Cryptanalysis of a computer cryptography scheme based on a filter bank

Similar documents
arxiv:nlin/ v1 [nlin.cd] 10 Aug 2006

Breaking an encryption scheme based on chaotic Baker map

arxiv: v1 [cs.cr] 18 Jul 2009

Cryptanalysis of a discrete-time synchronous chaotic encryption system

Lorenz System Parameter Determination and Application to Break the Security of Two-channel Chaotic Cryptosystems

arxiv:cs/ v1 [cs.cr] 2 Feb 2004

Cryptanalysis of a Multistage Encryption System

arxiv: v1 [cs.cr] 5 Dec 2007

arxiv: v2 [cs.cr] 13 Oct 2016

On the security of a chaotic encryption scheme: problems with computerized chaos in finite computing precision

Multi-Map Orbit Hopping Chaotic Stream Cipher

Cryptanalyzing a nonlinear chaotic algorithm (NCA) for image encryption

-Cryptosystem: A Chaos Based Public Key Cryptosystem

New communication schemes based on adaptive synchronization

arxiv: v2 [cs.cr] 6 Aug 2017

Design and Hardware Implementation of a Chaotic Encryption Scheme for Real-time Embedded Systems

Weak key analysis for chaotic cipher based on randomness properties

Cryptanalysis of a data security protection scheme for VoIP

Pseudo-Random Bit Generator Based on Couple Chaotic Systems and its Applications in Stream-Cipher Cryptography

A new parameter determination method for some double-scroll chaotic systems and its applications to chaotic cryptanalysis

Secure Communication Using H Chaotic Synchronization and International Data Encryption Algorithm

Chaos and Cryptography

A Non-symmetric Digital Image Secure Communication Scheme Based on Generalized Chaos Synchronization System

A novel pseudo-random number generator based on discrete chaotic iterations

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

A Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix

CRYPTANALYSIS OF FRIDRICH S CHAOTIC IMAGE ENCRYPTION

Cryptanalyses of Some Multimedia Encryption Schemes

CHAPTER 12 CRYPTOGRAPHY OF A GRAY LEVEL IMAGE USING A MODIFIED HILL CIPHER

A Block Cipher using an Iterative Method involving a Permutation

An efficient parallel pseudorandom bit generator based on an asymmetric coupled chaotic map lattice

Digital Secure-Communication Using Robust Hyper-Chaotic Systems

A NOVEL MULTIPLE PSEUDO RANDOM BITS GENERATOR BASED ON SPATIOTEMPORAL CHAOS. Ping Li,1 Zhong Li Wolfgang. A. Halang Guanrong Chen

7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

Distinguishing Attacks on a Kind of Generalized Unbalanced Feistel Network

Can two chaotic systems make an order?

Impossible Differential Attacks on 13-Round CLEFIA-128

sensors Revision of J3Gen and Validity of the Attacks by Peinado et al. Sensors 2015, 15, ; doi: /s

Impossible Differential Cryptanalysis of Mini-AES

Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent

Construction of Pseudorandom Binary Sequences Using Chaotic Maps

Diophantine equations via weighted LLL algorithm

One-way Hash Function Based on Neural Network

Towards Provable Security of Substitution-Permutation Encryption Networks

Implementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction

Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128

Cryptanalysis of the Light-Weight Cipher A2U2 First Draft version

S-box (Substitution box) is a basic component of symmetric

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

A Chaotic Encryption System Using PCA Neural Networks

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Pitfalls in public key cryptosystems based on free partially commutative monoids and groups

Classical Cryptography

Cryptanalysis of Patarin s 2-Round Public Key System with S Boxes (2R)

A Knapsack Cryptosystem Based on The Discrete Logarithm Problem

Division Property: a New Attack Against Block Ciphers

Modified Hill Cipher with Interlacing and Iteration

Image encryption based on a delayed fractional-order chaotic logistic system

A general quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext attacks

New Chaotic Permutation Methods for Image Encryption

Side Channel Analysis and Protection for McEliece Implementations

A new simple technique for improving the random properties of chaos-based cryptosystems

