Chaos and Cryptography

Similar documents
Breaking an encryption scheme based on chaotic Baker map

arxiv:cs/ v1 [cs.cr] 2 Feb 2004

Secure Communication Using H Chaotic Synchronization and International Data Encryption Algorithm

Lecture Notes. Advanced Discrete Structures COT S

Introduction to Dynamical Systems Basic Concepts of Dynamics

Introduction to Cryptology. Lecture 2

Multi-Map Orbit Hopping Chaotic Stream Cipher

Dynamical Systems and Chaos Part I: Theoretical Techniques. Lecture 4: Discrete systems + Chaos. Ilya Potapov Mathematics Department, TUT Room TD325

Implementation Tutorial on RSA

Shift Cipher. For 0 i 25, the ith plaintext character is. E.g. k = 3

Chaos-Based Symmetric Key Cryptosystems

17.1 Binary Codes Normal numbers we use are in base 10, which are called decimal numbers. Each digit can be 10 possible numbers: 0, 1, 2, 9.

Classical Cryptography

Discrete Time Coupled Logistic Equations with Symmetric Dispersal

Cryptanalysis of a computer cryptography scheme based on a filter bank

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Cryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev

-Cryptosystem: A Chaos Based Public Key Cryptosystem

Introduction to Modern Cryptography. Benny Chor

Design and Hardware Implementation of a Chaotic Encryption Scheme for Real-time Embedded Systems

arxiv: v1 [cs.cr] 18 Jul 2009

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

Cryptography CS 555. Topic 2: Evolution of Classical Cryptography CS555. Topic 2 1

CHAPTER 3 CHAOTIC MAPS BASED PSEUDO RANDOM NUMBER GENERATORS

Cryptanalysis of a Multistage Encryption System

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Chaos and Liapunov exponents

Example Chaotic Maps (that you can analyze)

Cryptography. P. Danziger. Transmit...Bob...

The Vigenère cipher is a stronger version of the Caesar cipher The encryption key is a word/sentence/random text ( and )

A Hybrid Method with Lorenz attractor based Cryptography and LSB Steganography

Outline. Computer Science 418. Number of Keys in the Sum. More on Perfect Secrecy, One-Time Pad, Entropy. Mike Jacobson. Week 3

arxiv:nlin/ v1 [nlin.cd] 10 Aug 2006

REU 2015: Complexity Across Disciplines. Introduction to Cryptography

A Chaotic Encryption System Using PCA Neural Networks

PHY411 Lecture notes Part 5

Lecture 12: Block ciphers

Public Key Cryptography

Cook-Levin Theorem. SAT is NP-complete

Notes 10: Public-key cryptography

Analysis and Comparison of One Dimensional Chaotic Map Functions

Solution to Midterm Examination

10 Modular Arithmetic and Cryptography

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Co-existence of Regular and Chaotic Motions in the Gaussian Map

Number theory (Chapter 4)

Question: Total Points: Score:

Designing Self-Synchronizing Stream Ciphers with Flat Dynamical Systems

Deterministic Chaos Lab

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

5199/IOC5063 Theory of Cryptology, 2014 Fall

Chaotic motion. Phys 750 Lecture 9

CPSC 467: Cryptography and Computer Security

A Novel Image Encryption Scheme Using the Composite Discrete Chaotic System

Lecture 4 Chiu Yuen Koo Nikolai Yakovenko. 1 Summary. 2 Hybrid Encryption. CMSC 858K Advanced Topics in Cryptography February 5, 2004

CHAPTER 12 CRYPTOGRAPHY OF A GRAY LEVEL IMAGE USING A MODIFIED HILL CIPHER

Solutions to homework assignment #7 Math 119B UC Davis, Spring for 1 r 4. Furthermore, the derivative of the logistic map is. L r(x) = r(1 2x).

