When the carrier frequency and phase from the spoofing device align with an authentic signal that is originally locked by the target receiver, the lower limit of the spoofing-signal ratio required for a spoofing device to seize control of a receiver code loop is deduced in reference [15]. We have the following:

When the phase discriminator spacing of the target receiver is equal to 0.5 chip, the lower limit of the spoofing-signal ratio is as follows:

$$ \left\{\begin{array}{l}\begin{array}{cc}\operatorname{inf}\left\{\eta \right\}=1& {\tau}_0\le 1\\ {}\operatorname{inf}\left\{\eta \right\}=\frac{1}{2-{\tau}_0}& 1.5>{\tau}_0>1\end{array}\\ {}\operatorname{inf}\left\{\eta \right\}=\infty \kern0.5em 1.5\le {\tau}_0\end{array}\right. $$

(4)

When the phase discriminator spacing of the target receiver is less than 0.5 chip, the lower limit of the spoofing-signal ratio is as follows:

$$ \left\{\begin{array}{l}\begin{array}{cc}\operatorname{inf}\left\{\eta \right\}=1& {\tau}_0\le 1\\ {}\operatorname{inf}\left\{\eta \right\}=\frac{2d}{1+2d-{\tau}_0}& 1+d>{\tau}_0>1\end{array}\\ {}\operatorname{inf}\left\{\eta \right\}=\infty \kern0.5em 1+d\le {\tau}_0\end{array}\right. $$

(5)

When the phase discriminator spacing of the target receiver exceeds 0.5 chip, the lower limit of the spoofing-signal ratio is as follows:

$$ \left\{\begin{array}{l}\begin{array}{cc}\operatorname{inf}\left\{\eta \right\}=1& {\tau}_0\le 2d\\ {}\operatorname{inf}\left\{\eta \right\}=\frac{2\left(1-d\right)}{2-{\tau}_0}& 1+d>{\tau}_0>2d\end{array}\\ {}\operatorname{inf}\left\{\eta \right\}=\infty \kern0.5em 1+d\le {\tau}_0\end{array}\right. $$

(6)

Here *τ*_{0} represents the code phase difference between a spoofing signal and an authentic signal; this error is caused by an inaccurate estimation of the target receiver position by the spoofer. *d* represents the phase discriminator spacing of the target receiver. inf{*η*} is the lower limit of the spoofing-signal ratio required for successful spoofing under various *τ*_{0}.

In a real scenario, a spoofing signal has difficulty aligning with an authentic signal carrier received by the target receiver, or achieving this alignment is extremely expensive, e.g., high precision distance measurement technology (radar) can be employed to measure the relative position of the two signals. Therefore, these conclusions are only meaningful in a laboratory environment and have a very limited reference value for actual spoofing and anti-spoofing practice. This paper focuses on a scenario with a misaligned carrier and analyzes and deduces the lower limit of the spoofing-signal ratio required for successful spoofing.

The mechanism of a receiver-spoofer is as follows: the code phase of a spoofing signal is gradually changed to influence the code loop phase discriminator output and the disrupt receiver lock-in process on an authentic signal; the phase of the receiver local replicate code in the code loop is gradually induced to align with the code phase of the spoofing signal and drift from the authentic signal, after which receiver control is seized [3]. Assume that the spoofing signal code waits for the loop phase discriminator to stabilize before changing phases. Each phase change is referred to as a traction.

To simplify the deduction of the lower limit of the spoofing-signal ratio, assume that the frequencies of the spoofing signal, authentic signal, and receiver local replicate code are identical. This assumption requires that a spoofing device can accurately obtain velocity information about the target receiver, which is achievable in most spoofing scenarios, including a stationary receiver, ships, and steadily moving vehicles. With this assumption, *f*_{e} and *f*_{e}^{'} in Formula (3) are approximately equal to 0. Therefore, Formula (3) is simplified as follows:

$$ {\displaystyle \begin{array}{l}{S}_{\mathrm{K}}=\sqrt{{\left({I}_{\mathrm{K}}+I{\hbox{'}}_{\mathrm{K}}\right)}^2+{\left({\mathrm{Q}}_{\mathrm{K}}+Q{\hbox{'}}_{\mathrm{K}}\right)}^2}=\\ {}=\sqrt{{\left(A\cdot R\left({\tau}_{\mathrm{K}}\right)\right)}^2+{\left(\eta A\cdot R\left(\tau {\hbox{'}}_{\mathrm{K}}\right)\right)}^2+2\eta {A}^2R\left({\tau}_{\mathrm{K}}\right)R\left(\tau {\hbox{'}}_{\mathrm{K}}\right)\cos \left(\phi -{\phi}^{\hbox{'}}\right)}\\ {}K=E,L\end{array}} $$

