Application of Gray codes to the study of the theory of symbolic dynamics of unimodal maps

Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

Contents lists available at ScienceDirect

Commun Nonlinear Sci Numer Simulat journal homepage: www.elsevier.com/locate/cnsns

Application of Gray codes to the study of the theory of symbolic dynamics of unimodal maps David Arroyo a,⇑, Gonzalo Alvarez b a b

Grupo de Neurocomputación Biológica, Dpto. de Ingeniería Informática, Escuela Politécnica Superior, Universidad Autónoma de Madrid, 28049 Madrid, Spain Instituto de Seguridad de la Información, Consejo Superior de Investigaciones Científicas, Serrano 144, 28006 Madrid, Spain

a r t i c l e

i n f o

Article history: Received 2 June 2013 Accepted 10 November 2013 Available online 20 November 2013 Keywords: Unimodal maps Kneading sequences Symbolic sequences Gray Ordering Number GON Mandelbrot map

a b s t r a c t In this paper we provide a closed mathematical formulation of our previous results in the field of symbolic dynamics of unimodal maps. This being the case, we discuss the classical theory of applied symbolic dynamics for unimodal maps and its reinterpretation using Gray codes. This connection was previously emphasized but no explicit mathematical proof was provided. The work described in this paper not only contributes to the integration of the different interpretations of symbolic dynamics of unimodal maps, it also points out some inaccuracies that exist in previous works. Ó 2013 Elsevier B.V. All rights reserved.

1. Introduction A symbolic sequence is a transformation of a sequence of real numbers into a sequence consisting of a set of symbols. Regarding unimodal maps, the cardinality of that set is two and it is determined by the turning point of the iteration function of the map. Accordingly, each symbol represents the relative position of a real-value with respect to the turning point. In [1] it is pointed out the existence of an inner order of the symbolic sequences, along with the relationship between this order and the initial condition and the control parameter of the underlying chaotic system. The considerations and results of [1] were later improved and enlarged through different contributions, being the most important [2,3]. In [4] it was remarked that the order of the symbolic sequences can be interpreted using the concept of Gray codes. In this novel approach to the problem, the symbolic sequences are finally converted into a figure which is a real number between 0 and 1 called Gray Ordering Number or simply GON. Afterwards, [5] drew the bridge between the ideas of [4] and the main theory of applied symbolic dynamics as expressed in [3]. Finally, some theorems are offered in [6], which enlarge the theoretical framework of the GON of unimodal maps. In [6] it is explained that the dynamical properties of unimodal maps by means of the GON are a translation of the theoretical framework inherited from [1]. Nevertheless, there is no direct and explicit proof of this equivalence. One of the main applications of the concept of the GON is the estimation of the control parameter of unimodal maps for cryptanalysis [7–10]. The precise definition of the key space of a cryptosystem is a commitment in cryptography. In the context of chaotic cryptography, it implies that the control parameters and initial conditions of the chaotic system must be selected to guarantee chaoticity, and to avoid the estimation of either control parameters or initial conditions from partial information about the chaotic orbits [11, Rule 5]. In case that this partial information arises from the symbolic sequences of the chaotic map used for encryption, we must assess that it is not possible to get an accurate enough estimation of control ⇑ Corresponding author. E-mail addresses: [email protected], [email protected] (D. Arroyo). 1007-5704/$ - see front matter Ó 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.cnsns.2013.11.005

2346

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

parameters and/or initial conditions. Therefore, a rigorous and concrete theoretical framework is required to quantify the precision of the procedures for the estimation of the control parameter and the initial condition of unimodal maps from their symbolic sequences. This paper presents this concretion and also shows that some of the theorems in [6] are not totally accurate. In this sense, those theorems are not only criticized but also rewritten. This paper is organized as follows. First of all, Section 2 introduces the class of maps under study and the main aspects of their symbolic dynamics. Section 3 remarks the existence of an inner order for the symbolic sequences of a certain class of unimodal maps and a relationship between that order and the order of the initial conditions employed in their generation. In Section 4 the order of the symbolic sequences is rewritten in terms of Gray codes and the concept of Gray Ordering Number is introduced. After that, Section 5 introduces a subclass of the class of considered unimodal maps. This subclass of unimodal maps is defined in a parametric way, i.e., their dynamics depend on a control parameter. This dependency is analyzed by means of the GON. This study will lead to the revision and proof of all theorems in [6]. Finally, Section 7 summarizes the main results of the present work. 2. Scenario The work described in this paper is focused on a special class of functions. This class is denoted by F . A function f belonging to the class F is defined in the interval I ¼ ½a; b for a < b and satisfies: 1. 2. 3. 4. 5. 6.

