predetermined digital word after the predetermined time period. This method further includes, in each of the first and second radio transceivers, the fixed decision decoding of each of the plurality of bits in the predetermined digital word received from the other radio transceiver; and map preparation of the plurality of bits decoded with fixed decision in a sequence of keys according to a predetermined block code. In still another aspect, the invention of the applicants provides a method for establishing a key sequence for secure communication between a first radio transceiver and a second radio transceiver comprising the steps of, on the first radio transceiver, transmitting a word predetermined digital that includes a plurality of bits; and on the second radio transceiver, detecting the predetermined digital word transmitted by the first radio transceiver, and transmitting the predetermined digital word after a predetermined period of time. This method further includes, in each of the first and second radio transceivers, the steps of determining a phase of each of the plurality of bits received from the other radio transceiver; determining a difference between each determined phase and a respective predetermined phase; quantify each difference in a respective value of a plurality of phase decision values; decoding a plurality of quantized differences in a sequence of keys according to a predetermined block code.

In various other aspects, the invention of the applicants provides various apparatus for establishing a sequence of keys for secure communication between a first radio transceiver and a second radio transceiver.

BRIEF DESCRIPTION OF THE DRAWINGS The invention of the applicants will now be described in greater detail with reference to the modalities that are provided by way of example only and which are illustrated in the accompanying drawings, in which: Figures IA, IB illustrate a cellular system of multiple exemplary layers; Figures 2A-2C show exemplary time interval formats; Figure 3 is a functional diagram of an exemplary cellular mobile radiotelephone system; Figure 4 is a functional diagram illustrating a communication system; Figure 5 is a functional diagram illustrating a communication system using a tone comb to establish a sequence of keys; Figure 6 shows regions of phase-space decision; Figure 7 shows probability density functions of the random variable?; Figure 8 is a functional diagram of a communication system using pilot symbols to establish a sequence of keys; and Figure 9 shows the operation of a communication system in accordance with the invention of the applicants.

DETAILED DESCRIPTION Although the following description is in the context of cellular communication systems involving portable or mobile radiotelephones and / or personal communication networks, it will be understood by those skilled in the art, that the invention of the applicants can be applied to other applications of communication.

SUMMARY OF THE SYSTEM Consider the n-dimensional vector space consisting of all vectors that have elements that are contained in the Galois field (GF (M = 2m), for example, all r = (rr r2, ..., rn ) where r-_ e GF (M = 2m). (Then, the quantities of vector or sequences are indicated by type retained and the scalar quantities and functions are indicated by simple type.) For a certain Hamming radius t, the Mn vectors are a t-sphere packed in S-spheres, for example the maximum number of spheres disunited that have radii t is S. The vectors in a sphere are prepared on a map in a representative consisting of the center of that sphere. The set of representative S's is {. ci, C2, ..-, cn.}. Each representative vector c has a length n and can be prepared on a map in the binary vector k having a length of mn. set of corresponding binary vectors is K = { k] _, k2, ..., ks.}. If a transmitter and a receiver can establish with high probability a sequence of common k that is contained in the set K, then the sequence k can be used to disperse a sequence of information communicated from the transmitter to the receiver. Furthermore, if the probability is essentially zero that a furtive listener can determine the common kj_ sequence, then secure communication is also achieved - without incorporating an extra encryption and description algorithm to achieve cryptographic security.

The spheres constructed in accordance with the applicants' invention increase the likelihood that the transmitter and the receiver will establish this common ki sequence in case of noise and other discrepancies in the radio channel and the hardware of the system. In general, the transmitter establishes a sequence r ^ and the receiver establishes a different sequence r ^. If the sequences r-j, r-p are within the same sphere, they will be prepared on a map to the same sequence k in game K. In this way, the invention of the applicants provides methods and apparatus. to establish two sequences, one in a transmitter and another in a receiver, so that with great possibility the two sequences are within the same sphere. In addition, the rare event that two sequences are not in the same sphere is rapidly detectable, allowing the procedure to establish a common sequence that will be repeated. The sphere associated with an arbitrary vector is efficiently determined in real time and with low hardware complexity.

ESTABLISHING THE SEQUENCE A generalized communication link comprises two communication channels: a channel from a transmitter of the first user to a second user receiver and a channel from the transmitter of the second user to the receiver of the first user. The link can be considered as including a third channel for a furtive listener who wants access to the information exchanged by the first and second users. This simple scenario is illustrated in Figure 4 which shows a first user A, a second user B and a furtive listener E. In general, the characteristics of the AB channel, the BA channel and the AE channel all vary with the course of time . The thermal noise in each of the channels is represented by the additive noise terms n (t), i = 1,2,3. Even when they vary with time, the impulse response of channel A-B is the same as the impulse response of channel B-A excluding thermal noise, which is to say that over short time periods, within the order of a few milliseconds, the Link is reciprocal. It will be understood that the link is not reciprocal when thermal noise is included (and other possible non-ideal factors). It is also important to understand that the impulse responses of channel A-B and channel B-A are different from the impulse responses of channel A-E of the furtive listener of the first user and channel B-E of the furtive listener of the second user. These differences arise because the phase of the signal rapidly de-correlates with the change in spatial position. Two methods for establishing a key sequence will be described below.