(7)

The impact of the frequency difference is removed. The phase discrimination result is directly affected by the code phase difference and the carrier phase difference between an authentic signal and a spoofing signal, as well as the spoofing-signal ratio. Therefore, the lower limit of the spoofing-signal ratio is determined by the other two parameters. The phase discriminator spacing will affect the calculation of the correlation *R*. In the following sections, the formula for the lower limit of the spoofing-signal ratio for different phase discriminator spacings is discussed.

### Phase discriminator spacing of target receiver = 0.5 chip

Assume that the spoofing signal enters the code loop traction range at *t*_{0}. After the spoofing signal enters the code loop, the code loop attains an equilibrium state at *t*_{1}. Assume that at *t*_{0} and *t*_{1}, the code phase difference between an authentic signal and a spoofing signal is *τ*_{0} and stabilizes. The definition of the code loop equilibrium state is that the early correlation of the code loop is equal to the late correlation, i.e., *E* = *L*. In the deduction in Reference [15], an initial conclusion is obtained: at *t*_{1}, the phase difference between the spoofing signal and the local code is *τ*_{S}(*t*_{1}); the code phase difference between an authentic signal and the local code is *τ*_{R}(*t*_{1}); and once *τ*_{R}(*t*_{1}) < *d* and *τ*_{S}(*t*_{1}) > *d*, spoofing will fail. Assume that the receiver local replicate code aligns with an authentic signal at *t*_{0}, i.e., *τ*_{R}(*t*_{0}) = 0. At this moment, the following expressions hold:

$$ \left\{\begin{array}{l}E\left({t}_1\right)=L\left({t}_1\right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)+{\tau}_{\mathrm{R}}\left({t}_1\right)={\tau}_0\end{array}\right. $$

(8)

where *E*(*t*_{1}) and *L*(*t*_{1}) represent the lead correlation and lag correlation at *t*_{1}; *τ*_{0} represents the code phase difference between a spoofing signal and an authentic signal at *t*_{0} and *t*_{1}. The correlation function *R*(*τ*) of the PN codes can be expressed in Formula (9) as follows:

$$ \left\{\begin{array}{ccc}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1+d+\tau \right),& -1-d\le \tau <-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1-d-\tau \right),& -d\le \tau <d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& d\le \tau \le 1+d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=0,& \mathrm{other}\end{array}\right. $$

(9)

where *d* represents the phase discriminator spacing; *τ* represents the code phase difference between the signal and the local replicate code.

According to Formula (7), for *E* and *L*, as well as Formula (9) for the correlation function *R*(*τ*), when *τ*_{R}(*t*_{1}) < *d* and *τ*_{S}(*t*_{1}) > *d* is substituted into Formula (8), the solution for *τ*_{R}(*t*_{1}) and *τ*_{S}(*t*_{1}) is as follows:

$$ \left\{\begin{array}{l}{\tau}_{\mathrm{R}}\left({t}_1\right)=\Big(\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}\\ {}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2\Big)/\left(-{\eta}^2+2\eta \alpha \right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)={\tau}_0-{\tau}_{\mathrm{R}}\left({t}_1\right)\end{array}\right. $$

(10)

where *α* = cos(*ϕ* − *ϕ*^{'}) represents the cosine of the carrier phase difference between an authentic signal and a spoofing signal. The sign “±” in Formula (10) should be “+” when −*η*^{2} + 2*ηα* is greater than 0, and it should be “−” when −*η*^{2} + 2*ηα* is less than 0. Once the spoofing-signal ratio *η* of the spoofing signal is in the range for which a solution for *τ*_{S}(*t*_{1}) and *τ*_{R}(*t*_{1}) in Formula (10) exists, *τ*_{R}(*t*_{1}) < *d* and *τ*_{S}(*t*_{1}) > *d*, this spoofing-signal ratio will cause spoofing failure. The solution space *S* for this condition is calculated, and the complementary set \( \overline{S} \) is calculated to obtain the spoofing-signal ratio required for successful spoofing.