f is a continuous function in I. f ðaÞ ¼ f ðbÞ ¼ a. f ðxÞ reaches its maximum value fmax 6 b in the sub-interval ½am ; bm   I so that am 6 bm . m f ðfmax Þ < xc and f ðfmax Þ P a, where xc is the middle point of the interval ½am ; bm , i.e., xc ¼ am þb . 2 f ðxc Þ > xc . f ðxÞ is an strictly increasing function in ½a; am  and an strictly decreasing function in ½bm ; b.

Although the work in this paper is focused on the class of functions F , it is possible to extend it to other class of functions considering the topological conjugacy of maps [12, p. 72]. This other class of functions is named F  and any f included in F  has the same properties as those in F with the exception of properties ð3Þ and ð6Þ, since if f is in F  , then it possesses a minimum value in ½am ; bm  and is strictly decreasing in ½a; am  and strictly increasing in ½bm ; b. Hereafter, the function f ðxÞ is considered as a way to generate a sequence of numbers fxi g from a certain initial value x0 . Each number xi determines the next element of the sequence trough xiþ1 ¼ f ðxi Þ. After a transient number of iterations, all the xi values are inside the interval ½xmin ; xmax , where xmax ¼ f ðxc Þ and xmin ¼ f ðxmax Þ. The tent map is included in the class F and is represented in Fig. 1. In this case am ¼ bm ¼ xc and fmax ¼ f ðxc Þ ¼ b. A certain value xiþ1 – xc can be derived from two different values of xi , as Fig. 1 informs. In other words, it is satisfied that xiþ1 ¼ f ðxLi Þ ¼ f ðxRi Þ, where xLi – xRi , xLi < xc and xRi > xc . This is a common characteristic of all the functions of the class F . It means that the initial condition used in the generation of fxi g using f ðxÞ can be recovered from the last number of the sequence only if the relative position of every xi with respect to xc is known. Therefore, the recovery of the initial condition

Fig. 1. Tent map.

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

2347

demands recording those relative positions. This is achieved by transforming fxi g into a symbolic sequence or pattern according to the next criterion:

xi  L if xi 2 ½a; xc Þ;

ð1Þ

xi  C

ð2Þ

if xi ¼ xc ;

xi  R if xi 2 ðxc ; b:

ð3Þ



If f is in F instead of being in F , then the symbolic sequences are generated in the same but changing all the L’s into R’s and vice versa. Consequently, fxi g is associated to the symbolic sequence P ¼ p0 p1    where pi 2 fL; Rg. Using P and the last element of fxi g one can recover the initial condition x0 . 3. Relationship between the symbolic sequences and the initial condition used in their generation Let us call Pf ðx0 Þ to the symbolic sequence of length n generated from x0 using the function f ðxÞ, which is included in the class F . The value of the ith symbol of the symbolic sequence Pf ðx0 Þ is determined by f ðiÞ ðx0 Þ, i.e., the ith iteration of f ðxÞ from x0 for i 2 ½0; n  1. If pi is the ith symbol of the symbolic sequence, pi is equal to L if and only if f ðiÞ ðx0 Þ < xc . In the same way, pi is equal to R if and only if f ðiÞ ðx0 Þ > xc . As a consequence, the definition interval I is divided into 2iþ1 symbolic sub-intervals. ði;jÞ Indeed, if xc is the j-th solution of the equation

f ðiÞ ðxÞ ¼ xc ; n

ði;jÞ xc

o

ð4Þ i

iþ1

ð0;0Þ xc

for 0 6 j < 2 divide the definition interval into 2 sub-intervals, where the set ¼ xc . All the values included in one of these intervals generate the same symbolic sequence of length i þ 1. In Fig. 2 the symbolic intervals of the tent map for zero, one and two iterations are depicted. The main result of the previous proposition is that, for a certain number of iterations, the different sub-intervals are so that two neighboring sub-intervals lead to the same symbolic sequence except for ði;jÞ one symbol. On the other hand, for i 2 f0; 1; 2; . . .g and j 2 ½0; 2i  1, the set of points xc determines periodic symbolic sequences of period i þ 1 when they are considered as initial conditions. If the symbol C is assigned to xc and only one period is

2

Fig. 2. Symbolic intervals for different iterations of the tent map.