TONE COMB The description immediately follows involves the transmission of two tones at a time, but it will be appreciated that more than two tones can be transmitted at a time as will be described later. Referring to Figure 5, suppose that a first transceiver such as the first user A transmits a signal s (t) comprising two sinusoidal signals having frequencies \ and 22 and having equal initial phase offsets f and energies E during a signal interval k-th [kT, (k + l) T]. The transmitted signal s (t) can be generated and any of a number of ways, eg, by amplifying and summing the output signals of two appropriate oscillators 501, 503 or a frequency synthesizer, and ascending the result to a appropriate transmission frequency by modulating a carrier signal. Ignoring the modulation, the transmitted signal s (t) is provided by the following expression: - s (t) - v, 2 £ / Tcos (2t / lr *) * J2E / T8s (2tf¿ *) Ec. 1 In general, the transmitted signal s (t) is irradiated by an antenna and passes through a channel such as air, which modifies the transmitted signal by introducing fading which varies in time due to the propagation of multiple paths and adding Gaussian noise. white n (t) having double-sided power spectral density N? / 2. The receiver down-converts and amplifies the signal it gets from the channel (the down-converter and the amplifier are not shown in Figure 5), and correlates the resulting r (t) signal with its own locally generated versions of cos (2pf? T) and cos (2pf2t). As shown in Figure 5, each correlation can be carried out by an appropriate mixer 505, 507 and a resettable integrator 509, 511 that integrates the output signal of the mixer during successive time intervals T = 1 / 2pfi, even though many other devices that are known to those skilled in the art can also be used. The output signals generated by the correlators are conventionally filtered by low-pass filters 513, 515 suppressing sum (up-converted) signals as well as components that may be due to nearby radio signals.

Assuming that the cos (2pf? T) and eos (pÍ2t) sinusoids are orthogonal and are separated by at least one coherence bandwidth of the channel, the signal r (t) received by a second transceiver such as the second user B during the interval of k-th signals, they are provided by the following expression: r < t) -ßmk¡St8s (2-tflt +?, (*)) - 2? J2 cos (2t *?, (*)) * n (t) where the coefficients of amplitude? (k), i = 1,2, are independent random variables, identically distributed. For a channel that suffers from Rayleigh's distributed fading, the variables? (K) that. have Rayleigh probability densities provided by the following expression: , ?? for = 0 P 0, for? < 0 Ec. 2 where s2 = E { ? 2 (k)} is a characteristic of the channel and E { ..}. represents the expectation with respect to p. The phase terms 0 ^ (k) and © 2 (k) are mutually independent random variables and each has a probability density that is uniform across the interval C-p, p]. Various expressions may be developed for the received signal r (t) for communication channels having other characteristics, such as Rician distributed fading. For example, the probability densities for a distributed Rician channel are provided by the following expression: for?, = 0 for?, < 0 Ec. 3 where Io (-) is the modified Bessel function of the order of zero and s2 is the power of a direct line of sight component. In the transceiver of the second user B, the output signals of the filtered correlator are provided to a differential phase detector 517 which generates, for each time interval T, a calculation of the difference between the phase terms T] _ (k) and © 2 (). Successive phase difference calculations are provided to a 519 quantizer, which assigns a respective value of a number of predetermined phase values to each phase difference calculation. In accordance with the applicants' invention, it is only necessary that the calculations of the phase difference for different time intervals do not correlate with one another. (Next, the time index k will be dropped when the non-ambiguity results). The baseband differential signal generated by the differential phase detector 517 in receiver B is provided by the following expression: Ut = 2? £ expt / í ?, - ü.)] *? .N, + Arf = A GB Ec ' where N ^ and 2 are Gaussian random variables of complex value that have a mean of zero and variations s2 = 2ENQ, and "*" represents conjugation. The calculation of phase difference is provided by FB = tan ~ l Yß / Xß. As mentioned above, the second user B quantizes the phase difference calculation at an M value of the predetermined phase values by generating an output signal from the quantizer Q (FB). Figure 6 illustrates phase-space decision regions for M = 4. The differential phase detector or phase meter device 517 can produce either an analog or a digital measurement of the instantaneous phase of the baseband signal. A suitable differential detector is a combination of two of the phase reflectors described in U.S. Patent No. 5,084,669 issued to Dent and U.S. Patent Number 5,220,275 issued to Holmqvist, both of which are expressly incorporated herein by reference. By repeating the aforementioned calculation-quantification process during each of the times k = 1, 2, ..., n, the second user B establishes a sequence of quantized phase-difference calculations that are provided by the following expression: r * - r CFf), ß (j), .... ß (Fß ")], Ec. 5 This sequence rg of the phase values generated by the quantizer 519 is stored in a buffer 521, each as a random access memory, a shift register or an equivalent device, having a length that is determined by the parameters of a minimum distance, the error connection decoder 523. The error correction decoder 523 in the receiver B transforms the sequence of the quantized phase difference calculations and generates an output signal corresponding to the sequence kg of the receiver key.

