A Class of Perfectly Secret Autonomous Low-Bit-Rate Voice Communication Systems

Abstract

This paper presents an autonomous perfectly secure low-bit-rate voice communication system (APS-VCS) based on the mixed-excitation linear prediction voice coder (MELPe), Vernam cipher, and sequential key distillation (SKD) protocol by public discussion. An authenticated public channel can be selected in a wide range, from internet connections to specially leased radio channels. We found the source of common randomness between the locally synthesized speech signal at the transmitter and the reconstructed speech signal at the receiver side. To avoid information leakage about open input speech, the SKD protocol is not executed on the actual transmitted speech signal but on artificially synthesized speech obtained by random selection of the linear spectral pairs (LSP) parameters of the speech production model. Experimental verification of the proposed system was performed on the Vlatacom Personal Crypto Platform for Voice encryption (vPCP-V). Empirical measurements show that with an adequate selection of system parameters for voice transmission of 1.2 kb/s, a secret key rate (KR) of up to 8.8 kb/s can be achieved, with a negligible leakage rate (LR) and bit error rate (BER) of order ${10}^{-3}$ for various communications channels, including GSM 3G and GSM VoLTE networks. At the same time, by ensuring perfect secrecy within symmetric encryption systems, it further highlights the importance of the symmetry principle in the field of information-theoretic security. To our knowledge, this is the first autonomous, perfectly secret system for low-bit-rate voice communication that does not require explicit prior generation and distribution of secret keys.

1. Introduction

In this paper, we asked the following question: Is it possible to design an autonomous, perfectly secret speech communication system whose integral part is the subsystem for the generation and distribution of the required amount of secret keys in real time?

As is known [1], the Vernam cipher [2] or One-Time-Pad (OTP) [3] satisfies the condition of perfect secrecy, and the price to be paid is that the secret key rate is equal to the message rate. The need for secret keys decreases proportionally with the message rate, justifying the use of low-bit-rate voice coders in practical implementations [4,5,6]. However, the problem of efficient generation and distribution of secret keys in the case of the Vernam cipher is still open.

While physical key distribution remains the simplest but impractical option over long distances, more modern approaches, such as quantum key distribution and the use of physical entropy sources, provide promising methods for future systems. Quantum key distribution stands out for its provably secure nature, though it requires significant infrastructure [7].

In the group of methods that use physical entropy sources, a special place is occupied by the methods of generating and distributing secret keys using sequential key distillation (SKD) protocols by public discussion [8,9,10]. Their application requires two prerequisites:

• Sources of common randomness with sufficient capacity shared by communication parties (Alice, Bob)
• An additional authenticated communication channel of appropriate capacity, which may be public, and which is assumed to be wiretapped by an attacker (Eve).

By far, most solutions in this category take the wireless channel itself as a physical source of common randomness [11,12,13]. However, we exclude this approach due to our requirement for system autonomy, which implies independence from the used communication channel. A small number of remaining papers are dominantly related to various biometric signals as sources of common randomness [14,15,16]. However, there are no solutions that would be based on common randomness sources independent of the used telecommunication channels while guaranteeing the secret key generation speed equal to low-bit-rate vocoder speeds of 1.2 kb/s or 2.4 kb/s.

While most existing works investigate key generation protocols in a particular environment, very few of them focus on the joint design of key generation and OTP. A straightforward way is cascading or parallel key generation and OTP, but more complex constructions appear in the literature. For example, in [17], it was proved that using a non-reconciled key for OTP outperforms classical identical key OTP.

In the first step of the proposed system’s design, we select a standard low-bit-rate vocoder MELPe with a speed of 1.2 kb/s [5,18] and an appropriate authenticated public channel, which must be available during system operation.

In the second step, based on extensive tests of this vocoder in real working conditions within the vPCP-V system [19], we identify a source of common randomness suitable for generating and distributing secret keys at speeds far higher than 1.2 kb/s. This source consists of a locally synthesized speech signal on the transmitting side (Alice) and a corresponding synthesized signal on the receiving side (Bob). The differences between these signals come from different local sources of randomness, which are used to form the complex excitation of the MELP vocoder synthesizer. This source of shared randomness can be used in the open speech mode, which, as a rule, precedes the phase of secure voice communication. All information about input voice that flows through the public channel to Eve during the execution of the SKD protocol is of no importance since communication is also open through the main channel. However, in the phase of protected communication on the main channel, this information will significantly reduce the uncertainty of the input voice. Therefore, we introduce a new synthesizer on the Alice and Bob side for this phase, whose synthesis filters are set based on secret randomly chosen LSP parameters [18,20]. These values are available to both Alice and Bob since they are formed from previously distilled secret keys.

In this way, we obtain all the necessary conditions for the design of a perfectly secret autonomous low-bit-rate voice communication system.

1.1. Related Works

To focus on relevant research, it is essential to recall the fundamental requirements that a highly secure voice protection system must meet [21].

• Security Requirements:

• Strong end-to-end encryption—only legitimate parties should be able to encrypt and decrypt the communication.
• Key management procedures must be designed in a way that does not compromise the declared security level of the system.
• A secure key agreement must be ensured.
• The choice of encryption algorithm and secret key length must support the proclaimed security level.

• Functionality Requirements:

• The system must be resistant to distortions introduced by GSM codecs, which are designed for speech transmission over mobile networks rather than encrypted speech, which is inherently a data stream.
• Minimization of transmission error rates—this requirement is crucial for low-bit-rate vocoders. The analytical–synthetic approach of vocoders inherently reduces the quality of synthesized speech on the receiving side, meaning that additional transmission errors must be minimized.

According to the classification provided in [22], most research falls into two distinct categories:

• Secure voice communication using modem-based cryptographic techniques
• Secure voice communication based on chaotic cryptographic techniques

Due to the generic structure of modem-based cryptographic techniques, the vPCP-V system belongs to this category [22,23]. Therefore, our primary focus will be on this class of systems. Table 2 in ref. [22] summarizes the performance of 22 systems published up to 2022. Without exception, all solutions are based on standard cryptographic algorithms with finite secret keys (AES, RC4, TEA) and rely on conventional public key infrastructure (PKI) for key generation and distribution.

As a result, these systems do not ensure autonomy, as they depend on a Trusted Third Party (TTP), nor do they achieve perfect secrecy, since their secret key rates are far below the speech data rate they encrypt.

In [24], a practical implementation of a lightweight AES algorithm (128-bit key) in FPGA technology for peer-to-peer voice encryption was analyzed. It is evident that this work falls within the same category of non-autonomous and non-perfectly secret systems. Similarly, ref. [25] proposes a new VoIPChain system for authentication in Voice over IP using Ethereum Blockchain technology [26]. While this decentralized system overcomes many security issues associated with traditional single-server PKI infrastructures, it still requires a security infrastructure, including maintaining a shared ledger. Consequently, this system also falls under the category of non-autonomous, non-perfectly secret voice transmission systems. Furthermore, ref. [27] presents various security concepts and communication systems proposed by NATO Research Task Group IST-174, titled “Secure Underwater Communications for Heterogeneous Network-enabled Operations”. These efforts contribute to standardization in the field. Recognizing that key allocation and management remain major challenges in symmetric cryptographic systems, the study identifies SKD protocols over appropriate sources of common randomness as one of the most promising technologies, which is fully aligned with our findings. However, it is important to note that this work does not discuss the use of SKD for real-time perfectly secret systems, but only in the context of traditional non-perfect cryptographic systems.

