Exploiting ergodicity of the logistic map using deep-zoom to improve security of chaos-based cryptosystems

08/08/2018 ∙ by Jeaneth Machicao, et al. ∙ 0

This paper explores the deep-zoom properties of the chaotic k-logistic map, in order to propose an improved chaos-based cryptosystem. This map was shown to enhance the random features of the Logistic map, while at the same time reducing the predictability about its orbits. We incorporate its strengths to security into a previously published cryptosystem to provide an optimal pseudo-random number generator (PRNG) as its core operation. The result is a reliable method that does not have the weaknesses previously reported about the original cryptosystem.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

The emergence of the application of chaos theory in cryptographic algorithms has caught the attention of many researchers since the 1980s [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. Chaos has two faces. It is a deterministic system, but if correctly observed can behave as a random one. This stochastic feature of the chaotic systems have makes it interesting to its use in cryptography. Because its random nature can emerge even from relatively simple equations, chaos is suitable to create efficient pseudo-random number generators (PRNG). Chaotic systems are sensitivity to the initial conditions, and thus predictability is limited to a short time window. They are mixing, and thus information about future states cannot reveal past states. These two properties are intrinsically connected to the random nature of chaos. They are also transitive and have an infinitude of unstable periodic orbits, and thus present infinitely recurrent patterns. This later property is intrinsically linked to the deterministic nature of chaos. Chaos-based cryptosystems explore the random properties of chaos to secure information. However, its deterministic nature also allows for a unique cryptoanalysis that usually explores the short-term predictability and periodicity of chaos [14, 15].

One way to turn chaotic systems into magnificent semi-random systems would be to reduce its short-term predictability and periodicity, but without having to rely on long-term iterates of it. This was recently achieved by considering the deep-zoom approach to chaotic maps [16], which consists to improve the pseudo-randomness quality of another chaotic orbit by removing -digits to the right of the decimal point from each point of the original orbit. In this manner, the emergence of random-style patterns occurs as finer computations are performed. Peeking into less significant digits can reveal a never before explored pseudo-randomness properties of chaotic systems. The patterns and the predictability of the chaotic maps can change this behavior according to the scale that the orbits are observed.

We consider a chaos-based method published in the late 1990s [1], which is an interesting object of study due to its simplicity of implementation, dissemination in the academic community, the number of published works presenting mainly the failures mentioned above, and that has a proven security-failure behavior [14], thus an optimal candidate to the introduction a novel approach for security. The main flaws presented in Baptista’s work are directly related to the statistics of the recurrent orbits and their predictability in the logistic map. In this work, we maintain the essence of Baptista’s original approach, which explores the statistical feature of the orbits recurrence to secure information. However, we use the -logistic map, instead of the logistic map used in the original approach.

The cryptology field is in a continuous battle to yield strong encryption methods (cryptography) and to find weaknesses aiming to break these ciphers (cryptoanalysis). This establishes a recurrent cycle in which novel breakthrough cryptographic methods are being released, and eventually, being scrutinized by cryptanalysts in order to report possible flaws. We must emphasize that, we do not aim to construct a cryptographically safe algorithm but instead to focus on the theoretical study of the proposed improvement version. This paper shows that the Baptista-like cryptosystem can be embedded with the pseudo-randomness sources of the -logistic map, as this PRNG has shown to pass several tests that the original system has failed. Thus, we propose a manner to improve the main flaws for which an already broken method that uses a well-known chaotic system has been deprecated, opening up a challenge for the scientific community to cryptanalyze it.

In Sec. 2, we introduce the original Baptista’s method, describing its parameters and procedures. In Sec. 3, we introduce the logistic map and explain the deep-zoom property of chaos, leading to the definition of the -logistic map. Then, in Sec. 4, we introduce our proposed cryptosystem, followed in Sec. 5 by its cryptanalysis. Discussions and conclusions are presented in Sec. 6.

2 Baptista’s chaos-based cryptographic system

Baptista’s algorithm is one of the first digital chaos-based cryptographic system introduced into the state-of-art [9]. This algorithm takes advantage of the ergodic property of simple and low-dimensional logistic equation in order to create a ciphertext.

The logistic map is a quadratic function of the form given by Eq. (1).

(1)

where and , showing chaotic behavior depending on the value of the parameter . This map is used as a paradigm for nonlinear dynamical systems due to its simplicity, speed [9], and well-known behavior and because it is extensively applied in the areas of physics, biology, mathematics, chemistry and others [17].