In fact, the size of buffer 521 is determined by the length of the key sequence is desired. If the decoder 523 has a length N of block and a dimensionality k, then the delay of the buffer is N for this example, wherein the comb consists of only two tones transmitted simultaneously during each of the times N. As will be described then, more than two tones can be transmitted simultaneously which correspondingly reduces the buffer delay. For example, if the T-tones are transmitted simultaneously, T-1, the phase differences can be quantized at the same time, and the buffer delay is N / (T-1). The rg vector generated by the buffer 521 has N elements, each of which is M-ary, and this vector of element N is the input to any of a wide variety of decoders 523 of minimum distance. A useful decoder is the limited distance decoder, which is a low complexity decoder described in R. Blahut's article, Theory and Practice of Error Control Codes, chapter 7, Addison-esley, Reading, MA (1983). The decoder 523 prepares a map of the symbols N generated by the buffer to other symbols N, which is the sequence kg of cryptographic key of interest, as described in greater detail below. It will be appreciated that the signal processing operations carried out in the receiver can be carried out in the digital domain by an appropriate digital signal processing (DSP) device. With this configuration, almost any type of modulation can be detected by programming the DSP device to be properly manipulating the digital samples of the received signal, as described, for example, in U.S. Patent Application Number 07 / 967,027 issued to Dent et al. for "Multi-Mode Signal Processing", which is expressly incorporated herein by reference. It will be appreciated that the DSP device can be implemented as a wired logic circuit, or, preferably, as an integrated digital signal processor, such as an application-specific integrated circuit (ASIC). Of course, it will be understood that an ASIC may include a wired logic circuit that is optimal for carrying out a required function, which is an arrangement that is commonly selected when the speed or other operating parameter is more important than the versatility of a processor. programmable digital signals. In a certain way and with hardware similar to that described above, the first user A establishes its own sequence of quantized phase difference calculations of a signal transmitted by the second user B. With a delay after the transmission by the first user that is insignificant, that is, a delay that is small in comparison to the coherence bandwidth of the channel, the second user B transmits a signal comprising two sinusoids having the same fl and i2 and phase off-center frequencies equal and energies In other words, the first user A transmits, then the second user B and then the first user A, and so on in an interleaved manner in order to maintain the assumption of reciprocity. Suppose that the first user A is a radiotelephone that moves at a speed of 100 kilometers per hour with respect to the base station or another transceiver (the second user B) and using a radiofrequency carrier within the 900 MHz region. If the delay between the transmissions by the first user and the transmissions by the second user is 10 microseconds, the radiotelephone would move only 0.28 millimeter during each delay, a distance that is negligible compared to the wavelength of 0.3 m. In this way, the dispersions of the signal from the different reflectors would correlate intensely.

- - Also, a delay of 10 microseconds is longer than the time usually required to allow all the rays of the signal due to the propagation of multiple trajectories to reach the second user and shorter than the few milliseconds necessary to ensure the reciprocity of the channel. If the movement is slower or the delay is shorter, the reciprocity of the channel is even more precise. Therefore, the first user A forms a baseband differential signal (the output of its own differential phase detector) which is provided by the following expression: UA «2A ^ E exp [/ (? -? J)] *?, V, *? V * * XA + JYA Ec. 6 where V ^ and V2 are independent of N] _ and N2. The calculated phase difference generated by the first user A is 0A = tan-1 YA / XA- It will be noted that, due to the reciprocity of the channel, the only difference between U ^ and Ug is the additive Gaussian noises. By successively repeating the calculation-quantization process, the first user A establishes a sequence of phase difference calculations that is provided by the following expression: - A- [ß (Ff), CíFj), .... ß (F *)]. Ec. 7 which is a sequence stored in a buffer in the transceiver of the first user and which is provided to a corresponding error correction decoder in that first transceiver. From these points? transmitted, the furtive listener E can obtain a baseband differential signal that is provided by the following expression: Í / E = 2?,? 4E exp [/ (? - TJ] *? .V, *?, V / where? i, i = 1, 2, 3, 4, are mutually independent. The phase difference calculated by the furtive listener is Fg = tan- * YE / XE- Also, = 1, 2, 3, 4, are mutually independent random variables. The furtive listener E can establish a sequence of phase difference calculations that is provided by the following expression: rE- [ß (F?). < X * l, C (FS)] Ec. 9 As mentioned above, each of these three sequences or vectors r ^, rg and rE that are established, is provided as an input signal to a - - respective error correction decoder. The output signals generated by the decoders correspond to the key sequences kj ^, kg, g. It will be noted that encryption does not need to be performed on transmitters A, B. The decoders limit the number of possible keys to increase the probability that the first user and the second user establish the same key as described in more detail below . To explain the reason why the tones f r f-2 must have frequencies that are sufficiently separated so that their phases are independent, let's leave * (© i "? J) - (? 3 - TJ. Eq. 10 and define (X) * l - Wl -orWx * acose cos - '(- acosx) 4T2 (l-a2coslr) w ~ * Ec- U where; JQ is a function of Bessel of order 0; cop is the Doppler frequency shift due to the relative movement between the transmitter and the receiver; t is the transmission time delay; and s is the time delay scattered between the rays of the multipath signal. Then, as explained in W.C. Jakes, Jr., editor, Microwave Mobile Communications, chapter 1, John Wiley and Sons (1974),? is a random variable that has a probability identity function that is provided by the following expression: p * W) ^ \ l g < * m + F) + g (?. ^? Ec. 12 Figure 7 shows the probability identity function p? as a function of? / p for five different values of parameter a2. For a frequency separation (? J_ - c »2) of 40 KHz and a time delay spread s of 5 microseconds (ie, a2 <0.4, even for the worst case where (á ^ z = 0), the random variable? is almost evenly distributed.In this case, the quantifiers quantify the phase difference calculations in each of the M phase values with equal probability 1 / M. The system's security depends on the degree to which the phases of the tones are de-correlated by passing through the communication channel, if the de-correlation is essentially completed, then the amount of work that a furtive listener must do to break the system is close to that of an exhaustive search for the key sequences k ^, kg. It will be appreciated that the above analysis was simplified by letting two tones have equal initial and off-center energies of the same phase, which are easy to obtain with a phase-synchronization circuit, for example. In general, it is only necessary that these parameters are predetermined, for example, that they know a priori for both transceivers, but this system is more complicated than the one previously described. Also, the previous analysis took into account only two tones transmitted at any time, but usually the comb could consist of more than two tones transmitted simultaneously, and the previous analysis would apply to successive pairs of this tone comb. In fact, the sequences r ^, rg would all be generated simultaneously by simultaneously transmitting a comb of an appropriate number of tones, and calculating and quantifying the phase difference of each successive pair of tones. The simultaneous transmission of two or more tones is desirable because it is then easy to control the initial phases of the tones, leading to a less complicated system. Furthermore, it is not necessary for the frequency separation between the tones in a pair of tones to be the same as the frequency separation between another pair.; In other words, the "comb" can have "teeth" separated unevenly. Also, it is not necessary to take into account only the pairs of successive tones; and in other words, the "teeth" in a pair can be separated by other "teeth". For example, if the comb includes ten fi, fi2, ..., fie tones placed in order of increased frequency, the necessary uniform distribution of the variable? Randomness (see Equation 12) could be obtained by placing in pairs say the tones f ^ and f ¡Í2 and fs; Í3 and f ?, etc. It is only necessary that the tones in each pair be orthogonally separated, that is, the frequency separations should be sufficient as described above.

PILOT SYMBOLS Instead of transmitting a comb of sinusoidal signals as described above, the key sequences kj ^, kg can be established based on only a plurality of pilot symbols, such as the bits that can be transmitted to synchronize the operation of the first transceiver and the second transceiver. These synchronization bits are typically included in conventional cellular radiotelephone systems as described above in relation to Figures 2A-2C. Two ways to establish the keys based on the pilot symbols will be described below. A sequence k can be established more or less by fixed decision decoding of the pilot symbols and by preparing a map of the resulting sequence of the decoded pilot symbols towards the center of a sphere. It is believed that any of the errors in the sequence decoded by the first user will be the same as the errors in the sequences decoded by the second user. Therefore, the two sequences of pilot symbols will be prepared on a map to the same sphere and will yield the same key. Even though the errors in the sequences decoded by the first and second users are slightly different, the two sequences will still be prepared on a map to the same sphere with high probability yielding the key. One possible inconvenience of this method is that many pilot symbols are needed to make it difficult to compute by computer that a furtive listener exhaust all possibilities. If the pilot symbols are the synchronization bits in a cellular radiotelephone system, it is now believed that at least 60 bits are needed. It will be appreciated that the necessary pilot symbols do not need to be transmitted together, for example, it is not necessary to use all the synchronous bits in a time slot of a TDMA channel. For example, one or more of the synchronization bits in a time slot may be used with only one or more of the synchronization bits in other time slots. It is only necessary that the time intervals be separated by a time interval which is longer than the coherence time and the channel as described above. A more refined method for establishing a key sequence is based on the pilot symbols using channel state information instead of fixed decision decoding. In this method the first and second users interpolate the known pilot symbols and quantify the outputs of the interpolators in a manner similar to that described above with respect to the method for establishing the key based on a tone comb. For example, after downwardly converting, amplifying and filtering the received signal as necessary, the second user determines a phase calculation for each of the bits in the synchronization portion of a time slot. Of course, the first and second users could agree to use another set of known bits. The second user determines the differences between each of the phase calculations and the respective predetermined phases for the known bits. These phase difference calculations. they are then quantized and provided to a minimum distance decoder, as described above in relation to the establishment of keys by transmitting a tone comb. Figure 8 is a functional diagram of a system for carrying out this "refined method" of using pilot symbols, in a first transceiver, the data to be transmitted is encrypted according to a data sequence by a 801 encryptor. then, before the key sequence has been established, the encryptor would simply pass the data to be transmitted without any alteration. An multiplexer 803 combines the encrypted data to be transmitted with the known pilot symbols, which may be the bits used for synchronization and the higher signals in conventional radiotelephony. It is only necessary that the pilot symbols are transmitted with known phases. The sequence of interleaved data and pilot symbols formed by the multiplexer 803 is provided to a pulse configurator and to the upstream converter 805 to transmit the information through the communication channel, which is usually characterized by the white Gaussian noise of fading and additive.