A new simple technique for improving the random properties of chaos-based cryptosystems

Public Key Cryptography

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

Lecture 8 - Cryptography and Information Theory

MATH 158 FINAL EXAM 20 DECEMBER 2016

About Vigenere cipher modifications

Division Property: a New Attack Against Block Ciphers

Outline. CPSC 418/MATH 318 Introduction to Cryptography. Information Theory. Partial Information. Perfect Secrecy, One-Time Pad

Lecture Notes, Week 6

... it may happen that small differences in the initial conditions produce very great ones in the final phenomena. Henri Poincaré

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

RSA RSA public key cryptosystem

Concurrent Error Detection in S-boxes 1

MATH3302 Cryptography Problem Set 2

898 IEEE TRANSACTIONS ON ROBOTICS AND AUTOMATION, VOL. 17, NO. 6, DECEMBER X/01$ IEEE

Image Encryption and Decryption Algorithm Using Two Dimensional Cellular Automata Rules In Cryptography

( c ) E p s t e i n, C a r t e r a n d B o l l i n g e r C h a p t e r 1 7 : I n f o r m a t i o n S c i e n c e P a g e 1

CRYPTOGRAPHY USING CHAOTIC NEURAL NETWORK

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Information and Communications Security: Encryption and Information Hiding

Security of Networks (12) Exercises

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Public-Key Encryption: ElGamal, RSA, Rabin

CRYPTOGRAPHY AND NUMBER THEORY

MONOALPHABETIC CIPHERS AND THEIR MATHEMATICS. CIS 400/628 Spring 2005 Introduction to Cryptography

AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM

Discrete chaotic cryptography (DCC).

Math-Net.Ru All Russian mathematical portal

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018

CHALMERS, GÖTEBORGS UNIVERSITET. EXAM for DYNAMICAL SYSTEMS. COURSE CODES: TIF 155, FIM770GU, PhD

Implementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction

Public-key Cryptography and elliptic curves

Asymmetric Encryption

Hashes and Message Digests Alex X. Liu & Haipeng Dai

CPSC 467b: Cryptography and Computer Security

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Lecture Notes. Advanced Discrete Structures COT S

arxiv: v1 [cs.cr] 5 Dec 2007

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

Transcription:

Chaos and Cryptography Vishaal Kapoor December 4, 2003 In his paper on chaos and cryptography, Baptista says It is possible to encrypt a message (a text composed by some alphabet) using the ergodic property of the simple low-dimensional and chaotic logistic equation. The basic idea is to encrypt each character of the message as the integer number of iterations performed in the logistic equation, in order to transfer the trajectory from an initial condition towards an ɛ-interval inside the logistic chaotic attractor. In this exposition, we examine this cryptosystem proposed by Baptista discuss a potential vulnerability. 1. Choose a pair (r, x 0 ) and determine the interval of interest [x min, x max ]. 2. Subdivide the interval [x min, x max ] into n sites (subintervals), each corresponding to an letter of the alphabet. 3. For each character in the plaintext string s Do x 0 := rx 0 (1 x 0 ) Until x 0 reaches the site corresponding to the current plaintext character

and random() > p The ciphertext is the number of iterations taken. Here, random() is a function that generates a random number from 0 to 1 and p is a coefficient that can be arbitrarily chosen in (0, 1] with larger values corresponding to higher security and longer encryption times. Note that p is independent of the key and is not needed to decrypt the message. Before After Maple Code for Encryption and Decryption # _s is the plaintext string # (_x0,r) is the initial condition and parameter secret key # xmin, xmax are the boundaries of the sites # p is the randomization constant encrypt := proc(_s, _x0, r, xmin, xmax, p) local D, s, n, ep, x0, c,i, random; D := Digits; Digits := 16; s := convert(_s, bytes); # Convert s to ASCII representation n := length(_s); ep := (xmax-xmin)/256;

x0 := _x0; c := [seq(0,i=1..n)]; for i from 1 to 100 do x0 := r*x0*(1-x0); # Ignore initial transient c[1] := 100; # Main loop for i from 1 to n do while(true) do if(trunc((x0-0.2)*256/0.6) = s[i] and rand()/10^12 > p) then break; fi; x0 := r*x0*(1-x0); c[i] := 1 + c[i]; Digits := D; RETURN(c); end: # c is the cipher text # n length of plaintext string # (_x0,r) is the initial condition and parameter secret key # xmin, xmax are the boundaries of the sites decrypt := proc(c, n, _x0, r, xmin, xmax) local D, p, s, ep, x0,i; D := Digits; Digits := 16; ep := (xmax-xmin)/256;

x0 := _x0; p := [seq(0, i=1..n)]; # Main Loop for i from 1 to n do for j from 1 to c[i] do x0 := r*x0*(1-x0); p[i] := trunc((x0-0.2)*256/0.6); s := ""; for i from 1 to n do s := sprintf("%s%c", s,p[i]); RETURN(s); end: There are several requirements of our secret key (r, x 0 ) which we have yet to mention. The most important such requirement is that r must be chosen so that the map x n+1 = rx n (1 x n ) exhibits chaos. Some definitions are in order: For an orbit x 0, x 1, x 2,..., we define the Lyapunov exponent λ to be 1 n 1 λ = lim n ln f (x i ), n provided the limit exists. In the case of an aperiodic trajectory with a positive Lyapunov exponent, we say the trajectory is a chaotic orbit. The system is said to exhibit chaos if there is a regime with chaotic orbits. i=0