2348

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

n o ði;jÞ end with a C. In this sense, if the iteration process associated to the regarded, the symbolic sequences generated from xc generation of a symbolic sequence stops just when a C is obtained, only the symbolic sequences derived from the set of initial conditions solution of Eq. (4) have finite length. All the previous observations can be formally expressed by the following definition: Definition 3.1. For a certain function f ðxÞ the symbolic sequence or kneading sequence generated from the initial condition x0 is P f ðx0 Þ. If exists i 2 N0 such that f ðiÞ ðx0 Þ ¼ xc , then P f ðx0 Þ is finite length. Otherwise, Pf ðx0 Þ is a kneading sequence of infinite length. As a consequence, any kneading sequence of finite length always ends with a C. If S is the set of all sequences derived from the iteration of the functions included in F , then it is possible to derive a complete ordered set ðS; 0; s0 s1    sj1 ¼ t0 t 1    tj1 contains an even number of R’s and sj 0; s0 s1    sj1 ¼ t0 t 1    tj1 contains an odd number of R’s and sj >S t j . The inner order of S is directly linked to the order on R of the real numbers in I used to generate the symbolic sequences from any f in F . This is informed and proved in [2, Lemma 4.1] and in [3, Theorem 2]. For the sake of clarity, the relationship between the order of the kneading sequences and the order of the initial conditions is rewritten as a theorem: Theorem 3.1. For f ðxÞ belonging to the class of functions F and x; y included in the interval of definition of f ðxÞ so that x < y, it is verified that Pf ðxÞS Pf ðyÞ. 4. Gray codes and symbolic sequences In the previous section it was remarked that f ðnÞ ðxÞ can be divided into 2nþ1 intervals such that all the values included in one of those intervals lead to the same symbolic sequence of length n þ 1. In this sense, those intervals were referred as symbolic intervals, since a certain interval can be named through the symbolic sequence generated from any value inside it. It was also observed that two contiguous symbolic sequences differed in just one symbol. Finally, if the first symbol of the symbolic sequences is discarded, the 2nþ1 symbolic sub-intervals generated by the nth iteration of the map f ðxÞ are symmetric with respect to x ¼ xc . In communication theory it is very well known a family of codes distinguished by the fact that two successive codes only differ in one bit. This family of codes is the Gray codes family, which also presents the above cited mirroring property. Table 1 shows the Gray codes of length 4. As a result, it is immediate the translation of the symbolic sequences of the class of functions F into binary sequences just changing the symbol L into 0 and the symbols R and C into 1 [4]. In this sense, the Gray code associated to a certain pattern Pf ðxÞ is given by the next definition. Definition 4.1. The Gray code corresponding to P f ðxÞ ¼ p0 p1    pj1    is defined as GðP f ðxÞÞ ¼ g 0 g 1    g j1    where

gi ¼



1 if pi ¼ R; 0

if pi ¼ L; Table 1 Correspondence between Gray codes and binary codes for four bits. Rank

Binary code

Gray code

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111

0000 0001 0011 0010 0110 0111 0101 0100 1100 1101 1111 1110 1010 1011 1001 1000

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

2349

for i 2 N0 . If pj ¼ C for any j in N0 , then the Gray code associated to Pf ðxÞ is g 0 g 1    g j . As Table 1 informs, it is possible to translate a Gray code into a binary code. The equivalent binary code of a given Gray code can be easily obtained using the next definition: Definition 4.2. If the Gray code of a certain symbolic sequence P f ðxÞ ¼ p0 p1    pj1    is given by GðP f ðxÞÞ ¼ g 0 g 1    g j1   , then the binary code related to P f ðxÞ is UðPf ðxÞÞ ¼ u0 u1    uj1    where

uiþ1 ¼ ui g iþ1 ; for i 2 N0 and u0 ¼ g 0 . If Pf ðxÞ is of length j, i.e., if pj1 ¼ C, then the binary coded related to Pf ðxÞ is UðPf ðxÞÞ ¼ u0 u1    uj1 where

 uiþ1 ¼

ui g iþ1 ; for 0 < i < j  1; 1;

for i ¼ j  1:

Since a binary code can be interpreted as a decimal number just changing the base, it is possible to associate a number to a symbolic sequence. However, the canonical base changing makes the first symbol modify its weight as the length of the symbolic sequence increases. In order to avoid the changing of the symbol weights as the length of the symbolic sequences increases, the Gray code associated to a symbolic sequence is interpreted as a decimal number with integer part equal to zero. The next definition introduces how to carry out the transformation of a symbolic sequence into a real number between 0 and 1. Definition 4.3. Let GðPÞ ¼ g 0 g 1    g n1 be a set of bits representing a Gray code of length n. Let UðPÞ ¼ u0 u1    un1 be the binary code corresponding to GðPÞ. The Gray Ordering Number or GON of P is defined as the real number given by

GONðPÞ ¼ 21  u0 þ 22  u1 þ    þ 2n  un1 : The definition of the GON also implies the definition of an order i. Then t j1 ¼ 1 implies GONðPÞ < GONðQ Þ. (b) Q is infinite-length and qi ¼ L, implying t i ¼ 1 and GONðPÞ < GONðQ Þ. (c) Q is infinite-length and qi ¼ R. In this case there exists j > i such that qj ¼ R. Otherwise, the condition P
2350

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

3. P is of length i; ti1 ¼ 1. This implies that p0 p1    pi2 contains an even number of R’s, qi1 ¼ R and thus P
fk ðxÞ ¼ kFðxÞ;

ð5Þ

which implies fk ðxc Þ ¼ k  F max , which is the maximum value of fk ðxÞ. A first consequence of this is Theorem 3 in [6], which is a corollary of Theorem 4.1. Corollary 5.1. For fk ðxÞ ¼ kFðxÞ with FðxÞ 2 F and k 2 ½0; 1, it is satisfied that GONðP fk ðfk ðxÞÞÞ 6 GONðPfk ðfk ðxc ÞÞÞ; 8x 2 ½a; b. Moreover, the maximum value of fk ðxÞ, i.e., kF max depends on k in such a way that an increment of the control parameter forces an increment of the maximum value. As a consequence, the GON of the kneading sequences derived from x ¼ fk ðxc Þ is an increasing function with respect to the control parameter [6, Theorem 4]. Corollary 5.2. For fk ðxÞ ¼ kFðxÞ with FðxÞ 2 F and k1 ; k2 2 ½0; 1 with k1 < k2 , it is satisfied that GONðP fk ðfk1 ðxc ÞÞÞ 6 GONðPfk ðfk2 ðxc ÞÞÞ. 1 2 On the other hand, after a certain number of transient iterations, all the values obtained from any initial condition through the iteration of any function in F are inside the interval ½xmin ; xmax . Therefore, once all the values derived from ð2Þ the iteration of the considered function are inside ½xmin ; xmax , it is verified that GONðPfk ðxÞÞ P GONðPfk ðfk ðxc ÞÞ. This was ð2Þ wrongly interpreted in [6, Theorem 5], since this theorem is only satisfied if fk ðxÞ P xmin for any x 2 ½a; b. Nevertheless, the previous comments point out that this inequality is verified only for x 2 ½fk1 ðfk1 ðxmin ÞÞ; b, i.e., Theorem 5 in [6] is not fulfilled for x 2 ½a; fk1 ðfk1 ðxmin ÞÞ. Consequently, it is necessary to modify Theorem 5 in [6] according to the preceding considerations. In this sense, the next corollary rewrites Theorem 5 in [6] in a more accurate way and, at the same time, extends its application domain to all the functions in F . Corollary 5.3. Let FðxÞ be a function in F that leads to fk ðxÞ ¼ kFðxÞ for x 2 ½a; b and k 2 ½0; 1. Let xi be defined as xi ¼ x for i ¼ 0 and xi ¼ fk ðxi1 Þ for i > 0; i 2 N. There exists n1 2 N such that xi is in ½xmin ; xmax  for i > n1 and it is satisfied that ð2Þ GONðP fk ðxi ÞÞ P GONðP fk ðfk ðxc ÞÞ; 8x 2 ½a; b for i > n1 . ð2Þ Finally, the value xmin is given by fk ðxc Þ ¼ fk ðfk ðxc ÞÞ ¼ k  FðkF max Þ. If xmin is a monotonic function of k, then it is possible to ð2Þ extract a new corollary from Theorem 4.1. In [6, Theorem 6] it is assumed without proof that fk ðxc Þ is a monotonic decreasing function with respect to k. This assumption implies that