In the second receiver transceiver, the received signal of the channel is converted downwardly as required and passed through the matched filter 807. The signal generated by the matched filter 807 is divided between an appropriately controlled switch 809 or designator in a signal comprising the received data that was transmitted and a signal comprising the received pilot symbols. An interpolator 811 measures the phases of the received pilot symbols and forms the difference between each measured phase, which will generally have been rotated by channel fading, and the known transmitted phase of the respective pilot symbol. The interpolator 811 preferably filters these phase difference calculations with a low pass filter. The phase difference values generated by the interpolator 811 are quantized by a quantizer 813 stored in an intermediate memory 815 if necessary to accumulate sufficient values of phase difference and then decoded by a decoder 817 to generate a sequence of keys as described above with respect to Figure 5. The phase difference values generated by the interpolator 811 are also provided to a demodulator 819 such as an error correction decoder to recover the data that was transmitted. The demodulator 819 also receives that it was transmitted, which may have been passed through an appropriate delay device 821 to synchronize the phase difference values and the data that was transmitted. Assuming that the received data was encrypted according to the key sequences before transmission, the transmitted encrypted data produced by the demodulator 819 and the key sequence produced by the decoder 817 are provided to a descriptor 823 to retrieve the transmitted data. In a certain way and with a hardware similar to that previously described, the transmitter establishes its own sequence of keys based on the transmissions from the receiver and that sequence of keys can be used to describe the transmissions encrypted from the receiver.

WAITING PACKING AND ASSOCIATION Assuming that K is provided and the spheres are predetermined, the problem in general of forming an arbitrary sequence map to a sphere is NP-fixed, for example, the computation complexity of the problem is proportional to the number of spheres possible. For this application of safe transmission and safe dispersion, the number of spheres is prohibitively large. However, imposing a simplification structure on the candidate k sequences (corresponding to the representative c of the spheres) serves to reduce the complexity of computing to an acceptable level. In accordance with the applicants' invention, the set of candidate sequences is limited to the sequence set of the linear block error correction code. The radii of the spheres are then determined by this code error correction capability, i.e. the number of errors that the code can correct and the received r sequences can be prepared on a map for the candidate k sequences by a decoding procedure. known appropriate. As a specific example, the linear codes Bose-Chaudhuri-Hocquenghem (BCH) can be used as the game sequences of candidate k; these codes can be decoded with little complexity using either the Peterson-Gorenstein-Zierler procedure or the Berlekamp-Massey procedure, or any procedure to decode the cyclic codes, as described in the aforementioned book by R. Blahut. If the code parameters are (n, k) with a minimum Hamming distance d and a code symbol alphabet GF (2), the candidate sequences of the length mn can be set from a set size of 2mn. The Hamming radius t of the sphere, or equivalently the error correction capability of the code is provided by t <; [(d - l) / 2]. (The spheres do not need to pack tightly). The received sequences r ^, rg and GE are the inputs to the error correction decoders that implement the Berlekamp-Massey procedure. The outputs of the decoders are the sequences k ^, kg and k. Again it will be noted that no encryption can be carried out by the transmitters. The decoders significantly limit the number of possible sequences, thus increasing the possibility of a sequence agreement between the first and second users. It can be seen that decoders might not be necessary at very high signal-to-noise ratios (SNRs), even though very high SNRs would be difficult to obtain in a practical communication system. In many communication systems, a sequence of information to be communicated is coded per block to correct errors. In orthogonal block coding, an information bit number N is converted into a 2N orthogonal codeword of N bit. Decoding such as an orthogonal codeword involves correlating it with all members of the set of 2 ^ code words. The binary index of the code word that provides the highest correlation yields the desired information. For example, if the correlations of a 16-bit codeword received in each set of 16 orthogonal codewords of 16 bits having indexes 0-15 produce a higher correlation in the tenth code word, the underlying information signal is the binary code word 1010 of four bits (which is the integer 10 in the decimal notation). This code is called or an orthogonal block code [16,4]. By inverting all the bits of the code words, one bit of actional information can be transferred per code word. This type of coding is shown as bi-orthogonal block coding. A significant feature of this coding is that the simultaneous correlation with all the orthogonal block code words in a game can be carried out efficiently by means of a Fast Walsh Transformation (FWT) device. In the case of a block code [128,7], for example, 128 samples of the input signal are transformed into the Walsh spectrum of 128 points, where each point in the spectrum represents the value of the correlation of the Input signal samples with one of the code words in the game. An appropriate FWT processor is described in U.S. Patent No. 5,357,454, issued to Dent, which is incorporated herein by reference.