Research Article. A Private Secure Communication Scheme Using UKF-based Chaos Synchronization

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

A Very Efficient Pseudo-Random Number Generator Based On Chaotic Maps and S-Box Tables M. Hamdi, R. Rhouma, S. Belghith

Block Cipher Cryptanalysis: An Overview

Symmetric Cryptanalytic Techniques. Sean Murphy ショーン マーフィー Royal Holloway

Security of the SMS4 Block Cipher Against Differential Cryptanalysis

Modified Hill Cipher for a Large Block of Plaintext with Interlacing and Iteration

MasterMath Cryptology /2 - Cryptanalysis

Signature Attractor Based Pseudorandom Generation Algorithm

New Dynamical Key Dependent S-Box based on chaotic maps

Computers and Mathematics with Applications

A Large Block Cipher Involving Key Dependent Permutation, Interlacing and Iteration

CPSC 467b: Cryptography and Computer Security

Structural Cryptanalysis of SASAS

Cryptanalysis of a homomorphic public-key cryptosystem over a finite group

Information and Communications Security: Encryption and Information Hiding

Differential Attack on Five Rounds of the SC2000 Block Cipher

A Weak Cipher that Generates the Symmetric Group

A chaotic encryption scheme for real-time embedded systems: design and implementation

Safer parameters for the Chor-Rivest cryptosystem

Related-Key Rectangle Attack on Round-reduced Khudra Block Cipher

Distinguishing Attack on Common Scrambling Algorithm

Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000

Introduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.

Chaos-Based Symmetric Key Cryptosystems

Introduction to Modern Cryptography. Benny Chor

CRYPTOGRAPHY USING CHAOTIC NEURAL NETWORK

Improved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON

AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM

A Novel Image Encryption Scheme Using the Composite Discrete Chaotic System

Practically Secure against Differential Cryptanalysis for Block Cipher SMS4

Akelarre. Akelarre 1

An Extended DES. National Chiao Tung University Hsinchu, 300 Taiwan

Study on Proportional Synchronization of Hyperchaotic Circuit System

The Improved 96th-Order Differential Attack on 11 Rounds of the Block Cipher CLEFIA

CRYPTOGRAPHY AND NUMBER THEORY

Public Key Cryptography

Transcription:

NOTICE: This is the author s version of a work that was accepted by Chaos, Solitons & Fractals in August 2007. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version will be published in Chaos, Solitons & Fractals, DOI: 10.1016/j.chaos.2008.01.020. Cryptanalysis of a computer cryptography scheme based on a filter bank David Arroyo a,, Chengqing Li b, Shujun Li c and Gonzalo Alvarez a a Instituto de Física Aplicada, Consejo Superior de Investigaciones Científicas, Serrano 144, 28006 Madrid, Spain b Department of Electronic Engineering, City University of Hong Kong, 83 Tat Chee Avenue, Kowloon Tong, Hong Kong SAR, China c FernUniversität in Hagen, Lehrgebiet Informationstechnik, Universitätsstraße 27, 58084 Hagen, Germany Abstract This paper analyzes the security of a recently-proposed signal encryption scheme based on a filter bank. A very critical weakness of this new signal encryption procedure is exploited in order to successfully recover the associated secret key. Key words: Chaotic encryption, logistic map, known-plaintext attack, cryptanalysis PACS: 05.45.Ac, 47.20.Ky. 1 Introduction The application of chaotic systems to cryptographical issues has been a very important research topic since the 1990s [1 4]. This interest was motivated by the close similarities between some properties of chaotic systems and some Corresponding author: David Arroyo (david.arroyo@iec.csic.es). Preprint submitted to Elsevier 31 January 2008