 @xmin @FðxÞ ¼ FðkF max Þ þ k  F max  < 0: @x x¼kF max @k

ð6Þ

This condition is not satisfied for all the possible values k and for all the functions in F . Let us consider the logistic map. In [6] the dependency of xmin on k is studied using the logistic map. Indeed, the logistic map is a function included in F , which is defined as

fk ðxÞ ¼ k  4xð1  xÞ;

ð7Þ

for k 2 ½0; 1 and x 2 ½0; 1. It is easy to verify that for the logistic map the condition given by Eq. (6) is fulfilled if and only if k > 8=12. Therefore, Theorem 6 in [6] must be rewritten in such a way that the discussed inaccuracy is overcome and, simultaneously, the application domain of its variant affects not only the logistic map but all the functions in F . Again, this aim is completed through a series of additional assumptions on the scope defined in Theorem 4.1. Corollary 5.4. Let us suppose that fk ðxÞ ¼ kFðxÞ with FðxÞ 2 F ; k 2 ½0; 1 and x 2 ½a; b. For k1 ; k2 2 ½0; 1 with k1 < k2 and ð2Þ ð2Þ ð2Þ satisfying @fk ðxc Þ=@k < 0 for k ¼ fk1 ; k2 g, it is verified that GONðP fk ðfk1 ðxc ÞÞÞ P GONðPfk ðfk2 ðxc ÞÞÞ. 1

2

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

2351

6. Application of Gray codes to the cryptanalysis of chaos-based cryptosystems The interpretation of the needs of cryptography from the perspective of the theory of dynamical systems is still an open problem [13,14], and there exists a call for the development of a set of theoretical tools to evaluate the adequacy of chaotic maps for cryptographic applications [15,16]. The theoretical framework described in this paper is of major importance when considering symbolic sequences of unimodal maps as base of both chaotic stream ciphers and searching-based cryptosystems. Regarding the last family of chaotic encryption systems, most of them are based on Baptista’s seminal contribution [17]. In those ciphers the phase space I of the chaotic system is split into jAj disjoint intervals (see Fig. 3(a)), being jAj the cardinality of the plaintext space. Each unit of plaintext ak is encrypted by determining the number of iterations to land into the interval associated to that unit for a given initial condition (Fig. 3(b)). In a general setting, the secret key of the cryptoystem is totally or partially defined by the control parameter and the initial condition of the chaotic system sustaining encryption. As we have shown in [7–9], an scheme as the one depicted in Fig. 3 is vulnerable against a chosen ciphertext attack if the underlying chaotic system is unimodal (i.e., if it pertains to the family of maps defined in Section 2). In short, in a chosen ciphertext attack the cryptanalyst has access to the decryption machine, which makes possible to obtain the plaintext corresponding to any piece of ciphertext [18, p. 25]. In the case of the family of chaotic cryptosystems referred by Fig. 3, the chosen ciphertext attack enables the recovering of the plaintext mi from the ciphertext ci ¼ i (for i ¼ 0; 1; . . . ; K). Both the partition of the phase space and the critical point (xc ) of the chaotic map are known and, consequently, each value mi obtained through the chosen ciphertext attack can be converted into a binary code straightforward: if mi is linked to an interval to the left (right) of xc , then mi leads to a zero (one). If the description of chosen ciphertexts is done starting from c0 ¼ 0 and making ci ¼ ci1 þ 1, then the binary sequence obtained by concatenating the successive symbols associated to each mi is the Gray code resulting from the iteration of a unimodal map with initial condition x0 and control parameter k. This being the case, Corollaries 5.1 and 5.2 can be applied to estimate the value of the control parameter from the obtained Gray code. Certainly, a sliding window of width N is used to divide the Gray code into a set of K  N þ 1 Gray codes and to compute the

Fig. 3. Searching-based chaotic cryptosystems. The phase space of a chaotic maps is divided into jAj disjoint intervals, being each of those interval associated to a symbol of the alphabet codifying the plaintext space. Each unit of plaintext is encrypted by calculating the number of iterations needed to have a orbit value inside the same interval as the unit of plaintext.

