A new block cipher based on chaotic map and group theory

Chaos, Solitons and Fractals 40 (2009) 50–59 www.elsevier.com/locate/chaos A new block cipher based on chaotic map and group theory Huaqian Yang b ...

Download PDF

312KB Sizes 0 Downloads 70 Views

Report

PDF Reader
Full Text

Chaos, Solitons and Fractals 40 (2009) 50–59 www.elsevier.com/locate/chaos

A new block cipher based on chaotic map and group theory Huaqian Yang

b

a,b,*

, Xiaofeng Liao a, Kwok-wo Wong c, Wei Zhang b, Pengcheng Wei a,b

a Department of Computer Science and Engineering, Chongqing University, Chongqing 400044, PR China Department of Computer and Modern Education, Chongqing Education College, Chongqing 400067, PR China c Department of Electronic Engineering, City University of Hong Kong, Hong Kong

Accepted 10 July 2007

Communicated by Prof. Ji-Huan He

Abstract Based on the study of some existing chaotic encryption algorithms, a new block cipher is proposed. In the proposed cipher, two sequences of decimal numbers individually generated by two chaotic piecewise linear maps are used to determine the noise vectors by comparing the element of the two sequences. Then a sequence of decimal numbers is used to deﬁne a bijection map. The modular multiplication operation in the group Z 28 þ1 and permutations are alternately applied on plaintext with block length of multiples of 64 bits to produce ciphertext blocks of the same length. Analysis show that the proposed block cipher does not suﬀer from the ﬂaws of pure chaotic cryptosystems. 2007 Elsevier Ltd. All rights reserved.

1. Introduction The noise-like but deterministic oscillation behavior of chaotic signals has been employed to hide information or to design the S-box used in cryptographic systems [1,2]. Recently, the impact of chaos-based techniques on block ciphers was discussed in detail by Yi et al. [3] and Jakimoski and Kocarev [4]. The application of a chaotic piecewise linear onedimensional (1D) map as a random number generator was proposed and analyzed by Stojanovski and Kocarev in Refs [5,6] and Li et al. in Refs. [7,8]. Virtually, most chaos-based software encryption techniques employ chaotic maps to generate a sequence of pseudorandom numbers, which are considered as a one-time pad key for encrypting messages. However, Wheeler et al. [9,10] pointed out that the computer implementation of chaotic maps may exhibit surprisingly diﬀerent behaviors such as short cycles and high dependence on computing precision. When chaotic systems are realized using ﬁnite precision of computation, their digital dynamical properties will be far diﬀerent from the continuous ones. Assume that the ﬁnite precision is L (bits) and ﬁxed-point arithmetic is adopted, a chaotic system essentially degrades for the following reasons: (1) There are only 2L discrete values to represent the chaotic orbits and so the cycle length of the orbits must not * Corresponding author. Address: Department of Computer Science and Engineering, Chongqing University, Chongqing 400044, PR China. E-mail address: [email protected] (H. Yang).

0960-0779/$ - see front matter 2007 Elsevier Ltd. All rights reserved. doi:10.1016/j.chaos.2007.07.056

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

51

be longer than 2L. (2) The quantization errors accumulated in the iterations of the chaotic system will make the chaotic orbits depart from the theoretical ones in a uncontrolled manner. As a result, the chaotic orbit converges to a ﬁxed value after some iterations and causes weak keys in the whole key space of the chaotic system [11]. Yi et al. proposed a block cipher based on chaotic tent maps [3]. In this cipher, a sequence of decimal numbers generated by the chaotic tent map is used to determine 4n-bit noise vectors by choosing two disjoint interval ranges representing 0 and 1, where n is an integer larger than or equal to 16. Moreover, n permutations of 1, 2, 3, and 4 are also generated by looking up a table. The noise vectors and permutations are then alternately applied on plaintexts blocks of length 4n bits to produce ciphertext block of the same length. Apparently, there exist two drawbacks in the cipher: (1) the entries of the look-up table are too small. (2) The correspondences between vji and permutations wji of 1, 2, 3, 4 are ﬁxed. These may become the security loopholes under the chosen plaintext attack. In this paper, a new chaotic block cipher based on chaotic maps and group theory of abstract algebra is proposed. Two sequences of decimal numbers individually generated by two chaotic piecewise linear maps are used to determine 64-bit noise vectors by comparing the elements of the two sequences representing 0 and 1. At the same time, a bijection map g : vji ! wji, which describes the correspondences between vji and permutations wji of 1, 2, 3, 4, 5, 6, 7, 8, is generated according to a speciﬁc procedure (see Section 2). The rest of the paper is organized as follows. Section 2 describes the new block cipher. In Section 3, security level of the new scheme is evaluated by experiments. Section 4 is an analysis of the security and the performance of the proposed cipher. Conclusions are drawn in Section 5.

