Physical-Layer Security in the Finite Blocklength Regime over Fading Channels

Tong-Xing Zheng, Hui-Ming Wang,
Derrick Wing Kwan Ng, and Jinhong Yuan T.-X. Zheng is with the School of Information and Communications Engineering, Xi’an Jiaotong University, Xi’an 710049, China, also with the State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710071, China, and also with the Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an 710049, China (e-mail: [email protected]).H.-M. Wang is with the School of Information and Communications Engineering, Xi’an Jiaotong University, Xi’an 710049, China, and also with the Ministry of Education Key Laboratory for Intelligent Networks and Network Security, Xi’an Jiaotong University, Xi’an 710049, China (e-mail: [email protected]).D. W. K. Ng and J. Yuan are with the School of Electrical Engineering and Telecommunications, University of New South Wales, Sydney, NSW 2052, Australia (e-mail: [email protected]; [email protected]).

Abstract

This paper studies physical-layer secure transmissions from a transmitter to a legitimate receiver against an eavesdropper over slow fading channels, taking into account the impact of finite blocklength secrecy coding. A comprehensive analysis and optimization framework is established to investigate secrecy throughput for both single- and multi-antenna transmitter scenarios. Both adaptive and non-adaptive design schemes are devised, in which the secrecy throughput is maximized by exploiting the instantaneous and statistical channel state information of the legitimate receiver, respectively. Specifically, optimal transmission policy, blocklength, and code rates are jointly designed to maximize the secrecy throughput. Additionally, null-space artificial noise is employed to improve the secrecy throughput for the multi-antenna setup with the optimal power allocation derived. Various important insights are developed. In particular, 1) increasing blocklength benefits both reliability and secrecy under the proposed transmission policy; 2) secrecy throughput monotonically increases with blocklength; 3) secrecy throughput initially increases but then decreases as secrecy rate increases, and the optimal secrecy rate maximizing the secrecy throughput should be carefully chosen in order to strike a good balance between rate and decoding correctness. Numerical results are eventually presented to verify theoretical findings.

Index Terms:

Physical-layer security, wiretap code, secrecy throughput, finite blocklength, optimization.

I Introduction

In the past decade, pursuing communication security at the physical layer has received a considerable interest, e.g., [2]-[8]. In particular, physical-layer security exploits the inherent randomness of noise and wireless channels to protect wireless secure transmissions [9]-[13], which can provide an additional mechanism for security guarantee and can coexist with those security techniques already employed at the upper layers, such as key-based encipherment. Most recent progress in developing physical-layer security is motivated by Wyner’s pioneering work. Specifically, the concept of secrecy capacity was first established which is defined as the supremum of secrecy rates at which both reliability and secrecy are achieved over a wiretap channel [14]. Wyner showed that the error probability and information leakage can be made arbitrarily low concurrently with an appropriate secrecy coding, provided that a data rate below the secrecy capacity is chosen and meanwhile the data is mapped to asymptotically long codewords, i.e., the coding blocklength tends to infinity. However, the upcoming 5G wireless communication systems are required to support various novel traffic types adopting short packets to reduce the end-to-end communication latency, e.g., smart-traffic safety and machine-to-machine communications [15, 16]. For the short-packet applications, conventional physical-layer security schemes originated from infinite blocklength are generally suboptimal and the impact of finite blocklength could be destructive for secure communications. Therefore, it is necessary to rethink the analysis and design of physical-layer security for the finite blocklength regime.

I-A Previous Works and Motivations

Decoding with finite blocklength will inevitably reduce the secrecy capacity and some preliminary works have been devoted to analyzing the impact of finite blocklength on secrecy for the wiretap channel. For example, the authors in [17] derived an upper bound for the information leakage probability for a given target decoding error probability demonstrating the inherent trade-off between secrecy and reliability. The authors in [18] provided both upper and lower bounds for the maximal secrecy rate capturing the impact of finite blocklength, error probability, and information leakage in both degraded discrete-memoryless wiretap channels and Gaussian wiretap channels. The obtained bounds were shown to be tighter than existing ones from [19, 20]. The work in [18] was further extended by [21], in which the optimal second-order secrecy rate was derived for a semi-deterministic wiretap channel, and the optimal tradeoff between secrecy and reliability with finite blocklength was analytically characterized. It should be noted that, all the above works were aimed to uncover the fundamental limits of secrecy performance from the information theory point of view, whereas the design of practical signaling and transmission schemes were not investigated.

In practice, due to finite blocklength penalty for practical coding schemes, even a secrecy rate below the secrecy capacity cannot guarantee a perfectly successful and secure communication. In this sense, in addition to exploring and/or improving the fundamental limits of the maximal secrecy rate, optimizing secrecy throughput seems more important from the perspective of transmission efficiency, particularly for fading channels where the code rates can be adapted to the fading status. Herein, the secrecy throughput denotes the amount of successfully delivered secret information subject to certain reliability and secrecy constraints. In fact, the secrecy throughput has extensively been taken as an optimization objective for the design of secure transmissions in slow fading channels in the context of infinite blocklength [22]-[26]. Nevertheless, to optimize the secrecy throughput under the constraint of finite blocklength is difficult, and the results derived for infinite blocklength, e.g., [22]-[26], cannot be directly applied. Indeed, the blocklength itself is an optimization variable, and it couples with other variables in a sophisticated manner which makes the optimization problem intractable. For instance, the authors in a recent work [27] investigated the secrecy throughput of a relay-aided secure transmission with finite blocklength, where neither the instantaneous channel state information (CSI) with respect to (w.r.t.) the legitimate receiver nor the eavesdropper is available at the transmitter side. Numerical results were presented therein to show that there exists a critical value of the blocklength that maximizes the secrecy throughput.

Despite the above endeavors, there are some fundamental questions regarding the design of physical-layer security schemes with finite blocklength that have not been thoroughly addressed. First of all, a theoretical proof of the optimal blocklength and the corresponding secrecy rate for maximizing the secrecy throughput is of great significance for the practical design of secure transmissions, which however has not yet been reported by existing literature. Also, in many applications, the transmitter is capable to acquire the instantaneous CSI of the legitimate receiver in slow fading channels via training or feedback. Yet, the potential of exploiting the instantaneous CSI to alleviate the negative impact of finite blocklength on the performance of secure communications has not been exploited. Furthermore, only the single-antenna transmitter scenario has been considered, e.g., [17]-[21], [27], and the design of the optimal signaling and code rates for multi-antenna systems with finite blocklength is still an open issue. This research work aims to provide an analytical framework and design schemes to address the abovementioned problems.

I-B Contributions

This paper investigates the security issue between a pair of legitimate communicating parties in the presence of an eavesdropper, considering the impact of finite blocklength in secrecy coding. The secrecy throughput is thoroughly analyzed and optimized for both single- and multi-antenna transmitter scenarios. In particular, both adaptive and non-adaptive parameter design schemes are proposed for each scenario. The main contributions of this work are summarized as follows:

•

For the single-antenna transmitter scenario, the secrecy throughput is maximized by jointly optimizing the transmission policy, blocklength, as well as code rates. Closed-form bounds and approximations for the secrecy rate are provided to facilitate the practical design of code rates for achieving a close-to-optimal performance.
•

For the multi-antenna transmitter configuration, the optimality of the null-space artificial noise (AN) scheme in terms of secrecy throughput maximization is first investigated. Afterwards, the optimal transmission policy, blocklength, code rates, and power allocation between the information-bearing signal and the AN are derived. Particularly, the power allocation and the secrecy rate are designed via the alternating optimization method, and their impacts on the system performance are further revealed.
•

Numerous useful insights into the design of secure transmissions are provided with finite blocklength. For example, 1) increasing the blocklength can improve both reliability and secrecy, with properly exploiting the instantaneous CSI of the main channel and the statistical CSI of the wiretap channel, which has not been revealed by existing literature, e.g., [17]-[21]; 2) using the maximal blocklength is profitable for boosting the secrecy throughput, which is distinguished from the observation in [27]; 3) due to the finite blocklength penalty, there is a critical secrecy rate that can maximize the secrecy throughput even for the adaptive scheme, rather than always employing the maximal available secrecy rate, which is fundamentally different from the phenomenon with infinite blocklength, e.g., [22, 23].

I-C Organization and Notations

The remainder of this paper is organized as below. Section II describes the system model and the underlying optimization problem. Sections III and IV detail the secrecy throughput maximization for both single- and multi-antenna transmitter scenarios. Section V draws a conclusion.

Notations: Bold lowercase letters denote column vectors. $|\cdot|$ , $\|\cdot\|$ , $(\cdot)^{\dagger}$ , $(\cdot)^{\rm T}$ , $\ln(\cdot)$ , $\mathbb{P}\{\cdot\}$ , $\mathbb{E}_{v}[\cdot]$ denote the absolute value, Euclidean norm, conjugate, transpose, natural logarithm, probability, and the expectation over a random variable $v$ , respectively. $f_{v}(\cdot)$ and $\mathcal{F}_{v}(\cdot)$ denote the probability density function (PDF) and cumulative distribution function (CDF) of $v$ , respectively. $F^{-1}(\cdot)$ denotes the inverse function of a function $F(\cdot)$ . $\mathcal{CN}(\mu,\sigma^{2})$ denotes the circularly symmetric complex Gaussian distribution with mean $\mu$ and variance $\sigma^{2}$ .

II System Model and Problem Description

II-A Channel Model

Refer to caption — Figure 1: Secure transmission from Alice (multi-antenna) to Bob (single-antenna) overheard by Eve (single-antenna). Alice adopts a wiretap code with a binning structure, where $2^{nR_{s}}$ messages each are mapped to a bin of $2^{nR_{e}}$ codewords with a finite blocklength $n$ . A codeword among a set of codewords representing the same message is randomly chosen for transmission [14].

Consider a secure transmission from a transmitter (Alice) to a legitimate receiver (Bob) coexisting with an eavesdropper (Eve), as depicted in Fig. 1. Alice is equipped with $M\geq 1$ transmit antennas, whereas Bob and Eve are single-antenna devices. Quasi-static Rayleigh fading channels are considered, where the channel coherence time is on the order of the blocklength. More specifically, the fading coefficients are assumed to remain constant during the transmission of an entire codeword, but change independently and randomly between two codewords [2]. Denote the coefficients of the main and wiretap channels by $\bm{h}_{b}$ and $\bm{h}_{e}$ , and each entry of $\bm{h}_{b}$ and $\bm{h}_{e}$ follow the Gaussian distribution $\mathcal{CN}(0,\sigma_{b}^{2})$ and $\mathcal{CN}(0,\sigma_{e}^{2})$ , respectively.¹¹1The subscripts $b$ and $e$ are used to refer to Bob and Eve, respectively. A common hypothesis is adopted [22, 23], i.e., Bob and Eve know perfectly the instantaneous CSI of their individual channels $\bm{h}_{b}$ and $\bm{h}_{e}$ , and Alice has the instantaneous CSI of Bob’s channel $\bm{h}_{b}$ but does not has the instantaneous CSI of Eve’s channel $\bm{h}_{e}$ . Besides, the statistics of both channels $\bm{h}_{b}$ and $\bm{h}_{e}$ are available at Alice. Assume that $\bm{h}_{b}$ , $\bm{h}_{e}$ , and the receiver noise are mutually independent, where noise variances at Bob and Eve are denoted by $w_{b}^{2}$ and $w_{e}^{2}$ , respectively. Alice adopts a constant transmit power $P$ . For notational simplicity, define $P_{b}\triangleq\frac{P}{w_{b}^{2}}$ and $P_{e}\triangleq\frac{P}{w_{e}^{2}}$ as the normalized power for Bob and Eve, respectively.

II-B Finite Blocklength Secrecy Coding

To safeguard information confidentiality, secrecy coding should be employed to encode the secret information bits. Instead of investigating any explicit practical constructions of secrecy codes, the Wyner’s wiretap code [14], as a generic code structure, is employed in this paper. A synopsis of the state-of-the-art coding schemes for wiretap channels can be found in [28].

It is reported in [2] that the Wyner’s wiretap code possesses a binning structure, as illustrated in Fig. 1, where $2^{nR_{s}}$ messages are encoded to $2^{nR_{t}}$ codewords, and each message is mapped to a bin of $2^{nR_{e}}$ codewords. Here, $n$ denotes the blocklength (i.e., the codeword length or the number of channel uses), $R_{s}$ and $R_{t}$ (bits/s/Hz/channel) denote the secrecy rate and codeword rate, respectively. The binning codeword rate, i.e., the rate redundancy $R_{e}=R_{t}-R_{s}$ , reflects the cost of providing secrecy.

It is well-known that, for an infinite blocklength with $n\rightarrow\infty$ , as long as the codeword rate $R_{t}$ is not larger than Bob’s channel capacity, Bob can recover messages with an arbitrarily low decoding error probability. On the other hand, perfect secrecy cannot always be guaranteed due to the absence of Eve’s instantaneous CSI: once the rate redundancy $R_{e}$ falls below Eve’s channel capacity, perfect secrecy is compromised, and a secrecy outage event is said to have occurred. Nevertheless, in the finite blocklength regime which is restricted to a finite number of channel uses, no practical protocols can achieve perfectly reliable communications [29]. Hence, to capture the impact of finite blocklength, the maximal channel coding rate for sustaining a desired decoding error probability $\epsilon$ at a finite blocklength $n$ (e.g., $n\geq 100$ ) for a given signal-to-noise ratio (SNR) $\gamma$ was studied in [30] and can be approximated by

R(\gamma,n,\epsilon)\approx C(\gamma)-\sqrt{\frac{V(\gamma)}{n}}Q^{-1}(\epsilon),

(1)

where $C(\gamma)\triangleq\log_{2}(1+\gamma)$ denotes the Shannon channel capacity, $V(\gamma)\triangleq\left(1-(1+\gamma)^{-2}\right)\log_{2}^{2}e$ denotes the channel dispersion [30], and $Q(x)$ is the $Q$ -function defined as $Q(x)\triangleq\frac{1}{\sqrt{2\pi}}\int_{x}^{\infty}e^{-\frac{t^{2}}{2}}dt$ . Equivalently, the decoding error probability for a given coding rate $R$ can be expressed as

\epsilon(\gamma,n,R)=Q\left(\frac{C(\gamma)-R}{\sqrt{V(\gamma)/n}}\right).

(2)

For ease of notation, let $C_{i}\triangleq C(\gamma_{i})$ and $V_{i}\triangleq V(\gamma_{i})$ for $i\in\{b,e\}$ , where $\gamma_{i}$ denotes the corresponding SNR. Define the successful decoding probability of Bob as the complement of its decoding error probability with the codeword rate $R_{t}$ . Then, the successful decoding probability conditioned on the power gain of the main channel, i.e., $\eta\triangleq\|\bm{h}_{b}\|^{2}$ , can be expressed as

p_{s}(\eta)\triangleq 1-\epsilon(\gamma_{b},n,R_{t})=1-Q\left(\frac{C_{b}-R_{t}}{\sqrt{V_{b}/n}}\right).

(3)

The secrecy performance is characterized by the information leakage probability defined below:

\mathcal{O}_{e}\triangleq\mathbb{E}_{\gamma_{e}}\left[1-\epsilon(\gamma_{e},n,R_{e})\right].

(4)

Remark 1

Due to the finite blocklength, the secrecy metric information leakage probability in (4) appears to be distinguished from the widely used secrecy outage probability, defined as $\mathbb{P}\{R_{e}\leq C_{e}\}$ [23], for the infinite blocklength regime with $n\rightarrow\infty$ .

II-C Optimization Problem

Since Alice knows Bob’s instantaneous CSI perfectly, she is able to adapt the code rates to the instantaneous channel gain $\eta$ , which implies that the code rates can be functions of $\eta$ . This paper focuses on the metric named secrecy throughput (bits/s/Hz/channel), which measures the average successfully transmitted information bits per second per Hertz per channel use subject to a secrecy constraint $\mathcal{O}_{e}\leq\delta$ , where $\delta\in[0,1]$ is a pre-established threshold for the information leakage probability. Formally, the secrecy throughput is defined as

\mathcal{T}\triangleq\mathbb{E}_{\eta}\left[R_{s}(\eta)p_{s}(\eta)\right]~{}{\rm s.t.}~{}\mathcal{O}_{e}\leq\delta,

(5)

which is averaged over $\eta$ . Note that the introduction of finite blocklength leads to a different definition of secrecy throughput compared to the case of infinite blocklength which is $\mathcal{T}\triangleq\mathbb{E}_{\eta}\left[R_{s}(\eta)\right]$ [22, 23]. In addition, as will be shown later, in order to meet certain secrecy and reliability requirements during the transmission period, an on-off transmission policy is required;²²2The on-off policy was initially proposed for ergodic-fading channels [31], where a codeword experiences many channel realizations. It was later introduced to slow fading channels and well characterized the condition for secure transmissions [22]. i.e., the transmission should take place only when the channel gain $\eta$ exceeds some threshold $\mu>0$ . With the on-off policy, $R_{s}(\eta)$ is set to zero for $\eta<\mu$ .

This paper aims to maximize the secrecy throughput by designing the optimal on-off threshold, signaling, blocklength, as well as code rates. The following two sections will detail the optimization for single- and multi-antenna transmitter scenarios, respectively. For each scenario, both adaptive and non-adaptive design schemes are examined, where Alice adjusts the arguments based on the instantaneous and statistical CSI of the main channel, respectively.

III Single-Antenna Transmitter Scenario

For the single-antenna transmitter scenario, the SNRs of Bob and Eve are given by $\gamma_{b}=P_{b}\eta$ with $\eta=|h_{b}|^{2}$ and $\gamma_{e}=P_{e}|h_{e}|^{2}$ , respectively. Clearly, $\gamma_{i}$ is exponentially distributed with mean $\Gamma_{i}=P_{i}\sigma_{i}^{2}$ for $i\in\{b,e\}$ . The subsequent two subsections aim to maximize the secrecy throughput $\mathcal{T}$ defined in (5) by jointly designing the on-off threshold $\mu(\eta)$ , the wiretap code rates $R_{s}(\eta)$ and $R_{e}(\eta)$ , and the blocklength $n(\eta)$ , via adaptive and non-adaptive ways, respectively. For notational convenience, these parameters are treated as functions of $\eta$ by default for the adaptive scheme, with the notation $\eta$ being dropped, and $\mathcal{T}_{\rm A}$ and $\mathcal{T}_{\rm N}$ are used to differentiate the adaptive scheme to its non-adaptive counterpart. The optimization problem then can be formulated as below:


$\displaystyle\max_{\mu>0,R_{e}>0,R_{s}>0,n}~{}$	$\displaystyle\mathcal{T}=\mathbb{E}_{\eta}\left[R_{s}p_{s}\right]$	(6a)
$\displaystyle{\rm s.t.}~{}~{}$	$\displaystyle C_{b}\geq R_{t}=R_{s}+R_{e},~{}\forall\eta>\mu,$	(6b)
	$\displaystyle\mathcal{O}_{e}\leq\delta,$	(6c)
	$\displaystyle 1\leq n\leq N,~{}n,N\in\mathbb{Z}^{+}.$	(6d)

Note that (6b) is interpreted as a reliability requirement since otherwise the successful decoding probability $p_{s}$ in (3) falls below $0.5$ and it is no better than random guessing, which is definitely not acceptable; (6c) describes the secrecy constraint; (6d) is related to a latency constraint, where the integer $N$ denotes the maximal available blocklength imposed by a maximal tolerable delay.

III-A Adaptive Optimization Scheme

In the adaptive scheme, the parameters $\mu$ , $R_{s}$ , $R_{e}$ , and $n$ are designed based on $\eta$ , i.e., they are adjusted in real time. A detailed optimization procedure is provided as follows.

III-A1 Solving $R_{e}$

Since $Q$ -function $Q(x)$ is a monotonically decreasing function of $x$ , it is known that $p_{s}$ defined in (3) decreases with $R_{e}$ for a fixed $R_{s}$ . This suggests that, the optimal $R_{e}$ maximizing $\mathcal{T}_{\rm A}$ should be the minimal $R_{e}$ that satisfies the secrecy constraint $\mathcal{O}_{e}\leq\delta$ . Now that $\mathcal{O}_{e}$ in (4) decreases with $R_{e}$ , the optimal $R_{e}$ is given as the inverse of $\mathcal{O}_{e}$ at $\delta$ , i.e.:

R_{e}^{*}=\mathcal{O}_{e}^{-1}(\delta).

(7)

Obviously, $R_{e}^{*}$ is independent of $\eta$ , but monotonically decreases with $\delta$ . This is intuitive that a larger rate redundancy is required to combat the eavesdropper in order to meet a more rigorous secrecy constraint. Although it is difficult to derive a closed-form expression for $R_{e}^{*}$ due to the complicated $Q$ -function, the value of $R_{e}^{*}$ can be efficiently acquired via a bisection method with $\mathcal{O}_{e}(R_{e})=\delta$ , requiring only the computation of $Q(x)$ or a lookup table.

III-A2 Solving $\mu$

The secrecy throughput $\mathcal{T}_{\rm A}$ given in (6a) can be calculated as

\mathcal{T}_{\rm A}=\int_{P_{b}\mu}^{\infty}R_{s}p_{s}f_{\gamma_{b}}(\gamma)d\gamma,

(8)

where $f_{\gamma_{b}}(\gamma)=\frac{1}{\Gamma_{b}}e^{-{\gamma}/{\Gamma_{b}}}$ is the PDF of $\gamma_{b}=P_{b}\eta$ . It appears that choosing $\mu$ as small as possible is beneficial for increasing $\mathcal{T}_{\rm A}$ , on the premise of satisfying the reliability constraint (6b). In addition, constraint (6b) suggests that $C_{b}>R_{e}^{*}\Rightarrow\eta=\frac{\gamma_{b}}{P_{b}}>\frac{2^{R_{e}^{*}}-1}{P_{b}}$ must be ensured to achieve a positive $R_{s}$ . Hence, the optimal on-off threshold is given by

\mu^{*}=\frac{2^{R_{e}^{*}}-1}{P_{b}}.

(9)

This result indicates that the transmission condition for the adaptive scheme is determined by the secrecy constraint. Apparently, $\mu^{*}$ is monotonically decreasing with $\delta$ since $R_{e}^{*}$ decreases with $\delta$ . This implies, a weaker channel is still allowed for transmission for a looser secrecy constraint.

Once $\mu$ is obtained, to maximize $\mathcal{T}_{\rm A}$ in (8) only calls for maximizing $\mathcal{T}_{\rm A}(\eta)\triangleq R_{s}p_{s}$ which is conditioned on $\eta$ . The subproblem is described as below:

\max_{R_{s},n}~{}\mathcal{T}_{\rm A}(\eta)=R_{s}p_{s}~{}~{}{\rm s.t.}~{}~{}\eqref{st_max_c3},~{}0\leq R_{s}\leq C_{b}-R_{e}^{*}.

(10)

The basic idea to tackle the above problem is first to maximize $p_{s}$ over $n$ for a fixed $R_{s}$ and then to design the optimal $R_{s}$ that maximizes $R_{s}p_{s}$ with the optimal $n$ .

III-A3 Solving $n$

For any fixed $R_{t}\leq C_{b}$ , there is no doubt that $p_{s}$ increases with $n$ . However, as shown in (4), $\epsilon(\gamma_{e},n,R_{e})$ decreases with $n$ for $R_{e}\leq C_{e}$ but increases with $n$ otherwise. Then, it remains unclear how $\mathcal{O}_{e}$ defined in (4), as well as $R_{e}^{*}$ in (7), varies with $n$ . More importantly, it is less obvious if the monotonicity of $p_{s}$ w.r.t. $n$ can still hold, since $R_{t}=R_{s}+R_{e}^{*}$ becomes independent of $n$ . Therefore, in order to derive the optimal $n^{*}$ maximizing $\mathcal{T}_{\rm A}(\eta)$ in (10), the monotonicity of $\mathcal{O}_{e}$ or $R_{e}^{*}$ w.r.t. $n$ should be first identified.

Lemma 1

$\mathcal{O}_{e}$ in (4) and $R_{e}^{*}$ in (7) decrease with $n$ .

Proof 1

Please refer to Appendix -A.

Lemma 1 shows that increasing the blocklength is beneficial for decreasing the information leakage probability such that the required rate redundancy of the wiretap code can be lowered. This result is perhaps counter-intuitive, which makes sense when one realizes that a larger blocklength will yield a larger decoding error probability for Eve if Eve’s channel capacity falls below the rate redundancy. With Lemma 1, the monotonicity of $\mathcal{T}_{\rm A}(\eta)$ w.r.t. $n$ is uncovered, followed by the optimal $n^{*}$ that maximizes $\mathcal{T}_{\rm A}(\eta)$ .

Theorem 1

$\mathcal{T}_{\rm A}(\eta)$ in (10) increases with $n$ and is maximized at $n^{*}=N$ .

Proof 2

Please refer to Appendix -B.

Theorem 1 reveals that exploiting a larger blocklength is beneficial for improving the secrecy throughput under given channel gains. This result is nontrivial in light of [27] where there exists a critical value of the blocklength, instead of the maximal one, that can achieve the maximal secrecy throughput. The main reason behind the two different results lies in that, Bob’s instantaneous CSI is available here and is adequately exploited, and the codeword rate will not exceed Bob’s channel capacity under the on-off policy such that using a larger blocklength can always lower the decoding error probability for Bob. Combined with Lemma 1, it can be seen that increasing the blocklength improves reliability and secrecy simultaneously, thus making the secrecy throughput higher. However, this can no longer be promised in [27] where the instantaneous CSI of the main channel is unknown, and using a larger blocklength might degrade the reliability once the codeword rate exceeds Bob’s channel capacity, just as implied in Lemma 1. Revisiting (8), since $\mu^{*}$ in the lower limit of the integral decreases with $n$ (see (9) where $R_{e}^{*}$ decreases with $n$ ), it is clear that the global optimal blocklength that maximizes $\mathcal{T}_{\rm A}$ is also $n^{*}=N$ .

III-A4 Solving $R_{s}$

Substituting the derived optimal $R_{e}^{*}$ , $\mu^{*}$ , and $n^{*}$ into (3) yields the maximal $p_{s}$ , and then the optimal $R_{s}^{*}$ can be determined by solving the following problem:


$\displaystyle\max_{R_{s}}$	$\displaystyle~{}\mathcal{T}_{\rm A}(\eta)=R_{s}\left[1-Q\left(\frac{C_{b}-R_{s}-R_{e}^{*}}{\sqrt{V_{b}/N}}\right)\right]$	(11a)
$\displaystyle~{}~{}{\rm s.t.}$	$\displaystyle~{}~{}0<R_{s}\leq C_{b}-R_{e}^{*}.$	(11b)

Theorem 2

$\mathcal{T}_{\rm A}(\eta)$ in (11) is a concave function of $R_{s}$ , and its maximal value is achieved at

\displaystyle R_{s}^{*}=\begin{cases}C_{b}-R_{e}^{*},&\eta\leq\frac{\gamma_{b}^{\circ}}{P_{b}},\\ R_{s}^{\circ},&\rm otherwise,\end{cases}

(12)

where $\gamma_{b}^{\circ}\in\left(\sqrt{\frac{1}{2}+\sqrt{\frac{1}{4}+\frac{\pi}{2N}}}-1,e^{\sqrt{\frac{\pi}{2N}}+R_{e}^{*}\ln 2}-1\right)$ is the unique root $\gamma_{b}>0$ that satisfies $C_{b}-\sqrt{\frac{\pi V_{b}}{2N}}=R_{e}^{*}$ , and $R_{s}^{\circ}$ is the unique zero-crossing $R_{s}<C_{b}-R_{e}^{*}$ of the derivative

\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}}=1-Q\left(\frac{C_{b}-R_{s}-R_{e}^{*}}{\sqrt{V_{b}/N}}\right)-\frac{R_{s}\sqrt{N}}{\sqrt{2\pi V_{b}}}e^{-\frac{\left(C_{b}-R_{s}-R_{e}^{*}\right)^{2}}{2V_{b}/N}}.

(13)

Proof 3

Please refer to Appendix -C.

Theorem 2 presents an optimal secrecy rate $R_{s}^{*}$ that differs from the one for infinite blocklength with $N\rightarrow\infty$ , where in the latter employing the maximal achievable secrecy rate $R_{s}^{*}=C_{b}-R_{e}^{*}$ is always optimal for secrecy throughput improvement. The fundamental reason behind such difference lies in the decoding failure caused by finite blocklength. Specifically, when the quality of the main channel is poor (i.e., a small $\eta$ ) or when a large rate redundancy $R_{e}^{*}$ is required, e.g., due to a high average SNR of Eve or a stringent secrecy requirement, the successful decoding probability $p_{s}$ is initially small and decreases slowly with $R_{s}$ . In this case, the secrecy throughput improvement is mainly bottlenecked by $R_{s}$ , and hence it is necessary to choose the maximal secrecy rate $R_{s}^{*}=C_{b}-R_{e}^{*}$ . Otherwise, $p_{s}$ is initially large but drops rapidly with $R_{s}$ , thus dramatically degrading the secrecy throughput. Therefore, a relatively small $R_{s}$ is supposed to be chosen to strike a good balance between the decoding and throughput performance.

The optimal secrecy rate $R_{s}^{*}\leq C_{b}-R_{e}^{*}$ in (12) can be obtained efficiently using the Newton’s method, despite its implicit form. The following corollaries further give a closed-form asymptotically tight lower bound $R_{s}^{L}$ on $R_{s}^{*}$ and provide useful insights into the behavior of $R_{s}^{*}$ .

Corollary 1

The optimal secrecy rate $R_{s}^{*}$ in (12) satisfies

R_{s}^{*}\geq R_{s}^{L}\triangleq C_{b}-R_{e}^{*}-\sqrt{\frac{2V_{b}}{N}\ln\left(\frac{1}{2}+\frac{C_{b}-R_{e}^{*}}{\sqrt{2\pi V_{b}/N}}\right)}.

(14)

Proof 4

The result follows by finding a lower bound on $\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}}$ in (13) applying the inequalities $Q(x)\leq\frac{1}{2}e^{-x^{2}/2}$ and $R_{s}\leq C_{b}-R_{e}^{*}$ and then setting the resultant lower bound to zero.

The term $\sqrt{\frac{2V_{b}}{N}\ln\left(\frac{1}{2}+\frac{C_{b}-R_{e}^{*}}{\sqrt{2\pi V_{b}/N}}\right)}$ in (14) is interpreted as the secrecy rate loss arisen from finite blocklength. This term vanishes as $N\rightarrow\infty$ or $R_{e}^{*}\rightarrow C_{b}-\sqrt{\frac{\pi V_{b}}{2N}}$ , and accordingly $R_{s}^{*}$ approaches $C_{e}-R_{e}^{*}$ . In this sense, the lower bound $R_{s}^{L}$ can be employed as a computational convenient alternative to the optimal $R_{s}^{*}$ , particularly for the large blocklength scenarios.

Corollary 2

The optimal secrecy rate $R_{s}^{*}$ monotonically increases with the channel gain $\eta$ .

Proof 5

It is proved that $\frac{C_{b}-R_{s}-R_{e}^{*}}{\sqrt{V_{b}}}$ in (13) increases with $\eta$ such that $\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}}$ increases with $\eta$ . Then, using the derivative rule for implicit functions with $\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}^{*}}=0$ reaches $\frac{dR_{s}^{*}}{d\eta}>0$ .

Fig. 2 depicts secrecy throughput $\mathcal{T}_{\rm A}(\eta)$ versus secrecy rate $R_{s}$ for different blocklength $N$ and channel gain $\eta$ . The concavity of $\mathcal{T}_{\rm A}(\eta)$ on $R_{s}$ given by Theorem 2 is well verified. Specifically, $\mathcal{T}_{\rm A}(\eta)$ first increases and then decreases with $R_{s}$ , and there exists an optimal $R_{s}^{*}$ that maximizes $\mathcal{T}_{\rm A}(\eta)$ . It is also found that $\mathcal{T}_{\rm A}(\eta)$ almost linearly increases with $R_{s}$ at first, since the throughput loss due to decoding error is negligible. Note that the curves in the figure are cut in different points which represent different values of the maximal achievable secrecy rate $R_{s}^{\max}$ for different $N$ and $\eta$ , and it is obvious that $R_{s}^{\max}$ increases with $N$ and $\eta$ . As $\eta$ grows, $\mathcal{T}_{\rm A}(\eta)$ improves significantly and the corresponding optimal $R_{s}^{*}$ increases, which validates Corollary 2. The underlying reason is that, when the main channel quality improves, choosing a larger $R_{s}$ contributes more to improving $\mathcal{T}_{\rm A}(\eta)$ compared with increasing the successful decoding probability $p_{s}$ (by lowering $R_{s}$ ). In addition, as proved in Theorem 1, $\mathcal{T}_{\rm A}(\eta)$ increases with $N$ . It is also proved that the optimal $R_{s}^{*}$ increases with $N$ as $\eta\rightarrow\infty$ . However, it is no longer true when $\eta$ is too small, e.g., $\eta=3$ dB. This is because, for a low channel quality, the decoding performance becomes a key restricting factor on throughput improvement, and hence $R_{s}$ should be decreased to ensure a large $p_{s}$ as $N$ increases. Moreover, the secrecy throughput obtained with the lower bound $R_{s}^{L}$ in Corollary 1 approaches closely the optimal one particularly when $N$ is sufficiently large, which demonstrates the usefulness of the lower bound.

III-B Non-Adaptive Optimization Scheme

This section devises a non-adaptive optimization scheme where the parameters $\mu$ , $R_{s}$ , $R_{e}$ , and $n$ are designed based on the statistical CSI of the main channel and remain unchanged during the transmission period. Such a non-adaptive scheme can be computed off-line, which significantly lowers the complexity compared with an adaptive one.

Since all the parameters are independent of the channel gain $\eta$ , the problem of maximizing the secrecy throughput in (5) can be recast as follows:

\max_{\mu,R_{e},R_{s},n}~{}\mathcal{T}_{\rm N}=R_{s}\bar{p}_{s}~{}~{}{\rm s.t.}~{}~{}\eqref{st_max_c1}-\eqref{st_max_c3},

(15)

where $\bar{p}_{s}=\int_{P_{b}\mu}^{\infty}p_{s}f_{\gamma_{b}}(\gamma)d\gamma$ denotes the average successful decoding probability.

The above problem can be handled via similar steps for its adaptive counterpart in Sec. III-A. To begin with, in order to increase $p_{s}$ for a given $R_{s}$ , a minimal rate redundancy $R_{e}$ should be chosen while satisfying the secrecy constraint $\mathcal{O}_{e}\leq\delta$ . Hence, the optimal $R_{e}^{*}$ is given in (7). It can be inferred from (15) that a smaller transmission threshold $\mu$ can produce a larger $\mathcal{T}_{\rm N}$ . Nonetheless, $C_{b}\geq\log_{2}(1+P_{b}\mu)\geq R_{s}+R_{e}^{*}$ must be ensured, since otherwise there would always exist a transmission initiated when $\eta>\mu$ while violating the reliability constraint (6b). Consequently, the optimal $\mu^{*}$ for a fixed $R_{s}$ is given by

\mu^{*}=\frac{2^{R_{s}+R_{e}^{*}}-1}{P_{b}}.

(16)

Note that in order to support a constant secrecy rate $R_{s}$ , the optimal on-off threshold $\mu^{*}$ for the non-adaptive scheme is generally larger than that of the adaptive one as given in (9). On the other hand, the optimal $\mu^{*}$ monotonically decreases with $\delta$ and $n$ , which is similar to the adaptive case. That is to say, the transmission condition can be relaxed when facing a looser secrecy requirement or using a larger blocklength.

Substituting $R_{e}^{*}$ and $\mu^{*}$ into $\bar{p}_{s}$ and invoking the approximation of $Q$ -function in (49) yields

$\displaystyle\bar{p}_{s}$	$\displaystyle=\int_{P_{b}\mu^{}}^{\infty}\left[1-\Xi(\gamma_{b},n,R_{s}+R_{e}^{})\right]f_{\gamma_{b}}(\gamma)d\gamma$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{=}}1-\mathcal{F}_{\gamma_{b}}(\theta_{b}^{2})\int_{\theta_{b}^{2}}^{\tau^{u}_{b}}\left(\frac{1}{2}-\frac{\beta}{\theta_{b}}(\gamma-\theta_{b}^{2})\right)f_{\gamma_{b}}(\gamma)d\gamma$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(b)}}}{{=}}1-\frac{1}{2}\mathcal{F}_{\gamma_{b}}(\theta_{b}^{2})-\frac{\beta}{\theta_{b}}\int_{\theta_{b}^{2}}^{\tau^{u}_{b}}\mathcal{F}_{\gamma_{b}}(\gamma)d\gamma,$	(17)

where $\mathrm{(a)}$ is due to $\theta_{b}=\sqrt{P_{b}\mu^{*}}=\sqrt{2^{R_{s}+R_{e}^{*}}-1}$ , $\beta=\frac{\sqrt{n}}{2\pi}$ , and $\tau^{u}_{b}=\theta_{b}^{2}+\frac{\theta_{b}}{2\beta}$ , and $\mathrm{(b)}$ stems from the use of partial integration. With (III-B), the problem of maximizing $\mathcal{T}_{\rm N}$ over $n$ and $R_{s}$ can be equivalently transformed as below:


$\displaystyle\max_{\beta,\theta_{b}}$	$\displaystyle~{}~{}\mathcal{T}_{\rm N}=\left[\log_{2}(1+\theta_{b}^{2})-R_{e}^{*}\right]{\bar{p}_{s}}$	(18a)
$\displaystyle~{}~{}{\rm s.t.}$	$\displaystyle~{}~{}\frac{1}{2\pi}\leq\beta\leq\frac{\sqrt{N}}{2\pi},~{}\theta_{b}>\sqrt{2^{R_{e}^{*}}-1}.$	(18b)

Theorem 3

$\mathcal{T}_{\rm N}$ in (18) is a monotonically increasing function of $\beta$ or $n$ .

Proof 6

The result follows by proving that

	$\displaystyle\frac{d\mathcal{T}_{\rm N}}{d\beta}$	$\displaystyle=-\frac{dR_{e}^{}}{d\beta}\bar{p}_{s}+\left[\log_{2}(1+\theta_{b}^{2})-R_{e}^{}\right]\frac{d\bar{p}_{s}}{d\beta}$
		$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{>}}\left[\log_{2}(1+\theta_{b}^{2})-R_{e}^{*}\right]\frac{d\bar{p}_{s}}{d\beta}\stackrel{{\scriptstyle\mathrm{(b)}}}{{>}}0,$		(19)

where $\mathrm{(a)}$ is due to $\frac{dR_{e}^{*}}{dn}<0$ from (51), and $\mathrm{(b)}$ follows from $\frac{d\bar{p}_{s}}{d\beta}=\frac{1}{\theta_{b}}\int_{\theta_{b}^{2}}^{\tau^{u}_{b}}\left[\mathcal{F}_{\gamma_{b}}(\tau^{u}_{b})-\mathcal{F}_{\gamma_{b}}(\gamma)\right]d\gamma>0$ as $\mathcal{F}_{\gamma_{b}}(\gamma)$ is an increasing function of $\gamma$ .

Theorem 3 suggests that Alice should use the maximal blocklength to maximize the secrecy throughput for the non-adaptive scheme, regardless of other parameters, i.e., the globally optimal blocklength is $n^{*}=N$ . More importantly, this conclusion holds for any distribution of $\gamma_{b}$ .

Substituting the CDF $\mathcal{F}_{\gamma_{b}}(\gamma)=1-e^{-{\gamma}/{\Gamma_{b}}}$ into (III-B) yields

\mathcal{T}_{\rm N}=\frac{1}{2}\left[\log_{2}(1+\theta_{b}^{2})-R_{e}^{*}\right]\left[1+Y(\theta_{b})\right]e^{-\frac{\theta_{b}^{2}}{\Gamma_{b}}},

(20)

where $Y(\theta_{b})=\frac{2\beta\Gamma_{b}}{\theta_{b}}(1-e^{-\frac{\theta_{b}}{2\beta\Gamma_{b}}})>0$ . The optimal $\theta_{b}^{*}$ that maximizes $\mathcal{T}_{\rm N}$ is provided below.

Theorem 4

$\mathcal{T}_{\rm N}$ in (20) is first-increasing-then-decreasing w.r.t. $\theta_{b}$ ; the optimal $\theta_{b}^{*}$ maximizing $\mathcal{T}_{\rm N}$ is the unique root $\theta_{b}>\sqrt{2^{R_{e}^{*}}-1}$ of $G(\theta_{b})=0$ , where $G(\theta_{b})$ is a decreasing function of $\theta_{b}$ :

G(\theta_{b})=\frac{1+Y(\theta_{b})}{\ln 2}-\left[\log_{2}(1+\theta_{b}^{2})-R_{e}^{*}\right]\frac{1+\theta_{b}^{2}}{\theta_{b}}g(\theta_{b}),

(21)

with $g(\theta_{b})=\left(\frac{1}{2\theta_{b}}+\frac{1}{4\beta\Gamma_{b}}+\frac{\theta_{b}}{\Gamma_{b}}\right)Y(\theta_{b})+\frac{\theta_{b}}{\Gamma_{b}}-\frac{1}{2\theta_{b}}$ .

Proof 7

Please refer to Appendix -D.

Based on Theorem 4, the optimal $\theta_{b}^{*}$ or secrecy rate $R_{s}^{*}=\log_{2}(1+(\theta_{b}^{*})^{2})-R_{e}^{*}$ can be efficiently calculated using a bisection search with $G(\theta_{b})=0$ , and thus the maximal $\mathcal{T}_{\rm N}^{*}$ can be obtained from (18). The following corollaries demonstrate the behavior of $R_{s}^{*}$ w.r.t. to the average channel power gain $\sigma_{b}^{2}=\frac{\Gamma_{b}}{P_{b}}$ and provide a closed-form approximation of $R_{s}^{*}$ at the large $\sigma_{b}^{2}$ regime.

Corollary 3

The optimal $R_{s}^{*}$ monotonically increases with $\sigma_{b}^{2}$ .

Proof 8

Following similar steps as the proof of Theorem 4, it can be verified that $G(\theta_{b})$ in (21) increases with $\sigma_{b}^{2}$ such that $\frac{dR_{s}^{*}}{d\sigma_{b}^{2}}=-\frac{\partial G(\theta_{b})/\partial\sigma_{b}^{2}}{\partial G(\theta_{b})/\partial R_{s}^{*}}>0$ , which completes the proof.

Corollary 3 suggests that a larger secrecy rate should be employed to boost the secrecy throughput when the quality of the main channel improves, despite the fact that it might deteriorate the decoding correctness at Bob.

Corollary 4

At the regime of $\sigma_{b}^{2}\rightarrow\infty$ , the optimal secrecy rate $R_{s}^{*}$ is approximated by

	$\displaystyle R_{s}^{*}\approx R_{s}^{A}$	$\displaystyle={\log_{2}(e)}{\mathcal{W}_{0}\left(\sigma_{b}^{2}2^{-R_{e}^{*}}\right)}$
		$\displaystyle\approx\log_{2}(\sigma_{b}^{2})-R_{e}^{}-\log_{2}\left[\ln(\sigma_{b}^{2})-R_{e}^{}\ln 2\right],$		(22)

where $\mathcal{W}_{0}(x)$ is the Lambert’s $W$ function [39, Sec. 4.13] that satisfies $x=\mathcal{W}_{0}(x)e^{\mathcal{W}_{0}(x)}$ .

Proof 9

It is clear that $Y(\theta_{b})\rightarrow 1$ and $g(\theta_{b})\rightarrow\frac{2\theta_{b}}{\Gamma_{b}}$ as $\sigma_{b}^{2}\rightarrow\infty$ . Substituting the results into (21) with $\theta_{b}^{2}=2^{R_{s}+R_{e}^{*}}-1$ and letting $G(\theta_{b})=0$ produce the first approximation. The second approximation comes from the expansion of $\mathcal{W}_{0}(x)$ as $x\rightarrow\infty$ that $\mathcal{W}_{0}(x)\approx\ln x-\ln(\ln x)$ .

Fig. 3 plots the secrecy throughput $\mathcal{T}_{\rm N}$ versus the secrecy rate $R_{s}$ for different values of the blocklength $N$ and the average channel gain $\sigma_{b}^{2}$ . It can be seen that $\mathcal{T}_{\rm N}$ first increases and then decreases with $R_{s}$ , which validates Theorem 4. The optimal $R_{s}^{*}$ maximizing $\mathcal{T}_{\rm N}$ increases with $\sigma_{b}^{2}$ , which verifies Corollary 3 well, and the reason behind is similar to that for Corollary 2. It can also be observed that the optimal $R_{s}^{*}$ is almost impervious to different $N$ . This is because, the optimal secrecy rate for the non-adaptive scheme only depends on the average successful decoding probability, and the averaging process softens the impact of the blocklength. Theorem 3 is also confirmed, where it is found that $\mathcal{T}_{\rm N}$ increases with $N$ . In addition, the secrecy throughput with the approximate $R_{s}^{A}$ obtained in Corollary 4 is almost coincided with that of the optimal $R_{s}^{*}$ , which demonstrates the practicability of the low-complexity approximation.