2352

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

Fig. 4. Chaotic-based stream cipher built upon the symbolic sequences of the logistic and skew-tent maps.

corresponding GON. According to Corollary 5.1 the maximum value of the GON is achieved when iteration is performed using xc as initial condition. Moreover, this maximum value increases as k does (Corollary 5.2). As a result, the value of k used in encryption can be estimated through a binary search on this maximum value of the GON (see Fig. 1 of [8]). On the other hand, once k is known Theorem 4.1 can help the estimation of x0 from the Gray code inferred using the chosen ciphertext. Another critical context of chaotic cryptography is drawn assessing chaotic stream ciphers based on unimodal maps by means of the GONs of the related symbolic sequences. If the keystream of a chaos-based cryptosystem corresponds to the Gray code of a unimodal map, then a known/chosen plaintext attack1 can be applied to estimate first the control parameter and second the initial condition determining the keystream [19]. Assuming that these both values are the key or part of it, it implies that the cryptosystem has a serious security flaw. This is the case of the cryptosytem shown in Fig. 4, as we have discussed in [10]. Concisely, a plaintext with all bits equal to zero leads to a ciphertext equal to the keystream but with an small perturbation due to the random inclusion of the codified initial condition as part of the encrypted message. In [10] we have shown that the analysis of the obtained ciphertext using statistical distance measures enables the identification of the chaotic map used in the generation of the keystream (see Fig. 5 in [10]). After distinguishing between the skew tent map and the logistic map, we compute the GON through the ciphertext corresponding to the chosen plaintext of all zeroes. As before, the maximum value of the GON is linked to the image of the critical point, and Corollary 5.2 is applied to perform a binary search of an estimation of the control parameter. Finally, and given an estimation of the control parameter, Theorem 4.1 endorses the estimation of the initial condition according to a dichotomic algorithm based on the monotonicity of the GON with respect to the initial condition. In [10] we underline that the estimation of the secret key (i.e., the control parameter and the initial condition of the selected chaotic map) can be done even if the keystream is modified by embedding the initial condition in the ciphertext in a random way.

7. Conclusions In this paper we have mathematically proven that it is possible to read the classical theory of applied symbolic dynamics for unimodal maps from the point of view derived from the concept of Gray Ordering Number. Indeed, the main results of the present work were previously presented in other works as theorems. Nevertheless, these theorems were not formally demonstrated. We have provided not only the mathematical proof of these theorems but also solved some imprecisions, which is essential to use the concept of Gray Ordering Number in a correct and efficient way. The main result of all this work is the possibility of improving and expanding previous contributions based on the concept of Gray Ordering Number. Specially relevant is the case of the estimation of the values of the initial condition and the control parameter of unimodal maps. The theoretical framework presented in this paper allows to establish the limitations of the methods previously proposed for the estimation of those values. Furthermore, this paper is the theoretical conclusion of all the work that we have carried out on unimodal maps both in the field of the applied theory of symbolic dynamics [4,20,21], and in the context of chaos-based cryptography [7–10]. For the sake of illustration, we have applied our theoretical results to the cryptanalysis of two chaotic cryptosystems. We have underlined the critical context arising from the use of the symbolic sequences of unimodal maps to build up chaotic searching-based and chaotic stream ciphers. As a matter of fact, the conclusions of our work are of critical importance when using unimodal maps to implement chaotic searching-based cryptosystems [17,7–9], chaotic stream ciphers [10], chaotic pseudo-random number generators [14], joint error-correction and encryption algorithms [22] and, in general, any cryptographical algorithm sustained by the symbolic sequences of unimodal maps. 1 In a known plaintext attack the cryptanalyst knows plaintexts and the related ciphertexts. In the case of a chosen plaintext attack, one has access to the encryption machine and can calculate the ciphertext for any plaintext. See [18, p. 25] for a more detailed explanation.