2. The proposed block cipher 2.1. The piecewise linear map (PWL) In [8], a 1D piecewise linear map 8 > < x=p F ðp; xÞ ¼ ðx pÞ=ð1=2 pÞ > : F ðp; 1 xÞ

(PWL) with good statistical property was proposed. It is deﬁned as x 2 ½0; pÞ; x 2 ½p; 1=2; x 2 ½1=2; 1;

ð1Þ

where p 2 (0, 1/2) is the control parameter. In interval [0, 1], the map has some good statistical properties [7,8]. 2.2. A new cipher based on chaos and group theory 2.2.1. Secret keys The new cipher requires both the sender and the receiver share four secret parameters (p1, p2, x0, K) in advance, where 0 < p1, p2 < 1/2, p1 5 p2 and K is an 8 · 8 = 64-bit binary stream. Two discrete piecewise linear maps with the same initial value x0 are used to generate two chaotic sequences {x1(i)}, {x2(i)} individually. They are deﬁned as F ðp1 ; x1 ð0ÞÞ : x1 ði þ 1Þ ¼ F ðp1 ; x1 ðiÞÞ; F ðp2 ; x2 ð0ÞÞ : x2 ði þ 1Þ ¼ F ðp2 ; x2 ðiÞÞ;

ð2Þ ð3Þ

where x1(0) = x2(0) = x0 and i = 0, 1, 2, . . . 2.2.2. Noise vectors Firstly, two chaotic sequences x1(1), x1(2), . . . , x1(i) , . . . and x2(1), x2(2), . . . , x2(i), . . . are generated from chaotic maps F(p1, x1(0)) and F(p2, x2(0)). Then 64-bit noise vectors Uj = (u64j, u64j+1, . . . , u64j+63) with j = 0, 1, 2, . . . are obtained according to the rule speciﬁed in Eq. (4). 8 if x1 ðiÞ > x2 ðiÞ; > <0 ð4Þ ui ¼ no output if x1 ðiÞ ¼ x2 ðiÞ; > : 1 if x1 ðiÞ < x2 ðiÞ: 2.2.3. Permutation and substitution For j = 0, 1, . . . , let Vj = (vj0, vj1, . . . , vj7) = (Uj+2 K) n 3 where denotes bit-by-bit exclusive OR, n3 stands for circular left shift by 3 bits, and vji(i = 0,1, . . . , 7) is a 8-bit binary value, i.e., vji = {0, 1}8.

52

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

Table 1 The correspondences between vji and permutations wji of 1, 2, 3, 4, 5, 6, 7, 8 vji (8 bit)

wji (8 bit)

v1 ji ðingroupðZ 28 þ1 ; ÞÞ

00000000 00000001 11111110 11111111

wj0 wj1 wji wjð28 2Þ wjð28 1Þ

256 00000001 10101011 10000000

Firstly, a bijection map g:vji ! wji as shown in Table 1 is constructed. Here, wji is a permutation of 1, 2, 3, 4, 5, 6, 7, 8. The map g is constructed using Algorithm 1. I. With F(p1, x1(i)), a new chaotic state x1(i + 1) is generated. II. By modulo operation, extract the ﬁrst eight digits after the decimal point of x1(i + 1) to get a permutation of 1–8. If the operation is not success or the permutation has already appeared, this operation is discarded and the ﬂow returns to step I. Algorithm 1 r 0 while r 6 28 1{ while (1 > 0) { for u (1) to (8) do P[u] 0 x1(i + 1) F(p1, x1(i)) x1(i) = x1(i + 1) u 1 while x1(i + 1) > 0 { k=(bx1(i + 1) · 10cmod 8) + 1 if k 5 (P[1]to P[u]) then P[u] k u u+1 if u 6 8 then x1(i + 1) x1(i + 1) · 10 floor(x1(i + 1) · 10) else break } if P[8] 5 0 then break } if P[1]P[2] P[8] 5 (wj0 to wjr) then wjr P[1]P[2] P[8] r r+1 } A substitution/permutation function fji( Æ ) is constructed based on the bijection mapping. Let a 64-bit binary stream M = (M1, M2, M3, M4, M5, M6, M7, M8). fji( Æ ) is deﬁned as fji ðM 1 ; M 2 ; . . . ; M k ; . . . ; M 8 Þ ¼ ½wji ðrji ðM 1 Þ; rji ðM 2 Þ; . . . ; rji ðM k Þ; . . . ; rji ðM 8 ÞÞ;

ð5Þ

where Mk (k = 1,2, . . . , 8) is 8-bit long, rji( Æ ) denotes a modulo 28 + 1 multiplication operation of Mk and vji in group ðZ 28 þ1 ; Þ. Namely, rji ðM k Þ ¼ M k vji ¼ M k vji modð28 þ 1Þ; wji( Æ ) denotes a new permutation of (M1, M2, . . . , Mk, . . . , M8) by the value of wji in map g.

ð6Þ

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

53

C j +1

Pj +1

⊕

+

Cj

v j0

f j0

v j1

f j1

K

U j +2

⊕

Pj

⊕

+ v −j 71

f j−71

v −j 61

f j−61

K

U j +2

Vj

⊕

Vj f j−1

fj

⊕

+

Pj

v −j 01

f j7

v j7

Cj

f j−01

⊕

+

Pj +1

C j +1 Fig. 1. Diagram of (a) encryption and (b) decryption.

An example of these operations is given below. Let vji = (01100001)2, wji = (4, 6, 1, 3, 5, 8, 7, 2), M3 = (01100010)2. Since vji M3 = (11111110)2 = 254. Therefore, fji ðM 1 ; M 2 ; M 3 ; M 4 ; M 5 ; M 6 ; M 7 ; M 8 Þ ¼ ½wji ðrji ðM 1 Þ; rji ðM 2 Þ; rji ðM 3 Þ; rji ðM 4 Þ; rji ðM 5 Þ; rji ðM 6 Þ; rji ðM 7 Þ; rji ðM 8 ÞÞ ¼ wji ½M 01 ; M 02 ; ð11111110Þ; M 04 ; M 05 ; M 06 ; M 07 ; M 08 ¼ ðM 04 ; M 06 ; M 01 ; ð11111110Þ; M 05 ; M 08 ; M 07 ; M 02 Þ ¼ ðM 04 ; M 06 ; M 01 ; M 03 ; M 05 ; M 08 ; M 07 ; M 02 Þ; where M 0k ¼ rji ðM k Þ ¼ M k vji ¼ M k vji modð28 þ 1Þ. Furthermore, let fj ¼ fj7 fji fj0 fj1

¼

fj01

fji1

ð7Þ

fj71

fji1 ðM 1 ; M 2 ; . . . ; M k ; . . . ; M 8 Þ

ð8Þ ¼

1 1 1 1 ½w1 ji ðrji ðM 1 Þ; r ji ðM 2 Þ; . . . ; r ji ðM k Þ; . . . ; r ji ðM 8 ÞÞ 8

1 1 1 where, r1 ji ðM k Þ ¼ M k vji ¼ M k vji modð2 þ 1Þ; vji is the inverse of vji in group

ð9Þ

ðZ 28 þ1 ; Þ.

2.2.4. Encryption and decryption The plaintext P is divided into blocks (P1, P2, . . . , Pr) of length 64 bits. If the last block Pr contains fewer than 64 bits, some zeroes will be appended to Pr to make it 64 bits. Let C0 = U0, P0 = U1. Each 64-bit plaintext Pj+1 (j = 0,1,2, . . . , r 1) is encrypted into 64-bit ciphertext Cj+1, (j = 0,1,2, . . . , r 1) in the following way: C jþ1 ¼ fj ðP jþ1 ðC j þ U jþ2 ÞÞ ðP j þ U jþ2 ÞU jþ2

ð10Þ

Each 64-bit ciphertext Cj+1 is decrypted into 64-bit plaintext Pj+1 according to Eq. (11) P jþ1 ¼ fj1 ðC jþ1 ðP j þ U jþ2 ÞÞ ðC j þ U jþ2 ÞU jþ2

ð11Þ

The encryption and decryption processes are illustrated in Fig. 1. In the encryption and decryption processes, denotes bit-by-bit exclusive OR in group ðF 64 2 ; Þ, denotes modulo 8 2 + 1 multiplication in group ðZ 28 þ1 ; Þ and þ stands for modulo 264 addition in group ðZ 264 ; þ Þ. 3. Simulation results Security is a major issue of a cryptosystem. We apply both theoretical and simulation results to elucidate some aspects of the security of the proposed scheme.

54

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

Table 2 the correspondences between v0i and permutations w0i of 1, 2, 3, 4, 5, 6, 7, 8 v1 0i

w0i

v0i v00 v01 v02 v03 v04 v05 v06 v07

245 163 70 253 209 89 15 168

54162387 82457613 14275386 31264785 25417863 65418732 74362518 67385214

w00 w01 w02 w03 w04 w05 w06 w07

107 41 246 64 91 26 120 231

As 0 R Z 28 þ1 but 28 ¼ 256 2 Z 28 þ1 , 8 bits are not suﬃcient to represent 256. Therefore, if an operand of the modulo 2 + 1 multiplication in group ðZ 28 þ1 ; Þ is zero, it is substituted by 28. Similarly, if the result is 28, it is replaced by 0. For other cases, the extended Euclidean algorithm is employed while computing the inverse of an element in the group ðZ 28 þ1 ; Þ. Let x0 = 0.436567349535648, p1 = 0.485734534345379 and p2 = 0.234579834895896. The key K = ‘‘cryption’’, the corresponding binary stream is 8

K ¼ 01100011 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01111001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01110000 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01110100 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101111 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101110 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} : |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01110010 c

r

y

p

t

i

o

n

First, F(p1, x0), F(p2, x0) are iterated 250 times. Then g : vji ! wji is constructed by Algorithm 1 and is listed in Table 2. Finally, U0, U1, U2, V0 are obtained. U 0 ¼ 0111000010101011000111100011000110100100110000110110100000100001 U 1 ¼ 0001000000011110100101011111011010010100110000010000111000100011 U 2 ¼ 0111110111000110000100011010111111001110010000100100111010011011 V 0 ¼ U 2 Kn3 ¼ 11110101 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 10100011 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01000110 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 11111101 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 11010001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01011001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 00001111 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 10101000 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} v00

v01

v02

v03

v04

v05

v06

v07

The plaintext P1 = ‘‘example1’’ (ASCII code: ‘‘101, 120, 097, 109, 112, 108, 101, 049’’) is encrypted into ciphertext C1 (ASCII code: ‘‘139, 186, 020, 164, 087, 052, 026, 185’’). Note that in C1, there may exist some unprintable characters.

4. Security and performance analysis 4.1. Key space In the proposed cipher, a chaotic PWL map is iterated with double precision ﬂoating-point arithmetic. A doubleprecision ﬂoating-point number is represented according to the IEEE 754 ﬂoating-point standard [12], found in virtually almost all computers produced after 1980. According to Eq. (4), the sequence ui is highly inﬂuenced by parameters ð1Þ ð1Þ ð1Þ p1, p2. Therefore, more attention should be paid in choosing these two parameters. Let p1 ¼ 0:d 1 d 2 . . . d 15 , ð2Þ ð2Þ ð2Þ ð1Þ ð2Þ p2 ¼ 0:d 1 d 2 . . . d 15 and x0 = 0.x1x2 . . . x15. Since 0 < p1,p2 < 1/2,p1 5 p2, then d 1 ; d 1 2 f0; 1; 2; 3; 4g. In addition, arbitrary 64 bits can be used as K. In this case, the actual key space of the new cipher is (5 Æ 1014) · (5 Æ 1014) · (1015) · 264 = 2.5 · 1044 · 264 2207.5. If brute-force attack is employed, the attacker does not need to know details of p1, p2 and x0. However, they need to know Uj, K and g : vji ! wji. Hence the key space is about 256 Æ 8! Æ 264 Æ 264 2151.299. 4.2. Diﬀusion and confusion analysis In the proposed cipher, three diﬀerent operations are used, namely, bit-by-bit exclusive OR in ðF 64 2 ; Þ, modulo 2 + 1 multiplication in ðZ 28 þ1 ; Þ and modulo 264 addition in ðZ 264 ; þ Þ. Since any two of the three operations do 8

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

55

not satisfy the associative and distributive properties (i.e. the three operations are incompatible, see Table 3) and wji( Æ ) has the permutation function. Therefore good diﬀusion and confusion performance is obtained (see the results presented in Section 4.4). Proposition. The group Z 28 þ1 ¼ faja 2 1; 2; ; 256g with an operation modulo 28 + 1 multiplication ð; a b ¼ ða bÞ28 þ1 Þ is a commutative group. Proof. Let m = 28 + 1 = 257, then m is a prime number. r The operation is closed: Let a; b 2 Z m , namely, 0 < a, b < m. Since m is a prime number, (a, m) = (b, m) = 1 and (ab, m) = 1. On the other hand, ab = qm + (ab)m, 0 6 (ab)m < m. Then (ab, m) = ((ab)m, m), ((ab)m, m) = 1. So a b ¼ ðabÞm 2 Z m . s The operation is commutative: Let all a; b 2 Z m , then a b = (ab)m = (ba)m = b a. Hence the operation is commutative. t The operation is associative: Let a, b and c 2 Z m . If mja b, then (a)m = (b)m. Since ab (a)m(b)m = a(b (b)m) + (a (a)m)(b)m is a multiple of m, i.e., mjab (a)m(b)m, therefore (ab)m = ((a)m(b)m)m. On the other hand, c 2 Z m and c = (c)m. Hence ða bÞ c ¼ ððabÞm cÞm ¼ ððabÞm ðcÞm Þm ¼ ððabÞcÞm ¼ ðaðbcÞÞm ¼ ðaðbcÞm Þm ¼ a ðb cÞ u The property of the identity (e): For all g 2 Z m , 1 g = (1 · g)m = g = (g · 1)m = g 1 and so 1 is the identity element of ðZ m ; Þ. v Existence of inverse . Let a 2 Z m . Since (a, m) = 1, there exists two integers c, d such that 1 = ca + dm. Therefore (c, m) = 1 and ((c)m, m) = 1, namely, ðcÞm 2 Z m . On the other hand 1 ¼ ca þ dm ¼ ðca þ dmÞm ¼ ðcaÞm ¼ ððcÞm aÞm ¼ ðcÞm a: Hence (c)m = a1 and the group ðZ 28 þ1 ; Þ is said to be a commutative group.

h

4.3. Uniqueness of encryption and decryption For any cryptosystems, the uniqueness of encryption and decryption is a must. This uniqueness property is ensured for the following two reasons: Table 3 Three operations ð; þ and Þ in group 00 01 10 11

00 00 01 10 11

01 01 00 11 10

10 10 11 00 01

11 11 10 01 00

þ 00 01 10 11

00 00 01 10 11

01 01 10 11 00

10 10 11 00 01

11 11 00 01 10

00 01 10 11

00 01 00 11 10

01 00 01 10 11

10 11 10 00 01

11 10 11 01 00

56

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59 I. Three operations ð; and þ Þ are reversible in groups F 64 2 , Z 28 þ1 and Z 264 , respectively. II. The map g : vji ! wji is a bijection one.

4.4. Statistical test According to Shannon’s theory, a good encryption scheme should have excellent performance in resisting statistical attack. Text ﬁles are usually composed of printable characters, whose ASCII codes lie between 033 and 126. However, the corresponding ciphertext has value ranged from 0 to 255. To estimate the performance of the proposed scheme, a text ﬁle of size 3200 bytes and an image ﬁle of 128 · 128 pixels are used for encryption. The encrypted ﬁle is decrypted to obtain the original ﬁle. The experimental results are shown in Figs. 2 and 3. From the two ﬁgures, one can ﬁnd that the histograms of the ciphertext are fairly uniform and are substantially diﬀerent from that of the original ﬁles. Furthermore, the correlation coeﬃcient q between the plaintext sequence m1, m2, . . . , mN and the ciphertext sequence e1, e2, . . . , eN is calculated by Eq. (12) [3,14]. P P P N ðmj ej Þ ð mj Þð ej Þ ð12Þ q ¼ qﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃ P P P 2 ﬃ: P 2 ðN m2j ð mj Þ ÞðN e2j ð ej Þ Þ The correlation coeﬃcients generated using three sets of parameters are listed in Table 4. When N = 3200 · 8 = 25,600, the coeﬃcients between a meaningful plaintext sequence of length 25,600 bits (the encrypted ﬁle) and its corresponding ciphertext sequence are computed and listed in Table 4. They fall between l 2r and l + 2r, i.e., (0.01254, 0.01254), which is considered as the range of ‘‘good’’ correlation coeﬃcient values [10], where rﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃ 1 1 NðN 3Þ l¼ r¼ : ð13Þ N 1 N 1 N þ1 Since these correlation coeﬃcients are very small, they indicate that the plaintext and ciphertext sequences are independent of each other. 4.5. Key sensitivity Any cryptosystems should possess the following three important properties to maintain high security level [13]: (1) Map plaintext to ciphertext randomly, according to the key. There should not be any patterns in the ciphertext. (2) Be sensitive to plaintext. This means that only one bit change in the plaintext leads to a completely diﬀerent ciphertext. (3) Be sensitive to keys. This means that one bit change in the key results in a completely diﬀerent ciphertext when applied to the same plaintext. Since the key of the proposed cipher is composed of four secret parameters p1,p2,x0,K, we will validate its sensitivity as follows.

Fig. 2. Distribution of (a) plaintext and (b) ciphertext.

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

57

Fig. 3. Distribution of original/encrypted image: (a) the original image, (b) the histogram of original image, (c) the encrypted image and (d) the histogram of encrypted image.

Table 4 The correlation coeﬃcients (N = 6400 and N = 25,600) Parameters

Correlation coeﬃcient (N = 6400) Correlation coeﬃcient (N = 25600)

x0 = 0.436567349535648

x0 = 0.436567349535647

x0 = 0.436567349535648

p1 = 0.485734534345379

p1 = 0.485734534345379

p1 = 0.485734534345379

p2 = 0.234579834895896

p2 = 0.234579834895896

p2 = 0.234579834895897

0.0224 0.0118

0.0235 0.0121

0.0242 0.0115

I. Keep p1, p2 and x0 unchanged and toggle the last bit of K. The modiﬁed key K 0 is given by K 0 ¼ 01100011 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01110010 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01111001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01110000 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01110100 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101111 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101111 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} : c

r

y

p

t

i

o

o

C 01

(ASCII code: ‘‘ 063, 228, 053, 068, 041, 184, Then the plaintext P1 = ‘‘example1’’ is encrypted into ciphertext 046, 031’’), which is substantially diﬀerent from C1. II. Keep p1, p2 and K unchanged and toggle the last digit of x0, namely x00 ¼ 0:436567349535647. Then U 00 ¼ 1110011000001000001000111011010000100110111101110010111110000010; U 01 ¼ 0000001101100110000010111101110010101100010010110111000000000100; U 02 ¼ 0100110111111111000001001100000010000111011100011101001110011011; V 00 ¼ U 02 Kn3 ¼ 01110100 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 01101011 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 11101101 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 10000111 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 10011000 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 11000101 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 11100111 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} 10101001 |ﬄﬄﬄﬄﬄﬄ{zﬄﬄﬄﬄﬄﬄ} : v00

v01

v02

v03

v04

v05

v06

v07

58

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

Table 5 The correspondences between v00i and permutations w00i of 1,2,3,4,5,6,7,8 v00i

ðv00i Þ1

w00i

v000 v001 v002 v003 v004 v005 v006 v007

116 107 237 135 152 197 231 169

72865341 71548623 75483261 74158623 58316427 42568317 14875632 48132567

w000 w001 w002 w003 w004 w005 w006 w007

113 245 167 99 93 227 168 73

The plaintext P1 = ‘‘example1’’ is encrypted into ciphertext C 001 (ASCII code: 0 ‘‘004, 116, 078, 084, 185, 093, 011, 107’’), which is substantially diﬀerent from C1 and C 1 . The results show that although there is only as small as 215 diﬀerence in x0 and x00 , the elements and the map, which are used in encrypting P1, are totally diﬀerent from that of the original (see Tables 2 and 5). In the decryp 1 tion process, the inverse v1 ji of vji is required in group ðZ 28 þ1 ; Þ. However diﬀerent vji lead to diﬀerent vji and so the proposed cipher is sensitive to the decryption secret key.

5. Conclusion Based on the chaotic piecewise linear map and group theory, a new block cipher has been proposed and analyzed in this paper. The new block cipher operates on 64-bit plaintext blocks to produce ciphertext blocks of the same length. In the proposed cipher, the ciphertext depends on the plaintext, noise bits and group operations. The new block cipher remedy partially some ﬂaws of pure chaotic cryptosystem. A large key size, diﬀusion and confusion of three group operations and shuﬄes of permutation protect the proposed cipher against ciphertext only attack, statistical attack and chosen plaintext attack. The new cipher is not comparable with Advanced Encryption Standard (AES). However, it is an exploration of constructing new block ciphers based on chaotic maps and group theory.

Acknowledgement The work described in this paper was supported by the National Natural Science Foundation of China (No. 60573047), the Chongqing Education Committee (No. kj061501, No. kj051501) and the Natural Science Foundation of Chongqing Science and Technology Committee (No. 3574, CSTC, 2005BB2286, 2006BB2254).

References [1] Tang G, Liao XF. A novel method for designing S-boxes based on chaotic maps. Chaos, Solitons & Fractals 2005;23:413–9. [2] Tang G, Liao XF. A method for designing dynamical S-boxes based on discretized chaotic map. Chaos, Solitons & Fractals 2005;23:1901–9. [3] Yi Xun, Tan Chik How, Siew Chee Kheong. A new block cipher based on chaotic tent maps. IEEE Trans Circuits Syst I 2002;49(12):1826–9. [4] Jakimoski G, Kocarev L. Chaos and cryptography: block encryption ciphers based on chaotic maps. IEEE Trans Circuits Syst I 2001;48(2):163–9. [5] Stojanovski T, Kocarev L. Chaos-based random number generators—Part I: Analysis. IEEE Trans Circuits Syst I 2001;48(3):281–8. [6] Stojanovski T, Kocarev L. Chaos-based random number generators—Part II: Practical realization. IEEE Trans Circuits Syst I 2001;48(3):382–5. [7] Kohda T, Tsuneda A. Statistics of chaotic binary sequences. IEEE Trans Inform Theory 1997;43(1):104–12. [8] Li Shujun, Mou Xuanqin, Cai Yuanlong. Pseudo-random bit generator based on couple chaotic systems and its applications in stream-cipher cryptography. In: Progress in cryptology – IndoCrypt 2001, December 2001, Lecture notes in computer science, vol. 2247. p. 316–29. [9] Wheeler DD. Problems with chaotic cryptosystems. Cryptologia 1989;XIII(3):243–50.

H. Yang et al. / Chaos, Solitons and Fractals 40 (2009) 50–59

59

[10] Wheeler DD, Mathews RAJ. Supercomputer investigations of a chaotic encryption algorithm. Cryptologia 1991;XV(2):140–52. [11] Wei Jun, Liao Xiaofeng, Wong Kwok-wo, Xiang Tao. A new chaotic cryptosystem. Chaos, Solitons & Fractals 2006;30:1143–52. [12] Goldberg D, Priest D. What every computer scientist should know about ﬂoating-point arithmetic. ACM Comp Surv 1991;23(1):5–48. [13] Fridrich J. Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurcat Chaos 1998;8(6):1259–84. [14] Knuth DE. Seminumerical algorithms. The art of computer programming, 3rd ed., vol. 2. Reading, (MA): Addison Wesley; 1998.

A new block cipher based on chaotic map and group theory

A new block cipher based on chaotic map and group theory

Recommend Documents