OPERATIONAL ANALYSIS To evaluate the operation of the agreement system of the sequence of the applicants, it is useful to ensure the following events: Ct -. { TA «Rp TB e i?,} , Bt *. { TA «*" TE e R,).

The probability of a symbol equalization between the first and second users is provided by the following expression: The probability of a symbol match between the first user and a furtive listener is provided by the following expression: The probability density function of a phase 0 calculated in a decision region can be derived in the following manner. Initially suppose that? * = T] _ - © 2 that is provided and that is equal to zero.

Consider the following: where conditioned in? ^ And? 2, E { X.}. = 2?] _? 2 £? μ; E (Y) = 0; and variance (X) = variance (Y) = 2ENQ (? 2? +? 22>? s2o- The probability density function of conditional joint ü - 2- ^ E *?,, *? m X + jY X - 2?.?, E * Rei? .N, * A ^,) of X and Y is provided by the following expression: c l ?. ) = -4 «p. { - [(x - μ) 2 - y2} I2s ^ 2ts0 and with the change of variable: The density function of the conditional joint of 0 and R is given by the following expression: p (r,? \ A ^ AJ - JJ exp { - (r1 * μ1 - 2μr eos *) / 2s *.}. '2ts0 Integrating through the interval re [0,8], it is shown that the probability density function of? Is provided by p, (ß \ T) «_L exp (-D ~ l jt8s?) exp. { -rsin3 ?. { l - Q (fiFcos? j v2t where: It can be shown that? 'is evenly distributed across the interval [-p, p]. With regions provided by R¿ = [-pi / M, pi / M], for i = 1, ..., M, the desired probability of a phase 0 calculated in a decision region is provided by: We now consider the use of a linear block code that has the minimum Hamming distance d, the dimension k, and a length of block n. Let t = [(d - l) / 2] be the number of errors that can be corrected by the decoder. The probability that the sequences established by the first and second users agree is the probability of the two received vectors that are in the same decoding region of a code word.

- Let c be a codeword with the weight of Hamming 1. The three vectors c, r ^ and r are available. The rearrangement of the coordinates of these vectors does not change the analysis of operation. One of these permutations is the following: • - 1111111 _ tim tt »« i ace utes m _ «ßcß _ ao e ^. J? E_S? ? SJPEII_IA OO? JV! L2-Íl_aJJ_11. aai_-a * The probability that the sequences agree and that the sequence is c, can be demonstrated by where ß -, * m .. + 771- m. 0 = j * k = 1 0 = ml + j -m3 + lc ~ m > * m * = t Therefore, the probability of mutual agreement is provided by: ri - * B) -? , where A ^ is the function of the code weight enumerator. The probability Pg that the sequence established by the furtive listener is provided by a similar equation that substitutes PD for Pg. Without the use of a decoder Pr (kA = kg) = Pr (rA = rg) = png, and Pr (kA = kE) = Pr (rA = rE) = l / M. It is interesting to discuss the changes involved in this sequence agreement system. A small value for dimension k yields a code with good error correction capability but as k decreases the speed with which an exhaustive search can be carried out it increases exponentially. The selection of the parameters of the code is crucial, since the code restricts the size of the space of the candidate sequence, the reduction must not render an unsafe system. For a large number M of decision regions, a larger code can be used, thus increasing the secrecy of computer calculation of the system; likewise, P ^ decreases, which results in a good probabilistic secret. This is not enough, however, to obtain a good cryptographic system. With M increased, the effects of thermal noise become dominant and an increase in ED / Nn (ratio of bit energy to noise energy) is required to achieve a sequence agreement with certain probabilistic secrecy. Therefore, there is a change between the secret of computer calculation, probabilistic secrecy and transmistid energy. As another example, the use of a code (31,13) Reed-Solomon relationship with GF (32) is considered. The code size (the possible code word number or bit sequence) is 32l3 = 2 ^^, and the computer calculation secret is considerably better than DES 2 ^ 6, which is a sequence of a system using the digital encryption standard consisting of fifty-six secret bits in eight parity bits. The minimum Hamming distance of this Reed-Solomon code is eighteen. Figure 9 shows the operation of a secure communication system using this Reed-Solomon code. The operation of a Reed-Solomon code (61,11) and the operations of two non-encoded systems are also shown. From Figure 9 it can be seen that, with the use of a channel decoder, the probability that the keys established by the first and second users do not agree is 10 ~ 8 at signal-to-noise ratios of E ^ / NQ of 11 dB and 13 dB for M = 64 and M = 32, respectively. This is a gain of approximately 9 dB and 4 dB, respectively compared to a communication system without a decoder.

In addition, Pr (kA = kE) * 0 and Pr (rA = rE) »0 (both are approximately 10-41). In this system the use of a decoder is desirable for the first and second users, even when not strictly required as described above, but the use of a decoder does not help the furtive listener. Dispersing the transmitted information or not scattering the received information, the sequence produced by the decoders can be used as it is or a binary representation of all or part of the sequence can be used. It will be understood that this "dispersion" does not refer to the dispersion carried out in a CDMA communication system. The key sequences established in accordance with the applicants' invention are generally unsuitable for use as a CDMA spreading sequence due to their uncontrolled cross-correlation properties, even though the applicant's key sequences can be used to encrypt and describing the information communicated in a CDMA system: Applicant sequence agreement methods and apparatus based on the reversibility of a radio channel provide superior secrecy of computer calculation as well as probabilistic secrecy. Using the invention of the applicants, the arbitrary long key sequences can be shared and a key sequence can be changed even during a communication "session", in a cellular radiotelephone system, it would be desirable to establish a new key sequence at least every once a mobile station will register with the communication system and possibly possibly more frequently, such as for call or time a predetermined time interval elapses. Instead of using a linear block code, a secure communication system could employ 2M orthogonal tone combs transmitted by user. This comb system has the same operation as a block code system, but the comb system requires a much larger bandwidth as required by orthogonal signals, and a more complex frequency synthesizer to generate the tones. In any system, the performance measurement for safety is taken as being probabilistic and different from Shannon's measure of perfect secrecy. In particular, in the block code system, the probability that two users establish the same secret key sequence is close to one and the probability that a furtive listener establishes the same sequence is essentially zero. This is the probabilistic secret. Also, the number of possible key sequences is large enough that it is impractical to discover the correct sequence by exhaustive search. This is the secret of computer calculation. Even though specific embodiments of the applicant's invention have been described and illustrated, it should be understood that the invention is not limited thereto. This application proposes any and all modifications that fall within the spirit and scope of the invention of the applicants as defined by the following claims.

Claims (30)

R E I V I N D I C A C I O N S

1. A method for establishing a key sequence for secure communication between a first transceiver and a second transceiver comprising the steps of: in the first radio transceiver, transmitting a plurality of sinusoidal signals, each sinusoidal signal has a respective predetermined frequency and a phase initial default; in the second radio transceiver, detecting the plurality of sinusoidal signals transmitted by the first radio transceiver and transmitting the plurality of sinusoidal signals after a predetermined period of time; in each of the first and second radio transceivers, determining a phase of each of the plurality of sinusoidal signals received from another radio transceiver; in each of the first and second radio transceivers, determining the differences between the pairs phases of the received sinusoidal signals; in each of the first and second radio transceivers, quantify each difference in a respective value of a plurality of phase decision values; and in each of the first and second radio transceivers, decoding a plurality of quantized differences in a key sequence according to a predetermined block code.

The method according to claim 1, further comprising in each of the first and second radio transceivers the step of determining a magnitude of each of the plurality of sinusoidal signals, wherein the magnitudes are used in the step of decoding as soft information.

The method according to claim 1, further comprising, at least one of the first and second radio transceivers, the step of encrypting the information to be transmitted according to the key sequence; and in at least one of the first and second radio transceivers, the step of describing the transmitted information encrypted according to the key sequence.

The method according to claim 3, wherein the step of encrypting comprises the step of combining the key sequence and the information to be transmitted in a current encryption system.

The method according to claim 3, wherein the step of encrypting comprises the step of combining the key sequence and the information to be transmitted in a block-oriented encryption system.

6. A method for establishing a key sequence for securing communication between a first radio transceiver and a second radio transceiver comprising the steps of: in the first radio transceiver, transmitting a predetermined digital word including a plurality of bits; in the second radio transceiver, detecting the predetermined digital word transmitted by the first radio transceiver and transmitting the predetermined digital word after a predetermined period of time; in each of the first and second radio transceivers, decoding by fixed decision each of the plurality of bits in the predetermined digital word received from the other radio transceiver; and in each of the first and second transceivers, forming a map of the plurality of bits decoded by fixed decision in a key sequence according to a predetermined block code.

The method according to claim 6, comprising in each of the first and second radio transceivers, the step of determining a magnitude of each of the plurality of bits, wherein the magnitudes are used in the step to prepare maps as soft information.

The method according to claim 6, further comprising in at least one of the first and second radio transceivers, the step of encrypting the information to be transmitted according to the key sequence; and in at least the other of the first and second transceivers, the step of describing the transmitted information encrypted according to the key sequence.

9. The method according to claim 8, wherein the step of encrypting comprises the step of combining the cable sequence and the information to be transmitted in a current encryption system.

The method according to claim 8, wherein the step of encrypting comprises the step of combining the key sequence into information to be transmitted in a block-oriented encryption system.

A method for establishing a key sequence for secure communication between a first radio transceiver and a second radio transceiver comprising the steps of: in the first radio transceiver, transmitting a predetermined digital word including a plurality of bits; in the second radio transceiver, detecting the predetermined digital word transmitted by the first radio transceiver, and transmitting the predetermined digital word after a predetermined period of time; in each of the first and second radio transceivers, determining a phase of each of the plurality of bits received from the other radio transceiver; in each of the first and second radio transceivers, determining a difference between each determined phase and a respective predetermined phase; in each of the first and second radio transceivers, quantify each difference in a respective value of a plurality of phase decision values; and in each of the first and second radio transceivers, decoding a plurality of quantized differences in a key sequence according to a predetermined block code.