D. Arroyo, G. Alvarez / Commun Nonlinear Sci Numer Simulat 19 (2014) 2345–2353

2353

Acknowledgments This work was supported by the Spanish Government project TIN2012-30883. The work of David Arroyo was supported by a Juan de la Cierva fellowship from the Ministerio de Ciencia e Innovación of Spain. References [1] Metropolis N, Stein M, Stein P. On the limit sets for transformations on the unit interval. J Comb Theory A 1973;15:25–44. [2] Beyer W, Mauldin R, Stein P. Shift-maximal sequences in function iteration: existence, uniqueness and multiplicity. J Math Anal Appl 1986;115:305–62. [3] Wang L, Kazarinoff ND. On the universal sequence generated by a class of unimodal functions. J Comb Theory Ser A 1987;46:39–49. [4] Alvarez G, Romera M, Pastor G, Montoya F. Gray codes and 1D quadratic maps. Electron Lett 1998;34(13):1304–6. [5] Cusick T. Gray codes and the symbolic dynamics of quadratic maps. Electron Lett 1999;35(6):468–9. [6] Wu X, Hu H, Zhang B. Parameter estimation only from the symbolic sequences generated by chaos system. Chaos Solitons Fractals 2004;22:359–66. [7] Alvarez G, Montoya F, Romera M, Pastor G. Cryptanalysis of an ergodic chaotic cipher. Phys Lett A 2003;311:172–9. [8] Arroyo D, Alvarez G, Li S, Li C, Fernandez V. Cryptanalysis of a new chaotic cryptosystem based on ergodicity. Int J Mod Phys B 2009;23(5):651–9. [9] Rhouma R, Solak E, Arroyo D, Li S, Alvarez G, Belghith S. Comment on modified Baptista type chaotic cryptosystem via matrix secret key [Phys Lett A 372 (2008) 5427]. Phys Lett A 2009;373(37):3398–400. [10] Arroyo D, Alvarez G, Amigó JM, Li S. Cryptanalysis of a family of self-synchronizing chaotic stream ciphers. Commun Nonlinear Sci Numer Simul 2011;16(2):805–13. [11] Alvarez G, Li S. Some basic cryptographic requirements for chaos-based cryptosystems. Int J Bifurcation Chaos 2006;16(8):2129–51. [12] Hao B-L, Zheng W-M. Applied symbolic dynamics and chaos, directions in chaos, vol. 7. World Scientific; 1998. [13] Nagaraj N, Vaidya PG, Bhat KG. Arithmetic coding as a non-linear dynamical system. Commun Nonlinear Sci Numer Simul 2009;14(4):1013–20. [14] Nagaraj N. One-time pad as a nonlinear dynamical system. Commun Nonlinear Sci Numer Simul 2012;17(11):4029–36. [15] Wang X, Zhang W, Guo W, Zhang J. Secure chaotic system with application to chaotic ciphers. Inf Sci 2013;221:555–70. [16] Pande A, Zambreno J, Mohapatra P. Comments on arithmetic coding as a non-linear dynamical system. Commun Nonlinear Sci Numer Simul 2012;17(12):4536–43. [17] Baptista MS. Cryptography with chaos. Phys Lett A 1998;240(1–2):50–4. [18] Stinson D. Cryptography: theory and practice. CRC Press; 1995. [19] Alvarez G, Montoya F, Romera M, Pastor G. Keystream cryptanalysis of a chaotic cryptographic method. Comput Phys Commun 2004;156:205–7. [20] Alvarez G, Romera M, Pastor G, Montoya F. Determination of Mandelbrot set’s hyperbolic component centres. Chaos Solitons Fractals 1998;9(12):1997–2005. [21] Arroyo D, Alvarez G, Amigó JM. Estimation of the control parameter from symbolic sequences: unimodal maps with variable critical point. Chaos Interdiscip J Nonlinear Sci 2009;19:023125. 9 pages. [22] Zhou J, Au O. On the security of chaotic convolutional coder. IEEE Trans Circuits Syst I Regul Pap 2011;58(3):595–606.