In the category of secure voice communication based on chaotic cryptographic techniques, seven solutions published up to 2019 were analyzed in [22]. Additionally, we incorporated the latest studies [28,29,30] into this review.

Secure voice communication systems based on chaotic cryptographic techniques leverage chaotic algorithms due to their sensitivity to initial conditions and their ability to generate pseudo-randomness, both of which are essential for secure encryption. However, from the perspective of information-theoretic security, any chaotic algorithm can be considered a deterministic dynamic system fully defined by its initial states. Consequently, the equivocation of secret keys in such systems cannot exceed the length of their binary representation. Therefore, similar to classical cryptographic algorithms with finite secret keys, this class of algorithms cannot provide perfect secrecy.

Notably, no prior work has proposed a perfectly secret autonomous system where secret key generation is derived from a synthesized speech signal, independent of the telecommunication channel and without external key distribution infrastructure.

1.2. Innovation and Engineering Value

Our novel approach for autonomous, perfectly secret low-bit-rate voice communication is based on the following key innovations:

• Artificially Synthesized Speech as a Common Randomness Source
  • Unlike natural speech, synthesized speech allows precise control over its randomness properties.
  • The proposed system uses LSP parameters of a MELPe-like synthesizer to generate shared randomness between Alice and Bob.
  • This approach eliminates the need for external entropy sources such as radio channels or biometrics.
• Independent True Randomness for Enhanced Security
  • The LSP parameters are randomly selected, ensuring unpredictability.
  • An independent source of true randomness (e.g., from a cryptographic random number generator) ensures entropy is sufficient for perfect secrecy.
• SKD Over a Public Authenticated Channel
  • A real-time SKD protocol is executed over an authenticated but public channel, allowing Alice and Bob to extract a mutually secret key from their synthesized speech signals.
  • The key rate achieved significantly exceeds the 1.2 kb/s or 2.4 kb/s needed for MELPe encryption, ensuring continuous perfect secrecy.
• No Prior Key Distribution or TTP
  • The system operates autonomously without requiring prior key exchange.
  • Unlike Quantum Key Distribution (QKD) or traditional key management systems, no external infrastructure is needed.
• Real-Time Suitability for Low-Bit-Rate Voice Encryption
  • The key generation rate is synchronized with the encryption rate of MELPe vocoders, allowing seamless one-time-pad encryption.
  • vPCP-V was used for empirical verification, demonstrating an achievable secret key rate of up to 8.8 kb/s and a BER of order ${10}^{-3}$ for various communications channels, including GSM 3G and GSM VoLTE networks.

Considering all of this, the proposed system meets all the fundamental security and functional requirements that a protected system must meet.

1.3. Contributions of This Work

• A novel autonomous key generation method based on synthesized speech.
• A low-bit-rate perfectly secret communication system combining MELPe, Vernam cipher, and real-time SKD.
• Experimental validation of the proposed system, demonstrating its feasibility and security.
• A discussion on the implementation challenges and scalability of the system in real-world applications.

1.4. Paper Organization

The paper is organized as follows. Section 2 presents the architecture of the proposed system. Section 3 presents an analysis of identified sources of common randomness. Section 4 describes the LSP-based linear prediction (LP) synthesizer. In Section 5, an information-theoretic analysis of the source of common randomness based on randomly selected LSP parameters is provided. Section 6 presents the new privacy amplification strategy based on the so-called Huffman–Renyi difference, which is suitable for application in APS-VCS. The experimental evaluation of the proposed system executed on the Vlatacom Personal Crypto Platform for Voice encryption is provided in Section 7, while Section 8 provides the conclusion.

2. System Architecture

A generic secret low-bit-rate speech communication system is shown in Figure 1. According to the classification provided in [22], it belongs to the category of secure voice communication using modem-based cryptographic techniques. A key aspect of the information-theoretic approach to verifying the security level of a system is the amount of information an eavesdropper can obtain about the messages based on ciphertext observations. It is well known [1] that if $C_K$ is generated using any cryptographic algorithm with a finite secret key $K$, its equivocation from the attacker’s perspective, $H\left(K\right|Y)$, rapidly converges to zero after a sufficiently long ciphertext observation. Practically, this means that such a system is not information-theoretically secure, and its security depends on the computational power of the adversary. Once the amount of observed ciphertext satisfies the condition $H\left(K\right|Y)=0$, the key $K$ has a unique solution, meaning that, in cryptanalytic terms, the system is broken. However, if $C_K$ is a purely random sequence independent of the messages $X$, it can be shown that the mutual information $I(Y;X)=0$. This implies that the attacker cannot retrieve the messages regardless of their computational resources, making the system perfectly secret.

We selected a standard low-bit-rate vocoder MELPe with a speed of 1.2 kb/s [5,18]. Note that the MELPe vocoder can be replaced by any other standard vocoder with similar performance. The input speech signal $S$ is sampled at 8 kHz, discretized with 16 bits per sample, and divided into frames lasting 67.5 ms (540 samples). In the MELPe analyzer, 81 bits are generated for each input frame, of which 80 bits code 10 LSP parameters of the LP speech production model, while the 81st bit is the synchronization bit. This bit stream is encrypted by adding modulo 2 with the binary pseudorandom sequence $C_K$ generated by key stream generator KSG(K) with secret key K, which must be shared between legitimate parties before the start of communication. The ciphertext $Y$ is transmitted over the main channel after appropriate modulation. On the receiving side, after demodulation, decryption is performed. Decryption is done by adding modulo 2 with a synchronously generated binary sequence $C_K$ on the receiving side. As a result, identical LSP parameters are obtained, which produce the reconstructed speech signal $\widehat{S}$ in the MELPe synthesizer block. With $CR$($S, \widehat{S}$), we denoted our first candidate for the source of common randomness, formed from the input speech signal $S$ on the transmitter side and the speech signal $\widehat{S}$ synthesized on the receiver side; see Figure 1.

Figure 2 shows an extension of the generic scheme from Figure 1 with local MELPe synthesis on the transmitter side. $CR({\widehat{S}}_l, \widehat{S})$ is denoted as our second candidate for the source of common randomness, formed from the locally synthesized speech signal ${\widehat{S}}_l$ on the transmitter side and the speech signal $\widehat{S}$ synthesized on the receiver side. If there are no transmission errors, the synthesis filters on the receiving and transmitting sides are equal, and the differences in the synthesized signals come from different local sources of randomness, which are used to form the complex excitation of the MELPe vocoder synthesizer.

As is known [9], during the execution of the SKD protocol, in the advantage distillation (AD) and information reconciliation (IR) phases, the information exchanged between Alice and Bob over the public channel is available to Eve. For example, if the bit parity (BP) protocol [31] is used in the AD phase, the number of parity bits of Alice’s sequence that are available to Eve is provided by following Lemma.

Lemma 1. 

Let the initial strings $X$ and $Y$, owned by Alice and Bob at the beginning of the SKD protocol, be binary iid random sequences of length $N$ at Hamming distance $\epsilon$, $\epsilon \in \left[0, 0.5\right]$. Then, the expected number of parity bits that Alice exchanges with Bob over the public channel is provided by

$$N_{ADparity}=⌊{\displaystyle \frac{N}{2}}⌋+{\sum }_{i=1}^{s-1}⌊{\displaystyle \frac{N}{2^{i+1}}}·{\displaystyle \frac{{\epsilon }^{2^i}+{\left(1-\epsilon \right)}^{2^i}}{\prod _{j=0}^{i-1}\left({\epsilon }^{2^j}+{\left(1-\epsilon \right)}^{2^j}\right)}}⌋,$$

(1)

where $s$ is the number of iterations of the BP algorithm.

Proof. 

The proof follows directly from the fact that the total amount of parity bits exchanged in the BP algorithm is equal to the sum of exchanges for each iteration. On the other hand, for each iteration, this value is equal to half the length of the sequences at the beginning of the iteration. This length is also equal to the length of the sequences at the end of the previous iteration. In [32], Theorem 2.2.3, p. 17, an expression for the compression rate of the BP algorithm in each iteration is provided. Based on this formula, we obtain the length of the sequences after $i$ iterations i.e., ${\displaystyle \frac{N}{2^{i+1}}}·{\displaystyle \frac{{\epsilon }^{2^i}+{\left(1-\epsilon \right)}^{2^i}}{\prod _{j=0}^{i-1}\left({\epsilon }^{2^j}+{\left(1-\epsilon \right)}^{2^j}\right)}}$. Summarizing these values over all iterations, we obtain statement (1). Note that the smallest integer operator $⌊·⌋$ is applied due to the very nature of parity checking of 2-bit blocks. This completes the proof of the Lemma. □

The number of bits of significance for an eavesdropper may be slightly less than $N_{ADparity}$ since some parity equations may be linearly dependent. However, as the $⌊{\displaystyle \frac{N}{2}}⌋$ parity bit in the first iteration of the BP algorithm is mutually linearly independent, it always holds

$$N_{ADparity}\ge ⌊{\displaystyle \frac{N}{2}}⌋.$$

(2)

This means that the uncertainty of the speech signal at the input to the system is at least halved, as viewed from the eavesdropper’s side. In Figure 3, an example of the dependence of $N_{ADparity}$ as a function of $\epsilon$ is shown for $N=8640$ and $s=\mathrm{1,\; 2}, \mathrm{3,\; 4}, 5.$

Remark 1. 

Since our goal is a perfectly secret system, we can conclude that the first two candidate sources of common randomness cannot be used during protected communication, but only in the open operating mode, which, as a rule, precedes the protected one. Namely, in the typical use of such systems, legitimate parties establish a communication link through usual open communication. After checking the connection quality and mutual consent of the parties, the switch is made to encrypted communication. Practice shows that this part of open communication lasts 2 to 10 s. As the communication is open, the leakage of information about open speech $S$ to the eavesdropper does not play any role; that is, previously identified sources of common randomness can be used for the safe distillation of secret keys.

Following the previous logic, a good source of common randomness could be $CR({\widehat{S}}_{lA}, {\widehat{S}}_{lB})$. Signals ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$ were obtained using local LP syntheses with the same LSP parameters about which Eve has no information. Let us imagine two First In First Out (FIFO) buffers of identical secret random content on Alice’s and Bob’s side; see Figure 3. If we interpret this content as a set of randomly selected LSP parameters about which Eve has no information, by synchronized reading, both sides can synthesize the required signals ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$. In that case, Alice and Bob can use the SKD protocol over the source $CR({\widehat{S}}_{lA}, {\widehat{S}}_{lB})$ to distill secret keys without Eve receiving a single bit of information from the public channel about the input speech signal S. Namely,

$$I\left(S, {\widehat{S}}_{lA}\right)=0,I\left(S,{\widehat{S}}_{lB}\right)=0,$$

(3)

having in mind the way the ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$ signals were generated. The FIFO buffer is continuously replenished with just-distilled secret keys, while the secret key sequence $C$ is synchronously read on the receiving and transmitting side. By summarizing modulo 2 with the output sequence of the MELPe analyzer $X$,

$$Y=X\oplus C,$$

(4)

we form a perfectly secret Vernam cipher. A necessary condition for maintaining the system in continuous perfect secrecy is that the filling speed of the FIFO memories on the transmitting and receiving side must not be less than the reading speed, i.e.,

$$R_K\ge R_C+R_E.$$

(5)

In (5), $R_K$ is the secret key distillation rate, $R_C$ is the Vernam cipher secret key consumption rate, and $R_E$ is the consumption rate of the LP synthesizer. Note that $R_C$ must be equal to the output sequence rate of the MELPe vocoder in the main channel

$$R_C=R_{MELPe}.$$

(6)

Figure 4 shows the generic scheme of this APS-VCS concept.

3. Identification and Analysis of Possible Sources of Common Randomness

The previous analysis shows that in the open speech phase, two sources of common randomness, $CR(S, \widehat{S})$ and $CR({\widehat{S}}_l, \widehat{S})$, are available. In order to evaluate which of these sources is more suitable, we conducted an experimental evaluation in real conditions of communication with the vPCP-V system (see Figure 5) and Vlatacom True Random Number Generator (vTRNG) [19,33]; see Figure 6.

For experimental evaluation, we formed a test set consisting of 24 speech signals with speakers reading the provided text. In 14 cases, the text was unique, while in the remaining 10 cases, the speakers recorded the repeated text. The signals have durations between 32 s and 59 s, are sampled at a frequency of 8 kHz, and are discretized with 16 bits per sample.

Figure 7 shows the cross-correlation function between the original input speech signal S and the synthesized received signal $\widehat{S}$ for sample No. 1 from the test set. Figure 8 shows the corresponding cross-correlation function between the locally synthesized speech signal ${\widehat{S}}_l$ and the synthesized received signal $\widehat{S}$ for the same speech sample. From the examples shown, it is clear that the correlation of the common randomness source $CR({\widehat{S}}_l, \widehat{S})$ is, by an order of magnitude, higher than the $CR(S, \widehat{S})$ source.

This fact was confirmed across the entire test sample. Figure 9 shows the logarithm ratio ${\displaystyle \frac{CrossCorr\left({\widehat{S}}_l, \widehat{S}\right)}{CrossCorr\left(S, \widehat{S}\right)}}$ for all 24 test samples of speech signals. Only in the case of test sample No. 3 is this ratio less than 1. This indicates that the cross-correlation $CrossCorr\left({\widehat{S}}_l, \widehat{S}\right)$ is almost always significantly higher than the cross-correlation $CrossCorr\left(S, \widehat{S}\right)$. Therefore, we have decided to use the source $CR({\widehat{S}}_l, \widehat{S})$ for the execution of the SKD protocol in the open phase of communication of the APS-VCS system.

4. LSP-Based LP Synthesizer

In the open communication phase, the analyzer and synthesizer of the built-in MELPe vocoder are used to form the $CR({\widehat{S}}_l, \widehat{S})$ source and distill the secret keys used to initially fill the FIFO memories. For the purposes of protected communication, it is necessary to form a $CR({\widehat{S}}_{lA},{\widehat{S}}_{lB})$ source based on the LP synthesizer, which can be much simpler than the MELPe synthesizer. Namely, the complexity of the MELPe synthesizer originates from the complex process of forming the excitation signal in order to meet the demanding criteria of intelligibility and naturalness of the synthesized speech. This requirement has no significance in the formation of synthesized signals ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$. Therefore, the excitation is greatly simplified and consists of a periodic train of unit pulses, with possibly controlled jittering and the addition of locally generated purely random noise. For this purpose, in the system experimental evaluation, we used vTRNG based on a natural process entropy source with a built-in randomness checking system; see Figure 6. Figure 10 and Figure 11 show a generic scheme generator of locally synthesized signals based on random LSP parameters, periodic pulse input, and additive noise at the input and the output to the LP synthesizer filter, respectively.

The LP synthesis filter is provided by the transfer function

$$H\left(z\right)={\displaystyle \frac{1}{A\left(z\right)}}={\displaystyle \frac{1}{1-\sum _{i=1}^p{a}_i{z}^{-i}}},$$

(7)

where $p$ is the order of the LP filter

$$A\left(z\right)=1-\sum _{i=1}^p{a}_i{z}^{-i}.$$

(8)

If the LP filter is of the minimum phase, i.e., if all its zeros are inside the unit circle in the Z plane, the LP synthesis filter $H\left(z\right)$ is stable.

The coefficients of the LP filter $\left\{a_i\right\}$ are obtained based on the loaded set of LSP parameters from the FIFO memory

$$\left\{{\phi }_1,{\theta }_1,{\phi }_2,{\theta }_2,\dots ,{\phi }_{{\displaystyle \frac{p}{2}}},{\theta }_{{\displaystyle \frac{p}{2}}}\right\}$$

(9)

subject to restriction

$$0<{\phi }_1<{\theta }_1<{\phi }_2,<{\theta }_2,\dots ,{\phi }_{{\displaystyle \frac{p}{2}}}<{\theta }_{{\displaystyle \frac{p}{2}}}<\mathsf{\pi }.$$

(10)

As is known [20], the LP filter $A\left(z\right)$ can be decomposed in the form

$$A\left(z\right)={\displaystyle \frac{1}{2}}\left[P\left(z\right)+Q\left(z\right)\right]$$

(11)

where $P\left(z\right)$ and $Q\left(z\right)$ are the so-called even and odd polynomials defined by LS frequencies (10)

$$P\left(z\right)=\left(1+z^{-1}\right)\prod _{i=1}^{{\displaystyle \frac{p}{2}}}\left(1-e^{-j{\phi }_i}{z}^{-1}\right)\left(1-e^{j{\phi }_i}{z}^{-1}\right)$$

(12)

$$Q\left(z\right)=\left(1-z^{-1}\right)\prod _{i=1}^{{\displaystyle \frac{p}{2}}}\left(1-e^{-j{\theta }_i}{z}^{-1}\right)\left(1-e^{j{\theta }_i}{z}^{-1}\right).$$

(13)

If we know the LSP parameters (from (9)) by replacing (12) and (13) in (11), and then in (7), we obtain the LP synthesis filter $H\left(z\right)$. This allows for the synthesis of the signals ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$, used in the SKD protocol in the protected phase of system operation.

Remark 2. 

If and only if the condition (10) is strictly satisfied, i.e., if all zeros of the polynomials $P\left(z\right)$ and $Q\left(z\right)$ alternate in the range $\left(0, \pi \right)$, it can be shown that the LP filter $A\left(z\right)$ generated in this way is of minimum phase [34,35]. Therefore, if we randomly select p LSPs from the range$\left(0, \pi \right)$ and sort them in ascending order, then conduct the above procedure to form the polynomials $P\left(z\right)$, $Q\left(z\right)$, and $A\left(z\right)$, the resulting LP synthesis filter $H\left(z\right)$ will be stable.

5. Information-Theoretic Analysis of the Source of Common Randomness Based on Randomly Selected LSP Parameters

If the proposed system provides negligible leakage of distilled secret keys to Eve (see Figure 4 and Figure 12), then there is simultaneously negligible leakage of Vernam cipher secret keys in the main channel, i.e., the system is able to maintain perfect secrecy.

To justify this claim, an appropriate information-theoretic analysis should answer the following two questions:

• What is the entropy of the signal ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$ at the output of the LP synthesizer, and what is its structure?

Namely, the uncertainty of these signals originates from the uncertainty of the applied LSP coefficients, as well as additive purely random locally generated noise, regardless of whether it is located at the input or output of the synthesizer. Due to the closed loop that includes the LP synthesizer, SKD block, secret key FIFO buffer, and the LP synthesizer, if the local source of pure randomness had a negligible contribution to the entropy of the LP synthesizer output, the effective Key rate of generated secret keys for Vernam cipher would, over time, trend toward zero. Formally, it is valid

$${\widehat{S}}_{lA}=h_{LSP}\ast \delta +\xi ,$$

(14)

where $h_{LSP}$ is the impulse response of the LP synthesis filter $H\left(z\right)$, $\delta$ is periodic pulse input, $\xi$ is additive pure random noise, and $\ast$ is the convolutional operator. Based on classical results [36,37], since

$$\underset{z\to \mathrm{\infty }}{\lim }H\left(z\right)=1,$$

(15)

it follows that the synthesis filter $H\left(z\right)$ preserves the input entropy, i.e., that it holds

$$H\left({\widehat{S}}_{lA}\right)=H\left(h_{LSP},\delta \right)+H\left(\xi \right),$$

(16)

regardless of whether there is additive noise at the input or output of the filter $H\left(z\right)$. Further,

$$H\left({\widehat{S}}_{lA}\right)=H\left(h_{LSP},\delta \right)+H\left(\xi \right)=H\left(LSP\right)+H\left(\xi \right)$$

(17)

since there is a 1–1 correspondence between the LSP and the $\left\{a_i\right\}$ parameters of the filter $H\left(z\right)$ [34].

Remark 3. 

Considering (17), it is clear that $H\left(\xi \right)$ must be significantly dominant with respect to H(LSP) for ${\widehat{S}}_{lA}$ to maintain a sufficient level of “innovation” entropy necessary for the distillation of perfectly secret keys for the Vernam cipher in the main channel.

The total entropy of synthesized signals (17) can be expressed as a function of Signal-to-Noise Ratio (SNR).

Lemma 2. 

Let Signal-to-Noise Ratio (SNR) be provided in dB. Then, the noise entropy $H\left(\xi \right)$ per one sample of the signal is equal to

$$H\left(\xi \right)=\log (2·A_{\xi })+\left[\log (A_{\xi }·2^{n+1})\right]$$

(18)

$$A_{\xi }={\left(3·{‖h_{LSP}‖}^2{·10}^{-{\displaystyle \frac{SNR}{10}}}\right)}^{{\displaystyle \frac{1}{2}}}$$

(19)

where n is the number of bits used to encode signal samples, $\xi$ is the noise in the interval $\left[-A_{\xi },A_{\xi }\right]$, $h_{LSP}$ is the impulse response of the LP synthesis filter, and $‖·‖$ has the meaning of the Euclidean norm operator.

Proof. 

Based on Theorem 8.3.1 [38], the entropy of a continuous Riemann integrable random variable $X$, of probability density $f\left(x\right)$, quantized with n bits is

$$H\left(X\right)=-\int f\left(x\right)·\log x \mathrm{d}x+n.$$

(20)

Let us first prove (18). Let the noise $\xi$ be uniformly distributed in the interval $\left[-A_{\xi }, A_{\xi }\right]$. Then the first term in (20) is equal to

$$-{\int }_{-A_{\xi }}^{A_{\xi }}{\displaystyle \frac{1}{2A_{\xi }}}·\log {\displaystyle \frac{1}{2A_{\xi }}}\mathrm{d}x=\log 2A_{\xi }$$

(21)

while the second term is equal to the number of bits encoding the noise signal in the range $\left[-A_{\xi }, A_{\xi }\right]$. Since it is equal to the number of occupied quantization levels, we obtain

$$⌊\log {\displaystyle \frac{2A_{\xi }}{2^{-n}}}⌋=⌊\log (A_{\xi }·2^{n+1})⌋.$$

(22)

We have thus proved the correctness of statement (18). To prove statement (19), it is sufficient to directly follow the definition of SNR [dB], namely

$$SNR=10·{\log }_{10}{\displaystyle \frac{E_{h_{SLP}}}{E_{\xi }}}=10·{\log }_{10}{\displaystyle \frac{3·{‖h_{LSP}‖}^2}{{A_{\xi }}^2}}$$

(23)

since

$$E_{\xi }=Var\left(\xi \right)={\displaystyle \frac{{A_{\xi }}^2}{3}}.$$

(24)

From (23), solving for $A_{\xi }$, we obtain (19), which completes the proof. □

The $\log$ notation specifically refers to ${\mathrm{l}\mathrm{o}\mathrm{g}}_2$, unless explicitly stated otherwise.

Remark 4. 

Based on Lemma 2, it follows that with the appropriate choice of SNR, we can control the size of the innovative entropy $H\left(\xi \right)$ and its dominance in relation to $H\left(LSP\right)$. Note that $H\left(LSP\right)$ is a fixed quantity equal to the number of bits used to encode the LSP parameters. In the case of the MELPe vocoder, its corresponding rate $R_{MELPe}$ (6) is equal to 1.2 kb/s.

• Is there an Eve strategy that provides her additional information about the generated keys compared to the classical sources of common randomness (CR)?

In systems with the application of the SKD protocol over classic CR sources, the basic quality criterion of the system is the amount of information $I\left(K_i,e_i\right)$ that Eve can obtain about the generated secret keys following the communication over the public channel. Formally,

$$I\left(K_i,e_i\right), e_i={\widehat{w}}_i, K_i=G\left(w_i\right)$$

(25)

where $w_i$ is a random n-bit string with uniform distribution over ${\left\{\mathrm{0,1}\right\}}^n$ at the output of the optimal Huffman encoder [39], $e_i$ is a particular value of optimal Eve’s estimate of $w_i$, while $K_i=G\left(w_i\right)$ is a distilled secret key. The $G$ is chosen at random from a universal class of hash functions from ${\left\{\mathrm{0,1}\right\}}^n$ to ${\left\{\mathrm{0,1}\right\}}^{\left|K_i\right|}$ [40]. According to well-known results from [41], specifically Corollary 4, Eve’s information about $K_i$ for specific $e_i$ and $G$ decreases exponentially in the excess compression $c-\left|K_i\right|$

$$I\left(K_i;G,e_i\right)=H\left(K_i\right)-H(K_i^{\mathrm{\ast }}|G,e_i)\le {\displaystyle \frac{2^{-(c-\left|K_i\right|)}}{\ln 2}},$$

(26)

where $c$ is the lower bound of Eve’s conditional Renyi entropy of order two (so-called collision entropy) about $w_i$, i.e.,

$$R\left(w_i|e_i\right)\ge c.$$

(27)

However, since, in the APS-VCS system, ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$ depend on previously distilled secret keys, it is necessary to examine whether Eve’s information $I\left(K_{i-1},e_i\right)$ about the $K_{i-1}$ is also negligibly small. According to (26), it holds

$$I\left(K_i^{\mathrm{\ast }};G,e_i,K_{i-1}\right)=H(K_i^{\mathrm{\ast }})-H(K_i^{\mathrm{\ast }}|G,e_i,K_{i-1})\le {\displaystyle \frac{2^{-(R^{\mathrm{\ast }}\left(w_i|e_i,K_{i-1}\right)-\left|K_i^{\mathrm{\ast }}\right|)}}{\ln 2}}\le {\displaystyle \frac{2^{-(c^{\mathrm{\ast }}-\left|K_i^{\mathrm{\ast }}\right|)}}{\ln 2}},$$

(28)

where $c^{\ast }$ is the lower bound of Eve’s conditional Renyi entropy of order two about $w_i$, i.e.,

$$R^{\mathrm{\ast }}\left(w_i|e_i,K_{i-1}\right)\ge c^{\mathrm{\ast }}.$$

(29)

Note that, in (28), by $K_i^{\ast }$, we denote the distilled secret keys, when Eve possesses some information about $K_{i-1}$. Since this fact will affect her optimal strategy, and thus the length of the distilled keys, in the general case $\left|K_i^{\ast }\right|\ne \left|K_i\right|$.

The optimal PA strategy must, therefore, rely on Eve’s conditional Renyi entropy, which is

$$\mathrm{m}\mathrm{i}\mathrm{n}\left\{R\left(w_i|e_i\right),R^{\mathrm{\ast }}\left(w_i|e_i,K_{i-1}\right)\right\},$$

(30)

or in terms of their minimal values

$$\mathrm{m}\mathrm{i}\mathrm{n}\left\{c,c^{\mathrm{\ast }}\right\}.$$

(31)

Remark 5. 

If the conditional Renyi entropies $R\left(w_i|e_i\right)$ and $R^{\ast }\left(w_i|e_i,K_{i-1}\right)$ were identical or slightly different $(c\approx c^{\ast })$, this would mean that Eve’s information about the key $K_{i-1}$ does not affect her information about the distilled key $K_i$, and that, according to (28) and (29), this information decreases exponentially in the excess compression $c^{\ast }-\left|K_i^{\ast }\right|$ ≈ $c-\left|K_i\right|$.

Whether this is true or not for APS-VCS, we have tested empirically, estimating these two distributions in an experiment with 1000 locally synthesized signals ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$ of length 540 samples encoded with 16 bits. The SKD protocol consists of the BP algorithm for the AD phase, the Winnow algorithm for the IR phase followed by the optimal Huffman encoder and Universal hashing; see Figure 12. The selection and optimization of algorithms and parameters for the SKD protocol are thoroughly discussed in the works [14,42]. In this paper, we use parameters from those works that resulted in the highest key rate with minimal information leakage. Specifically, we use the AD algorithm for two iterations, after which the error becomes sufficiently small to be corrected by the Winnow algorithm. For the IR phase, we have chosen the 8-bit Winnow algorithm, which has been shown in [31] to be optimal in terms of minimizing the information that an eavesdropper can gain during the IR phase. For the universal class of hash functions, a binary matrix with a Toeplitz structure is used since its complexity is $O(n·logn)$.

Figure 13 shows the distributions of conditional Renyi entropies $R\left(w_i|e_i\right)$ and $R^{\mathrm{\ast }}\left(w_i|e_i,K_{i-1}\right)$, and

Table 1. Mean values and standard deviations of corresponding Renyi entropies from Figure 13.

Renyi Entropy	Mean ± Std
$R^{\mathrm{\ast }}\left(w_i|e_i,K_{i-1}\right)$	1244.01 ± 97.84
$R\left(w_i|e_i\right)$	1246.66 ± 101.49

shows their means and variances. We can conclude that the distributions are almost identical and that extremely small differences originate from the inherent properties of random experiments on finite samples.

Remark 6. 

The presented theoretical analysis and experimental verification make it possible to conclude that the proposed APS-VCS system is resistant to attacks on the contents of the FIFO memories. This property logically follows from the properties of PA based on universal hash functions, as well as a sufficient amount of innovative entropy that refreshes the information content of the synthesized signals ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$. Therefore, the answer to the question of whether there is an Eve strategy that provides it an advantage over SKD systems based on classical CR sources is negative.

6. The New Privacy Amplification Strategy Based on So-Called Huffman–Renyi Difference

As is known, refs. [14,15,42], in order to efficiently utilize a particular CR source, it is necessary to adaptively determine the degree of compression of the PA block. In this way, the speed of generated secret keys is adjusted to the side information available to Eve. Complex machine-learning systems developed for these purposes can be replaced by simpler yet still very effective procedures for certain classes of CR sources. Figure 14 shows a histogram of the difference

$$D_{HR}=\left|w_i\right|-R\left(w_i|e_i\right)$$

(32)

between the length of the sequence $\left|w_i\right|$ at the output of the Huffman encoder and the conditional Renyi entropy $R\left(w_i|e_i\right)$ of that same sequence observed by Eve for synthesized signals with SNR = 39.9 dB. We will call the quantity $D_{HR}$ the Huffman–Renyi difference. We notice that the mean value is very close to 0, more precisely 1.84 bits, and that there is a negligible number of samples outside the range of $3\sigma =9.02$ bits. Based on (32), we can derive a simple estimator

$$\widehat{R}\left(w_i|e_i\right)=\left|w_i\right|-{\widehat{D}}_{HR}.$$

(33)

From (33), we see that with a quality estimate for ${\widehat{D}}_{HR}$ and knowing $\left|w_i\right|$, we can also obtain a quality estimate for $R\left(w_i|e_i\right)$. If we set ${\widehat{D}}_{HR}$ equal to the mean value of ${\overline{D}}_{HR}$, then with high probability

$$\widehat{R}\left(w_i|e_i\right)\ge \left|w_i\right|-{\overline{D}}_{HR}-3·{\widehat{\sigma }}_{D_{HR}}.$$

(34)

Bearing in mind that the degree of compression of the PA block is equal to $\widehat{R}\left(w_i|e_i\right)-\left|K_i\right|$, we arrive at three possible PA strategies:

$$\left|K_i\right|=\left|w_i\right|-{\overline{D}}_{HR},\hspace{1em}“\mathrm{mean}”$$

(35)

$$\left|K_i\right|=\left|w_i\right|-{\overline{D}}_{HR}-3·{\widehat{\sigma }}_{D_{HR}} “3\sigma ”$$

(36)

$$\left|K_i\right|=\left|w_i\right|-{\overline{D}}_{HR}-3·{\widehat{\sigma }}_{D_{HR}}-s “3\sigma +s”$$

(37)

The strategies are ordered according to the increasing degree of compression. Strategy (37) allows the security margin $s$ to be chosen by the predefined value of the leakage rate.

7. Experimental Evaluation

In the first step of the synthesis of the APS-VCS system, it is necessary to choose operational values for the main system parameters, such as the secret key rate, SNR of synthesized signals, innovation entropy rate, and security margin. Figure 15 shows the interdependencies of the operating ranges of these quantities, obtained on a real APS-VCS system, by averaging 100 values for each SNR value in the range from 10 to 50 dB. A distillation of secret keys was performed using three different PA strategies: mean (blue line),$3\sigma$(orange line), and $3\sigma +s$,$s=20$ (green line). If the PA strategy $3\sigma +s$ is taken as a reference, and KR is at least 2.4 kb/s, it is obtained for an SNR [dB] working range [29.4, 47.5], innovative entropy [kb/s] [65, 88], KR = 2.5 kb/s, and security margin [b] [70, 460]. The order of selection is as follows; see Figure 15:

• The desired KR is selected. Recall that it must satisfy constraints (5) and (6).
• The security margin $s$ is chosen in accordance with the requirements of the overall security of the system. Taking into account (26) and (28), with increasing $s$, the degree of compression in the PA block increases, and thus, the information Eve can obtain about the generated keys decreases exponentially.
• The choice of security margin $s$ uniquely determines the SNR.
• The obtained value for SNR uniquely determines the innovative entropy.

Remark 7. 

Since for each pre-fixed KR, the security margin can be in a wide range, the system designer has great freedom to easily choose the parameters of the synthesizer that will simultaneously satisfy the requirements for the rate of generating secret keys, their maximum entropy, non-repeatability, and negligible information leakage to Eve. All these elements confirm the basic requirements that must be fulfilled by the secret keys of the Vernam cipher in order to maintain its perfect secrecy.

Figure 16 shows the functional description of the operation of the APS-VCS system. The subsystem for generating secret keys starts working after the end of the open communication phase. A necessary condition for the functioning of this subblock is the initial successful filling of the FIFO memories on the side of Alice and Bob with distilled secret keys of at least 160 bits. The first 80 bits will be used as a secret key to encrypt the LSP of the first block of the input speech signal, while the next 80 bits will be used for the LP synthesizer in the SKD block. Algorithm 1 provides a detailed explanation of the process of transforming the binary sequence into LSP parameters, while Algorithm 2 offers a detailed explanation of the transformation of LSP parameters into LP synthesis filter H(z) parameters.

Table 2. Results of SKD protocol performed over the 24 speakers in the first open stage of communication, measured on vPCP-V system.

Performance Measures	Mean Value
KR [kb/s]	12.88
KR [%]	9.98
KAR [%]	51.93
Mean number of parity bits [per block]	6175
Max number of parity bits [per block]	7063
LR [b/b]	0.0012

shows the result of the experimental evaluation of distilled secret keys based on source $CR({\widehat{S}}_l$, $\widehat{S})$ during the open phase of communication. Since the average value of KR = 12.88 kb/s, just 1 s of open communication on average fills the FIFO memories with the entire 12.88 kb, which far exceeds the required 160 bits. Note that the Key Acceptance Rate (KAR) does not have to have a maximum value of 100%, which is an important indicator of the efficiency of the SKD protocol in usual applications [11]. The measured value of the exchanged bits on the public channel (average—6175 bits, max—7063 bis) per block of 8640 bits shows a significant information leakage about the input speech, which is not a security treat because it is not encrypted at this stage. The leakage rate of secret keys used to fill the initial content of the FIFO memories is only 0.0012 b/b. This value can be reduced at the request of the designer by introducing an additional security margin, which can be of the order of several hundred bits; see Figure 15.

After the phase of open communication and successful filling of the FIFO memories with the initial content, the system transitions to secure communication. Simultaneously, synthesis and public channel communication are performed. Secret keys distillation based on source $CR({\widehat{S}}_{lA}$,${\widehat{S}}_{lB})$ is now occurring. In

Table 3. Results of SKD protocol performed over the 1000 blocks in the secure stage of communication, measured on vPCP-V system.

LSP-Based Artificial Synthesizer
SNR [dB]	50	39.90	29.80	19.70	10
KR [kb/s]	9.96 ± 1.54	6.44 ± 1.35	3.04 ± 1.06	0.53 ± 0.47	0.08 ± 0.08
KR [%]	7.78	5.03	2.38	0.42	0.05
KAR [%]	100	100	100	75	7
LR [b/b]	0.0011	0.0015	0.0042	0.0399	0.0191

, the results of this SKD protocol performed over the 1000 blocks and measured on the vPCP-V system are shown. Since the graphical presentation of these results is provided in Figure 15, Table 3 shows numerical results only for five characteristic SNRs, in the range from 10 to 50 dB. It is noted that in the already mentioned operating range [29.4, 47.5], KAR does not fall below 100%, while LR is in the order of 0.0011–0.0042 b/b. The presented results show that the SKD over the source $CR({\widehat{S}}_{lA}$,${\widehat{S}}_{lB})$ with large security margins ensures stable refreshment of the FIFO memories with newly generated secret keys, which are then used as secret keys of the Vernam cipher in the main channel.

As observed in Figure 15, with an increase in the SNR of the synthesizer, the KR increases regardless of the applied PA strategy. This behavior can be easily explained based on the model (14) of synthesized signals, according to which the mutual correlation between ${\widehat{S}}_{lA}$ and ${\widehat{S}}_{lB}$ increases with increasing SNR; that is, with the decreasing influence of local noise $\xi$ relative to the deterministic component $h_{LSP} \mathrm{\ast } \delta$. The decrease in innovation entropy with increasing SNR follows the same mechanism: as SNR increases, the proportion of noise $\xi$ in the total synthesized signal decreases, and, consequently, the corresponding innovation entropy declines.

The increase in security margin $s$ with rising SNR is directly related to its definition as the difference $c-\left|K_i\right|$, where $c$ represents the lower bound of Eve’s conditional Rényi entropy of order two, and $\left|K_i\right|$ is the actual length of the distilled secret key; see (26). Since $c$ directly determines the maximum KR of the specific system (a higher $c$ leads to a higher maximum distilled KR), it is clear that the variation of the security margin will follow the same dependency with changes in SNR, as also observed in Figure 15.

Therefore, we can conclude that the experimental evaluation confirms an excellent agreement with the theoretically expected results, both in terms of the key rate and the changes in innovation entropy and security margin with respect to the SNR of the model (14).

The presented order of selecting key system parameters KR, SNR, and $s$ can also be interpreted in the following way. The operating point B in Figure 15 is obtained at the intersection of the KR dependence on SNR and the desired value of KR. This point determines the lower bound for SNR. Point A in Figure 15 is obtained by determining the maximum allowable SNR based on the minimum permitted innovation entropy. The allowable SNR variation interval directly dictates the range of possible values for KR, innovative entropy, and security margin $s$.

Remark 8. 

Since SKD over the source $CR({\widehat{S}}_{lA}$, ${\widehat{S}}_{lB}$) is performed independently of the system operation on the main channel, its parameters, such as sampling rate and resolution of synthesized signals, can be almost arbitrarily different, allowing for secret key generation rates in a much wider range of values. The only limiting factor of the secret key distillation rate is the communication capacity of the public channel. Therefore, the proposed APS-VCS system can operate reliably at other standard vocoder rates (2.4 kb/s, 4.8 kb/s) with the appropriate public channel bandwidth.

The price paid for the perfect secrecy of the APS-VCS system is the establishment and maintenance of a public channel during secure conversation. However, the main and public channels operate in an asynchronous mode, which significantly simplifies practical implementation. The only condition that must be met is to maintain the constant FIFO memory read rate of 1.2 kb/s for the Vernam cipher.

Algorithm 1 Binary sequence (${\mathrm{F}\mathrm{I}\mathrm{F}\mathrm{O}}_{out\_2}$) to LSP parameters transformation

Input: Binary sequence Output: LSP parameters

1:   Read random sequence $E_k$ from FIFO, $\left|E_k\right|=L$ 2:   Divide $E_k$ in $p$ subsequences, i.e., $E_k=[E_{k1},E_{k2},...E_{kp}]$, ${|E}_{ki}|=⌊{\displaystyle \frac{L}{p}}⌋, i=1,...p$ 3:   Transform each $E_{ki}$ to ${LSP}_i$ by rescaling $E_{ki}$ decimal value with factor ${\displaystyle \frac{\pi }{2^{⌊\frac{L}{p}⌋}-1}}$ 4:   Sort obtained $LSP$ parameters according to (10)

Algorithm 2 Transformation of LSP parameters to LP synthesis filter H(z) parameters

Input: LSP parameters Output: H(z) parameters

1:   Calculate P(z) according to (12) 2:   Calculate Q(z) according to (13) 3:   Calculate the LP filter according to (11) 4:   Calculate the LP synthesis filter according to (7)

Table 4. BER for different audio channels with and without ECC.

Audio Channel	BER Without FEC	BER with FEC
GSM 3G	1.20·10−3	1.02·10−3
GSM VoLTE	1.50·10−3	1.20·10−3
WhatsApp	5.50·10−3	4.70·10−3
Google meet	7.90·10−3	3.40·10−3

shows the bit-error rate results for four typical communication channels, with and without the use of error-correcting code (ECC). For the ECC, Golay(12,24) is used, which is specifically designed to protect the 15% most sensitive bits of the binary representation of LSP parameters that are subject to encryption. It is important to note that the first two types of GSM channels produce exceptionally good results, considering the impact of the input compression block in GSM devices. These experimental results confirm the essential functionality that a highly secure voice protection system must meet [21]. The results demonstrate that the BER shown in Table 4 is independent of the SKD system, provided that the synthesizer parameters are selected to guarantee a key generation rate greater than 2.4 kb/s.

7.1. Comparison with State-of-the-Art QKD Methods

Both Quantum Key Distribution (QKD) systems and our LSP-based artificial speech synthesizer provide a foundation for perfectly secret communication by enabling the real-time generation of symmetric keys. However, they differ significantly in implementation, autonomy, and practicality when applied to low-bit-rate secure speech communication. In

Table 5. Key generation and common randomness source.

Feature	LSP-Based Synthesizer	QKD Systems
Randomness source	Artificially synthesized speech with LSP parameters and independent true randomness	Quantum states (e.g., photon polarization, phase encoding)
Autonomy	Fully autonomous; does not require an external infrastructure	Requires quantum hardware, optical links, or satellite-based transmission
Synchronization	Ensured by deterministic control over speech synthesis	Requires precise alignment of quantum detectors
Scalability	Easily deployable over existing digital networks	Limited by quantum optical infrastructure requirements

,

Table 6. Key agreement and distribution over public channel.

Feature	LSP-Based Synthesizer	QKD Systems
Sequential Key Distillation (SKD)	Public-authenticated channel used for error correction and privacy amplification	Quantum transmission requires classical reconciliation
Man-in-the-Middle Resistance	Authentication prevents key injection attacks	QKD offers provable security against eavesdropping
Key Refresh Rate	Matches low-bit-rate vocoder encryption rates (1.2–2.4 kbps)	Limited by quantum transmission rate, often lower than needed for real-time speech

,

Table 7. Infrastructure and practical deployment.

Feature	LSP-Based Synthesizer	QKD Systems
Hardware Requirements	Software-implemented; requires only a standard vocoder	Requires quantum transmitters, detectors, and optical fiber/satellite links
Network Compatibility	Operates over existing VoIP, GSM, LTE, and secure radio links	Requires a dedicated quantum communication channel
Real-World Deployability	Can be implemented on secure mobile and tactical communication devices	Limited to specialized government, military, and financial institutions

,

Table 8. Security guarantees and theoretical limits.

Feature	LSP-Based Synthesizer	QKD Systems
Perfect Secrecy Guarantee	Achieved through one-time pad encryption with real-time key agreement	Provably secure key exchange, but requires additional encryption (e.g., AES)
Information-Theoretic Security	Security based on shared entropy extraction	Quantum no-cloning theorem ensures eavesdropper detection
Resistance to Active Attacks	Immune to classical cryptanalysis and quantum computing threats	Secure against quantum computing but vulnerable to side-channel attacks on implementation

and

Table 9. LSP-based speech synthesis vs. QKD for real-time secure speech.