characteristics of well-designed cryptosystems [5, Table 1]. Nevertheless, there exist security defects in some chaos-based cryptosystems such that they can be partially or totally broken [6 11]. In [12] the encryption procedure is carried out by decomposing the input plaintext signal into two different subbands and masking each of them with a pseudo-random number sequence generated by iterating the chaotic logistic map. The decomposition of the input plaintext signal x[n] is driven by t 0 [n] = K 0 x[m]h 0 [2n m], (1) t 1 [n] = K 1 x[m]h 1 [2n m], (2) where h 0, h 1 are so-called analysis filters and K 0, K 1 are gain factors. Then, the masking stage generates the ciphertext signal (v 0 [n], v 1 [n]) according to the following equations: v 0 [n] = t 0 [n] + α 0 (t 1 [n]), (3) v 1 [n] = t 1 [n] α 1 (v 0 [n]), (4) where α i (u) = u + s i [n] and s i [n] is the state variable of a logistic map with control parameter λ i (3, 4) defined as follows 1 s i [n] = λ i s i [n 1](1 s i [n 1]). (5) Substituting α i (u) = u + s i [n] into Eqs. (3) and (4), we have v 0 [n] = (t 0 [n] + t 1 [n]) + s 0 [n], (6) v 1 [n] = (t 1 [n] v 0 [n]) s 1 [n]. (7) The secret key of the cryptosystem is composed of the initial conditions and the control parameters of the two logistic maps involved, i.e., s 0 [0], s 1 [0], λ 0 and λ 1. The decryption procedure is carried out by doing 1 In [12], the authors use x i to denote the state variable of the logistic map. However, this nomenclature may cause confusion because the plaintext signal is denoted by x. Therefore, we turn to use another letter, s. In addition, we unify the representation of x i (k) to be in the form s i [n] because all other signals are in the latter form. 2

t 1 [n] = v 1 [n] + α 1 (v 0 [n]), (8) t 0 [n] = v 0 [n] α 0 (t 1 [n]). (9) Then, the plaintext signal is recovered with the following filtering operations: x[n] = 1 t 0 [m]f 0 [n 2m] + 1 t 1 [m]f 1 [n 2m], (10) K 0 K 1 where f 0, f 1 are so-called synthesis filters. To ensure the correct recovery of the plaintext signal, the analysis and synthesis filters must satisfy a certain requirement as shown in Eq. (8) of [12]. The reader is referred to [12] for more information about the inner working of the cryptosystem. This paper focuses on the security analysis of the above cryptosystem. The next section points out a security problem about the reduction of the key space. Section 3 discusses how to recover the secret key of the cryptosystem by a known-plaintext attack. In the last section the conclusion is given. 2 Reduction of the key space As it is pointed out in [5, Rule 5], the key related to a chaotic cryptosystem should avoid non-chaotic areas. In [12] it is claimed that the key space of the cryptosystem under study is given by the set of values λ i and s i [0] satisfying 3 < λ i < 4 and 0 < s i [0] < 1 for i = 0, 1. However, when looking at the bifurcation diagram of the logistic map (Fig. 1), it is obvious that not all candidate values of λ i and s i [0] are valid to ensure the chaoticity of the logistic map. There are periodic windows which have to be avoided by carefully choosing λ i. As a consequence, the available key space is drastically reduced. 3 Known-plaintext attack In a known-plaintext attack the cryptanalyst possesses a plaintext signal {x[n]} and its corresponding encrypted subband signals {v 0 [n]} and {v 1 [n]}. Because {h 0 [n]}, {h 1 [n]}, K 0 and K 1 are public, we can get {t 0 [n]} and {t 1 [n]} from {x[n]}. Then we can get the values of {s 0 [n]} and {s 1 [n]} as follows: s 0 [n] = v 0 [n] t 0 [n] t 1 [n], (11) s 1 [n] = t 1 [n] v 0 [n] v 1 [n]. (12) For n = 0, the values of the subkeys s 0 [0] and s 1 [0] have been obtained. 3

