1 Introduction
Knowledge is power. It is in the interest of two communicating parties to secure their communication channel to the degree that no information about the channel or the communication is revealed. Today it is common practice to encrypt the payloads of higher level protocols in the communication protocol stack (Layer 4 and above in the OSI model). This is analogous to encrypting the content of a letter but not the envelope itself. Doing so allows onlookers (eavesdroppers) to see the frame’s header information in plaintext and even modify it. This is an even more serious problem for radio transmissions over public domains Shiu et al. (2011). For instance, by targeting specific bits, an attacker is able to perform energyefficient jamming Law et al. (2009).
Solutions to this problem have been investigated thoroughly Bloch and Barros (2011); Zhou et al. (2013); Nichols and Lekkas (2002). A common solution is to encrypt the datalink layer (Layer 2) before it is passed on to the physical layer (Layer 1). MACSec Romanow (2006) is an example of such a protocol for multihop wired networks while the most common wireless encryption protocols are WEP and WPA/2. However, encrypting the Layer 2 bitstream does not provide secrecy for all information obtainable from the physical channel’s characteristics. Examples of this information include traffic statistics, data rates, number of physical channels, service priorities, data size, data packet frequency, baud rate, modulation, and channel bandwidth. Knowledge of this information can be used to infer the transmission equipment, message importance, channel content, and channel capacity. This information leakage is analogous to writing letters in code and mailing them to a friend. One who sees these letters cannot explicitly determine the content, however the shape (bandwidth), address (protocol) and transmission frequency (bitrate) can reveal significant information.
Therefore, in order to make a communication channel completely secure, the channel in its entirety should be protected, like a curtain over the entire operation. By extension, it should also be impossible to determine whether the intercepted signal was originally of a digital or analog origin. This level of security can only be achieved by acting at layer 1 of the OSI protocol stack. For this reason, research on the topic of physical layer security (Layer 1) has gained attention over the years Bloch and Barros (2011).
In this paper, we propose an application of the Vernam Cipher to analog signals, which we call the Vernam Physical Signal Cipher (VPSC). The VPSC is unique because it encrypts waveform signals on the frequency domain while achieving a high degree of secrecy on Layer 1.
There are several notable advantages to working on the frequency domain:

Complete Information Privacy
: By encrypting the raw signal itself, no information about the channel is exposed. Regardless of waveform, the encrypted signal appears as white noise.

Bandwidth Preservation: This aspect is particularly desirable for radio applications where spectrum is a commodity. This is in contrast to performing modulobased encryption on samples from the temporal plane, since doing so adds energy to all frequencies in the spectrum. In order to preserve the original signal’s bandwidth, transformation in the frequency domain is necessary.

Selective Band Encryption: This process is similar to a bandpass filter since an entire signal’s spectrum can be presented to the VPSC, but only selected frequency bands will be encrypted (regardless of the bands’ content).

Hardware Parallelization: The signal’s spectrum can be split and then encrypted in parallel by independent processors in realtime. This is useful when dealing with very large bands and weak processors. This modularity makes the technology highly scalable to the consumer’s needs. When operating directly on the temporal plane, this type of parallelization cannot be achieved when targeting specific frequency bands.
Although some of these advantages are present in current wireless security channels, the advantages altogether are unavailable in any single one Nichols and Lekkas (2002); Zhou et al. (2013); Shiu et al. (2011). The aim of the VPSC is to provide a secure connection (one that does not leak any information, even about the channel itself) between two communicating parties over a single physical link –such as a radio channel or an optical trunk line. The VPSC can also be applied to a multihop network if each link is protected separately, and the routing nodes are considered trusted.
Altogether, this paper has three main contributions:

Noise Mitigation for Modulo Operation on Waveforms: In the digital domain (Layer 2 and above), modulobased encryption is impacted by noise indirectly. Therefore we propose two noise mitigation techniques which enable modulobased signal encryption (on both the time and frequency domains), and a method which combines the two into one. These noise mitigation techniques are necessary because modulo operations on analog signals are extremely sensitive to the presence of noise.

Wireless Simulations & Source Code: We evaluate the VPSC’s practicality by simulating its application in a realistic wireless channel based on Rayleigh fading. We also provide the Python source code to the simulator of the VPSC for other researchers to reproduce our work.^{1}^{1}1URL redacted for anonymity.
The remainder of the paper is organized as follows: in Section 2, a brief history and related works are presented, in Section 3, the cryptographic model and the notations needed to describe the VPSC are presented. In Section 4, the VPSC is described and two noise mitigation techniques are proposed. In Section 5, a cryptanalysis is offered. In Section 6, a direct encrypterdecrypter synchronization algorithm is proposed. In Section 7 we discuss the complexity of the algorithm, and in Section 8, we offer an evaluation of the VPSC through simulations and experimental results. In Section 9, we discuss various aspects of the VPSC along with future work. Finally, in Section 10, we summarize our findings and present our conclusion.
2 Related Work
In 1919, Gilbert Vernam patented a XORbased cipher known as the Vernam Cipher Vernam (1919). This cipher works by applying the XOR operation between a message and a secret pseudorandom key. In 1949, Claude Shannon published a historical paper Shannon (1949) in which communication secrecy was studied from the perspective of information theory. He proved the theoretical significance of the Vernam Cipher and proposed the onetime pad (OTP), also known as the Shannon Cipher System (SCS), a cipher capable of perfect secrecy. The OTP is essentially a Vernam Cipher which uses a truly random key.
Later in 1975, Wyner wrote his seminal paper that describes a degraded wiretap channel and provides informationtheoretic concepts needed for the domain Wyner (1975). Loosely speaking, a wiretap channel (WTC) is where the sender (Alice) transmits a signal to the legitimate receiver (Bob) while an eavesdropper (Eve) intercepts it. However, the signal Eve intercepts is noisier than Bob’s, allowing Bob to obtain information that Eve cannot.
We can relate the SCS to the WTC because both can be directly applied to quantized signal samples. However, there is an inherent difference between the SCS and the WTC. The SCS’s secrecy is solely based on information theory, while the WTC’s secrecy is based on exploiting the physical traits of communication media Wyner (1975); Csiszar and Korner (1978). Though the WTC has a tradeoff between the underlying channel capacity (secrecy capacity) and the channel’s secrecy, its main advantage over the SCS is that it does not necessarily require a secret key. This is desirable in comparison to the SCS, which requires a key with the same length as the message stream. Although this is a technical impracticality, pseudorandom bit generation can be used to create a cryptographically secure key stream Menezes et al. (1996); Pethe and Pande (2014) (discussed in Section 5).
In Yamamoto (1997), the authors find the secrecy capacity of a shared key WTC in the presence of noise. Later, the authors in Kang and Liu (2010) generalized Yamamoto (1997) by considering any channel (not necessarily noisy). It can be seen in these works that a secret key WTC without the presence of noise and with maximum secrecy is essentially an SCS. Therefore, in our work, we focus on the SCS since its theory forms the basis for the VPSC.
In Khalil (2016), the author proposes two methods for encrypting a physical signal: amplitude log masking (ALM) and samplewise RSA encryption. In ALM, each signal sample in the timeplane is encrypted by taking the logarithm of the sample multiplied by a random value (a key). However, the ALM method does not provide a high degree of secrecy since ALM simply masks (obfuscates) the samples with a key, and attacks such as correlation analysis Jo and Wu (2010) can be used to reveal the masked message. Moreover, ALM is very sensitive to noise since errors are exponentially multiplied during the decryption process. This makes ALM impractical to use in noisy channels.
In the RSA method, the RSA Rivest et al. (1978) cipher is applied to each sample from the timeplane. The RSA method requires that the samples be quantized to discrete values. This is necessary in order to perform the power operation of RSA without floatpoint overflows. As a result, the RSA method is highly susceptible to even the slightest amount of noise. This is because RSA has a nonlinear relationship between the ciphertext and the plaintext. As a consequence, every single rounding error in the cryptogram results in a completely different deciphered value. This behavior is similar to how the output of a hash map is sensitive to changes in its key. This means that the RSA method is not a practical solution for realworld channels.
Both the ALM an RSA methods use and a significant amount of energy over the entire spectrum. These are undesirable side effects, especially for wireless channels. The VPSC, on the other hand, uses the same amount of bandwidth as the original signal, and a similar amount of energy as well. Furthermore, the VPSC is much more robust to noise and interference, since the modulo operation of the SCS maps noise close to the original sample’s value (discussed further in Section 8).
In Matsunaga et al. (1989)
, the authors propose frequency component scrambling (FCS) via a Fast Fourier Transform (FFT) to protect audio channels. Their method is to scramble the frequency components (f.c.) of the given signal to obfuscate its contents. However, scrambling does not provide a high level of secrecy. Regardless of the number of f.c.s, it is possible to descramble the signal by analyzing the correlation of the f.c. magnitudes, similarly to what was done in
Jo and Wu (2010). For example, if a 16QAM modulation is applied to the carrier frequency , FCS is used to encrypt the band surrounding , then FCS would simply move the contents of to a neighboring bin (see Fig. 1). This is similar to frequency hopping except applied to a much smaller band, and with only one hop. Therefore, FCS is only applicable to the prevention of casual eavesdroppers.Fig. 1 shows the spectrum of an encrypted 16QAM signal carried on a 1.9MHz wave, using each of the methods. It can be seen that the methods either do not sufficiently secure the channel (FCS), or use the entire spectrum with a large amount of energy (ALM and RSA).
Therefore, to the best of our knowledge, the VPSC is the first physical layer encryption system capable of perfect secrecy that operates directly on the frequency domain, and is also robust to noise.
3 Cryptographic Model
In this Section, we introduce the notations which will be used throughout this paper. We also apply the standard cryptographic model to the waveform message space.
In this paper, we assume that we are dealing with discretely sampled and quantized real signals. Let there be discrete levels of quantization such that the highest level is and the lowest is . Let be the collection of all possible signal segments to be encrypted from some particular channel , where and has the form
(1) 
where for every . In other words, is a frame of quantized samples, taken from the time domain, which we want to encrypt.
Let be the sample rate of the system such that , where is the essential bandwidth of the selected signals from (Nyquist rate). Let the message space
(the collection of all possible plaintext messages) of the cryptosystem be defined as the collection of all discrete Fourier transforms (DFT) of the vectors in
, in polar form, such that(2) 
It is helpful to view the message as the polar form of the DFT of consecutive samples of a realtime signal segment found in . In other words, represents the frequency magnitudes and denotes the frequency angles (phases) of the signal segment .
Let be a scalar parameter which defines the maximum frequency magnitude of the cryptosystem. It is restricted to the inequality
(3) 
Let the key space (the collection of all possible keys) of the cryptosystem be defined as a collection of all possible tuples in the form
(4) 
where and are random length vectors which are used to encrypt magnitudes and angles respectively. Since we are dealing with real signals, and must be structured to conform to the DFT output from real signals.
Specifically, has the structure  
(5a)  
where is a length vector of random values on the range , refl is the mirror rearrangement operation on the values of some vector, and the symbol “:” indicates a range of indexes. Similarly, has the structure  
(5b)  
where is also a length vector of random values, but on the range . 
Let the key space (the collection of all possible keys) of the cryptosystem be defined as the collection of all possible .
The cryptogram space of the system is equivalent to the collection of all possible real signals found in . This is necessary in order to obtain perfect secrecy, since it must be possible to map any cryptogram back to any message Shannon (1949).
Let the inverse () of the cryptogram be referred to as , such that
(6) 
Let the general encryption function be defined as  
(7a)  
and the general decryption function be defined as  
(7b)  
where the key is used to encrypt the message and decrypt the ciphertext . 
Now that some notation has been defined, it is possible to present the cryptographic model used in this paper, as depicted in Fig. 2.
Consider a case in which Alice wants to transmit (a segment of some analog signal) securely to Bob so that Eve cannot obtain any information about as it travels across the public medium. First, Alice obtains the tuple by converting the of into polar form. Next, Alice encrypts the frequency components () with (7a) by performing . Finally, Alice performs a on the cryptogram and transmits the result over the public medium towards Bob.
Once Bob has received he can obtain the original from it by performing the same steps which Alice performed, while using the decryption function (7b) instead.
This process is repeated continuously in realtime for each set samples that Alice wishes to send. However, each key is selected at random from (key generation is further described in the next Section).
4 The Vernam Physical Signal Cipher
In this Section, we define the VPSC by detailing its implementation of the encryption and decryption functions (7a, 7b). We also introduce two methods of noise mitigation which are essential for the VPSC to work in the real world. Afterwards, we review possible keysharing options.
Let the VPSC encryption function be defined as  
(8a)  
and let the VPSC decryption function be defined as  
(8b)  
where is the elementwise modulo operation, is a purely random vector selected from , and is a required amplification of the encrypted signal. The parameter is a constant defined by the user such that . The purpose of is to ensure that the phase of component will not be lost, in the chance that . This can legitimately occur at random, based on . We note that does not affect the secrecy of because we are simply amplifying the final signal. 
4.1 Noise Mitigation
Since the VPSC is a physical signal cipher, it must operate according to physical constraints. One of those is ; the maximum frequency magnitude of the cryptosystem. This parameter must be at least as large as the largest possible frequency magnitude in as described in (3). Use of a value for which is less than the largest magnitude will result in a loss of information due to the modulo operation.
The functions (8a, 8b) can provide a high level of security since they are essentially an OTP (discussed later in Section 5). However, their implementation in reality (asis) does not function. This is because every communication medium adds some noise to the channel, whether it is natural noise or some other signal interference. Therefore, under normal circumstances, some energy always gets added or subtracted from some of the frequency magnitudes in . This incurs an undesirable effect in the decryption process.
Depending on the amount of energy, the subtraction and then modulo of the cryptogram in (8b) can send values in that were close to or to the opposite extreme.
To illustrate this issue we can track the usage of the VPSC over some noisy channel. Let’s say that is the n^{th} frequency magnitude from the original signal segment , and that , where is some relatively small number. Suppose that the encryption key to be used on the magnitude is , where . Encrypting with (8a) results in:  
(9a)  
Now is converted into by (6) and transmitted over the communication medium. Assume that by doing so, the magnitude (of ) receives some additional energy from noise in the channel, where . The result is that Bob now receives a noisy cryptogram,  
(9b)  
and Bob cannot analytically determine since the original message magnitude is unknown to him. When Bob tries to decrypt (9b) using (8b), assuming the following will occur:  
(9c) 
If then (9c) is evaluated to
(9d) 
If then (9c) evaluated to
(9e) 
In both cases (9d, 9e), Bob will interpret ’s n^{th} frequency magnitude to be a near zero value as opposed to the correct near maximum value (). Similarly, the same issue can be shown for nearzero values being interpreted as maximum values as well.
These unavoidable errors add a tremendous amount of noise to the decrypted signal. Therefore, since a small amount of noise energy
can cause a large signal to noise ratio (SNR), it is impractical to implement the VPSC asis by simply using the encryption and decryption functions (
8a, 8b) without any noise mitigation. Therefore, we propose two methods of noise mitigation for the VPSC: preemptiverise and statisticalfloor.4.1.1 Preemptiverise
The preemptiverise (PR) technique is implemented both in the encrypter (transmitter) and decrypter (receiver). The idea is to make a buffer zone above and below the original signal’s range of frequency magnitudes. This ensures that the addition of random noise will not cause any of the magnitudes to fall out of bounds during the subtraction step of (8b) as depicted in Fig. 3. This is not a conventional signal boost since nonrelevant frequencies within the encrypted band will be boosted as well.
Let be the width of each buffer zone in watts where
(10) 
such that and
is the standard deviation of the channel’s noise energy.
In order to implement PR, the encrypter and decrypter must use a larger than previously required due to the larger range of magnitude values. This larger version can be defined as
(11) 
where is determined from (3). Furthermore, the range from which the magnitude keys can be selected (5a) must be changed to .
4.1.2 Statisticalfloor
Unlike the PR technique, statisticalfloor (SF) is implemented in the decrypter alone. The idea is to try and correct those values which have erroneously been shifted over the boundaries by the noise energy. The method tries to clean the signal by correcting erroneous fallouts before and after the subtraction step in (8b).
There are two cases which we consider erroneous: impossible magnitudes and unlikely fallouts.
When there is no added noise to the signal, it is impossible to receive an encrypted magnitude above a certain value. Therefore, when we receive these “impossible magnitudes” the only conclusion we can have is that they were affected by some positive noise. More specifically, when there is no noise, the largest frequency magnitude possible is . When there is noise, it is possible to receive a magnitude above . Therefore, we can conclude that any received magnitudes greater than or equal to should be floored to before the subtraction step (8b). An illustration of this technique can be found at the top of Fig. 4.
This flooring procedure can be done without any prior knowledge about the original signal. However, after the subtraction step, some values end up just above or below 0. Without knowing the original signal, it is impossible to determine if the values had initially been just above 0 or had been altered as a result of noise. As discussed earlier, these values could add a large amount of noise to the signal after the modulostep. Fortunately, if we have some statistical information about the original signal, then we can attempt to correct these values (unlikely fallouts).
For instance, let us assume that it is known that the original signal has most of its magnitude values close to 0 (like the signal in Fig. 3). In this case, after the subtraction step, we will assume that all values in the range were supposed to be just above 0 but were shifted down by noise. To correct them, we will floor them to 0. The same idea can be applied if we have prior knowledge that the original signal is mostly made up of large magnitudes. An illustration of this technique can be found at the bottom of Fig. 4. This figure shows that the error is minimized by SF in both cases. Furthermore, in the case of “impossible magnitudes”, a potentially high level of noise can be mitigated.
In Algorithm 1 the pseudocode for the SF magnitude decrypter modified from (8b), where is a very small number, and we assume that the original signal has mostly small magnitudes.
Although SF does not require more power to transmit a cryptogram (unlike PR), it sometimes incorrectly floors values that happen to be below 0 that should not have been modified. Since this error is unavoidable when using this technique, it is impossible for SF to completely eliminate the modulo noise distortions without adding some of its own.
4.1.3 Combined Method
It is clear that the PR and SF techniques have their advantages and disadvantages, as mentioned above. To obtain the best of both worlds, one may use a combination of both PR and SF techniques. Such a combination can eliminate almost all distortions while using less transmission power than PR to achieve the same noise reduction. The pseudocode for performing encryption and decryption with the combined method can be found in Algorithms 2 and 3.
4.2 Key Sharing
Since the VPSC is a specific case of the OTP, the length of the VPSC’s key must equal the length of the streamed message. Sharing this key as a prior secret between two parties is impractical. In this type of situation it is common for both parties to agree upon a secret seed to initialize a keystream generator. This makes the shared key finite as opposed to virtually infinite in length.
Another consideration is how two communicating parties with only public channels can share a secret key (or seed) before any secure channel has been established. This subject has been well researched Garrett and Lieman (2005) and there are several common solutions. One solution is to form a hybrid cryptosystem using publickey cryptography Vacca (2012). In hybrid cryptosystems, a symmetrickey system (such as the VPSC) is initiated with an asymmetric key exchange. This exchange between VPSC transmitter / receiver modules can be controlled by a wellknown protocol, and transmitted according to the physical media present.
5 Cryptanalysis
In this Section we establish that the VPSC is unconditionally secure (unbreakable) when using truly random keys. We shall also discuss how the VPSC is computationallysecure based on the strength of the pseudo random number generator (PRNG) it uses.
5.1 Extension of the OneTimePad
The VPSC is based on the Vernam Cipher Vernam (1919). Claude Shannon proved that if truly random numbers are used to generate this cipher’s encryption keys, it then becomes what is known as a OneTimePad (OTP), which is unconditionally secure Shannon (1949).
The typical OTP operates by performing bitwise XOR operations on two binary vectors of equal length: the message and the key. The cryptographic behavior of the XOR operation, performed on each bit in the vector, can be applied to each element in an nary vector as well. This is because the XOR operation can be viewed as a modulo2 operation. For instance, if then the XOR operation is equivalent to performing . Similarly, with an nary vector, if then the same cryptographic behavior is observable from .
This means that the OTP cipher can be applied to any system which uses nary vectors such as and from our cryptographic model described in Section 3. Therefore, the VPSC can be viewed as an extension of the OTP, and if the selection of is purely random then the VPSC is unconditionally secure.
Lemma 1
If the selection of is purely random, then
(14) 
Proof 1
Starting from the lefthand part in (14), by Bayes’ formula we get
(15) 
The encryption function in the numerator in (15) can be expanded to produce the following equivalence
(16a)  
Since the a prioriprobability of the key selection is independent from that of the plaintext magnitudes, the righthand part of (16a) can be expressed as  
(16b)  
and since the selection of is chosen uniformly on the range , (16b) can be reduced to  
(16c)  
where is the discrete number of levels in the range . 
The following equivalence can be applied to the denominator in (15)
In other words, we can deduce from the denominator in (15) that each cryptogram magnitude
is equally likely to occur. Therefore, from Bayes’ theorem in (
14) it can be shown that(17) 
Lemma 2
If the selection of is purely random, then
(18) 
Proof 2
Theorem 1
If the selection of is purely random, then the VPSC is unconditionally secure (unbreakable).
Proof 3
According to Claude Shannon’s work in Shannon (1949), given a plaintext message and cryptogram ,
(21) 
Therefore, the VPSC is unconditionally secure if
(22) 
In other words, the VPSC’s encrypted channel must provide no equivocation. No amount of cryptograms may provide any information about the original plaintext . By Bayes’ theorem, (22) is equivalent to
(23) 
By expanding the magnitude and angle components of , (23) is equivalent to
(24a) 
In other words, the lefthand part of (24a) can be expressed as
(24b) 
For truly random , the angle and magnitude components of both message and ciphertext are independent, therefore (24b) is equivalent to
(24c) 
Since the VPSC is unconditionally secure given truly random keys, no amount of cryptograms may provide any information about the original plaintext for any . This gives an encrypted signal the appearance of random noise (completely random samples with zero correlation).
5.2 The Influence of the Parameters on the Secrecy
It is also important to note that public knowledge of or does not compromise the system; rather it is the secrecy of the key which protects the message.
Theorem 2
For any plaintext value of magnitude , and for all s.t. , if is encrypted using a purely random key , the encrypted value provides no equivocation over .
Proof 4
We will prove this theorem by contradiction. Let us assume that there is some s.t.
(26) 
By expansion of the encryption operation, and since the a priori probability of the key selection is independent from that of the plaintext
(28) 
Therefore, knowledge of the setting of may not compromise the system. This conforms with Kerckhoffs’s principle since is part the cryptosystem and does not belong to the secret key.
5.3 Pseudo Random Number Generator
As proven, the VPSC is unconditionally secure. However, this is only the case when using truly random keys. Therefore, it is clear that the implementation of VPSC is only as secure as the PRNG it uses for key generation. This is true in general for all symmetric stream ciphers. Since their encryption and decryption functions are simple, their strength rests in the random number generator itself Marton et al. (2010).
There are many PRNGs which are considered cryptographically secure (CSPRNG) Menezes et al. (1996). These CSPRNGs are based on hash functions, block ciphers Paar and Pelzl (2010); Petit et al. (2008); Bellare et al. (1997) and sometimes very difficult mathematical problems such as elliptic curve generators Barker and Kelsey (2012) or integer factorization like the BlumBlumShub number generator Blum et al. (1986). The usage of any of these types of CSPRNGs with the VPSC is necessary in order to ensure that no signal correlations in will show through the keystream taken from .
6 Signal Synchronization
In this Section, we propose a direct analytical method of synchronizing a VPSC decrypter to an encrypter at any arbitrary point in its key sequence. A symmetric cryptographic system, such as the Vernam cipher, synchronizes in the following way. From the start of the transmission at time , a deterministic keystream is constantly generated at the source in order to encrypt the live signal. In parallel, the destination generates the same keystream and uses it to decrypt the received signal at time , where is the propagation delay.
In many real world applications, communication channels (such as wireless channels) broadcast signals continuously. In such instances, it is not practical to require the authorized decrypter to be ready to accept a transmission from start time . For example, in some communication networks, it is desirable to allow authentic decrypters to be introduced into the network at an arbitrary point in time where .
These added decrypters, having no prior knowledge of the encrypter’s status, cannot synchronize their keystream under practical time constraints. This is especially true when the key generator has an exceptionally long cycle, as is the case with reliable CSPRNGs. In order to generate a keystream from an arbitrary point in a CSPRNG cycle, under practical time constraints, the generation of the targeted n^{th} key must be instantaneous.
For this reason, the usage of feedback ciphers is not practical since the generation of the n^{th} term requires generating all previous terms as well. In this Section, we will assume that the VPSC has been implemented with a cipher in counter (CTR) mode, such as AESCTR Dworkin (2001). This is usually done in the manner shown in Hudde (2009). The counter mode, while being secure (if implemented correctly) and fully parallelizable (which is a performance advantage) Ferguson et al. (2012), also offers the ability to access any value in the key stream independently from previous ones.
6.1 VPSC DirectSynchronization
In order to initialize their cryptographic systems, both the encrypter and decrypter must use the same secret configuration. Let be the collection of all possible initial configurations for a system such that
(29) 
where is the CSPRNG’s initial counter (seed counter), is the start time of the encryption relative to the encrypter’s worldclock , and is the key generation rate (values per time unit). This initial configuration can be used by a decrypter to calculate the current CSPRNGcounter () which can be used to generate the current keyframe .
However, in order to properly synchronize using time references, the decrypter must know at what time the transmitter encrypted each received frame (or what the system time was). In order to do this, the decrypter must take into account the propagation delay and the drift between its worldclock () and the encrypter’s (). This time delay can be described as
(30) 
Once is known, the decrypter can calculate the current CSPRNGcounter value as follows
(31) 
where is the counter’s period for the CSPRNG. A special case arises when the selected CSPRNG generates, using a single counter, only a fraction of the random values needed to create a keyframe . In that case, we must round to the nearest counter value which begins . This initial counter () can be calculated by
(32) 
where is the number of counters needed to make a single keyframe.
6.2 Time Delay Inference
Equations (31) and (32) and the encrypter’s configuration , enable synchronization at any arbitrary point in time. However, in reality, a decrypter does not know
offhand. This is a problem since decryption of an encrypted stream at the wrong moment in time will result in a useless random signal (white noise).
Our proposed solution to this problem is to have the decrypter seek out from the received signal. This can be achieved by first using (31) without to find a nearby counter. Afterwards, by finding the spot where the autocorrelation of the decrypted signal is the least like white noise, we can calculate . This works because each will only decrypt its associated frame. Therefore, when a frame is found at a temporal distance from where we expected it, we can be sure that this offset is the we are seeking. Moreover, if we average the results from this method several times with different keys, we can get better accuracy in the presence of noise, as shown in Fig. 5.
Below are the steps for calculating , followed by a detailed explanation.

Initialization

Receive several framesworth of encrypted samples into a buffer.

Place a window of length at the beginning of the buffer.

Search for signal correlations

Decrypt the window using each of the keys calculated in step 2.

Find the autocorrelations of the resulting frames.

Calculate white noise comparison metrics for each of the autocorrelations.

Save the metrics into different arrays (one for each key, respectively).

If the end of the buffer has not been reached, then shift the window by 1, sample and go to step 4.

Calculate the time difference

Superimpose and average the peaks found in each of the metric arrays (populated by step 7).
In the initialization (steps 13), a time span and all its details are captured in order to perform an offline analysis. At this point, we generate the keys for the frames that should fallout in the middle of the buffer by using (31) without . Taking into account that could be relatively large, the buffer should be significantly longer than the sum of the frames we are looking for.
Next is the search for signal correlations (steps 48). When a decrypted frame of samples has an autocorrelation that is not similar to that of white noise, then that is a good indication that there is some information gain. Of course, we assume that a communication channel has by definition some amount of information gain and therefore has low entropy Gray (2011). In order to measure the similarity of a decrypted signal to white noise we use the metric
(33) 
where is the discrete autocorrelation of the vector at index , and is the decrypted frame. It can be observed that when is in the form of white noise, the scalar will yield a small value, since ’s autocorrelation will be similar to that of the Dirac delta function. Similarly, as becomes less similar to white noise, will yield an increasingly larger value (indicating a dissimilarity to white noise).
Lastly, in steps 9 and 10, we calculate the time difference. In each of the metric arrays there is a rise and fall in values. After superimposing and averaging the frames, the peak indicates where the signal holds the most information (i.e. the shift that covers the frame precisely). This is illustrated in Fig.5. Since we have temporally found the frame for the respective key, we can now calculate . This can be done by solving
(34) 
where and are the counter and “current time” used when creating in step 2, and is the time sample which was derived from the head of the window (from that autocorrelation) for that shift.
It is important to note that the proposed method of synchronization is only practical if the decrypter’s initial has a time delay less than some reasonable amount.
7 Complexity & Performance
Although it can be used in an offline manner, the VPSC’s most useful application is in the realtime domain. Realtime applications are very sensitive to time delays. Therefore, it is important to discuss the VPSC’s performance, in particular its processing delay.
Since the number of operations used at each end of the VPSC is relatively low, analyzing its performance is relatively simple. As mentioned in Section 4, the operations that take place at each end are: , , moduloadd or modulosubtract and key generation.
Firstly, countermode ciphers are fully parallelizable Ferguson et al. (2012). Therefore, in this Section, we will assume that the CSPRNG calculations for generating the keys have been parallelized with the encryption process, and are therefore not a factor in calculating the delay. Therefore, the processing delay is dependent on all other operations mentioned above.
The most computationally expensive operations are the and operations which are performed at each time a frame is encrypted or decrypted. The complexity of performing a or on samples is Lohne (2017). Since the VPSC operates on realvalued signals, a trick can be performed to reduce complexity. The trick is to put samples into each both real and complex inputs of a Jones (2010). Therefore, the complexity of the encryption function and decryption function is
(35) 
Although the and are computationally costly operations, today it is possible to find inexpensive hardwareaccelerated DSP chips capable of performing them at high speeds. For example, the processor shown in 30 calculates a 1024point complex FFT at a 32bit precision in . Using optimizations for real signals, it is possible to achieve even lower processing times. The same processor can also perform the division required for the modulo operations in , which is negligible compared to the FFT processing time.
Therefore, a frame of 1024samples could undergo encryption and decryption in approximately 4 times the delay incurred by the calculation of one ( and ). In the case of the chip mentioned previously, this would be (when using a complex input). This delay is negligible compared to lowlayer cryptosystems such as those used in wireless LAN security Hayajneh et al. (2012).
Should an even shorter latency be necessary, it is possible to reprogram such chips for a smaller frame size 24 and get an even more significant decrease in the FFT’s computation time.
In some cases, there is no choice but to use slower hardware. Doing so means a compromise of either encrypting a smaller bandwidth (perhaps even smaller than the original signal) or to decrease the sampling rate, thereby decreasing the quality of the passing signal. A solution to this problem could be the use of several VPSC encrypters and decrypters in parallel. With such a configuration, each of the parallel devices would be in charge of processing a particular band of the signal. Fig. 6 illustrates an example of such a setup.
8 Evaluation
In Section 5, we proved that the VPSC is as secure as its CSPRNG, and theoretically unconditionally secure if a truly random key is used. However, the VPSC transforms a signal’s harmonic composition, and the transformed signal may be sensitive to noise and channel interference. Therefore it is important to evaluate the VPSC’s performance in practical scenarios, and not just in theory.
In this Section, we verify the VPSC’s practicality in realistic scenarios, such as both wired and wireless channels. We accomplish this by first evaluating the VPSC in a realistic channel simulator, and then by implementing the VPSC on actual hardware as a proofofconcept.
8.1 Simulation
The most practical use for a physical signal cipher, is to protect channels which (1) are easily accessible by an eavesdropper/attacker, and (2) do not require third parties to interpret and relay the signal (e.g., switches and routers). For these reasons, we evaluate the VPSC’s performance in a wireless channel.
We also note that the transference of a signal in a wireless channel is significantly more challenging than in wired channels. This is because wireless channels commonly suffer from multipath propagation and other distortions. Therefore, evaluating the VPSC in such a channel demonstrates the VPSC’s practicality and reliability in the realworld setting.
8.1.1 Experiment Setup
To evaluate VPSC in a wireless channel, we setup the simulation using the configuration of an LTE OFDMA mobile wireless channel. We evaluated the affect of noise and interference on the channel. Specifically, we experimented with additive Gaussian white noise (AWGN), multipath propagation (MPP) interference, and the Doppler effect (assuming a mobile receiver). The MPP considered is based on a Rayleigh fading model which is considered as a realistic model within electrical engineering community. Rayleigh fading does not assume Line of Sight (LOS) path (in contrast to Rician fading) which is actually a very good approximation of the reality since we consider our scheme to be relevant for cellular Radio Access Network (RAN). LOS is generally usual in microwave backhaul which is typically point to point and not really relevant for our work.
The default configurations taken for all simulations are available in Table 1, unless mentioned otherwise. Furthermore, in all simulations, we applied the VPSC’s combined method of noise mitigation from Algorithms 2 and 3, and set , where represents the mean of the AWGN energy.
As a baseline comparison, we evaluated the VPSC to an unencrypted channel, and three other physical signal ciphers: FCS, ALM, and RSA (a description of these algorithms can be found in Section 2). For the VPSC and FCS, we encrypted the channel’s bandwidth only, (tho other methods must encrypt the entire spectrum). For each simulation, we performed the following steps:
Transmitter

Generate four random bits.

Modulate the four bits into a 16QAM symbol.

Generate the timesignal on carrier based on the 16QAM symbol for (the LTE OFDMA symbol duration).

Encrypt the signal using one of the physical signal ciphers.
Channel

Transmit the signal over a channel with AWGN and/or MPP.

Buffering of the signal is applied to perform MPP and the Doppler effect.
Receiver

Decrypt the received signal.

Demodulate the 16QAM symbol from the decrypted signal using a hard decision boundary.

Update the BER.

Return to step 1 unless 10,000 symbols have been received.
8.1.2 Experiment Results
In Fig. 7, we present the BER plots for all methods of encryption after passing through an AWGN channel, and a channel with both AWGN and MPP. The figure shows that the VPSC is robust to AWGN up to about 8dB SNR. Moreover, the VPSC is more robust than all other methods in the case of MPP, making the VPSC a better choice for wireless channels. We note that the VPSC performs better than an unencrypted signal up to 6dB SNR. This is because the combined noise mitigation technique adds some energy to the signal.
We also note that the FCS is robust to AWGN, but not to MPP. This is because FCS shifts the majority of the signal’s energy to the left or right of the carrier wave, thus increasing the interference of MPP and the Doppler effect across the channel’s band.
The ALM and RSA fail completely even in the presence of a minute amount of noise (24 dB SNR). Only at 300 dB SNR (i.e., negligible noise) do these ciphers achieve perfect decryption. The reason ALM is sensitive to noise is because of the logarithm operations which it performs to encrypt signal samples. This increases the impact of the noise exponentially during the decryption process. The RSA method fails in the presence of noise since RSA function acts like a hash map. Therefore, a slight change to the key (input sample) can alter the output significantly.
In Fig. 8, we provide a 16QAM constellation plot of the demodulated symbols, after traversing various channels, and after various encryptions. We do not plot the results of ALM and RSA since the results are not informative (see Fig. 7).
In Fig. 9, we examine the effect of the propagation delay in a MPP channel. In this simulation, we scaled up the propagation delays of the signal paths (Table 1). As a result, interference increases when there are symbols that overlap (ISI) which can be seen in the plot. The figure shows that the VPSC is nearly as robust to MPP as the original signal (without encryption). We note that FCS never has a ‘peak’ of interference, but rather always stays at a nonzero BER. This is because most of the signal’s energy falls on a single frequency component, and the random shift of this component’s location helps mitigate ISI.
In order to measure the secrecy of the signal ciphers, we performed autocorrelations on the 16QAM cryptograms (encrypted signals) generated from each of the ciphers. An autocorrelation measures the correlation of a signal with itself at various offsets. By measuring this self similarity, we can see evidence on whether or not a correlation attack may be performed. If a signal reveals no information about its contents, then the signal is essentially white noise. The autocorrelation of while noise is extremely low at every offset, except for when the signal overlaps itself completely.
In Fig. 10, we present the autocorrelation of a 16QAM signal, encrypted by each of the signal ciphers three times: each time with a different key. The plots reveal that the VPSC has the same autocorrelation as random noise. This makes sense since each of the FFT’s frequency components holds a random magnitude and phase as a result of the selected key. The figure also shows that the FCS does not protect the channel’s content, but rather is only obfuscates it. This is also apparent from the spectrum of the FCS’s cryptograms, illustrated earlier in Fig. 1. The ALM cipher provides a relatively good encryption since it resembles white noise. However, the ALM has spikes in its autocorrelations. This means that some information is being leaked. This imperfection is likely due to the fact that ALM multiplies each sample with a value which is never zero. As a result, the cryptogram’s distribution can reveal a portion of the contents. Given enough cryptograms, it may be possible to correlate out the ciphered signal.
Finally, and surprisingly, the RSA method fails to protect the signal’s contents. The figure shows that the original signal is significantly disclosed by the encrypted signal. This is due to an oversight in the physical signal cipher’s implementation. Specifically, the RSA method encrypts the samples with the same private key. As a result, all samples with the same value are mapped to the same location after encryption. Although this process obfuscates the ciphered signal, some of its original frequencies are still retained. An illustration of this effect can be seen in Fig.11.
The reason the RSA method uses the same key is because it is computationally very expensive to generate (find large prime numbers) such a large amount of private keys and exchange the new public keys with the receiver.
In summary, the VPSC is suitable for encrypting physical signals which traverse realworld channels. The VPSC is significantly more secure than other physical signal ciphers.
8.2 Proof of Concept
In order to fully observe and understand the VPSC, a simple prototype was constructed and evaluated. The goal of the prototype was to provide a proof of concept that would also illuminate any overlooked issues with the VPSC’s theory. Having said this, the processing speed (or amount of processable bandwidth) of the devices used was not a critical part of the evaluation.
The VPSC prototype was implemented across two Arduino Due development boards. These boards embed 32bit ARM core microcontrollers clocked at 84 MHz with 512 KB of flash memory and numerous embedded digital I/O pins. One board was designated as the encrypter and the other as the decrypter. A simple wire was used as the communications medium between the two boards. The boards contain both digitaltoanalog converters (DAC) and analogtodigital converters (ADC), which were used for transmitting and receiving signals respectively.
In order to start the prototype, each board was given the same initial configuration (29). The time delay inference algorithm from Subsection 6.2 was verified in MATLAB by using captured samples from the boards (Fig. 5). With these samples, the algorithm correctly found and decrypted each frame.
The software developed to implement the VPSC was programmed in objectoriented C++. Opensource libraries were used for the Fast Fourier Transforms and the PRNG (SHA1 as a countermode cipher).
As shown in Fig. 12, the prototype was able to successfully reconstruct a sine wave with an amplitude of 1 V and a frequency of 4 Hz. The sample rate was 1 kHz and the frame size was 256 bits. In this case, a sine wave was used as the source signal, with common sinebased modulation schemes in mind. By using superior hardware and a dedicated DSP chip, it is possible to process larger bandwidths than the prototype’s. This is particularly true due to the computationally heavy Fourier transform purely implemented in software. This is discussed further in the following section. However, in our case the bottleneck was caused by the ADC/DAC components, which were only able to operate at a maximum sample rate of 2.2kHz.
9 Discussion
This paper is a first look at the first physical signal cipher of its type. As with most new ideas, discussion can open up new avenues for further investigation and improvement. In this section we discuss some of the advantages and disadvantages of the VPSC. In addition, we also propose future work.
Key sharing
A wellknown problem with symmetric cryptographic systems is the issue of key sharing. For this reason, publickey (asymmetric) encryption has been largely favored in its place. Asymmetric encryption is the method where a public key is used by anyone to encrypt data, but only the holder of the private key can decrypt it. Symmetric cryptosystems such as the VPSC require that both communication parties have the same keys. It is clear that this can be an issue when initializing a connection over a public channel.
However, this issue may be avoided if the VPSC is converted into a hybrid cryptosystem; employing both symmetric and asymmetric cryptography. In this case the parties share a key (or initial seed) over a public channel using asymmetric cryptography. Afterwards, the key is used by both parties to initiate the VPSC. Of course, such a dialog would require the development of a protocol between two VPSC endpoints across a single link.
Security weaknesses
When it comes to the timetested Vernam cipher, there is one inherent weakness: the strength of the key generator.
For practical reasons, the prototype of the VPSC was implemented using a pseudorandom number generator (PRNG) as a means of symmetrically generating keys. As discussed in Section 5, it is clear that the VPSC’s security strength is completely dependent on the PRNG being used, because it directly inherits its weaknesses. Therefore, it is critical that a cryptographically secure PRNG (CSPRNG) be used, so that no statistical correlations show through the encrypted signal.
However, in order to use the directsynchronization algorithm presented in Section 6, the key generator must operate in counter (CTR) mode of operation. Since many CSPRNGs use feedback mechanisms in order to increase their randomness, it is difficult to determine the current key (one would have to compute steps, one for each key produced until now). Therefore, we recommend using a CSPRNG based on cryptographically secure hash functions (CSHF). This way, an attempt to find a sequential counter from a random number can be done in time.
Channel detection
It may be possible to use the VPSC to perform steganography (the hiding of a channel or information in plain sight). If the transmission power level is similar to that of common noise, then the transmission may go unnoticed.
An issue with the VPSC is that the frame length is detectable when analyzing the encrypted signal. This can be achieved by observing the frequency magnitudes over a period of time. However, this should not be a concern since the security of the signal relies on the information held by the frequencies and not the signal quality in which they were encrypted. A good rule of thumb when using the VPSC is to encrypt a band larger than the original signal’s. Doing so will hide the details of the encrypted channels, much like a large curtain blocking a small object.
An alternative usage for the VPSC is as a signal jammer. If the encrypted band is wide and the transmission power is strong, it is possible to deploy an encrypted channel while all others are blocked by strong noise.
Bandwidth and wireless applications
One of the major benefits of using the VPSC is its ability to retain the original signal bandwidth after encryption. Of course, due to hardware constraints, this limits the system to certain maximal bandwidths. One solution to this issue (as discussed in Section 7) is to split the target band into segments, and then process them with independent parallel VPSC processors. We view this as a great advantage of the VPSC due to the fact that it operates on the frequency place.
The preservation of bandwidth makes the VPSC suitable for bandwidthlimited applications. Such applications include the wireless domain (including cellular and satellite communications) due to their shared communication medium. Spectrum in the world of wireless communications is an expensive commodity. Therefore any method for encrypting a signal without adding extra bandwidth is desirable. In addition, encryption on higher layers sometimes results in overhead. This means that using the VPSC instead of a higher layer encryption scheme may in fact increase the amount of useful information (goodput) delivered by a channel.
Power
One of the significant disadvantages with the VPSC is its energy consumption. Due to the nature of the VPSC’s encryption process, the encrypted signal’s frequencies each have an expected energy level of about watts. Therefore, even a flat signal with no power on any frequency will have an increased power level once encrypted. This means that when choosing to use the VPSC, one must consider the tradeoff between higher security and a lower transmission power level.
Adversely, this can be used as an advantage. If it is known in advance that the source signal has a higher average frequency magnitude than , then the transmission power may be decreased.
10 Conclusion
In some cases there is a need to provide the highest level of security to communications systems. By using the VPSC, it is possible to encrypt any waveform signal to a high degree of secrecy while maintaining the same amount of bandwidth. Operation on the frequency domain has many advantages such as parallelization on the hardware level. The level of security provided by the VPSC is dependent on the strength of the PRNG which it uses (as with all onetime pads). Moreover, we have proposed two techniques to ensure the stability of the system when noise is introduced, and recommended using the combination of them both.
To evaluate the VPSC, we implemented three other known physical signal ciphers. We then simulated an LTE OFDMA wireless channel, with noise and interference, and measured the ciphers’ performance in carrying a 16QAM modulation. Furthermore, we explored the secrecy of each of the ciphers by examining the autocorrelations of their respective encrypted signals. Our evaluations demonstrated that the VPSC is not only the most suitable physical signaling cipher in noisy channels, but also the most secure.
The bottom line is that the VPSC offers a powerful method of encrypting any waveform signal (as well as complex), with a tradeoff between security and power efficiency.
References
 [1] (2011) Secret keys from channel noise. In Advances in Cryptology–EUROCRYPT 2011, pp. 266–283. Cited by: §9.
 [2] (2012) Recommendation for random number generation using deterministic random bit generators. NIST. Note: Special Publication 80090A Cited by: §5.3.
 [3] (1997) A concrete security treatment of symmetric encryption. In Proc. IEEE FOCS, pp. 394–403. Cited by: §5.3.
 [4] (2011) Physicallayer security: from information theory to security engineering. Cambridge University Press. Cited by: §1, §1.
 [5] (1986) A simple unpredictable pseudorandom number generator. Journal on Computing 15 (2), pp. 364–383. Cited by: §5.3.
 [6] (197805) Broadcast channels with confidential messages. Information Theory, IEEE Transactions on 24 (3), pp. 339–348. External Links: Document, ISSN 00189448 Cited by: §2.
 [7] (2001) Recommendation for block cipher modes of operationmethods and techniques. NIST Special Publication 80030A. Cited by: §6.
 [8] (2012) Cryptography engineering: design principles and practical applications. pp. 70. Cited by: §6, §7.
 [9] (2005) Publickey cryptography: baltimore (proceedings of symposia in applied mathematics) (proceedings of symposia in applied mathematics). American Mathematical Society, Boston, MA, USA. External Links: ISBN 0821833650 Cited by: §4.2.
 [10] (2011) Entropy and information theory. Springer. Cited by: §6.2.
 [11] (2012) Analyzing the impact of security protocols on wireless lan with multimedia applications. In Proc. SECURWARE 2012, pp. 169–175. Cited by: §7.
 [12] (2009) Building stream ciphers from block ciphers and their security. Seminararbeit RuhrUniversität Bochum. Cited by: §6.
 [13] (2010) On cracking directsequence spreadspectrum systems. Wireless Communications and Mobile Computing 10 (7), pp. 986–1001. Cited by: §2, §2.
 [14] (2010) Fast solutions to realdata discrete fourier transform. In The Regularized Fast Hartley Transform, pp. 15–25. Cited by: §7.
 [15] (201008) Wiretap channel with shared key. In Information Theory Workshop (ITW), 2010 IEEE, pp. 1–5. External Links: Document Cited by: §2.
 [16] (201602) Realtime encryption/decryption of audio signal. 8, pp. 25–31. Cited by: §2.
 [17] (200902) Energyefficient linklayer jamming attacks against wireless sensor network mac protocols. ACM Trans. Sen. Netw. 5 (1), pp. 6:1–6:38. External Links: ISSN 15504859 Cited by: §1.
 [18] (2017) The computational complexity of the fast fourier transform. Cited by: §7.
 [19] (2010) Randomness in digital cryptography: a survey. ROMJIST 13 (3), pp. 219–240. Cited by: §5.3.
 [20] (198905) An analog speech scrambling system using the fft technique with highlevel security. Selected Areas in Communications, IEEE Journal on 7 (4), pp. 540–547. External Links: Document, ISSN 07338716 Cited by: §2.
 [21] (1996) Handbook of applied cryptography. Discrete Mathematics and Its Applications, Taylor & Francis. External Links: ISBN 9781439821916, LCCN 96027609 Cited by: §2, §5.3.
 [22] (2002) Wireless security: models, threats, and solutions. McGrawHill telecom professional, McGrawHill. External Links: ISBN 9780071380386, LCCN 2002282223 Cited by: §1, §1.
 [23] (2010) Understanding cryptography: a textbook for students and practitioners. Springer. Cited by: §5.3.
 [24] (2005) Parallel implementation of fixedpoint ffts on tigersharc processor. Analog Devices. Note: http://www.analog.com/static/importedfiles/application_notes/EE263.pdfEE263 Cited by: §7.
 [25] (2014) A survey on different secret key cryptographic algorithms. IBMRD’s Journal of Management & Research 3 (1). External Links: Link Cited by: §2.
 [26] (2008) A block cipher based prng secure against sidechannel key recovery. In Proc. ASIACCS, pp. 56–65. Cited by: §5.3.
 [27] (1978) A method for obtaining digital signatures and publickey cryptosystems. Communications of the ACM 21 (2), pp. 120–126. Cited by: §2.
 [28] (2006) IEEE standard for local and metropolitan area networksmedia access control (mac) security. IEEE Std 802.1AE2006, pp. 1–142. External Links: Document Cited by: §1.
 [29] (1949) Communication theory of secrecy systems. Bell system technical journal 28 (4), pp. 656–715. Cited by: item 1, §2, §3, §5.1, Proof 3, Proof 3.
 [30] (2013) SHARC processor adsp21367 reference. Analog Devices. Note: http://www.analog.com/static/importedfiles/data_sheets/ADSP21367_21368_21369.pdfDatasheet Cited by: §7.
 [31] (201104) Physical layer security in wireless networks: a tutorial. Wireless Communications, IEEE 18 (2), pp. 66–74. External Links: Document, ISSN 15361284 Cited by: §1, §1.
 [32] (2012) Computer and information security handbook. Elsevier Science. External Links: ISBN 9780123946126 Cited by: §4.2.
 [33] (191907) Secret signaling system. Note: US Patent 1,310,719 Cited by: item 1, §2, §5.1.
 [34] (2010) Analysis of symmetric key establishment based on reciprocal channel quantization. Ph.D. Thesis, Rochester Institute of Technology. Cited by: §9.
 [35] (1975) The wiretap channel. Bell System Technical Journal, The 54 (8), pp. 1355–1387. Cited by: §2, §2.
 [36] (199705) Ratedistortion theory for the shannon cipher system. Information Theory, IEEE Transactions on 43 (3), pp. 827–835. External Links: Document, ISSN 00189448 Cited by: §2.
 [37] (2013) Physical layer security in wireless communications. Wireless Networks and Mobile Communications, Taylor & Francis. External Links: ISBN 9781466567009, LCCN 2013026468 Cited by: §1, §1.
Comments
There are no comments yet.