Fig. 4 compares the secrecy throughput for adaptive and non-adaptive schemes with different blocklength $N$ . The left-hand-side figure depicts the maximal secrecy throughput $\mathcal{T}^{*}$ , where $\mathcal{T}_{\rm A}^{*}$ for the adaptive case improves as $N$ increases whereas $\mathcal{T}_{\rm N}^{*}$ for the non-adaptive case almost remains unchanged. When the average channel gain $\sigma_{b}^{2}$ increases or the secrecy constraint becomes relaxed (i.e., a larger $\delta$ ), the maximal $\mathcal{T}^{*}$ for both schemes improves significantly, and the gap $\mathcal{T}_{\rm A}^{*}-\mathcal{T}_{\rm N}^{*}$ increases. The right-hand-side figure illustrates the relative throughput gain $\Delta\mathcal{T}\triangleq\frac{\mathcal{T}_{\rm A}^{*}-\mathcal{T}_{\rm N}^{*}}{\mathcal{T}_{\rm N}^{*}}$ which reflects the superiority of the adaptive scheme over its non-adaptive counterpart. It is shown that $\Delta\mathcal{T}$ grows dramatically with $N$ but decreases with $\sigma_{b}^{2}$ and $\delta$ . This suggests that the adaptive scheme is more preferred for some unfavorable scenarios, e.g., with a large blocklengh (large delay), a poor channel quality, or a stringent secrecy requirement; otherwise, the non-adaptive scheme could be an alternative choice owing to its low implementation complexity.

IV Multi-Antenna Transmitter Scenario

When Alice is equipped with multiple antennas, she can intentionally transmit AN together with the information-bearing signal to degrade Eve’s channel quality. Generally, the null-space AN scheme, in which the AN is injected uniformly in directions orthogonal to the main channel, is heuristically employed in the context of infinite blocklength [34]. The near-optimality of AN in terms of improving secrecy capacity for the multi-input single-output wiretap channel was first proved in [35] from a rigorous information-theoretic perspective, and its degraded performance was later observed for the multi-input multi-output wiretap channel [36]. On the other hand, it was argued in [37] that distributing a certain proportion of AN in the direction of main channel can surprisingly gain a larger ergodic secrecy rate. When it comes to finite blocklength, since decoding failure might occur even when the codeword rate lies below the channel capacity, which is quite different from the infinite blocklength case, it is still unclear whether the null-space AN is optimal and how the optimal power allocation of the AN scheme should be determined for maximizing the secrecy throughput. To this end, this section focuses on the optimization of secrecy throughput with finite blocklength for the multi-antenna scenario, where the optimality of the null-space AN scheme will be identified first.

Considering a general scenario where the AN is not restricted to be orthogonal to the main channel, Alice’s transmitted signal can be constructed in the form of

\bm{x}=\sqrt{\phi P}{\bm{w}}\left(\sqrt{\alpha}s+\sqrt{1-\alpha}v\right)+\sqrt{\frac{(1-\phi)P}{M-1}}{\bm{W}}_{\bot}{\bm{z}},

(23)

where ${\bm{w}}=\frac{\bm{h}_{b}^{{\dagger}}}{\|\bm{h}_{b}\|}$ denotes the beamforming vector for the main channel, ${\bm{W}}_{\bot}$ denotes the $M\times(M-1)$ projection matrix onto the null space of $\bm{h}_{b}$ such that ${\bm{h}_{b}^{\mathrm{T}}}{\bm{W}}_{\bot}=\bm{0}$ , and the columns of $[{\bm{w}}~{}{\bm{W}}_{\bot}]$ constitute an orthogonal basis; $s$ , $v$ , and ${\bm{z}}$ denote the information signal, the AN in the direction of ${\bm{w}}$ , and the AN in the null space ${\bm{W}}_{\bot}$ , with each element obeying $\mathcal{CN}(0,1)$ ; $\phi\in[0,1]$ represents the fraction of the total transmit power $P$ allocated to the direction of ${\bm{w}}$ , and $\alpha\in[0,1]$ represents the power allocation ratio of the information signal to $\phi P$ . With (23), the received signal-to-interference-plus-noise ratios (SINRs) at Bob and Eve are respectively

	$\displaystyle\gamma_{b}$	$\displaystyle=\frac{\alpha\phi P_{b}\eta}{(1-\alpha)\phi P_{b}\eta+1},$		(24)
	$\displaystyle\gamma_{e}$	$\displaystyle=\frac{\alpha\phi P_{e}\|\bm{h}_{e}^{\mathrm{T}}\bm{w}\|^{2}}{(1-\alpha)\phi P_{e}\|\bm{h}_{e}^{\mathrm{T}}\bm{w}\|^{2}+\frac{(1-\phi)P_{e}\\|\bm{h}_{e}^{\mathrm{T}}\bm{W}_{\bot}\\|^{2}}{M-1}+1},$		(25)

where $\eta=\|\bm{h}_{b}\|^{2}$ . The successful decoding probability $p_{s}$ and the information leakage probability $\mathcal{O}_{e}$ for the multi-antenna case are still given by (2) and (4), respectively. The corresponding secrecy throughput optimization problem can be formulated as below:

\displaystyle\max_{\mu,R_{e},R_{s},n,\alpha,\phi}~{}\mathcal{T}=\mathbb{E}_{\eta}\left[R_{s}p_{s}\right]~{}~{}{\rm s.t.}~{}~{}\eqref{st_max_c1}-\eqref{st_max_c3},~{}0\leq\alpha,\phi\leq 1.

(26)

The following subsections will first detail the optimization procedure for both adaptive and non-adaptive schemes, and then briefly discuss the scenario of a multi-antenna Eve.

IV-A Adaptive Optimization Scheme

This subsection optimizes the secrecy throughput $\mathcal{T}_{\rm A}$ by designing the parameters involved in problem (26) adaptively according to the instantaneous channel realization $\bm{h}_{b}$ .

IV-A1 Solving $R_{e}$

Similar to the single-antenna case, the optimal rate redundancy is given by $R_{e}^{*}=\mathcal{O}_{e}^{-1}(\delta)$ with $\mathcal{O}_{e}$ in (4). Note that $R_{e}^{*}$ herein is a function of $\phi$ and $\alpha$ .

IV-A2 Solving $\alpha$

Resort to a function $\kappa(x,\alpha)\triangleq\frac{x\alpha}{x(1-\alpha)+1}$ defined in [38], which increases with $x$ for $\alpha>0$ . Then, the SINRs $\gamma_{b}$ in (24) and $\gamma_{e}$ in (25) can be reformulated as $\gamma_{b}(\phi,\alpha)=\kappa\left(\gamma_{b}(\phi,1),\alpha\right)$ and $\gamma_{e}(\phi,\alpha)=\kappa\left(\gamma_{e}(\phi,1),\alpha\right)$ . Define $\Phi_{e}(\phi,\alpha)\triangleq 2^{R_{e}^{*}}-1$ as the SINR threshold for $\gamma_{e}(\phi,\alpha)$ such that $R_{e}^{*}=\log_{2}(1+\Phi_{e}(\phi,\alpha))$ . Recalling the secrecy constraint $\mathcal{O}_{e}(\Phi_{e};\theta,\alpha)=\delta$ , $\Phi_{e}(\phi,\alpha)$ is the $\delta$ -upper quantile of $\gamma_{e}(\phi,\alpha)$ such that it also follows the form $\Phi_{e}(\phi,\alpha)=\kappa(\Phi_{e}(\phi,1),\alpha)$ [38]. Hence, the condition for guaranteeing a positive secrecy rate is described as

$\displaystyle\gamma_{b}(\phi,\alpha)>\Phi_{e}(\phi,\alpha)$	$\displaystyle\Rightarrow\kappa(\gamma_{b}(\phi,1),\alpha)>\kappa(\Phi_{e}(\phi,1),\alpha)$
	$\displaystyle\Rightarrow\gamma_{b}(\phi,1)>\Phi_{e}(\phi,1)$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{\Rightarrow}}\rho_{b}>\rho_{e}(\phi),$	(27)

where $\rho_{b}\triangleq P_{b}\eta$ , $\rho_{e}(\phi)\triangleq\frac{\Phi_{e}(\phi,1)}{\phi}$ , and $\mathrm{(a)}$ is due to $\gamma_{b}(\phi,1)=\phi P\eta$ . Then, the threshold $\mu$ can be simply set as $\mu(\phi)=\frac{\rho_{e}(\phi)}{P_{b}}$ for any fixed $\phi$ . Revisiting (8), since $\mu(\phi)$ is independent of $\alpha$ , the optimal $\alpha^{*}$ that maximizes $\mathcal{T}_{\rm A}$ can be obtained by maximizing $\mathcal{T}_{\rm A}(\eta)=R_{s}p_{s}$ , where $p_{s}$ is defined in (3) and can be rewritten as

p_{s}=1-Q\left(\sqrt{n}\lambda_{b}\frac{\ln\lambda_{b}-\ln\lambda_{e}-R_{s}\ln 2}{\sqrt{\lambda_{b}^{2}-1}}\right),

(28)

with $\lambda_{b}\triangleq 1+\kappa(\gamma_{b}(\phi,1),\alpha)>\lambda_{e}\triangleq 1+\kappa(\Phi_{e}(\phi,1),\alpha)>1$ . Although it is difficult to see how $p_{s}$ varies with $\alpha$ for a fixed $R_{s}<\log_{2}\frac{\lambda_{b}}{\lambda_{e}}$ as both $\lambda_{b}$ and $\lambda_{e}$ increase with $\alpha$ , the following theorem provides the optimal $\alpha^{*}$ that maximizes $\mathcal{T}_{\rm A}$ .

Theorem 5

$\alpha^{*}=1$ is optimal for maximizing the secrecy throughput $\mathcal{T}_{\rm A}$ .

Proof 10

Please refer to Appendix -E.

Theorem 5 suggests that there is no need to inject the AN in the main channel direction for secrecy throughput improvement with finite blocklength. The reason is that, once the main channel quality suffices to guarantee $\lambda_{b}>\lambda_{e}$ , a larger $\alpha$ can improve the term $\frac{\ln\lambda_{b}-\ln\lambda_{e}}{\sqrt{1-\lambda_{b}^{-2}}}$ in (28) which reflects the channel superiority of the main channel over the wiretap channel.

Define $\xi\triangleq\frac{\phi^{-1}-1}{M-1}$ . Substituting $\alpha^{*}=1$ into (24) and (25) yields the CDFs of $\gamma_{b}$ and $\gamma_{e}$ :

	$\displaystyle\mathcal{F}_{\gamma_{b}}(\gamma)$	$\displaystyle=1-e^{-\frac{\gamma}{\phi\Gamma_{b}}}\sum_{k=0}^{M-1}\frac{1}{k!}\left(\frac{\gamma}{\phi\Gamma_{b}}\right)^{k},$		(29)
	$\displaystyle\mathcal{F}_{\gamma_{e}}(\gamma)$	$\displaystyle=1-e^{-\frac{\gamma}{\phi\Gamma_{e}}}\left(1+\xi\gamma\right)^{1-M},$		(30)

IV-A3 Solving $\mu$

The threshold $\mu(\phi)=\frac{\rho_{e}(\phi)}{P_{b}}$ mentioned in the last step is related to $\phi$ . This step further determines the optimal $\mu^{*}$ which is independent of $\phi$ and $\eta$ . For tractability, consider an asymptotically large blocklength and exploit the tail property of the $Q$ -function, then the information leakage probability $\mathcal{O}_{e}$ is approximated as [33]

\mathcal{O}_{e}(\Phi_{e})\approx e^{-\frac{\Phi_{e}}{\phi\Gamma_{e}}}\left(1+\xi\Phi_{e}\right)^{1-M}.

(31)

Fig. 5 shows that the approximate $\mathcal{O}_{e}(\Phi_{e})$ is extremely close to the exact value for quite a wide range of $\phi$ , $M$ , $n$ , and $\Gamma_{e}$ , and it then can be adopted to facilitate the subsequent analysis and optimization. Revisiting $\rho_{e}(\phi)=\frac{\Phi_{e}(\phi)}{\phi}$ with $\mathcal{O}_{e}(\Phi_{e}(\phi))=\delta$ , the following lemma is obtained.

Lemma 2 ([38])

$\rho_{e}(\phi)>0$ , $\frac{d\rho_{e}(\phi)}{d\phi}=\frac{\rho_{e}(\phi)}{\left[1+\phi\rho_{e}(\phi)\xi\right]/\Gamma_{e}+1-\phi}>0$ , and $\frac{d^{2}\rho_{e}(\phi)}{d\phi^{2}}>\frac{2}{\rho_{e}(\phi)}\left[\frac{d\rho_{e}(\phi)}{d\phi}\right]^{2}>0$ .

Lemma 2 indicates that $\rho_{e}(\phi)$ increases with $\phi$ . It is observed from (IV-A2) that no positive $R_{s}$ can be achieved if $P_{b}\eta\leq\rho_{e}(0)$ . To avoid this, the optimal on-off threshold should be chosen as

\mu^{*}=\frac{\rho_{e}(0)}{P_{b}}.

(32)

IV-A4 Solving $n$

This step gives the optimal blocklength $n^{*}$ that maximizes secrecy throughput.

Theorem 6

$n^{*}=N$ is optimal for maximizing $\mathcal{T}_{\rm A}$ in (26).

Proof 11

The proof is similar to that of Theorem 1. According to (53), one only needs to prove that $f_{\gamma_{e}}(\tau^{l}_{e})>f_{\gamma_{e}}(\tau^{u}_{e})$ . The PDF of $\gamma_{e}$ is calculated from (30) and is given by

f_{\gamma_{e}}(\gamma)=\left(\frac{1}{\phi\Gamma_{e}\left(1+\xi\gamma\right)^{M-1}}+\frac{\xi(M-1)}{\left(1+\xi\gamma\right)^{M}}\right)e^{-\frac{\gamma}{\phi\Gamma_{e}}}.

(33)

Apparently, $f_{\gamma_{e}}(\gamma)$ decreases with $\gamma$ such that $f_{\gamma_{e}}(\tau^{l}_{e})>f_{\gamma_{e}}(\tau^{u}_{e})$ , which completes the proof.

Theorem 6 suggests that a multi-antenna transmitter also should adopt the maximal blocklength to maximize the secrecy throughput, regardless of the power allocation and code rates. This is validated by Fig. 6, and the reason behind is similar to that of the single-antenna case.

IV-A5 Solving $\phi$

By now, the secrecy throughput $\mathcal{T}_{\rm A}(\eta)$ conditioned on $\eta$ is given by

\mathcal{T}_{\rm A}(\eta)=R_{s}\left(1-Q\left[\sqrt{N}\lambda_{b}\frac{\ln\frac{\lambda_{b}}{\lambda_{e}}-R_{s}\ln 2}{\sqrt{\lambda_{b}^{2}-1}}\right]\right),

(34)

where $\lambda_{b}=1+\phi\rho_{b}$ and $\lambda_{e}=1+\phi\rho_{e}$ with $\rho_{b}>\rho_{e}$ . For notational simplicity, $\phi$ has been dropped from $\rho_{e}(\phi)$ . Obviously, maximizing $\mathcal{T}_{\rm A}(\eta)$ is equivalent to maximizing the following function:

L(\phi)=\frac{\lambda_{b}}{\sqrt{\lambda_{b}^{2}-1}}\left({\ln\frac{\lambda_{b}}{\lambda_{e}}-R_{s}\ln 2}\right).

(35)

Theorem 7

$L(\phi)$ in (35) is a concave function of $\phi$ , and the optimal $\phi^{*}$ maximizing $L(\phi)$ is

\displaystyle\phi^{*}=\begin{cases}1,&\eta\geq\frac{\rho_{b}^{\circ}}{P_{b}}~{}{\rm and}~{}\frac{\rho_{e}(1)}{1+\rho_{e}(1)}<\frac{1}{1+\Gamma_{e}},\\ \phi^{\circ},&\rm otherwise.\end{cases}f

(36)

Here $\phi^{\circ}$ is the unique zero-crossing $\phi\in[0,1)$ of the following derivative:

\frac{dL(\phi)}{d\phi}=\frac{(1-A_{\phi}){\lambda_{b}}-1}{\phi\sqrt{\lambda_{b}^{2}-1}}-\frac{({\lambda_{b}-1})\left({\ln{\lambda_{b}}-B_{\phi}}\right)}{\phi\left(\lambda_{b}^{2}-1\right)^{3/2}},

(37)

where $A_{\phi}\triangleq\frac{\phi}{\lambda_{e}}\left(\rho_{e}+\phi\frac{d\rho_{e}}{d\phi}\right)$ and $B_{\phi}\triangleq\ln\lambda_{e}+R_{s}\ln 2$ with $\frac{d\rho_{e}}{d\phi}$ given in Lemma 2, and $\rho_{b}^{\circ}$ is the unique root $\rho_{b}$ of the equation $X(\rho_{b})=0$ with $X(\rho_{b})$ given below:

X(\rho_{b})=(1-A_{1})(1+\rho_{b})-1-\frac{\ln(1+\rho_{b})-B_{1}}{2+\rho_{b}}.

(38)

Proof 12

Please refer to Appendix -F.

Theorem 7 shows that, the naive beamforming scheme without injecting any AN is optimal for maximizing the secrecy throughput only when the quality of the main channel is good enough and meanwhile the quality of the wiretap channel is poor or a high information leakage probability is acceptable. Using the derivative rule for implicit functions with (37) proves that $\frac{d\phi^{*}}{dR_{s}}>0$ , which suggests that in order to support a higher secrecy rate, a larger fraction of power should be allocated to the information signal although at the cost of a larger required rate redundancy.

For a robust design perspective, a worst-case scenario is considered by ignoring Eve’s thermal noise, i.e., $\Gamma_{e}\rightarrow\infty$ in (31), such that $\rho_{e}=\frac{\Lambda}{1-\phi}$ with $\Lambda=(M-1)(\delta^{\frac{1}{1-M}}-1)$ . It is seen from (37) that $\phi^{*}$ is a function of $\eta$ and $\delta$ , and the monotonicity of $\phi^{*}$ is revealed as below.

Corollary 5

For the worst case $\Gamma_{e}\rightarrow\infty$ , the optimal power allocation $\phi^{*}$ is non-decreasing w.r.t. $\eta$ and $\delta$ . Moreover, $\lim_{\eta\rightarrow\infty}\phi^{*}=\frac{1}{\sqrt{\Lambda}+1}$ and $\lim_{\delta\rightarrow 1}\phi^{*}=1$ .

Proof 13

Please refer to Appendix -G.

Corollary 5 suggests that when the quality of the main channel improves (i.e., a larger $\eta$ ) or the secrecy requirement is relaxed (i.e., a larger $\delta$ ), it would be more appealing to use a higher signal power to promote the main channel than to increase the AN power to degrade the wiretap channel. This is because that the main channel becomes the dominate factor to the improvement of secrecy throughput. Different from Theorem 7 where $\phi^{*}=1$ can be achieved, the optimal $\phi^{*}$ here only can be increased up to $\frac{1}{\sqrt{\Lambda}+1}$ as $\eta\rightarrow\infty$ due to Eve’s background noise being ignored. Besides, it is unsurprising that $\phi^{*}=1$ for $\delta=1$ since there is no secrecy requirement.

IV-A6 Solving $R_{s}$

For any given power allocation $\phi^{*}$ , it can be proved that the secrecy throughput $\mathcal{T}_{\rm A}(\eta)$ is a concave function of the secrecy rate $R_{s}$ as done in Theorem 2. Hence, the optimal $R_{s}^{*}$ maximizing $\mathcal{T}_{\rm A}(\eta)$ is given by (12) and a closed-form lower bound on $R_{s}^{*}$ can be found in (14). Eventually, problem (26) can be addressed via an alternating optimization (AO) method, which is summarized in Algorithm 1. In addition, at the high $\eta$ regime, the optimal $\phi^{*}$ is independent of $R_{s}$ , and hence a global optimal pair $(\phi^{*},R_{s}^{*})$ is obtained for maximizing $\mathcal{T}_{\rm A}(\eta)$ .

Algorithm 1 AO Algorithm for Solving Problem (26)

1: Initialize

k=1

\phi^{(0)}\in[0,1]

R_{s}^{(0)}\geq 0

, and assign

\epsilon

a sufficiently small positive value, e.g.,

\epsilon=10^{-10}

;

2: Input

\delta\in[0,1]

N\geq 1

, and

P_{b},\Gamma_{e},\eta=\|\bm{h}_{b}\|^{2}>0

;

3: Calculate

\mu

from (32) and

\mathcal{T}_{\rm A}^{(0)}(\eta)=R_{s}^{(0)}p_{s}^{(0)}

;

4: if

\eta<\mu

then

\mathcal{T}_{\rm A}^{(k)}(\eta)\leftarrow 0

;

6: else

7: Update

\phi^{(k)}\leftarrow\phi^{(k-1)}

R_{s}^{(k)}\leftarrow R_{s}^{(k-1)}

;

8: Calculate

\rho_{b}^{\circ}

from (38);

9: if

P_{b}\eta\geq\rho_{b}^{\circ}

then

10:

\phi^{(k)}\leftarrow 1

;

11: else

12: Calculate

\phi^{(k)}

from (37);

13: end if

14: Calculate

R_{s}^{(k)}

from (12);

15: Update

\mathcal{T}_{\rm A}^{(k)}(\eta)\leftarrow R_{s}^{(k)}p_{s}^{(k)}

;

16: while

\left|\left[\mathcal{T}_{\rm A}^{(k)}(\eta)-\mathcal{T}_{\rm A}^{(k-1)}(\eta)\right]/{\mathcal{T}_{\rm A}^{(k-1)}(\eta)}\right|\geq\epsilon

17: Update

k\leftarrow k+1

;

18: Repeat step 7 to step 15;

19: end while

20: end if

21: Output

\mathcal{T}_{\rm A}^{(k)}(\eta)

Fig. 6 illustrates the optimal power allocation $\phi^{*}$ and the corresponding maximal secrecy throughput $\mathcal{T}_{\rm A}(\eta)$ for varying secrecy rate $R_{s}$ . The maximal $\mathcal{T}_{\rm A}(\eta)$ is concave on $R_{s}$ , which guarantees the global optimality of the solution and the convergence of the proposed AO algorithm. The optimal $\phi^{*}$ increases with $\eta$ and $R_{s}$ , which verifies Corollary 5. In addition, the curves of $\phi^{*}$ and $\mathcal{T}_{\rm A}(\eta)$ are truncated after $R_{s}$ exceeds some critical values. This can be explained similarly as that of Fig. 2. It is shown that $\phi^{*}$ increases with the blocklength $N$ , although slightly. This is because, increasing $N$ will mildly decrease the information leakage probability $\mathcal{O}_{e}$ , thus allowing a larger portion of power to be devoted to transmitting the information-bearing signal.

IV-B Non-Adaptive Optimization Scheme

This subsection examines the secrecy throughput maximization through a non-adaptive design manner for the multi-antenna transmitter case. The problem can be formulated as


$\displaystyle\max_{\mu,R_{e},R_{s},n,\alpha,\phi}$	$\displaystyle~{}\mathcal{T}_{\rm N}=R_{s}\bar{p}_{s}$	(39a)
$\displaystyle~{}~{}{\rm s.t.}~{}$	$\displaystyle~{}\eqref{st_max_c1}-\eqref{st_max_c3},~{}0\leq\alpha,\phi\leq 1,$	(39b)

where $\bar{p}_{s}$ is the average successful decoding probability.

The basic idea to solve problem (39) is similar to that of problem (15). Again, the optimal rate redundancy is $R_{e}^{*}=\mathcal{O}_{e}^{-1}(\delta)$ with $\mathcal{O}_{e}$ given in (4). For the adaptive case, it is known from (IV-A2) that $\kappa(\gamma_{b}(\phi,1),\alpha)>\kappa(\Phi_{e}(\phi,1),\alpha)\Rightarrow\eta>\mu(\phi)=\frac{\rho_{e}(\phi)}{P_{b}}$ suffices to guarantee a positive secrecy rate $R_{s}$ with the threshold $\mu(\phi)$ independent of $\alpha$ , and then $\alpha^{*}=1$ is optimal for secrecy throughput maximization. As for the non-adaptive one, supporting a certain secrecy rate $R_{s}$ requires that $1+\kappa(\gamma_{b}(\phi,1),\alpha)>2^{R_{s}}(1+\kappa(\Phi_{e}(\phi,1),\alpha))$ which is further transformed to

\eta>\mu(\phi)=\frac{1}{\phi P_{b}}\frac{1}{\frac{\alpha}{2^{R_{s}}(1+\kappa(\Phi_{e}^{*}(\phi,1),\alpha))-1}-1+\alpha}.

(40)

Although $\mu(\phi)$ herein depends on $\alpha$ , it is proved that $\mu(\phi)$ monotonically decreases with $\alpha$ . Hence, $\alpha^{*}=1$ is still throughput-optimal for the non-adaptive case. Accordingly, the optimal threshold is $\mu^{*}=\frac{2^{R_{s}}(1+\phi\rho_{e})}{\phi P_{b}}$ . Similar to the proof of Theorem 3, using the maximal blocklength is optimal for maximizing secrecy throughput, regardless of the distribution of $\gamma_{b}$ . Hence, the optimal blocklength is $n^{*}=N$ . Afterwards, the secrecy throughput is calculated from (III-B):

	$\displaystyle\mathcal{T}_{\rm N}$	$\displaystyle=R_{s}\bar{p}_{s}=R_{s}\left[1-\frac{1}{2}\mathcal{F}_{\gamma_{b}}(\theta_{b}^{2})-\frac{\beta}{\theta_{b}}\int_{\theta_{b}^{2}}^{\tau^{u}_{b}}\mathcal{F}_{\gamma_{b}}(\gamma)d\gamma\right]$
		$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{=}}R_{s}\left[\frac{\bar{\Gamma}(M,\varrho_{1})}{2}+\frac{\phi\Gamma_{b}\beta}{\theta_{b}}\Delta\Gamma\right],$		(41)

where $\mathrm{(a)}$ holds by invoking the CDF $\mathcal{F}_{\gamma_{b}}(\gamma)$ of $\gamma_{b}$ in (29) and computing the integral, with $\Delta\Gamma\triangleq\sum_{k=0}^{M-1}\left[\bar{\Gamma}(k+1,\varrho_{1})-\bar{\Gamma}(k+1,\varrho_{2}\right])$ and $\bar{\Gamma}(m+1,x)\triangleq\sum_{k=0}^{m}\frac{x^{k}e^{-x}}{k!}$ being the regularized upper incomplete gamma function, with $\varrho_{1}=\frac{\theta_{b}^{2}}{\phi\Gamma_{b}}$ , $\varrho_{2}=\frac{\theta_{b}^{2}}{\phi\Gamma_{b}}+\frac{{\theta_{b}}}{2\beta\phi\Gamma_{b}}$ , $\theta_{b}=\sqrt{2^{R_{s}+R_{e}^{*}}-1}$ , and $\beta=\frac{\sqrt{N}}{2\pi}$ . Differentiating $\mathcal{T}_{\rm N}$ w.r.t. $\phi$ yields

	$\displaystyle\frac{d\mathcal{T}_{\rm N}}{d\phi}=$	$\displaystyle R_{s}\bigg{[}\frac{\varpi_{1}\varrho_{1}^{M}e^{-\varrho_{1}}}{2(M-1)!}+\frac{\phi\Gamma_{b}\beta\varpi_{2}\Delta\Gamma}{\theta_{b}}+\beta\theta_{b}\varpi_{1}\Gamma(M,\varrho_{1})$
		$\displaystyle-\left(\beta\theta_{b}\varpi_{1}+\frac{\varpi_{2}}{2}\right)\bar{\Gamma}(M,\varrho_{2})\bigg{]},$		(42)

where $\varpi_{1}=\frac{1}{\phi}-\frac{2^{R_{s}}}{\theta_{b}^{2}}\frac{d\lambda_{e}}{d\phi}$ and $\varpi_{2}=\frac{1}{\phi}-\frac{2^{R_{s}}}{2\theta_{b}^{2}}\frac{d\lambda_{e}}{d\phi}$ with $\lambda_{e}$ given in (34). It is verified that the derivative $\frac{d\mathcal{T}_{\rm N}}{d\phi}$ is monotonically decreasing with $\phi$ . In other words, for a fixed $R_{s}$ , the optimal $\phi^{*}$ that maximizes $\mathcal{T}_{\rm N}$ is unique, which is $\phi^{*}=1$ if $\frac{d\mathcal{T}_{\rm N}}{d\phi}|_{\phi=1}>0$ or otherwise satisfies $\frac{d\mathcal{T}_{\rm N}}{d\phi}=0$ . Likewise, it is confirmed that the derivative

	$\displaystyle\frac{d\mathcal{T}_{\rm N}}{dR_{s}}=$	$\displaystyle\frac{\bar{\Gamma}(M,\varrho_{1})}{2}+\frac{\phi\Gamma_{b}\beta}{\theta_{b}}\Delta\Gamma-\frac{\lambda_{e}R_{s}2^{R_{s}}\ln 2}{\theta_{b}}\bigg{[}{\beta}\bar{\Gamma}(M,\varrho_{1})$
		$\displaystyle+\frac{\phi\Gamma_{b}\beta\Delta\Gamma}{2\theta_{b}^{2}}+\frac{\varrho_{1}^{M}e^{-\varrho_{1}}}{2\theta_{b}(M-1)!}-\left({\beta}+\frac{1}{4\theta_{b}}\right)\bar{\Gamma}(M,\varrho_{2})\bigg{]}$		(43)

is first positive and then negative with increasing $R_{s}$ , and the unique optimal $R_{s}^{*}$ maximizing $\mathcal{T}_{\rm N}$ can be calculated via a bisection method with the equation $\frac{d\mathcal{T}_{\rm N}}{dR_{s}}=0$ .

The monotonicity of $\mathcal{T}_{\rm N}$ w.r.t. $\phi$ and $R_{s}$ is verified in Fig. 7, where, similar to Fig. 6, $\mathcal{T}_{\rm N}$ is given with the optimal $\phi^{*}$ or $R_{s}^{*}$ . This implies that the global maximal $\mathcal{T}_{\rm N}$ is practically achieved even by alternatively solving the optimal $\phi$ and $R_{s}$ . As expected, $\mathcal{T}_{\rm N}$ improves with a larger blocklength $N$ and a looser secrecy constraint (a larger $\delta$ ). It is found that $R_{s}^{*}$ first increases and then might decrease with $\phi$ , which means that a moderate $R_{s}$ is desired to balance the decoding and throughput performance. On the other hand, a larger $\phi^{*}$ is required to support an increasing $R_{s}$ . It is also shown that $R_{s}^{*}$ for a fixed $\phi$ increases with $N$ , since a larger $N$ improves the decoding performance which then affords a larger $R_{s}$ . Nevertheless, $\phi^{*}$ decreases with $N$ in the low $R_{s}$ regime whereas increases with $N$ in the high $R_{s}$ regime. It can be explained as follows: for a low $R_{s}$ , the rate redundancy $R_{e}$ has a great impact on the decoding performance, and hence the AN power should be increased as $N$ increases to better combat the eavesdropper; in contrast, for a large $R_{s}$ , the decoding correctness is more affected by the main channel quality, which requires a larger signal power to maintain a high decoding probability.

Proposition 1

For the high average channel gain $\Gamma_{b}\rightarrow\infty$ , $\mathcal{T}_{\rm N}$ in (IV-B) is approximated as

\lim_{\Gamma_{b}\rightarrow\infty}\mathcal{T}_{\rm N}=R_{s}\left(1-\frac{\varrho_{1}^{M}}{2M!}\right).

(44)

Proof 14

Please refer to Appendix -H.

Proposition 1 shows that for a high average channel gain, the secrecy throughput becomes independent of the blocklength. In consequence, the optimal $\phi^{*}$ and $R_{s}^{*}$ maximizing $\mathcal{T}_{\rm N}$ in (44) admit the following closed-form approximations [22, (19), (20)]

	$\displaystyle\lim_{\Gamma_{b}\rightarrow\infty}\phi^{*}$	$\displaystyle=\frac{1}{\sqrt{\Lambda}+1},~{}~{}~{}$		(45)
	$\displaystyle\lim_{\Gamma_{b}\rightarrow\infty}R_{s}^{*}$	$\displaystyle=\frac{1}{M\ln 2}\left[\mathcal{W}_{0}\left(\frac{2\exp(1)M!\Gamma_{b}^{M}}{(\sqrt{\Lambda}+1)^{2M}}\right)-1\right].$		(46)

Fig. 8 illustrates the influence of the number of transmit antennas $M$ on the maximal secrecy throughput $\mathcal{T}^{*}$ for both adaptive and non-adaptive schemes and the relative secrecy throughput gain $\Delta\mathcal{T}=\frac{\mathcal{T}_{\rm A}^{*}-\mathcal{T}_{\rm N}^{*}}{\mathcal{T}_{\rm N}^{*}}$ . It is not surprising that deploying more transmit antennas can significantly improve the secrecy throughput for both schemes. Similar to the observation in Fig. 4, both $\mathcal{T}_{\rm A}^{*}$ and $\mathcal{T}_{\rm N}^{*}$ increase with $\delta$ and $N$ , but the benefit to $\mathcal{T}_{\rm N}^{*}$ brought by a larger $N$ is nearly negligible. The right-hand-side subgraph shows that $\Delta\mathcal{T}$ drops sharply as $M$ increases but grows for a larger $N$ and a smaller $\delta$ . This indicates that the superiority of the adaptive scheme over its non-adaptive counterpart is more pronounced for the scenarios requiring a large blocklengh, having few transmit antennas, suffering from a stringent secrecy constraint, etc; otherwise, the non-adaptive scheme might be appealing because of the low-complexity off-line design.

IV-C A Note on Multi-Antenna Eve

This subsection examines the secure transmission in the presence of an Eve with $M_{e}$ antennas. Assume that Eve employs the minimum mean-squared error (MMSE) receiver, and then the CDF of Eve’s SINR under the null-space AN scheme can be given as [24]:

\mathcal{F}_{\gamma_{e}}(x)=1-e^{-\frac{x}{\phi P_{e}}}\sum_{n=1}^{M_{e}}\frac{A_{n}(x)}{(n-1)!}\left(\frac{x}{\phi P_{e}}\right)^{n-1},

(47)

where

\displaystyle A_{n}(x)=\begin{cases}1,&M_{e}\geq M-1+n,\\ \frac{\sum_{m=0}^{M_{e}-n}\binom{M-1}{m}(\xi x)^{m}}{(1+\xi x)^{M-1}},&M_{e}<M-1+n.\\ \end{cases}

(48)

The information leakage probability $\mathcal{O}_{e}$ is obtained by substituting (47) into (50), and the secrecy throughput can be optimized similarly as described in the above two subsections.

By ignoring the receiver noise at Eve, i.e., considering Eve’s transmit power $P_{e}\rightarrow\infty$ , one can obtain $\mathcal{F}_{\gamma_{e}}(x)=1-A_{1}(x)$ . Furthermore, if Eve has more antennas than Alice, i.e., $M_{e}\geq M$ , one have $A_{1}(x)=1$ , $\mathcal{F}_{\gamma_{e}}(x)=0$ , and accordingly $\mathcal{O}_{e}=1$ . This means, when $P_{e}\rightarrow\infty$ , Eve with enough antennas can completely eliminate all the AN signals with an MMSE receiver such that her SNR will approach infinity. As a consequence, the SOP constraint can no longer be satisfied for any chosen rate redundancy, and no positive secrecy rate can be achieved from the perspective of secrecy outage. In other words, the null-space AN scheme can safeguard secure transmissions well for the finite blocklength regime only when the eavesdropper has fewer antennas than the transmitter, and this conclusion is the same as that for the infinite blocklength case.

V Conclusions

This paper investigated the design of secure transmissions in slow fading channels, where secrecy encoding with finite blocklength was employed to confront the eavesdropper. Both adaptive and non-adaptive schemes were devised to maximize the secrecy throughput, providing the optimal threshold of the on-off transmission policy, blocklength, code rates, and power allocation of the AN scheme. Theoretical and numerical results showed that, under the on-off policy, increasing the blocklength can simultaneously enhance the reliability and secrecy, and thus the secrecy throughput is maximized when using the maximal blocklength. In addition, since an overly large secrecy rate will significantly decrease the successful decoding probability thus lowering the secrecy throughput, there exists a critical secrecy rate, but not as large as possible, that can achieve the maximal secrecy throughput.

-A Proof of Lemma 1

For tractability, a piece-wise linear approximation approach is leveraged to approximate the $Q$ -function given in (2), i.e., $Q\left(\frac{C_{i}-R_{i}}{\sqrt{V_{i}/n}}\right)\approx\Xi(\gamma_{i},n,R_{i})$ for $i\in\{b,e\}$ [32, 33],³³3 This approximation has been extensively applied to the finite-blocklength scenarios, and its accuracy has been well validated. with

\displaystyle\Xi(\gamma_{i},n,R_{i})=\begin{cases}0,&\gamma_{i}>\tau^{u}_{i},\\ \frac{1}{2}-\frac{\beta}{\theta_{i}}(\gamma_{i}-\theta_{i}^{2}),&\tau^{l}_{i}\leq\gamma_{i}\leq\tau^{u}_{i},\\ 1,&\gamma_{i}<\tau^{l}_{i},\\ \end{cases}

(49)

where $\beta\triangleq\frac{\sqrt{n}}{2\pi}$ , $\theta_{i}\triangleq\sqrt{2^{R_{i}}-1}$ , $\tau^{u}_{i}\triangleq\theta_{i}^{2}+\frac{\theta_{i}}{2\beta}$ , and $\tau^{l}_{i}\triangleq\theta_{i}^{2}-\frac{\theta_{i}}{2\beta}$ .⁴⁴4Generally, $\theta_{i}>\frac{1}{2\beta}$ or $R_{i}>\log_{2}\left(1+{\pi^{2}}/{n}\right)$ should be satisfied to ensure a positive $\tau_{i}^{l}$ . With (49), the information leakage probability $\mathcal{O}_{e}$ defined in (4) is calculated as

\displaystyle\mathcal{O}_{e}=1-\mathbb{E}_{\gamma_{e}}\left[\Xi(\gamma_{e},n,R_{e})\right]=1-\frac{\beta}{\theta_{e}}\int_{\tau^{l}_{e}}^{\tau^{u}_{e}}\mathcal{F}_{\gamma_{e}}(\gamma)d\gamma,

(50)

where $\mathcal{F}_{\gamma_{i}}(\gamma)=1-e^{-\gamma/\Gamma_{i}^{2}}$ is the CDF of $\gamma_{i}$ for $i\in\{b,e\}$ , and the last equality in (50) follows from invoking (49) and using partial integration. Next, treat $n$ as a continuous variable. As $R_{e}^{*}$ satisfies $\mathcal{O}_{e}(R_{e}^{*})=\delta$ , the derivative $\frac{dR_{e}^{*}}{dn}$ is obtained by using the derivative rule for implicit functions [23] with $\mathcal{O}_{e}(R_{e}^{*})=\delta$ , i.e.:

\frac{dR_{e}^{*}}{dn}=-\frac{\partial\mathcal{O}_{e}/\partial n}{\partial\mathcal{O}_{e}/\partial R_{e}^{*}}.

(51)

First, it can be proved that $\frac{\partial\mathcal{O}_{e}}{\partial R_{e}^{*}}=\frac{\partial\mathcal{O}_{e}}{\partial\theta_{e}}\frac{\partial\theta_{e}}{\partial R_{e}^{*}}<0$ by noting that $\frac{\partial\theta_{e}}{\partial R_{e}^{*}}>0$ and

	$\displaystyle\frac{\partial\mathcal{O}_{e}}{\partial\theta_{e}}=\frac{\beta}{\theta_{e}^{2}}\int_{\tau^{l}_{e}}^{\tau^{u}_{e}}\mathcal{F}_{\gamma_{e}}(\gamma)d\gamma-\frac{\beta}{\theta_{e}}\left[\frac{d\tau^{u}_{e}}{d\theta_{e}}\mathcal{F}_{\gamma_{e}}(\tau^{u}_{e})-\frac{d\tau^{l}_{e}}{d\theta_{e}}\mathcal{F}_{\gamma_{e}}(\tau^{l}_{e})\right]$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{\leq}}\frac{\beta}{\theta_{e}^{2}}\left[\gamma\mathcal{F}_{\gamma_{e}}(\gamma)\right]\|^{\tau^{u}_{e}}_{\tau^{l}_{e}}-\frac{4\beta\theta_{e}+1}{2\theta_{e}}\mathcal{F}_{\gamma_{e}}(\tau^{u}_{e})+\frac{4\beta\theta_{e}-1}{2\theta_{e}}\mathcal{F}_{\gamma_{e}}(\tau^{l}_{e})$
	$\displaystyle=\beta\left[\mathcal{F}_{\gamma_{e}}(\tau^{l}_{e})-\mathcal{F}_{\gamma_{e}}(\tau^{u}_{e})\right]<0,$

where $\mathrm{(a)}$ follows from the partial integration. The next step is to determine the sign of $\frac{\partial\mathcal{O}_{e}}{\partial n}=\frac{\partial\mathcal{O}_{e}}{\partial\beta}\frac{\partial\beta}{\partial n}$ . The first and second derivatives of $\mathcal{O}_{e}$ w.r.t. $\beta$ are respectively given by

	$\displaystyle\frac{\partial\mathcal{O}_{e}}{\partial\beta}$	$\displaystyle=\frac{1}{2\beta}\left[\mathcal{F}_{\gamma_{e}}(\tau^{u}_{e})+\mathcal{F}_{\gamma_{e}}(\tau^{l}_{e})\right]-\frac{1}{\theta_{e}}\int_{\tau^{l}_{e}}^{\tau^{u}_{e}}\mathcal{F}_{\gamma_{e}}(\gamma)d\gamma,$		(52)
	$\displaystyle\frac{\partial^{2}\mathcal{O}_{e}}{\partial\beta^{2}}$	$\displaystyle=\frac{\theta_{e}}{4\beta^{3}}\left[f_{\gamma_{e}}(\tau^{l}_{e})-f_{\gamma_{e}}(\tau^{u}_{e})\right].$		(53)

It is easy to see $\frac{\partial^{2}\mathcal{O}_{e}}{\partial\beta^{2}}>0$ as $f_{\gamma_{e}}(\gamma)=\frac{1}{\Gamma_{e}}e^{-{\gamma}/{\Gamma_{e}}}$ decreases with $\gamma$ and $\tau^{u}_{e}>\tau^{l}_{e}$ . This indicates that $\frac{\partial\mathcal{O}_{e}}{\partial\beta}$ increases with $\beta$ such that $\frac{\partial\mathcal{O}_{e}}{\partial\beta}<\frac{\partial\mathcal{O}_{e}}{\partial\beta}|_{\beta\rightarrow\infty}=0$ . Combining $\frac{\partial\mathcal{O}_{e}}{\partial\beta}<0$ and $\frac{\partial\beta}{\partial n}>0$ yields $\frac{\partial\mathcal{O}_{e}}{\partial n}<0$ . With $\frac{\partial\mathcal{O}_{e}}{\partial R_{e}^{*}}<0$ and $\frac{\partial\mathcal{O}_{e}}{\partial n}<0$ in (51), $\frac{dR_{e}^{*}}{dn}<0$ is obtained, which completes the proof.

-B Proof of Theorem 1

The derivative of $p_{s}$ w.r.t. $n$ is given by

\frac{dp_{s}}{dn}=\frac{1}{\sqrt{2\pi}}e^{-\frac{n(C_{b}-R_{t})^{2}}{2V_{b}}}\left[\frac{C_{b}-R_{t}}{2\sqrt{nV_{b}}}-\sqrt{\frac{n}{V_{b}}}\frac{dR_{e}^{*}}{dn}\right],

(54)

which follows from the derivative $\frac{dQ(x)}{dx}=\frac{-1}{\sqrt{2\pi}}e^{-\frac{x^{2}}{2}}$ . Plugging $\frac{dR_{e}^{*}}{dn}<0$ , as shown in Lemma 1, into (54) yields $\frac{dp_{s}}{dn}>0$ . For a fixed $R_{s}$ in (10), it is directly concluded that $\frac{d\mathcal{T}_{\rm A}(\eta)}{dn}>0$ , which means that $\mathcal{T}_{\rm A}(\eta)$ monotonically increases with $n$ . Since $n$ is an integer, $\mathcal{T}_{\rm A}(\eta)$ is maximized at the maximal integer of $n$ , i.e., $n=N$ , which completes the proof.

-C Proof of Theorem 2

From (13), it is easy to prove that $\frac{d^{2}\mathcal{T}_{\rm A}(\eta)}{dR_{s}^{2}}<0$ , i.e., $\mathcal{T}_{\rm A}(\eta)$ is concave on $R_{s}$ . It is verified that $\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}}|_{R_{s}=0}=1-Q\left(\frac{C_{b}-R_{e}^{*}}{\sqrt{V_{b}/N}}\right)>0$ . As a result, $\mathcal{T}_{\rm A}(\eta)$ is maximized at the boundary $R_{s}=C_{b}-R_{e}^{*}$ if $\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}}|_{R_{s}=C_{b}-R_{e}^{*}}=\frac{1}{2}-\frac{C_{b}-R_{e}^{*}}{\sqrt{2\pi V_{b}/N}}\geq 0\Rightarrow R_{e}^{*}\geq C_{b}-\sqrt{\frac{\pi V_{b}}{2N}}$ or otherwise at the unique zero-crossing of $\frac{d\mathcal{T}_{\rm A}(\eta)}{dR_{s}}$ , i.e., $R_{s}^{\circ}$ . Next, the condition $R_{e}^{*}\geq C_{b}-\sqrt{\frac{\pi V_{b}}{2N}}$ is equivalently transformed to that $\gamma_{b}$ does not exceed a critical value $\gamma_{b}^{\circ}$ . Let $\psi(\gamma_{b})=C_{b}-\sqrt{\frac{\pi V_{b}}{2N}}$ . It can be readily confirmed that $\psi(\gamma_{b})<0$ , and $\psi(\gamma_{b})$ decreases with $\gamma_{b}$ if $0<\gamma_{b}<\gamma_{b}^{L}\triangleq\sqrt{\frac{1}{2}+\sqrt{\frac{1}{4}+\frac{\pi}{2N}}}-1$ or otherwise increases with $\gamma_{b}$ . This leads to $R_{e}^{*}\geq\psi(\gamma_{b})\Rightarrow\gamma_{b}\leq\gamma_{b}^{\circ}\triangleq\psi^{-1}(R_{e}^{*})$ . An upper bound for $\gamma_{b}^{\circ}$ is further provided by realizing that $\psi(\gamma_{b}^{\circ})=R_{e}^{*}>\log_{2}(1+\gamma_{b}^{\circ})-\sqrt{\frac{\pi}{2N}}\log_{2}e\Rightarrow\gamma_{b}^{\circ}<\gamma_{b}^{U}\triangleq e^{\sqrt{\frac{\pi}{2N}}+R_{e}^{*}\ln 2}-1$ . Then, $\gamma_{b}^{\circ}$ can be quickly calculated using the bisection method with $\psi(\gamma_{b})=R_{e}^{*}$ in the range $(\gamma_{b}^{L},\gamma_{b}^{U})$ . This completes the proof.

-D Proof of Theorem 4

First, display the derivative $\frac{dY(\theta_{b})}{d\theta_{b}}$ in a recursive form $\frac{dY(\theta_{b})}{d\theta_{b}}=\frac{1}{\theta_{b}}-\left(\frac{1}{\theta_{b}}+\frac{1}{2\beta\Gamma_{b}}\right)Y(\theta_{b})$ with $Y(\theta_{b})$ in (20). Then, the derivative $\frac{d\mathcal{T}_{\rm N}}{d\theta_{b}}$ is given by $\frac{d\mathcal{T}_{\rm N}}{d\theta_{b}}=\frac{\theta_{b}}{1+\theta_{b}^{2}}e^{-\frac{\theta_{b}^{2}}{\Gamma_{b}}}G(\theta_{b})$ , with $G(\theta_{b})$ presented in (21). It is easily proved that $G(\theta_{b})>0$ when $\theta_{b}=\sqrt{2^{R_{e}^{*}}-1}$ and $G(\theta_{b})<0$ as $\theta_{b}\rightarrow\infty$ . The key step of the proof is to argue that $G(\theta_{b})$ monotonically decreases with $\theta_{b}$ , which guarantees a unique zero-crossing of $G(\theta_{b})$ within $\theta_{b}\in(\sqrt{2^{R_{e}^{*}}-1},\infty)$ . In other words, ${\mathcal{T}_{\rm N}}$ initially increases and then decreases with $\theta_{b}$ and reaches the maximum when $\theta_{b}$ arrives at the unique zero-crossing of $G(\theta_{b})$ . To this end, it is necessary to calculate the derivative $\frac{dG(\theta_{b})}{d\theta_{b}}$ :

\frac{dG(\theta_{b})}{d\theta_{b}}=\frac{\frac{dY(\theta_{b})}{d\theta_{b}}-2g(\theta_{b})}{\ln 2}-\left[\log_{2}(1+\theta_{b}^{2})-R_{e}^{*}\right]h(\theta_{b}),

(55)

where $h(\theta_{b})=\left(1-\frac{1}{\theta_{b}^{2}}\right)g(\theta_{b})+\frac{1+\theta_{b}^{2}}{\theta_{b}}\frac{dg(\theta_{b})}{d\theta_{b}}$ . To proceed, the following lemma is introduced.

Lemma 3

$Y(\theta_{b})$ decreases with $\theta_{b}$ and satisfies

\frac{2\beta\Gamma_{b}}{\theta_{b}+2\beta\Gamma_{b}}<Y(\theta_{b})<\min\left\{1,\frac{2\beta\Gamma_{b}}{\theta_{b}}\right\}.

(56)

Proof 15

Define $x\triangleq\frac{\theta_{b}}{2\beta\Gamma_{b}}$ such that $Y(\theta_{b})=\frac{1-e^{-x}}{x}$ . The monotonicity of $Y(\theta_{b})$ w.r.t. $\theta_{b}$ is due to $\frac{dY(\theta_{b})}{d\theta_{b}}=\frac{(1+x)e^{-x}-1}{x}<0$ . The lower bound of $Y(\theta_{b})$ is obtained from $\frac{dY(\theta_{b})}{d\theta_{b}}=\frac{1}{\theta_{b}}-\left(\frac{1}{\theta_{b}}+\frac{1}{2\beta\Gamma_{b}}\right)Y(\theta_{b})<0$ and the upper bound follows from $Y(\theta_{b})<\frac{1}{x}$ and $1-e^{-x}<x$ .

With the lower bound of $Y(\theta_{b})$ given in (56), it can be readily proved that $g(\theta_{b})>0$ such that the term ${\frac{dY(\theta_{b})}{d\theta_{b}}-2g(\theta_{b})}$ in (55) is negative. Besides, since $h(\theta_{b})\geq 0$ directly yields $\frac{dG(\theta_{b})}{d\theta_{b}}<0$ , one only needs to discuss the situation $h(\theta_{b})<0$ and prove that

$\displaystyle\frac{dG(\theta_{b})}{d\theta_{b}}\ln 2$	$\displaystyle\leq{\frac{dY(\theta_{b})}{d\theta_{b}}-2g(\theta_{b})}-h(\theta_{b})\ln(1+\theta_{b}^{2})$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{<}}{\frac{dY(\theta_{b})}{d\theta_{b}}-2g(\theta_{b})}-\theta_{b}^{2}h(\theta_{b})$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(b)}}}{{\leq}}-\frac{1}{\theta_{b}+2\beta\Gamma_{b}}\left(\frac{\theta_{b}^{2}}{\Gamma_{b}}+\frac{\theta_{b}^{4}}{\Gamma_{b}}+8\beta\theta_{b}+8\beta\theta_{b}^{3}-\theta_{b}^{2}\right)$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(c)}}}{{<}}0,$	(57)

where $\mathrm{(a)}$ is due to $\ln(1+x)\leq x$ , $\mathrm{(b)}$ holds by invoking Lemma 3 along with algebraic manipulations, and $\mathrm{(c)}$ derives from $8\beta\theta_{b}+8\beta\theta_{b}^{3}\geq 16\beta\theta_{b}^{2}>\theta_{b}^{2}$ as $\beta=\frac{\sqrt{N}}{2\pi}>\frac{1}{8}$ .

-E Proof of Theorem 5

First fix $R_{s}$ , and it is clear that the term $\frac{-\lambda_{b}R_{s}}{\sqrt{\lambda_{b}^{2}-1}}$ in (28) increases with $\alpha$ as $\lambda_{b}$ increases with $\alpha$ . It is also verified that the term $Z(\alpha)\triangleq\frac{\lambda_{b}(\ln\lambda_{b}-\ln\lambda_{e})}{\sqrt{\lambda_{b}^{2}-1}}$ in (28) increases with $\alpha$ by computing the derivative of $Z(\alpha)$ w.r.t. $\alpha$ :

$\displaystyle\frac{dZ(\alpha)}{d\alpha}$	$\displaystyle=\frac{\frac{d\lambda_{b}}{d\alpha}\left(\lambda_{b}^{2}-1-\ln\frac{\lambda_{b}}{\lambda_{e}}\right)-\frac{\lambda_{b}(\lambda_{b}^{2}-1)}{\lambda_{e}}\frac{d\lambda_{e}}{d\alpha}}{(\lambda_{b}^{2}-1)^{3/2}}$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{=}}\frac{\lambda_{b}(\lambda_{b}-1)\left[(\lambda_{b}-\lambda_{e})(\lambda_{b}+1)-\ln\frac{\lambda_{b}}{\lambda_{e}}\right]}{\alpha(\lambda_{b}^{2}-1)^{3/2}}$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(b)}}}{{\geq}}\frac{\lambda_{b}(\lambda_{b}-1)(\lambda_{b}-\lambda_{e})\left(\lambda_{b}+1-\frac{1}{\lambda_{e}}\right)}{\alpha(\lambda_{b}^{2}-1)^{3/2}}\stackrel{{\scriptstyle\mathrm{(c)}}}{{>}}0,$	(58)

where $\mathrm{(a)}$ holds by substituting $\frac{d\lambda_{i}}{d\alpha}=\frac{\lambda_{i}(\lambda_{i}-1)}{\alpha}$ for $i\in\{b,e\}$ , $\mathrm{(b)}$ follows from the inequality $\ln\frac{\lambda_{b}}{\lambda_{e}}\leq\frac{\lambda_{b}-\lambda_{e}}{\lambda_{e}}$ with $\lambda_{b}>\lambda_{e}>0$ , and $\mathrm{(c)}$ is due to $\lambda_{b}>\lambda_{e}>1$ . Hence, $p_{s}$ in (28) increases with $\alpha$ as $Q(x)$ decreases with $x$ . This indicates, $\alpha^{*}=1$ is optimal for maximizing $\mathcal{T}_{\rm A}(\eta)=R_{s}p_{s}$ for any given $R_{s}$ and $\eta$ and is also optimal for maximizing $\mathcal{T}_{\rm A}$ .

-F Proof of Theorem 7

Let $L(\phi)=L_{1}L_{2}$ , where $L_{1}=\frac{\lambda_{b}}{\sqrt{\lambda_{b}^{2}-1}}$ and $L_{2}={\ln\frac{\lambda_{b}}{\lambda_{e}}-R_{s}\ln 2}$ such that $\frac{dL_{1}}{d\phi}=-\rho_{b}(L_{1}^{2}-1)^{3/2}$ and $\frac{dL_{2}}{d\phi}=\frac{\rho_{b}}{\lambda_{b}}-\frac{\rho_{e}+\phi\frac{d\rho_{e}}{d\phi}}{\lambda_{e}}$ . Rewrite the second derivative as $\frac{d^{2}L(\phi)}{d\phi^{2}}=L_{1}(L_{1}^{2}-1)^{2}I(\phi)$ with $I(\phi)$ given by (-F) at the top of this page, where $\mathrm{(a)}$ holds by recalling the definition $L_{2}\leq\ln\frac{\lambda_{b}}{\lambda_{e}}$ and invoking the result $\frac{d^{2}\rho_{e}}{d\phi^{2}}>\frac{2}{\rho_{e}}\left(\frac{d\rho_{e}}{d\phi}\right)^{2}>0$ from Lemma 2, $\mathrm{(b)}$ follows from plugging $L_{1}=\frac{\lambda_{b}}{\sqrt{\lambda_{b}^{2}-1}}$ , using the inequality $\ln\frac{\lambda_{b}}{\lambda_{e}}\leq\frac{\lambda_{b}-\lambda_{e}}{\lambda_{e}}$ , and omitting the term $(\phi^{2}+\frac{2\phi}{\rho_{e}})(\frac{d\rho_{e}}{d\phi})^{2}$ , $\mathrm{(c)}$ holds by substituting $\frac{dL_{2}}{d\phi}$ into $\mathrm{(b)}$ , and $\mathrm{(d)}$ is established after some manipulation operations and by discarding the negative term $\frac{2(\lambda_{b}^{2}-1)}{\lambda_{b}\lambda_{e}^{2}}\left[\phi\rho_{b}\lambda_{e}-\lambda_{b}\left(\lambda_{b}^{2}-1\right)\right]$ noting that $\lambda_{b}=1+\phi\rho_{b}>\lambda_{e}$ . As indicated by (-F) that $L(\phi)$ is concave on $\phi$ , $L(\phi)$ is maximized at $\phi=1$ if $\frac{dL(\phi)}{d\phi}|_{\phi=1}\geq 0$ or otherwise at the unique zero-crossing of $\frac{dL(\phi)}{d\phi}$ . Besides, $\frac{dL(\phi)}{d\phi}|_{\phi=1}\geq 0$ is equivalent to $X(\rho_{b})\geq 0$ in (38). Clearly, $A_{1}=\frac{(1+\Gamma_{e})\rho_{e}(1)}{1+\rho_{e}(1)}<1$ must be ensured to yield a positive $X(\rho_{b})$ , with which it can be verified that $X(\rho_{b})$ increases with $\rho_{b}$ . As a consequence, $\frac{dL(\phi)}{d\phi}|_{\phi=1}\geq 0$ can be transformed to an explicit form with relation to $\rho_{b}$ , namely, $\rho_{b}\geq\rho_{b}^{\circ}$ . This completes the proof.

$\displaystyle I(\phi)$	$\displaystyle=3\rho_{b}^{2}L_{2}-\frac{2\rho_{b}\frac{dL_{2}}{d\phi}}{L_{1}(L_{1}^{2}-1)^{1/2}}-\frac{1}{(L_{1}^{2}-1)^{2}}\left[{\frac{\rho_{b}^{2}}{\lambda_{b}^{2}}+\frac{2\frac{d\rho_{e}}{d\phi}+(\phi+\phi^{2}\rho_{e})\frac{d^{2}\rho_{e}}{d\phi^{2}}-\rho_{e}^{2}-\phi^{2}(\frac{d\rho_{e}}{d\phi})^{2}}{\lambda_{e}^{2}}}\right]$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{\leq}}3\rho_{b}^{2}\ln\frac{\lambda_{b}}{\lambda_{e}}-\frac{2\rho_{b}}{L_{1}\sqrt{L_{1}^{2}-1}}\frac{dL_{2}}{d\phi}-\frac{1}{{(L_{1}^{2}-1)^{2}}}\left[{\frac{\rho_{b}^{2}}{\lambda_{b}^{2}}+\frac{2\frac{d\rho_{e}}{d\phi}+(\phi^{2}+\frac{2\phi}{\rho_{e}})(\frac{d\rho_{e}}{d\phi})^{2}-\rho_{e}^{2}}{\lambda_{e}^{2}}}\right]$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(b)}}}{{\leq}}\left[3\rho_{b}^{2}\frac{\lambda_{b}-\lambda_{e}}{\lambda_{e}}-{2\rho_{b}}\frac{\lambda_{b}^{2}-1}{\lambda_{b}}\frac{dL_{2}}{d\phi}-\left(\lambda_{b}^{2}-1\right)^{2}\left({\frac{\rho_{b}^{2}}{\lambda_{b}^{2}}+\frac{2\frac{d\rho_{e}}{d\phi}-\rho_{e}^{2}}{\lambda_{e}^{2}}}\right)\right]$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(c)}}}{{=}}\frac{\rho_{b}^{2}\left[3\lambda_{b}^{2}(\lambda_{b}-\lambda_{e})+\lambda_{e}(1-\lambda_{b}^{4})\right]}{\lambda_{b}^{2}\lambda_{e}}+\frac{2\rho_{b}(\lambda_{b}^{2}-1)}{\lambda_{b}\lambda_{e}}\left(\rho_{e}+\phi\frac{d\rho_{e}}{d\phi}\right)+\frac{(\lambda_{b}^{2}-1)^{2}}{\lambda_{e}^{2}}\left(\rho_{e}^{2}-2\frac{d\rho_{e}}{d\phi}\right)$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(d)}}}{{\leq}}-\frac{\phi\rho_{b}^{2}(\rho_{b}-\rho_{e})}{\lambda_{b}^{2}\lambda_{e}^{2}}\left[2\phi^{4}\rho_{b}^{3}\rho_{e}+\phi^{3}\rho_{b}^{2}(\rho_{b}+6\rho_{e})+\phi^{2}\rho_{b}(\rho_{b}+8\rho_{e})+5\phi\rho_{e}+1\right]<0,$	(59)

-G Proof of Corollary 5

Let $K(\phi)$ denote $\frac{dL(\phi)}{d\phi}$ in (37). It is verified that $\frac{d\phi^{*}}{d\eta}=-\frac{\partial K(\phi)/\partial\eta}{\partial K(\phi)/\partial\phi}|_{\phi=\phi^{*}}>0$ by recalling that $\frac{\partial K(\phi)}{\partial\phi}|_{\phi=\phi^{*}}<0$ from Theorem 7 and proving that

$\displaystyle\frac{\partial K(\phi)}{\partial\rho_{b}}\|_{\phi=\phi^{*}}$	$\displaystyle=\frac{\frac{\lambda_{b}^{2}-\lambda_{b}+1}{\lambda_{b}}-(1-A_{\phi^{}})+\frac{(2\lambda_{b}-1)(\ln\lambda_{b}-B_{\phi^{}})}{\lambda_{b}+1}}{\phi^{*}(\lambda_{b}^{2}-1)^{{5}/{2}}/P_{b}}$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{=}}\frac{\frac{1}{\lambda_{b}}-\lambda_{b}+(2\lambda_{b}^{2}-\lambda_{b}-1)(1-A_{\phi^{}})}{\phi^{}(\lambda_{b}^{2}-1)^{{5}/{2}}/P_{b}}$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(b)}}}{{\geq}}\frac{\lambda_{b}-1}{\phi^{*}(\lambda_{b}^{2}-1)^{{5}/{2}}/P_{b}}>0,$	(60)

where $\mathrm{(a)}$ is due to $\frac{\ln\lambda_{b}-B_{\phi^{*}}}{\lambda_{b}+1}={(1-A_{\phi^{*}}){\lambda_{b}}-1}$ from $K(\phi^{*})=0$ , and $\mathrm{(b)}$ is because $(1-A_{\phi^{*}})\lambda_{b}-1>0$ . Moreover, $\lim_{\eta\rightarrow\infty}K(\phi^{*})=\frac{1-A_{\phi^{*}}}{\phi^{*}}$ . Solving $K(\phi^{*})=0$ with $A_{\phi^{*}}=\frac{\phi^{*}\Lambda}{(1-\phi^{*})(1-\phi^{*}+\phi^{*}\Lambda)}$ yields $\phi^{*}=\frac{1}{\sqrt{\Lambda}+1}$ . Similarly, one can prove that $\frac{d\phi^{*}}{d\Lambda}<0\Rightarrow\frac{d\phi^{*}}{d\delta}>0$ and $\lim_{\delta\rightarrow 1}\phi^{*}=1$ .

-H Proof of Proposition 1

Note that $\varrho_{1},\varrho_{2}\rightarrow 0$ as $\Gamma_{b}\rightarrow\infty$ . Resorting to [22, Eqn. (44)] yields

\bar{\Gamma}(M,\varrho_{i})=e^{-\varrho_{i}}\sum_{k=0}^{M-1}\frac{\varrho_{i}^{k}}{k!}\approx 1-\frac{\varrho_{i}^{M}}{M!},~{}i\in\{1,2\},

(61)

and the term $\Delta\Gamma$ in (IV-B) is approximated as

		$\displaystyle\Delta\Gamma=\sum_{k=0}^{M-1}\left[\bar{\Gamma}(k+1,\varrho_{1})-\bar{\Gamma}(k+1,\varrho_{2})\right]$
		$\displaystyle=\sum_{k=0}^{M-1}\left(e^{-\varrho_{1}}\sum_{m=0}^{k}\frac{\varrho_{1}^{m}}{m!}-e^{-\varrho_{2}}\sum_{m=0}^{k}\frac{\varrho_{2}^{m}}{m!}\right)$
		$\displaystyle=\sum_{k=0}^{M-1}\frac{M-k}{k!}\left(e^{-\varrho_{1}}{\varrho_{1}^{k}}-e^{-\varrho_{2}}{\varrho_{2}^{k}}\right)$
		$\displaystyle=M\Delta\Gamma(M-1,\varrho_{1},\varrho_{2})-\varrho_{1}\bar{\Gamma}(M-1,\varrho_{1})+\varrho_{2}\bar{\Gamma}(M-1,\varrho_{2})$
		$\displaystyle\approx M\left(\frac{\varrho_{1}^{M}}{M!}-\frac{\varrho_{2}^{M}}{M!}\right)-\left[\varrho_{1}-\frac{\varrho_{1}^{M}}{(M-1)!}\right]+\left[\varrho_{2}-\frac{\varrho_{2}^{M}}{(M-1)!}\right]$
		$\displaystyle=\varrho_{2}-\varrho_{1}=\frac{{\theta_{b}}}{2\beta\phi\Gamma_{b}}.$		(62)

Substituting (61) and (-H) into (IV-B) completes the proof.

References

[1]
[2] M. Bloch and J. Barros, Physical-Layer Security: From Information Theory to Security Engineering. Cambridge University Press, 2011.
[3] A. Mukherjee, S. A. A. Fakoorian, J. Huang, and A. L. Swindlehurst, “Principles of physical layer security in multiuser wireless networks: A survey,” IEEE Commun. Surveys Tuts., vol. 16, no. 3, pp. 1550–1573, Aug. 2014.
[4] N. Yang, L. Wang, G. Geraci, M. Elkashlan, J. Yuan, and M. D. Renzo, “Safeguarding 5G wireless communication networks using physical layer security,” IEEE Commun. Mag., vol. 53, no. 4, pp. 20–27, Apr. 2015.
[5] Y. Zou, X. Wang, and L. Hanzo, “A survey on wireless security: Technical challenges, recent advances and future trends,” Proc. IEEE, vol. 104, no. 9, pp. 1727–1765, Sep. 2016.
[6] H.-M. Wang and T.-X. Zheng, Physical Layer Security in Random Cellular Networks. Singapore: Springer, Oct. 2016.
[7] X. Chen, D. W. K. Ng, W. Gerstacker, and H.-H. Chen, “A survey on multiple-antenna techniques for physical layer security,” IEEE Commun. Surveys Tuts., vol. 19, no. 2, pp. 1027–1053, 2nd Quart., 2017.
[8] Y. Wu, A. Khisti, C. Xiao, G. Caire, K.-K. Wong, and Xiqi Gao, “A survey of physical layer security techniques for 5G wireless networks and challenges ahead,” IEEE J. Sel. Areas Commun., vol. 36, no. 4, pp. 679–695, Apr. 2018.
[9] Y. Deng, L. Wang, S. A. R. Zaidi, J. Yuan, and M. Elkashlan, “Artificial-noise aided secure transmission in large scale spectrum sharing networks,” IEEE Trans. Commun., vol. 64, no. 5, pp. 2116–2129, May 2016.
[10] Y. Liu, Z. Qin, M. Elkashlan, Y. Gao, and L. Hanzo, “Enhancing the physical layer security of non-orthogonal multiple access in large-scale networks,” IEEE Trans. Wireless Commun., vol. 16, no. 3, pp. 1656–1672, Mar. 2017.
[11] W. Wang, K. C. Teh, and K. H. Li, “Artificial noise aided physical layer security in multi-antenna small-cell networks,” IEEE Trans. Inf. Forensics Security, vol. 12, no. 6, pp. 1470–1482, Jun. 2017.
[12] Z. Ding, Z. Zhao, M. Peng, and H. V. Poor, “On the spectral efficiency and security enhancements of NOMA assisted multicast-unicast streaming,” IEEE Trans. Commun., vol. 65, no. 7, pp. 3151–3163, Jul. 2017.
[13] S. Yan, N. Yang, I. Land, R. Malaney, J. Yuan, “Three artificial-noise-aided secure transmission schemes in wiretap channels,” IEEE Trans. Veh. Technol., vol. 67, no. 4, pp. 3669–3673, Apr. 2018.
[14] A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J., vol. 54, no. 8, pp. 1355–1387, Oct. 1975.
[15] G. Durisi, T. Koch, and P. Popovski, “Toward massive, ultrareliable, and low-latency wireless communication with short packets,” Proc. IEEE, vol. 104, no. 9, pp. 1711–1726, Sep. 2016.
[16] V. W. S. Wong, R. Schober, D. W. K. Ng, and L.-C. Wang, Key Technologies for 5G Wireless Systems. Cambridge, UK: Cambridge University Press, Apr. 2017.
[17] C. Cao, H. Li, Z. Hu, W. Liu, and X. Zhang, “Physical-layer secrecy performance in finite blocklength case,” in Proc. IEEE Global Commun. Conf. (GLOBECOM), San Diego, CA, USA, Dec 2015, pp. 1–6.
[18] W. Yang, R. F. Schaefer, and H. V. Poor, “Finite-blocklength bounds for wiretap channels,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Barcelona, Spain, Jul. 2016, pp. 3087–3091.
[19] M. H. Yassaee, M. R. Aref, and A. Gohari, “Non-asymptotic output statistics of random binning and its applications,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Istanbul, Turkey, Jul. 2013, pp. 1849–1853.
[20] V. Y. F. Tan, “Achievable second-order coding rates for the wiretap channel,” in Proc. IEEE Int. Conf. Comm. Syst. (ICCS), Singapore, Nov. 2012, pp. 65–69.
[21] W. Yang, R. F. Schaefer, and H. V. Poor, “Secrecy-reliability tradeoff for semi-deterministic wiretap channels at finite blocklength,” in Proc. IEEE Int. Symp. Inf. Theory (ISIT), Aachen, Germany, Jun. 2017, pp. 2133–2137.
[22] X. Zhang, X. Zhou, and M. R. McKay, “On the design of artificial-noise-aided secure multi-antenna transmission in slow fading channels,” IEEE Trans. Veh. Technol., vol. 62, no. 5, pp. 2170–2181, Jun. 2013.
[23] T.-X. Zheng, H.-M. Wang, J. Yuan, D. Towsley, and M. H. Lee, “Multi-antenna transmission with artificial noise against randomly distributed eavesdroppers,” IEEE Trans. Commun., vol. 63, no. 11, pp. 4347–4362, Nov. 2015.
[24] T.-X. Zheng, H.-M. Wang, Q. Yang, and M. H. Lee, “Safeguarding decentralized wireless networks using full-duplex jamming receivers,” IEEE Trans. Wireless Commun., vol. 16, no. 1, pp. 278–292, Jan. 2017.
[25] T.-X. Zheng, H.-M. Wang, J. Yuan, Z. Han, and M. H. Lee, “Physical layer security in wireless ad hoc networks under a hybrid full-/half-duplex receiver deployment strategy,” IEEE Trans. Wireless Commun., vol. 16, no. 6, pp. 3827–3839, Jun. 2017.
[26] T.-X. Zheng, H.-M. Wang, and J. Yuan, “Secure and energy-efficient transmissions in cache-enabled heterogeneous cellular networks: Performance analysis and optimization,” IEEE Trans. Commun., vol. 66, no. 11, pp. 5554–5567, Nov. 2018.
[27] J. Farhat, G. Brante, and R. D. Souza, “Secure throughput optimization of selective decode-and-forward with finite blocklength,” in Proc. IEEE Veh. Technol. Conf. (VTC Spring), Porto, Portugal, Jul. 2018, pp. 1–5.
[28] W. K. Harrison, J. Almeida, M.R. Bloch, S.W. McLaughlin, and J. Barros, “Coding for secrecy: An overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag., vol. 30, no. 5, pp. 41–50, Sep. 2013.
[29] D. P. Bertsekas and R. G. Gallager, Data Networks, 2nd ed. Englewood Cliffs, NJ, USA: Prentice–Hall, 1992.
[30] Y. Polyanskiy, H. Poor, and S. Verdu, “Channel coding rate in the finite blocklength regime,” IEEE Trans. Inf. Theory, vol. 56, no. 5, pp. 2307–2359, May 2010.
[31] P. Gopala, L. Lai, and H. El Gamal, “On the secrecy capacity of fading channels,” IEEE Trans. Inf. Theory, vol. 54, no. 10, pp. 4687–4698, Oct. 2008.
[32] B. Makki, T. Svensson and M. Zorzi, “Finite block-length analysis of the incremental redundancy HARQ,” IEEE Wireless Commun. Lett., vol. 3, no. 5, pp. 529–532, Oct. 2014.
[33] B. Makki, T. Svensson, and M. Zorzi, “Wireless energy and information transmission using feedback: Infinite and finite block-length analysis,” IEEE Trans. Commun., vol. 64, no. 12, pp. 5304–5318, Dec. 2016.
[34] S. Goel and R. Negi, “Guaranteeing secrecy using artificial noise,” IEEE Trans. Wireless Commun., vol. 7, no. 6, pp. 2180–2189, Jun. 2008.
[35] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas I: The MISOME wiretap channel,” IEEE Trans. Inf. Theory, vol. 56, no. 7, pp. 3088–3104, Jul. 2010.
[36] A. Khisti and G. W. Wornell, “Secure transmission with multiple antennas–part II: The MIMOME wiretap channel,” IEEE Trans. Inf. Theory, vol. 56, no. 11, pp. 5515–5532, Nov. 2010.
[37] P.-H. Lin, S.-H. Lai, S.-C. Lin, and H.-J. Su, “On secrecy rate of the generalized artificial-noise assisted secure beamforming for wiretap channels,” IEEE J. Sel. Areas Commun., vol. 31, no. 9, pp. 1728–1740, Sep. 2013.
[38] B. Wang, P. Mu, and Z. Li, “Secrecy rate maximization with artificial-noise-aided beamforming for MISO wiretap channels under secrecy outage constraint,” IEEE Commun. Lett., vol. 19, no. 1, pp. 18–21, Jan. 2015.
[39] F. W. J. Olver, D. W. Lozier, R. F. Boisvert, and C. W. Clark, NIST Handbook of Mathematical Functions, Cambridge, UK: Cambridge University Press, 2010.

$\displaystyle\frac{\partial K(\phi)}{\partial\rho_{b}}\|_{\phi=\phi^{*}}$	$\displaystyle=\frac{\frac{\lambda_{b}^{2}-\lambda_{b}+1}{\lambda_{b}}-(1-A_{\phi^{}})+\frac{(2\lambda_{b}-1)(\ln\lambda_{b}-B_{\phi^{}})}{\lambda_{b}+1}}{\phi^{*}(\lambda_{b}^{2}-1)^{{5}/{2}}/P_{b}}$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(a)}}}{{=}}\frac{\frac{1}{\lambda_{b}}-\lambda_{b}+(2\lambda_{b}^{2}-\lambda_{b}-1)(1-A_{\phi^{}})}{\phi^{}(\lambda_{b}^{2}-1)^{{5}/{2}}/P_{b}}$
	$\displaystyle\stackrel{{\scriptstyle\mathrm{(b)}}}{{\geq}}\frac{\lambda_{b}-1}{\phi^{*}(\lambda_{b}^{2}-1)^{{5}/{2}}/P_{b}}>0,$	(60)