This algorithm associates each letter of the alphabet with a -interval of the phase space of the logistic map. Fig. 1a is a representation of how the phase space is divided in sites, and are the minimum and maximum boundary of the phase space, and the size of the -intervals depends on the parameter , representing the number of different letters in an alphabet one wants to encode a message. According to the detailed procedures [1], it is possible to encrypt a message so that each letter of the message is encrypted as the number of iterations applied in Eq. (1). Thereby each letter is represented by an integer number of iterations performed by the logistic equation, so the trajectory goes from an initial condition and reaches a -interval associated with that letter. The sender defines these associations in order to create a key.

Figure 1: Illustration of the encryption/decryption process of the Baptista chaos-based cryptographic algorithm [1]. a) The phase space of the logistic map is divided in sites, each one with size , where and are the limit ranges of the phase space being considered. For each site an alphabet unit is associated. b) The encryption process describe the number of iterations the logistic map (Eq. (1)) must iterate until achieves the -site range, then is passed to encrypt the next plaintext unit. c) The decryption process implies to iterate the logistic map over iterations and return the corresponding -site.

The algorithm depends on the association of -intervals with the letters of the alphabet, the definition of the first initial condition, and a choice of a control parameter , causing a chaotic behavior in the logistic map. The ergodic property causes the event of a -interval being reached by an infinite number of trajectories. For this reason, it is considered the -iteration sized trajectory. It is also important to point out that a transient time will represent the minimum length that any encoding trajectory should have.

The original algorithm was implemented using trajectories with less than 65 532 iterations [1]. Even with this size restriction, the encrypted text can still be represented by different combinations, therefore the sender has to choose one in a stochastic fashion. In this way, the sender also defines a coefficient

, which represents a probability with which the receiver/transmitter picks a particular return as the encoding/decoding message.

The procedure given in the original paper [1] is replicated in Table 1. It exemplifies the encryption of the word “hi”. The parameters are , , , and the limits of the attractor are and . The transient time is and the coefficient is . The alphabet with letters, accordingly, it is defined 256 -intervals. It considers trajectories that have lengths smaller or equal to 65 532, but that are larger than , which is sufficient to allow that a typical point of a -interval of the order of 1/256 reaches out any other equally-sized -interval several times. This can be guaranteed knowing that for any two arbitrary

intervals of the logistic map, the shortest time for a trajectory point to leave an interval and arrive at another one can be estimated by the Lyapunov time, and given by

. The coefficient also represents the probability for the transmitter to adapt the length of a trajectory visiting the desired interval as the ciphertext.

The encryption procedure is a one-by-one transformation as shown in Fig. 1b, i.e., the initial condition changes for each unit (letter) of the plaintext “h” and “i”, which are the ASCII letters associated to the split units 104 and 105, respectively. In this way, if is the first unit of the ciphertext, and would be the second unit of the ciphertext, it was generated by the defined by the transmitter. In order to generate the third unit, is used as a new initial condition. Therefore, the message sent is and .

As seen in Fig. 1c, the receiver may decrypt the message since the ciphertext indicates how many times Eq. (1) has to be iterated in order to find the corresponding letter. Following the previous examples shown in Table 2, the logistic equation must be iterated 1713 times. The result is the value of associated with the interval 104, the interval that represents the letter “h”. This new value of is considered as for the next step, the receiver iterates the logistic map equation 364 times, reaching the interval 105, used to represent the letter “i”.

Plain Site
“h” 0.23232300000000 0.44160905447136 104 1713
“i” 0.44160905447136 0.44486572362642 105 364
Table 1: Encryption procedure of the ergodicity chaos-based algorithm. From left to right the plaintext “hi” associated to their corresponding site number based on an initial condition , which is iterated over time steps until returns a ciphertext .
Site Plain
1713 0.23232300000000 0.44160905447136 104 “h”
364 0.44160905447136 0.44486572362642 105 “i”
Table 2: Decryption procedure of the ergodicity chaos-based algorithm.

3 The logistic map as a source of randomness

3.1 Logistic map

Figure 2: a) Colored bifurcation diagram of the logistic map (Eq. (1)) depicted in the x-axis, while the possible long-term values is shown in the y-axis, starting from the same initial condition, calculated over iterations (first -th are the transient). b) Frequency distribution curve of the logistic map using and , left and right, respectively. The x-axis shows the (500 bins) and the y-axis shows the frequency of the values discarding the first

transient values. The curve represent the mean and standard deviation (shaded error bar) for sequences generated over 100 random initial conditions.

Even when the logistic map is considered as a source of randomness for some chaos-based PRNGs [18, 19, 20, 21], its ergodicity introduce some weaknesses to the PRNGs that are based on it [14, 15]. These limitations can be summarized in four main points:

  1. Undesirable statistical features, e.g. non-uniform distribution;

  2. Predictability, that is a consequence of a return time with memory;

  3. Periodicity, which is inherent to chaos but that become an enhanced problem when dealing with finite numerical precision. Trajectories that should lead to long periodic cycles turn into short cycles [15], consequence of the dynamical degradation of digital chaos [22];

  4. The quality of the pseudo-random sequence generated by a chaotic orbit. These weaknesses of chaos generated by the logistic map in the context of cryptography have been exposed in [14, 15].

There is an additional feature of chaos that is undesirable for cryptography, and that can also reflect on the characteristics of return times, so important for the Baptista’s approach. The probability density of trajectories is typically not uniform. In Fig. 2(a), we show a bifurcation diagram for the parameter . In this figure the colors represent the density with which points fall in a compartment. In Fig. 2(b) it is shown the frequency distribution of the logistic map using two parameters and (corresponding to the rightmost region of the bifurcation diagram). Focusing on the parameter

, it can be observed that the frequency distribution has a classical “U” pattern. This frequency distribution diagram follows the invariant probability density function of the logistic map

[23] given by

(2)

In this particular case, a higher frequency can be observed at the edges and

than in the central region. This map, if not properly encoded, could generate a PRNGs with non-uniform probabilities. In the case of the chaos ergodicity-based algorithm, the probability distribution of return times is not a plateau distribution as desired

[14]. Moreover, returns composing the cyphertext might have their average value inversely proportional to the invariant measure (given by ) of the interval being used to constructed the return times (Kac’s lemma) [1]. This would allow the identification of the control parameter being used to generate returns, leading to at least partial determination of the encoding sequence [14].

The issues of the logistic map as source of randomness are related to the deterministic nature of the chaotic orbits and its ergodicity. In order for the logistic map to be appropriately used to generate random sequences, an additional analysis must be done. The weaknesses mentioned above are evident because the algorithms that use the numbers generated by the logistic map do not take into consideration all the infinitely long less significant digits of orbit points of the chaotic trajectories, these digits have infinitesimal depth [16].

3.2 k-logistic map: the deep-zoom approach

The concept of deep-zoom into chaos was recently introduced by Machicao & Bruno [16]. It was shown that the dismissed digits after the decimal point can be advantageously used to improve the randomness quality of chaotic systems. This algorithm removes the first -digits of the fractional part of each point of an orbit in order to compose a new orbit coming from an original orbit of a chaotic system. For instance, the -logistic map is formed by considering the -right digits of each value from an underlying orbit (generated originally by the logistic map).

Given an orbit as a series of points obtained from the logistic map, Eq. (1), with parameters and . The -logistic map is defined as a function given by Eq. (3) of the form . Observe that the domain of the -logistic map phase-space is . This function generates orbits on the form , that is the resulting orbit derived from an underlying orbit . The new values are formed by retaining -th decimals to the right of the decimal separator corresponding to the underlying point , a transformation that can be represented by

(3)

where stands for the floor function, and . Machicao & Bruno [16] recommended to use , since the closer is to 4, the less dense are the periodic windows, and therefore, a parameter taken by chance has a larger positive probability of generating a chaotic orbit. To illustrate an output of Eq. (3), observe two values generated by the logistic map: and corresponding to an orbit using . To generate a -logistic map orbit with , indicates to discard the first position of the decimal places of , i.e. , and analogously .

From Fig. 3 an interesting phenomenon can be observed when comparing the original bifurcation diagram of the logistic map shown in Fig. 2(a) with the bifurcation diagrams of the -logistic map with , , and . It is observed that the chaotic patterns interleaved predominantly in the and regions and that follow a zigzag pattern () begin to disappear gradually as is enlarged. No apparent pattern for the trajectory’s probability distribution is observed for . In fact, the distribution frequency of the -logistic map becomes rapidly uniform, even for moderately large (see Figs. 4(b-d)).

Figure 3: Colored bifurcation diagrams of the -logistic map (Eq. (3)) for (upper panel), (middle panel) and (lower panel), from top to down. The x-axis depicts , while the y-axis shows the -logistic map, starting from the same initial condition, calculated over iterations (first -th are the transient).

4 Proposed chaos-based cryptographic system

The deep-zoom approach has shown interesting results. In fact, it was shown that the randomness quality is improved as is increased, because of its rapid transition to “strong” randomness as tends to infinity, which was demonstrated throughout a set of empirical tests [16]. Therefore, what would happen when the logistic map of the Baptista’s algorithm is replaced by the -logistic map?

Recall the block diagrams shown in Fig. 1 where the function inside the encryption/decryption blocks corresponds to Eq. (1). Our proposed cryptosystem simply embed the -logistic map function given by Eq. (3) into the original approach. In fact, one could embed almost any chaotic function to generate returns. For the purposes of comparison, we will also consider in Sec. 5 a general PRNG to extract first returns. Notice however that chaotic functions are usually advantageous in contrast to general PRNGs, since they usually require less computational power and are quicker to be implemented.

In order to exemplify the encryption process using the -logistic map, we consider the message “hi”, as shown in our previous example of Section 2, and same parameters , transient, , . These ciphertexts are reported in Table 3 for each parameter (original logistic map), , , and .

Plain Site
“h” 0.23232300000000 0.44160905447136 104 1713
“i” 0.44160905447136 0.44486572362642 105 364
“h” 0.23232300000000 0.44194259087588 104 529
“i” 0.44194259087588 0.44472392303434 105 573
“h” 0.23232300000000 0.44306123881144 104 609
“i” 0.44306123881144 0.44499232862576 105 1671
“h” 0.23232300000000 0.44192450305195 104 1361
“i” 0.44192450305195 0.44586158032371 105 892
“h” 0.23232300000000 0.44174262765409 104 592
“i” 0.44174262765409 0.44401200078573 105 399
Table 3: Encryption procedure of the ergodicity chaos-based algorithm using the -logistic map from top to down , , and . From left to right the plaintext “hi” associated to their corresponding site number based on an initial condition , which is iterated over time steps until returns a ciphertext .

5 Analyzing the cryptographic quality

We now analyze the quality of the proposed method based on identified weaknesses of the Baptista algorithm. This section is dedicated to analyse the good properties of the -logistic map, with respect to its frequency distribution, the frequency distribution of its ciphertext, the strong non-invertible property of its return-map, and its pseudo-randomness properties.

5.1 Uniform probability distribution function

In order to avoid an attacker to make predictions about the plaintext, the distribution of the points of an orbit of a chaotic function is expected to be uniform. In the original chaos based algorithm, the relevant distribution is the one from the return times, which however depends on the properties of the distribution of the chaotic trajectory. As can be seen in Fig. 4(a), the probability distribution function of the logistic map is not uniform. However, as the logistic map is analyzed into the deep-zoom, the distribution tends to become increasingly uniform, as can be observed in Figs. 4(b-d), for (green), (blue) and (red), respectively. Figure  4(e) shows these densities for a region as approaches to zero. We see that the -logistic map resolves security issues that would emerge as a consequence of the non-uniformity of the distribution.

Figure 4: Frequency distribution curves for (a) the original logistic map, (b) , (c) and (d) using . The horizontal axis shows the (500 bins) and the vertical axis shows the frequency of the values discarding the first transient values. The curves represent the mean and standard deviation (shaded error bar) for sequences generated over 100 random initial conditions. e) The inset plot depicts a zoom on the windows for these 4 plots.

Thus, the -logistic map resolves the weakness (i), about undesirable statistics of the chaotic sequence.

5.2 Ciphertext distribution

Figure 5: (a) Average ciphertext distribution for the original method (), the -logistic map with different parameters , the Mersenne Twister PRNG (identified by “MT” in figure legend) and true randomness sources from atmospheric noise (identified by “TR” in figure legend). The x-axis shows a logarithmic scale of the number of iterations (ciphertext) used to encrypt each of the random letters. The average curve was calculated over 100 randomly chosen plaintexts. The gray region correspond to the transient time iterations. The inset figure depicts a small region from the figure. (b) Boxplot of the total number of iterations corresponding to the 100 plaintexts samples.

Here, we analyze the frequency distribution of the return times (ciphertext) used to encrypt a plaintext. We performed an experiment to compare the distribution from the original method and the proposed improved method with the -logistic map . Moreover, we also considered to explore the characteristics of the ciphertexts using a commercial PRNG, the Mersenne Twister PRNG [24, 25] and a true random source [26] sequences of numbers converted from the atmospheric noise that were download from [26], as the generators of the return times in the encryption/decryption method, instead of using the logistic map.

In this experiment we encrypted 100 randomly chosen plaintexts containing letters using the proposed method with the -logistic map and with the original logistic map. The average frequency distribution of the ciphertexts is shown in Fig. 5(a). The average is calculated considering 100 different plaintexts. From this figure, we can observed that the curves for the proposed method tend to get close to the true randomness curve as increases. Moreover, in Fig. 5(b), it is shown a boxplot figure corresponding to the accumulative number of iterations corresponding to the 100 ciphertexts. From this figure, we can observe that the bigger is, the shorter the time-series required to encrypt. Thus, the larger is, the less computational cost required. Moreover, our method has a better distribution as compared to that of the commercial counterpart Mersenne Twister.

Thus, the -logistic map resolves the weakness (i), about undesirable statistics of the cyphertext.

5.3 Shuffling return map

When the return map of the logistic map is plotted it is noticed the well-known inverted parabola function, as can be seen in the upper left panel in Fig. 6, for . Its 3D visualization in the upper right panel also revels its standard continuous pattern, describing a strong correlation between past and future iterates. Maps that generate distinct pattern on the return map can lead to information about the ciphertext. It is to be expected that a return map of uncorrelated sequences (e.g. as those generated by PRNGs) would densely populate the space, in a demonstration that the lost of correlation. The -logistic map destroys these typical patterns.

Figure 6: Phase diagrams for the , , , and -logistic map using . Two- and three-dimensional diagrams are shown in the left and right columns, respectively. The horizontal and vertical axes show the phase space of against . Each orbit contains points starting from random initial conditions, where the first 200 iterations were discarded (transient time).

The classical inverted parabola disappears when (second row in Fig. 6), producing a set of discontinuous curves, producing a large number of period-1 orbits. As increases, the points are scattered in the phase diagram and any visual pattern seems to disappear as can be seen in the diagrams for (third row panels) to (lower row panels). As increases, the phase diagram tends to look like more of one produced by uncorrelated sources, with a map that is highly discontinuous and also highly non-invertible.

So, the use of the -logistic map should ensure an increase in the security level of the proposed ergodic cryptosystem, since it produces trajectories that can be hardly predictable, this contributing to resolve the weakness (ii) of the logistic map to the ergodic cryptosystem. It also handles well the problem of long periodic orbits (weakness iii) being turned into lower cycles, by actually creating an infinitude of lower periodic cycles.

5.4 Succeed pseudo-randomness tests

A final weakness of the ergodic cryptosystem regards the pseudo-random quality of the chaotic trajectory (weakness (iv)). Here, we cryptanalyse the chaotic sequences generated by the -logistic map to show that this weakness would be resolved by the use of the k-logistic map in the ergodic cypher.

Despite the extensive use of PRNGs in business and in scientific research, there is a lack of manners to analyze the randomness quality of the cryptographic methods. What is commonly used today to measure and test the pseudo-random sequences are the statistical test suites. The scientific literature highlights two of them: NIST and DIEHARD. The objectives of these tests are to analyze whether the sequences generated by PRNGs present patterns or any regular behavior. These statistical tests are limited in gathering evidence that the PRNG generated numbers are indeed from a truly random source. However, they are a first estimation, which we will adopt in this work.

DIEHARD tests

BirthdaySpacings [KS] 100 100 100 100 100 100 100 100 100 100
OverlappingPermutations 99 97 98 95 98 96 98 98 99 100
Ranks31x31 matrices 100 100 100 100 100 100 100 100 100 100
Ranks32x32 matrices 100 100 100 100 100 100 100 100 100 100
Ranks6x8 matrices [KS] 0 0 25 99 100 100 100 100 100 100
Monkey20bitsWords [KS] 0 99 100 100 100 100 100 100 100 100
OPSO [KS] 98 99 100 100 100 100 100 100 100 100
OQSO [KS] 98 100 100 100 100 100 100 100 100 100
DNA [KS] 100 100 100 100 100 100 100 100 100 100
Count1sStream 0 0 0 98 100 100 100 100 100 100
Count1sSpecific [KS] 0 0 0 0 94 100 100 100 100 100
ParkingLot [KS] 100 100 100 100 100 100 100 100 100 100
MinimumDistance [KS] 96 100 100 100 100 100 100 100 99 100
RandomSpheres [KS] 100 100 100 100 100 100 100 100 100 100
Squeeze [KS] 100 100 100 100 100 100 100 100 100 100
OverlappingSums [KS] 100 100 100 100 100 100 100 100 100 100
Runs (up) 100 100 100 100 100 100 100 100 100 100
Runs (down) 100 100 100 100 100 100 100 100 100 100
Craps (wins) 100 100 100 100 100 100 100 100 100 100
Craps (throws/game) 100 100 100 100 100 100 100 100 100 100
Table 4: Average number of files that passed DIEHARD tests using the -logistic map PRNG (Eq. (3)) from 100 file samples. Severely failed tests are shown in gray. All tests passed using the interval . Reproduced from [16].

In order to ascertain that, Table 4 and Table 5 are reproduced from the original work [16]. Generally, empirical tests are addressed for PRNGs in order to analyze the mathematical properties of the sequences. The tests were performed in the DIEHARD [27] and NIST [28] test suites. These tests formulate hypotheses to verify if the distribution of the random sequence of entry is adhered to some known distribution.

Here we propose to evaluate the quality of the random source of the ergodic cryptographic system, which boils down to evaluating the -logistic map for several values of the parameter. Thus, 100 files were generated, each containing (12.5 MB) numbers generated for each . Note that the file size used is due to the constraints of DIEHARD [27] itself. Each sample was generated from a random seed, and each value of each orbit was transformed into integers using a -bit mask (discretization).

The results of the 18 statistical tests are reported in Table 4 for the DIEHARD suit and in Table 5 for the NIST suit. Each column corresponds to the number of files that passed the sub-tests. In both tables, the tests that failed in at least 50 files were highlighted in gray, which can be observed in the case of , , and -logistic map. As expected, fails to both DIEHARD and NIST. The panorama changes as the parameter increases. The -logistic map passes on all of the tests from DIEHARD and NIST when . Accordingly, the ergodic cypher should not present weakness with respect to the pseudo-random nature of the source, in this case the -logistic map.

NIST test

Frequency 98 99 99 99 99 99 99 99 99 99
BlockFrequency 0 1 66 95 98 98 99 100 99 99
CumulativeSums
          Forward sums 97 98 99 99 98 99 99 99 99 99
          Reverse sums 97 99 99 99 99 99 99 99 99 99
Runs 0 0 14 91 98 99 99 99 99 100
LongestRun 0 0 15 89 98 99 98 100 99 99
Rank 99 100 99 99 99 99 99 99 99 99
FFT 77 98 99 99 99 99 99 99 99 99
Non-overlappingTemplate
          000000001 0 0 48 97 99 99 99 100 99 99
          000000011 0 3 87 98 99 99 99 99 99 99
          000000101 0 41 94 98 98 99 99 99 98 99
OverlappingTemplate 0 0 11 93 98 99 98 99 99 99
Universal 0 68 97 98 99 99 99 99 99 99
ApproxEntropy 0 0 64 98 99 99 99 100 99 99
RandomExcursions
           -4 90 98 99 99 98 99 99 99 99 100
           -3 91 97 99 99 99 99 99 99 99 99
           -2 94 99 98 99 99 98 99 99 99 99
           -1 95 99 99 98 99 99 99 99 99 100
RandExcursVar
           -9 99 100 99 99 100 99 99 99 99 100
           -8 99 99 99 99 99 99 99 99 99 100
           -7 100 99 99 99 99 99 99 99 99 100
           -6 100 99 99 99 99 99 98 99 99 99
           -5 100 99 99 99 99 99 99 99 99 99
           -4 99 100 99 99 99 99 99 99 99 99
           -3 99 100 99 98 99 99 99 99 99 99
           -2 99 99 99 98 99 99 99 100 99 99
           -1 99 99 99 99 99 99 99 99 99 99
Serial
           Serial 1 0 1 82 96 98 99 99 98 99 99
           Serial 2 10 81 95 98 98 99 99 99 98 99
LinearComplexity 99 98 99 99 99 99 99 98 99 99
Table 5: Number of files that passed the NIST test suites [28] for the -logistic map. Failed tests are shown in gray. All the tests passed to the significance level. Reproduced from [16].

6 Discussions and conclusion

This paper analyzed a classic algorithm published in 1998 in a more sophisticated way. The original algorithm has been much criticized in the literature, due to both its computational cost and its theoretical weaknesses. In this paper, we study a cryptosystem based on Baptista’s original ergodic cryptosystem algorithm, but that uses a chaotic trajectory that is created by the deep-zoom -logistic map. This paper is not intended at constructing a cryptographically safe algorithm, but instead to comprehensively study how the security of the ergodic cryptosystem would be enhanced if embedded with the -logistic map. Some of our analysis were carried out in the generated cyphertext, such as the statistics of the return times. Others were carried out in the chaotic source, the -logistic map. Baptista’s original algorithm has the number of iterations as the ciphertext, which can not be directly used for randomness tests based on the DIEHARD and NIST test suits. These tests were therefore performed in the chaotic generator used. More than trying to create a cryptosystem that can be commercially exploited, we sought not only to improving the original approach but also to open a new branch of study for the chaos-based cryptosystem community.

Some considerations need to be taken into account. The first point concerns computational cost. In general, the cost is high for both the ergodic cryptosystem and our proposed method. However, we must salient that, once the orbit is calculated, the -th values of the generated orbits do not increase the computational cost as gets larger, since the performance relies mostly on the first calculation of the original orbit. Importantly, as gets larger the security improves. Another point is that the original ergodic cryptosystem uses double precision, which indeed, due to round-off errors it may quickly fall into a periodic window induced by round-off errors. The FORTRAN double precision applied in the original chaos based algorithm guarantees 15 digits of accuracy and a magnitude ranging of 10 from -308 to +308. We fixed this issue by using high arbitrary precision arithmetic. A high precision can be achieved using the high-performance arbitrary precision arithmetic library Apfloat111http://www.apfloat.org/. It performs calculations with a precision of millions of digits, providing true chaotic, and therefore aperiodic orbits.

In the original ergodic cryptosystem, the round-off operations could lead to a non-invertible encryption procedure. This problem is evident in the scenario where the computer of the message transmitted has greater precision than the computer of the receiver. The -logistic map is implemented over a arbitrary precision arithmetic, then the round-off error can be used in our favor. For instance, the number of precision can be setup. Obviously, we should maintain a reasonable precision in order to guarantee the -logistic map to produce randomness.

Regarding the conjugacy, the logistic map at is topologically conjugated to the tent map as well as the shift map [29]. Due to the fact that these maps have the same dynamical behavior, there is some possibility to do inverse engineering. The -logistic map may also present this issue. So, we recommended using , in order to avoid conjugacy with tent map or shift map, but still being able to create a trajectory with higher entropy.

We hope this work will create a challenge for the scientific community, opening new avenues in which research will be conducted to search for possible deficiencies or further developments in the proposed improved cryptosystem. For example, attempts to discover patterns in the proposed PRNG sequences may lead to the appearance of new weaknesses in the proposed cryptosystem, revealing new possibilities for the field of cryptography. Scrutiny and new improvements might create after all a secure cryptographic systems out of the one studied in this work.

Acknowledgments

J. M. gratefully acknowledges the financial support from the National Council for Scientific and Technological Development, Brazil (CNPq) grant #405503/2017-2. M. A. is grateful for the support of the Coordination for the Improvement of Higher Education Personnel (CAPES PROEX-9524331/M). O. M. B. acknowledges support from CNPq (grant #307797/2014-7) and FAPESP (grant #14/08026-1).