Fig. 1. Bifurcation diagram of the logistic map Furthermore, we can obtain the control parameters by just doing the following operations for i = 0, 1: λ i = s i [n + 1] s i [n](1 s i [n]). (13) In [12], the authors did not give any discussion about the finite precision about the implementation of the cryptosystem in computers. If the floating-point precision is used, then the value of λ i can be estimated very accurately. It was experimentally verified that the error for the estimation of λ i using (13), and working with floating-point precision, was never greater that 4 10 12. If the fixed-point precision is adopted, the deviation of the parameter λ i estimated exploiting Eq. (13) from the real λ i may be very large. Fortunately, according to the following Proposition 1 [13, Proposition 2], the error is limited to 2 4 /2 L (which means only 2 4 possible candidate values to be further guessed) when s[n + 1] 0.5. Proposition 1 Assume that the logistic map s[n + 1] = λ s[n] (1 s[n]) is iterated with L-bit fixed-point arithmetic and that s(n + 1) 2 i, where 1 i L. Then, the following inequality holds: λ λ 2 i+3 /2 L, where s[n + 1] λ = s[n] (1 s[n]). 4

4 Conclusion In this paper we have analyzed the security properties of the cryptosystem proposed in [12]. It has been shown that there exists a great number of weak keys derived from the fact that the logistic map is not always chaotic. In addition, the cryptosystem is very weak against a known-plaintext attack in the sense that the secret key can be totally recovered using a very short plaintext. Consequently, the cryptosystem introduced by [12] should be discarded as a secure way of exchanging information. Acknowledgments The work described in this paper was partially supported by Ministerio de Educación y Ciencia of Spain, Research Grant SEG2004-02418. Shujun Li was supported by the Alexander von Humboldt Foundation, Germany. References [1] S. Li, Analyses and new designs of digital chaotic ciphers, Ph.D. thesis, School of Electronic and Information Engineering, Xi an Jiaotong University, Xi an, China, available online at http://www.hooklee.com/pub.html (June 2003). [2] G. Alvarez, F. Montoya, M. Romera, G. Pastor, Chaotic cryptosystems, in: L. D. Sanson (Ed.), Proc. 33rd Annual 1999 International Carnahan Conference on Security Technology, IEEE, 1999, pp. 332 338. [3] L. Kocarev, Chaos-based cryptography: A brief overview, IEEE Circuits Syst. Mag. 1 (2001) 6 21. [4] T. Yang, A survey of chaotic secure communication systems, Int. J. Comp. Cognition 2 (2) (2004) 81 130. [5] G. Alvarez, S. Li, Some basic cryptographic requirements for chaos-based cryptosystems, International Journal of Bifurcation and Chaos 16 (8) (2006) 2129 2151. [6] G. Alvarez, F. Montoya, M. Romera, G. Pastor, Cryptanalyzing a discretetime chaos synchronization secure communication system, Chaos, Solitons and Fractals 21 (3) (2004) 689 694. [7] G. Alvarez, F. Montoya, M. Romera, G. Pastor, Breaking parameter modulated chaotic secure communication system, Chaos, Solitons and Fractals 21 (4) (2004) 783 787. 5

[8] G. Alvarez, F. Montoya, M. Romera, G. Pastor, Cryptanalyzing an improved security modulated chaotic encryption scheme using ciphertext absolute value, Chaos, Solitons and Fractals 23 (5) (2004) 1749 1756. [9] G. Alvarez, S. Li, F. Montoya, G. Pastor, M. Romera, Breaking projective chaos synchronization secure communication using filtering and generalized synchronization, Chaos, Solitons and Fractals 24 (3) (2005) 775 783. [10] S. Li, G. Alvarez, G. Chen, Breaking a chaos-based secure communication scheme designed by an improved modulation method, Chaos, Solitons and Fractals 25 (1) (2005) 109 120. [11] G. Alvarez, Security problems with a chaos-based deniable authentication scheme, Chaos, Solitons and Fractals 26 (1) (2005) 7 11. [12] B. W.-K. Ling, C. Y.-F. Ho, P. K.-S. Tam, Chaotic filter bank for computer cryptography, Chaos, Solitons and Fractals 34 (2007) 817 824. [13] S. Li, C. Li, G. Chen, K.-T. Lo, Cryptanalysis of the RCES/RSES image encryption scheme, J. Systems and Software, in press, doi:10.1016/j.jss.2007.07.037 (2007). 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback