PairPhone is the crossplatform testing software provides p2p speech encryption duplexes over GSM compressed voice call. The modern cryptography with 128-bit protection level use Triple Diffie-Hellman initial key exchange with elliptic curve 25519 and SHA3 Keccak 1600/576 Sponge Duplexing based cipher, hash, MAC, SPRNG. Each call's setup provide PFS for encryption and ID’s protecting, UKS and KCI resistance. Primary authentication using shared password and comparing of secret's fingerprint, hidden notification of enforcement are available. Devices can be paired during first ‘guest’ call, certificate for each contact will be added to the address book.
Speech compresses using efficient and robust MELPE codec provides 1200 bps data rate allowing BER up to few percents. Streaming encryption use CTR mode for 67.5 mS speech frames and resistant to the error spreading. Voice active detector uses speech pauses for signalling to restore the loss of frame synchronization after communication was temporary failure.
The goal of the project is specially designed pseudo speech modem with small distortion of baseband signal passing over tandem of GSM FR codecs uses in real GSM voice communication. Modem achieves 1200 bps data rate with less then 1% bit error rate and quick on-the-fly synchronizing  after less than 200 ms of streaming.


Since MELPE codec requires 40 MIPS itself the CPU must doing at least 50 MIPS total. Linux/Windows PC based on Intel Celeron 1000MHz 512RAM suitable for software PairPhone as well and must have two analog audio interfaces one of which is connected to headset and operates on 8 kHz mono and other - to line of GSM link and operates on 48 kHz mono. External USB audio device or Bluetooth audio interface connected to the BT headset can be used. Also  the virtual audio loop (aloop for Linux or vbcable for Windows) can be using as an additional audio device allowing to connect software PairPhone to any VOIP application (such as Skype) running in parallel to add a layer of point-to-point voice encryption.


PairPhone is completely open source, making with gcc for *nix (tested with Ubuntu and Debian) and mingw for Windows (tested on Win98 up to Win8), do not use external libraries except libasound2-dev (Linux alsa audio) and winmm, comctl32 (Windows wave audio). Binary is statically linked and portable, can be run in removable disk or a TrueCrypt container and does not write to disk anywhere excepts its working folder.
Run the program default for obtaining a list of installed audio devices then configure both interfaces in the 'conf.txt' file, for example:


User Guide

To get started just run the executable file in the working folder. PairPhone is running in idle mode and ready to receive incoming connection automatically. To perform certain actions input optional string parameter and press F1-F10 key for applying such functionality:

  •              F1 - show help screen
  •       <name> F2 - pair devices during active call (name must be specified)
  •       {mask} F3 - search contacts in adressbook (mask can be specified)
  •       {name} F4 - originate outgoing call (name can be, otherwise 'guest')
  •              F5 - repeat the last outgoing call
  •        {pin} F6 - apply pin code access to the book (not supported yet)
  • {pass}{pass} F7 - apply pre-shared passphrase (1 or 2 words or empty defaults)
  •              F8 - terminate active call to idle state (hang up)
  •              F9 - reconnect active call (agreed new keys)
  •              F10 - exit

Other keys used for controlling:

  •              Tab - talk/mute switch
  •              Del - clean inputted string
  •              Back - delete last inputted char


After reporting a successful connection is established participants must press Tab to activate the voice output. While there are no entered characters the call duration, percentage levels of bit error rate and authentication will be dynamically displayed. Note that authentication level updates only in speech pauses and will be freezing during active conversation. Mute mikes pressing Tab on both sides  to be sure that obtained value is actual.

Initial authentication

The first call to the new subscriber is performed as a 'guest' call and initiated pressing F4. Once the PairPhone is in a 'guest' mode make sure the connection is secure (no MitM occurred). If subscribers are near (pair your device with the personal touch) they can compare the session codes (secret’s fingerprint) that are displayed after the connection established. If the pairing is performed remotely subscribers must pre-share one-time password, for example using PGP. Once connected via PairPhone in a 'guest' mode participants submitted to each other, applied shared password pressing F7 then look for authentication level updated in a speech pauses. Reaching the threshold value of 80-90% the participants will be sure the connection is secure and can be pairs their devices.

Pairing Process

Once ‘guest’ connection was established and verified both participants will choose any unique names for this contact and press F2. Long-term key pairs will be generated and added to the 'contacts.txt' address book files for current contact. Later to originate the mutually authenticated call a subscriber enter the specified name and press F4. Identification and authentication will be performs automatically and ID’s will be protected with PFS.

Hidden notification on forced collaboration

Parties can ensure there are no forced collaboration on other side at the current call. For such possibility the parties should pre-share a passphrase composed two words, swaps them on the one side and keep in mind for this contact. Once connected the phrase is applied by pressing F7 and follow up the level of authentication that is updated in the speech pauses. In the case of forced collaboration the participant changes the second word of our passphrase on any other suitable meaning. Wherein the authentication result on this side will appear as normal but on the other side the authentication value will be low indicating failure. The attacker has no way to ensure validity of phrase before and after using despite any previous passive and active queries.

Nota bene!

Alpha version is presented "as is" and has not yet been checked by anyone except the developer. Do not use in "life or death" cases. More technical details about cryptography and modem design see in OnionPhone paper and well-commented source code.


 “Van Gegel, 2016” <torfone@ukr.net>,<gegel@umsa.edu.ua>

BTC: 19kUeFQsh72oPzSmGKF5Wny4Jp495NBFcg
WMZ: Z299147074259
(first check signature!)

© 2016 Van Gegel   -   Contact Developer