References

  • Baptista [1998] M. Baptista. Cryptography with chaos. Phys Lett A, 240:50–54, 1998.
  • Kocarev [2001] L. Kocarev. Chaos-based cryptography: a brief overview. IEEE Circuits and Systems Magazine, 1(3):6–21, 2001. doi: 10.1109/7384.963463.
  • Kocarev et al. [2004] L.  Kocarev, M. Sterjev, A. Fekete, and G. Vattay. Public-key encryption with chaos. Chaos: An Interdisciplinary Journal of Nonlinear Science, 14(4):1078–1082, 2004.
  • Patidar et al. [2009] V. Patidar, K. K. Sud, and N. K. Pareek. A pseudo random bit generator based on chaotic logistic map and its statistical testing. Informatica (Slovenia), 33:441–452, 2009.
  • Szczepanski et al. [2005] J. Szczepanski, J. M. Amigó, T. Michalek, and L. Kocarev. Cryptographically secure substitutions based on the approximation of mixing maps. IEEE Transactions on Circuits and Systems I: Regular Papers, 52(2):443–453, 2005.
  • Álvarez and Li [2006] G. Álvarez and S. Li. Some basic cryptographic requirements for chaos-based cryptosystems. International Journal of Bifurcation and Chaos, 16:2129–2151, 2006.
  • Masuda et al. [2006] N. Masuda, G. Jakimoski, K. Aihara, and L. Kocarev. Chaotic block ciphers: from theory to practical algorithms. IEEE Transactions on Circuits and Systems I: Regular Papers, 53(6):1341–1352, 2006.
  • Marco et al. [2010] A. Marco, A. S. Martinez, and O. M. Bruno. Fast, Parallel and Secure Cryptography Algorithm Using Lorenz’s attractor. International Journal of Modern Physics C, 21(03):365, 2010.
  • Pisarchik and Zanin [2010] A. N. Pisarchik and M. Zanin. Chaotic map cryptography and security. Encryption: Methods, Software and Security, pages 1–28, 2010.
  • Machicao et al. [2012] J. Machicao, A. Marco, and O. M. Bruno. Chaotic encryption method based on life-like cellular automata. Expert Systems with Applications, 39:12626–12635, 2012.
  • Vidal et al. [2014] G. Vidal, M.S. Baptista, and H. Mancini. A fast and light stream cipher for smartphones. The European Physical Journal Special Topics, 223(8):1601–1610, may 2014.
  • Lin et al. [2016] Z. Lin, S. Yu, C. Li, J. Lü, and Q. Wang. Design and smartphone-based implementation of a chaotic video communication scheme via WAN remote transmission. International Journal of Bifurcation and Chaos, 26(09):1650158, 2016.
  • Machicao and Bruno [2017a] J. Machicao and O. M. Bruno. A cryptographic hash function based on chaotic network automata. Journal of Physics: Conference Series, 936:012058, 2017a.
  • Álvarez et al. [2003] G. Álvarez, F. Montoya, M. Romera, and G. Pastor. Cryptanalysis of an ergodic chaotic cipher. Physics Letters A, 311(2–3):172–179, 2003.
  • Persohn and Povinelli [2012] K.J. Persohn and R.J. Povinelli. Analyzing logistic map pseudorandom number generators for periodicity induced by finite precision floating-point representation. Chaos, Solitons & Fractals, 45:238–245, 2012.
  • Machicao and Bruno [2017b] J. Machicao and O. M. Bruno. Improving the pseudo-randomness properties of chaotic maps using deep-zoom. Chaos: an interdisciplinary journal of nonlinear science, 27:053116, 2017b.
  • Elhadj and Sprott [2008] Z. Elhadj and JC Sprott. On the robustness of chaos in dynamical systems: Theories and applications. Frontiers of Physics in China, 3(2):195–204, 2008.
  • Kanso and Smaoui [2009] A. Kanso and N. Smaoui. Logistic chaotic maps for binary numbers generations. Chaos, Solitons & Fractals, 40(5):2557–2568, 2009. doi: 10.1016/j.chaos.2007.10.049.
  • Luca et al. [2011] A. Luca, A. Ilyas, and A. Vlad. Generating random binary sequences using tent map. In INTERNATIONAL SYMPOSIUM ON SIGNALS, CIRCUITS AND SYSTEMS, 10 th, ISSCS, 2001, Lasi, Romania. Proceedings…, pages 1–4, New York, 2011. IEEE.
  • Cecen et al. [2009] S. Cecen, R. Murat Demirer, and C. Bayrak. A new hybrid nonlinear congruential number generator based on higher functional power of logistic maps. Chaos, Solitons & Fractals, 42(2):847–853, 2009. doi: https://doi.org/10.1016/j.chaos.2009.02.014.
  • Chen et al. [2010] S. L. Chen, T. Hwang, and W. W. Lin. Randomness enhancement using digitalized modified logistic map. IEEE Transactions on Circuits and Systems II: express briefs, 57(12):996–1000, 2010.
  • Hu et al. [2014] H. Hu, Y. Deng, and L. Liu. Counteracting the dynamical degradation of digital chaos via hybrid control. Communications in Nonlinear Science and Numerical Simulation, 19(6):1970 – 1984, 2014. doi: http://dx.doi.org/10.1016/j.cnsns.2013.10.031.
  • Ott [2002] E. Ott. Chaos in Dynamical Systems. Cambridge University Press, 2002. ISBN 9780521010849.
  • Matsumoto and Nishimura [1998] M. Matsumoto and T. Nishimura. Mersenne Twister: A 623-Dimensionally Equidistributed Uniform Pseudo-Random Number Generator. ACM Transactions on Modeling and. Computer Simulation, 8:3–30, 1998.
  • Luke [2016] S. Luke. True random number service, 2016. URL https://cs.gmu.edu/~sean/research/mersenne/MersenneTwisterFast.java.
  • Haahr [2018] M. Haahr. True random number service, 2018. URL http://www.random.org.
  • Marsaglia [1998] G. Marsaglia. The Marsaglia random number CDROM, with the DIEHARD battery of tests of randomness, 1998. URL http://www.stat.fsu.edu/pub/diehard.
  • Rukhin et al. [2001] A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, and A. Heckert. NIST Special Publication 800-22: A statistical test suite for random number generator for criptographic applications. Technical report, National Institute of Standards and Technology, Gaithersburg, MD, USA, 2001.
  • Stojanovski and Kocarev [2001] T. Stojanovski and L. Kocarev. Chaos-based random number generators-part i: analysis [cryptography]. IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, 48(3):281–288, 2001.