Criterion	LSP-Based Synthesizer	QKD Systems
Deployment Feasibility	High—Works with existing digital networks	Low—Requires dedicated infrastructure
Autonomy	Fully autonomous, no external TTP needed	Requires trusted quantum network infrastructure
Scalability	Easily deployable over VoIP, LTE, radio	Limited to fiber-optic or satellite links
Synchronization with Speech Encryption	Designed to match real-time low-bit-rate voice coders	Often too slow for real-time voice encryption
Security Model	Information-theoretic security with OTP	Provable key distribution security but requires classical encryption

, we compare the two approaches across key aspects.

Key Advantage: The LSP-based system provides common randomness generation without specialized hardware, making it significantly more practical and scalable compared to QKD.

Key Advantage: The LSP-based synthesizer ensures continuous key generation synchronized with speech encryption rates, while QKD systems often struggle with lower key refresh rates, requiring buffering or hybrid encryption approaches.

Key Advantage: Our LSP-based solution can be integrated into existing secure voice systems, whereas QKD demands costly and specialized infrastructure, limiting its practical use for low-bit-rate real-time speech encryption.

Key Advantage: While QKD offers provable key exchange security, it does not inherently provide perfect secrecy for real-time speech without additional encryption. However, our approach directly enables perfectly secret communication in real time, eliminating reliance on additional cryptographic layers.

Final Verdict: For a real-time, low-bit-rate, perfectly secret speech communication, the LSP-based artificial speech synthesizer is significantly more practical, autonomous, and scalable than QKD-based approaches. While QKD remains valuable for a high-security key exchange, it is impractical for direct application in real-time speech encryption due to infrastructure constraints and lower key refresh rates.

7.2. Potential Attacks and Countermeasures

Despite its strong theoretical foundation, the APS-VCS system must be resilient to various potential attacks. Below, we discuss major threats and how the proposed approach successfully mitigates them.

• Man-in-the-Middle (MitM) Attacks: Since the SKD protocol relies on a public authenticated channel, an adversary could attempt to inject or manipulate messages. The use of authentication mechanisms and error correction ensures that only legitimate parties can participate in key generation, effectively preventing MitM attacks.
• Eavesdropping Attacks: The Vernam cipher ensures perfect secrecy, making intercepted ciphertexts indecipherable without the secret key. Additionally, since secret keys are distilled in real time and never reused, an eavesdropper gains no useful information even if past communications are compromised.
• Side-Channel Attacks: Attackers may attempt to extract key information by analyzing power consumption, timing variations, or electromagnetic emissions. Implementing countermeasures such as randomized computational delays and hardware shielding can mitigate these risks.
• Replay Attacks: To prevent adversaries from capturing and replaying key exchange messages, each SKD session includes time-varying elements and freshness indicators. This ensures that old messages cannot be reused to compromise the system.
• Quantum Attacks: While current quantum computers do not threaten the information-theoretic security of the Vernam cipher, they could weaken authentication and key distillation mechanisms. Future enhancements could incorporate quantum-resistant authentication schemes to ensure long-term security.

7.3. Real-World Applications and Performance Advantages

The proposed APS-VCS system offers significant advantages in real-world applications where traditional cryptographic methods fail to provide both autonomy and perfect secrecy. Below are key scenarios where APS-VCS outperforms existing solutions:

• Military and government communications. APS-VCS eliminates the need for external trusted key distribution infrastructure, making it ideal for military and government operations where high security and operational autonomy are required. Unlike QKD-based systems, which require specialized optical infrastructure, APS-VCS operates over existing digital and mobile networks, providing real-time perfectly secret voice communication even in remote or hostile environments.
  The war in Ukraine can serve as a fresh and relevant example of the potential application and importance of APS-VCS. The combination of Starlink as a resilient and widely available public channel and APS-VCS as a secure communication system enables military units to maintain command coordination even in the most difficult circumstances without fear of eavesdropping or decryption by adversaries.
• Security in covert and clandestine missions. Traditional secure communication devices store pre-distributed secret keys, so if a device is captured by the enemy, the entire encryption system could be compromised. In intelligence, counterinsurgency, or clandestine operations, APS-VCS ensures that no sensitive secret key material is stored or carried by field operatives. If an operative is captured or defected, no secret key information can be extracted to compromise ongoing operations.
• Adaptability without the need for pre-deployment. Unlike traditional security systems that require prior key distribution (which can be logistically challenging and risky), APS-VCS allows users to establish secure communications dynamically. This makes it ideal for rapidly changing mission parameters where new communication nodes may need to be integrated without physical key exchanges.
• Industrial and corporate security. Businesses dealing with sensitive intellectual property or trade secrets often rely on encrypted communication channels that depend on conventional PKI infrastructure. APS-VCS removes the need for key management through external parties, preventing potential insider threats and security breaches associated with centralized encryption key storage.
• Tactical and emergency services. Emergency response teams require secure voice communication systems that function independently of centralized infrastructure, especially in disaster scenarios where conventional networks may be compromised. APS-VCS provides a reliable, autonomous encryption system that ensures complete secrecy of communications between first responders, law enforcement, and crisis management teams.

By addressing these practical applications, APS-VCS demonstrates clear advantages over existing cryptographic methods, particularly in scenarios where infrastructure independence, perfect secrecy, and real-time secure voice communication are crucial.

8. Conclusions

The paper presents a perfectly secret voice communication system based on a MELPe vocoder with a speed of 1.2 kb/s and Vernam’s cipher. The generation and distribution of secret keys rely on two sources of common randomness and the SKD protocol, which requires the use of an additional authenticated channel. The primary source of CR is a specially designed LP synthesizer, which ensures the required amount of innovative entropy based on a local source of randomness. By selecting appropriate security margins and synthesizer parameters, such as sample rate and SNR, the system designer can achieve the desired secret key rate of 1.2 kb/s, thereby maintaining the perfect secrecy of the Vernam cipher. The maximum security margin reaches approximately 460 bits, ensuring negligible leakage of the generated secret keys.

The requirement for an additional reliable authenticated public channel can be seen as the trade-off for achieving perfect secrecy. However, the asynchronous operation of the voice coder and cipher system in the main channel relative to the system components utilizing the public channel significantly mitigates implementation challenges, enhancing practical usability. An experimental evaluation of the vPCP-V system demonstrates the robustness of this approach across various communication channels, including the hardest one: GSM 3G and VoLTE, achieving an acceptable BER on the order of ${10}^{-3}$.

While the proposed APS-VCS system meets the stringent requirements of perfect secrecy and autonomy, several directions for enhancement and integration with emerging technologies warrant further exploration. Let us mention just a few of the most interesting, such as the optimization of the SKD protocol, multiplexing of the main and public channels, and refining synthesizer models by exploring alternative excitation methods (such as neural vocoder-based synthesis, for example). A particularly promising direction for future research is hybrid architectures that combine SKD with QKD. While QKD provides provable security guarantees, its current deployment limitations (e.g., infrastructure requirements) make direct substitution challenging. However, incorporating QKD-based key exchange as an additional security layer for key refreshing could significantly enhance long-term robustness.

By addressing these future directions, the APS-VCS system can continue to evolve as a promising solution in the domain of perfectly secret voice communication. The findings presented in this paper contribute to the broader domain of secure speech transmission and highlight the potential for further innovation in autonomous cryptographic communication systems.