12. The method according to claim 11, further comprising, in each of the first and second radio transceivers, the step of determining a magnitude of each of the plurality of bits, wherein the magnitudes are used in the decoding step as soft information.

The method according to claim 11, further comprising, in each of the first and second radio transceivers, the step of encrypting the information to be transmitted in accordance with the key sequence; and in at least one of the first and second radio transceivers, the step of describing the transmitted information encrypted according to the key sequence.

The method according to claim 13, wherein the step of encrypting comprises the step of combining the key sequence and the information to be transmitted in a current encryption system.

The method according to claim 13, wherein the step of encrypting comprises the step of combining the key sequence in the information to be transmitted in a block-oriented encryption system.

16. An apparatus for establishing a key sequence for secure communication between a first radio transceiver and a second radio transceiver comprising: in the first radio transceiver, a means for transmitting a plurality of sinusoidal signals, each sinusoidal signal has a predetermined frequency respective and a predetermined initial phase; in the second radio transceiver, a means for detecting the plurality of sinusoidal signals transmitted by the first radio transceiver, and for transmitting the plurality of sinusoidal signals for a predetermined period of time after the start is detected; in each of the first and second radio transceivers as a means for determining a phase each of the plurality of sinusoidal signals received from the other radio transceiver; in each of the first and second radio transceivers, a means for determining the differences between the phases of the pairs of the received sinusoidal signals; in each of the first and second radio transceivers, a means for quantifying each difference in a respective value of a plurality of phase decision values; and in each of the first and second transceivers, a means for decoding a plurality of quantized differences in a key sequence, in accordance with a predetermined block code.

The apparatus according to claim 16, further comprising in each of the first and second radio transceivers, a means for determining a magnitude of each of the plurality of sinusoidal signals, wherein the magnitudes are used by means of the of decoding as soft information.

The apparatus according to claim 16, further comprising, in at least one of the first and second radio transceivers, a means for encrypting the information to be transmitted in accordance with the key sequence; in at least the other of the first and second radio transceivers, a means for describing the transmitted information encrypted according to the key sequence.

19. The apparatus according to claim 18, wherein the means for encrypting combines the key sequence and information to be transmitted in a current encryption system.

The apparatus according to claim 18, wherein the encryption means combines the key sequence and the information to be transmitted in a block-oriented encryption system.

21. An apparatus for establishing a key sequence for secure communication between a first radio transceiver and a second radio transceiver comprising: in the first radio transceiver, a means for transmitting a predetermined digital word including a plurality of bits; in the second radio transceiver, a means for detecting the predetermined digital word transmitted by the first radio transceiver and for transmitting the predetermined digital word after a predetermined period of time; in each of the first and second transceivers, a means for decoding by fixed decision, each of the plurality of bits in the predetermined digital word received from the other radio transceiver; and in each of the first and second radio transceivers, a means for preparing a map of the plurality of bits decoded by fixed decision towards a key sequence in accordance with a predetermined block code.

22. The apparatus according to claim 21, further comprising each of the first and second radio transceivers, a means for determining a magnitude of each of the plurality of bits, wherein the magnitudes are used by the preparation means. of map as soft information.

23. The apparatus according to claim 21, further comprising at least one of the first and second transceivers, and means for encrypting the information to be transmitted in accordance with the key sequence; and in at least the other first and second transceivers, a means for describing the transmitted information encrypted in accordance with the key sequence.

24. The apparatus according to claim 23, wherein the encrypting means combines the cable sequence and the information to be transmitted in a current encryption system.

25. The apparatus according to claim 23, wherein the encryption means combines the key sequence into information to be transmitted in a block-oriented encryption system.

26. An apparatus for establishing a key sequence for secure communication between the first radio transceiver and the second radio transceiver comprising: in the first radio transceiver, a means for transmitting a predetermined digital word including a plurality of bits; in the second radio transceiver, a means for detecting the predetermined digital word transmitted by the first radio transceiver, and for transmitting the predetermined digital word after a predetermined period of time; in each of the first and second radio transceivers, a means for determining a phase of each of the plurality of bits received from the other radio transceiver; in each of the first and second radio transceivers, a means for determining a difference between each determined phase and a respective predetermined phase; in each of the first and second radio transceivers, a means for quantifying each difference towards a respective value of a plurality of phase decision values; and in each of the first and second radio transceivers, a means for decoding a plurality of quantized differences toward a key sequence in accordance with a predetermined block code.

27. The apparatus according to claim 26, further comprising, in each of the first and second radio transceivers, a means for determining a magnitude of each of the plurality of bits, wherein the magnitudes are used by the means of decoding as soft information.

28. The apparatus according to claim 26, further comprising, in at least one of the first and second transceivers, a means for encrypting the information to be transmitted in accordance with the key sequence; and in at least the other of the first and second transceivers, a means for describing the transmitted information encrypted in accordance with the key sequence.

29. The apparatus according to claim 28, wherein the encrypting means combines the key sequence and the information to be transmitted in a current encryption system.

30. The apparatus according to claim 28, wherein the encrypting means combines the key sequences in the information to be transmitted in a block-oriented encryption system.