The necessary condition for the *τ*_{R}(*t*_{1}) solution is that the radical in Formula (10) is greater than or equal to 0.

$$ \left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4\ge 0 $$

(11)

To solve inequation (11), first, the solutions for the following equation are obtained:

$$ \left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4=0 $$

The solutions are

$$ \left\{\begin{array}{l}{\eta}_1=\frac{2\alpha \left({\tau}_0-2d+2{d}^2-d{\tau}_0\right)-4\sqrt{3d{\tau}_0-2d-{\tau}_0+2d{\alpha}^2-3{d}^2{\tau}_0+{d}^3{\tau}_0+{\alpha}^2{\tau}_0+2{d}^3-{d}^4-{\alpha}^2-2{d}^3{\alpha}^2+{d}^4{\alpha}^2-3d{\alpha}^2{\tau}_0+3{d}^2{\alpha}^2{\tau}_0-{d}^3{\alpha}^2{\tau}_0+1}}{\alpha^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4}\\ {}{\eta}_2=\frac{2\alpha \left({\tau}_0-2d+2{d}^2-d{\tau}_0\right)+4\sqrt{3d{\tau}_0-2d-{\tau}_0+2d{\alpha}^2-3{d}^2{\tau}_0+{d}^3{\tau}_0+{\alpha}^2{\tau}_0+2{d}^3-{d}^4-{\alpha}^2-2{d}^3{\alpha}^2+{d}^4{\alpha}^2-3d{\alpha}^2{\tau}_0+3{d}^2{\alpha}^2{\tau}_0-{d}^3{\alpha}^2{\tau}_0+1}}{\alpha^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4}\end{array}\right. $$

(12)

Second, the coefficient of *η*^{2} in Formula (11) is considered:

$$ A={\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4 $$

(13)

When *A* < 0, the solution space of inequation (11) is

$$ {S}_1=\left[\min \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_1,{\eta}_2\right)\right] $$

(14)

When *A* > 0, the solution space of inequation (11) is

$$ {S}_1=\left[-\infty, \min \left({\eta}_1,{\eta}_2\right)\right]\cup \left[\max \left({\eta}_1,{\eta}_2\right),\infty \right] $$

(15)

To ensure that *τ*_{R}(*t*_{1}) < *d*, inequation (16) holds.

$$ \frac{\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2}{-{\eta}^2+2\eta \alpha}<d $$

(16)

Similarly, the solution for the equation

$$ \frac{\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2}{-{\eta}^2+2\eta \alpha}=d $$

(17)

is

$$ \left\{\begin{array}{l}{\eta}_3=\frac{2 d\alpha -\alpha -\sqrt{4{d}^2{\alpha}^2-4{d}^2-4d{\alpha}^2+4d+{\alpha}^2}}{2d-{\tau}_0+1}\\ {}{\eta}_4=\frac{2 d\alpha -\alpha +\sqrt{4{d}^2{\alpha}^2-4{d}^2-4d{\alpha}^2+4d+{\alpha}^2}}{2d-{\tau}_0+1}\end{array}\right. $$

(18)

When *τ*_{0} > 1 + *d*, the spoofing signal cannot enter the phase discriminator traction range, so *τ*_{0} ≤ 1 + *d*. Therefore, the coefficient of *η*^{2} in inequation (16) is expressed as follows:

$$ {A}^{\hbox{'}}=2d-{\tau}_0+1>0 $$

(19)

The solution space for inequation (16) is expressed as follows:

$$ {S}_2=\left[\min \left({\eta}_3,{\eta}_4\right),\max \left({\eta}_3,{\eta}_4\right)\right] $$

(20)

The spoofing-signal ratio *η* that leads to spoofing failure should be in *S*_{1} ∩ *S*_{2}; the complementary set \( S=\overline{S_1\cap {S}_2} \) is the spoofing-signal ratio *η* range for successful spoofing. Based on Formulae (14), (15), and (20), when *A* = *α*^{2}*τ*_{0}^{2} − 4*α*^{2}*τ*_{0} + 4*α*^{2} + 4*d*^{2} − 4*dτ*_{0} + 4*τ*_{0} − 4 < 0,

$$ S=\overline{S_1\cap {S}_2}=\left(-\infty, \max \right(\min \left({\eta}_1,{\eta}_2\right),\min \left({\eta}_3,{\eta}_4\right)\left]\cup \right[\min \left(\max \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_3,{\eta}_4\right)\right),+\infty \Big) $$

(21)

and when *A* = *α*^{2}*τ*_{0}^{2} − 4*α*^{2}*τ*_{0} + 4*α*^{2} + 4*d*^{2} − 4*dτ*_{0} + 4*τ*_{0} − 4 > 0,

$$ S=\overline{S_1\cap {S}_2}=\left(-\infty, \min \left({\eta}_3,{\eta}_4\right)\right]\cup \left[\min \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_1,{\eta}_2\right)\right]\cup \left[\max \left({\eta}_3,{\eta}_4\right),+\infty \right) $$

(22)

Formulae (21) and (22) and *η* > 1 are combined to obtain the lower limit of the spoofing-signal ratio required for successful spoofing.

$$ \left\{\begin{array}{l}\operatorname{inf}\left(\eta \right)=\min \left(\max \left({\eta}_1,{\eta}_2\right),\max \left({\eta}_3,{\eta}_4\right)\right),\kern0.5em \begin{array}{cc} if& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4<0\end{array}\\ {}\operatorname{inf}\left(\eta \right)=\max \left(\min \left({\eta}_1,{\eta}_2\right),\min \left({\eta}_3,{\eta}_4\right)\right),\begin{array}{cc}& \begin{array}{cc} if& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4>0\end{array}\end{array}\end{array}\right. $$

(23)

When *d* = 0.5 and no carrier phase difference between authentic signals and spoofing signals is observed, i.e., *α* = cos(*ϕ* − *ϕ*^{'}) = cos 0 = 1, Formula (23) is simplified as follows:

$$ \operatorname{inf}\left\{\eta \right\}=\frac{1}{2-{\tau}_0} $$

(24)

This result matches the conclusion in Reference [15].

### Phase discriminator spacing of target receiver < 0.5 chip

When the phase discriminator spacing of the target receiver is under 0.5 chip, the spoofing failure condition is *τ*_{R}(*t*_{1}) < *d* and 1 − *d* < *τ*_{S}(*t*_{1}) (Reference [15]). Similar to the deduction in Section 3.1, Formula (8) for *E* and *L* and the correlation function *R*(*τ*) for *τ*_{R}(*t*_{1}) < *d* and 1 − *d* < *τ*_{S}(*t*_{1}) (Formula (25) are substituted into Formula (8):

$$ \left\{\begin{array}{ccc}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1+d+\tau \right),& -1-d\le \tau <d-1\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1+d+\tau \right),& d-1\le \tau <-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1-d-\tau \right),& -d\le \tau \le d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=A\left(1-d-\tau \right),& d<\tau \le 1-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=A\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& 1-d<\tau \le 1+d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=0,& \mathrm{other}\end{array}\right. $$

(25)

The solution for *τ*_{R}(*t*_{1}) is as follows:

$$ \left\{\begin{array}{l}{\tau}_{\mathrm{R}}\left({t}_1\right)=\Big(\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}\\ {}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2\Big)/\left(-{\eta}^2+2\eta \alpha \right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)={\tau}_0-{\tau}_{\mathrm{R}}\left({t}_1\right)\end{array}\right. $$

(26)

Similar to the solution in Section 3.1 for *τ*_{R}(*t*_{1}), at this moment, the formula for the lower limit of the spoofing-signal ratio is similar to Formula (23).

Similarly, when no carrier phase difference between an authentic signal and a spoofing signal is observed, i.e., *α* = cos(*ϕ* − *ϕ*^{'}) = cos 0 = 1, the formula for the lower limit of the spoofing-signal ratio is simplified as follows:

$$ \operatorname{inf}\left\{\eta \right\}=\frac{2d}{2d-{\tau}_0+1} $$

(27)

This result matches the conclusion in Reference [15].

### Phase discriminator spacing of target receiver > 0.5 chip

When the phase discriminator spacing of the target receiver exceeds 0.5 chip, the spoofing failure condition is *τ*_{R}(*t*_{1}) < 1 − *d* and *d* < *τ*_{S}(*t*_{1}) (Reference [15]). Similar to the deduction in Section 3.1, Formula (7) for *E* and *L* and the correlation function *R*(*τ*) for *τ*_{R}(*t*_{1}) < 1 − *d*, *d* < *τ*_{S}(*t*_{1}) (Formula (28)) are substituted into Formula (8):

$$ \left\{\begin{array}{ccc}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)={A}_{\mathrm{s}}\left(1+d+\tau \right),& -1-d\le \tau <-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d-\tau \right),& -d\le \tau <d-1\\ {}{R}_{\mathrm{E}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d-\tau \right),& d-1\le \tau \le 1-d\\ {}{R}_{\mathrm{E}}\left(\tau \right)={A}_{\mathrm{s}}\left(1-d+\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& 1-d<\tau \le d\\ {}{R}_{\mathrm{E}}\left(\tau \right)={A}_{\mathrm{s}}\left(1+d-\tau \right),& {R}_{\mathrm{L}}\left(\tau \right)=0,& d<\tau \le 1+d\\ {}{R}_{\mathrm{E}}\left(\tau \right)=0,& {R}_{\mathrm{L}}\left(\tau \right)=0,& \mathrm{other}\end{array}\right. $$

(28)

The solution for *τ*_{R}(*t*_{1}) is as follows:

$$ \left\{\begin{array}{l}{\tau}_{\mathrm{R}}\left({t}_1\right)=\Big(\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}\\ {}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2\Big)/\left(-{\eta}^2+2\eta \alpha \right)\\ {}{\tau}_{\mathrm{S}}\left({t}_1\right)={\tau}_0-{\tau}_{\mathrm{R}}\left({t}_1\right)\end{array}\right. $$

(29)

This finding is similar to the solution for *τ*_{R}(*t*_{1}) in Section 3.1. However, the condition changes to *τ*_{R}(*t*_{1}) < 1 − *d* and *d* < *τ*_{S}(*t*_{1}). Therefore, the solutions for inequation (30) are required.

$$ \frac{\pm \sqrt{\left({\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4\right){\eta}^2+4d{\eta \alpha \tau}_0+8 d\eta \alpha -4{\eta \alpha \tau}_0-8\eta {d}^2\alpha +4{d}^2-8d+4}-2 d\eta \alpha +2d+d{\eta}^2-{\eta}^2{\tau}_0+{\eta}^2+{\eta \alpha \tau}_0-2}{-{\eta}^2+2\eta \alpha}<1-d $$

(30)

The solutions are

$$ \left\{\begin{array}{l}{\eta}_3=\frac{2-2d}{2-{\tau}_0}\\ {}{\eta}_4=\frac{2d-2}{2-{\tau}_0}\end{array}\right. $$

(31)

Because the phase discriminator spacing *d* > 1 is meaningless, *d* < 1 and *τ*_{0} ≤ 1 + *d* < 2. Therefore, *η*_{3} > *η*_{4} and Formula (23) is rearranged as follows:

$$ \left\{\begin{array}{l}\operatorname{inf}\left(\eta \right)=\min \left(\max \left({\eta}_1,{\eta}_2\right),{\eta}_3\right),\kern0.5em \begin{array}{cc}\mathrm{if}& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4<0\end{array}\\ {}\operatorname{inf}\left(\eta \right)=\max \left(\min \left({\eta}_1,{\eta}_2\right),{\eta}_4\right),\begin{array}{cc}& \begin{array}{cc}\mathrm{if}& {\alpha}^2{\tau_0}^2-4{\alpha}^2{\tau}_0+4{\alpha}^2+4{d}^2-4d{\tau}_0+4{\tau}_0-4>0\end{array}\end{array}\end{array}\right. $$

(32)

Similarly, when no carrier phase difference is observed between an authentic signal and a spoofing signal, i.e., *α* = cos(*ϕ* − *ϕ*^{'}) = cos 0 = 1, the formula for the lower limit of the spoofing-signal ratio is simplified as follows:

$$ \operatorname{inf}\left\{\eta \right\}=\frac{2-2d}{2-{\tau}_0} $$

(33)

This finding matches the conclusion in Reference [15].

Based on the initial conclusions in Reference [15], when the carrier phases of authentic and spoofing signals are misaligned, the lower limit of the spoofing-signal ratio required for successful spoofing is deduced. When the carrier phases of authentic and spoofing signals are aligned, the formula for the lower limit matches the conclusion in Reference [15]. In the next section, the validity of these conclusions is verified via testing.