Jacobson [4] assures us that there is a non-zero probability that a randomly chosen r in [r, 4] will be responsible for chaos. Here r is approximately 3.57 - an accumulation point of period doubling bifurcations. In practice, the diagram below shows us that values of r > r will most likely work (note these are the domain corresponding to positive range values above). Moreover, the termination of this algorithm is dependent on our loop terminating successfully for each plaintext character. We require a definition: In a dynamical system, an orbit is said to be ergodic if for any δ > 0, and an accessible state value x = a, there exists a value k such that x k a < δ. In our case of the logistic equation with secret key (r, x 0 ), this says that every point in [x min, x max ] should be approached arbitrarly closely by some iterate x k. This condition is actually more than sufficient to ensure that every site is reachable by x 0 an infinite number of times. Moreover, we require that every interval can be reached an infinite number of different ways; so that each interval can be encrypted in an infinite number of different ways. Proving such assertions are satisfied for a given r is difficult in the general case. We warm up by proving a special case for r = 4. In this case, we make a substitution x = sin 2 ( πy 2 ) = 1 (1 cos(πy)), 2

where x, y [0, 1]. Substituting in the logistic equation, we obtain sin 2 (πy n+1 /2) = 1 cos 2 (πy n ) = sin 2 (πy n ). Continuing, we have (πy n+1 /2) = ±(πy n ) + sπ where s is an integer. As y is restricted in [0, 1], we must have y n+1 = 2y n for 0 y n 1 2, and y n+1 = 2 2y n for 1 2 y n 1. This is just the tent map. Since the tent map is chaotic, the logistic equation for r = 4 must be as well. In practice, the luxury of a nice substitution is no longer enjoyed, and so numerical evidence is usually sought. Let us consider the case for r = 3.78. The orbital densities of the logistic map for this r numerically show that the attractor lies in the interval [x min, x max ] = [0.2, 0.8]. 0.035 Orbital Densities for the Logistic Map with r=3.78 0.03 0.025 0.02 0.015 0.01 0.005 0 0.2 0.4 0.6 0.8 1 y As well, the figure indicates that each site is reachable with non-zero probability. Thus, we would expect each site to be approached an infinite number of times in the trajectory of x 0. This attack is based on a weakness in the implementation of the cryptosystem proposed in [1]. Because the system is implemented on a computer the map that is apparent in the data will actually be of the form x n+1 = r x n (1 x n ),

where all operations are done in fixed point arithmetic (Baptista describes using 16 bit accuracy). This is a problem because chaos implies sensitive dependence on initial conditions. Therefore 1. the long-term qualitative behavior of the system as implemented will be much different than the the behavior of the logistic equation, and 2. there must be a periodic orbit of x n. The latter results from there being only finitely many numbers of a certain accuracy. In theory, this means that there must be a cycle of length at most 2 d where d-bits are used. However, in practice, I have found this to be much smaller. Typically, there will be some number of iterations I before the cycle is reached, and the cycle is of length T (we generalize saying a fixed point is a 0-cycle). For x 0 =.5, r = 3.78 we have the following values of I + T (an upperbound on T ). Digits of Accuracy I + T 1 3 2 5 3 9 4 65 5 150 6 537 7 1766 8 6021 9 21982 10 78262 11 113895 Given a periodic orbit of relatively small size presents us with an equivalent cryptosystem of the following form: 1. Choose a positive integer T to represent the cycle length. Define x 0 := 0. 2. Associate each letter of the alphabet with at least one number from 0 to T 1 so that no two letters are associated with the same number. A site corresponds to the subset of [0, T 1] that corresponds to a particular letter.

3. For each character in the plaintext string s Do x 0 := x 0 + 1 Until x 0 reaches the site corresponding to the current plaintext character and random() > p. The encrypted character is the number x 0. Set x 0 := 0. For every letter l i of the alphabet corresponding to a site C i [0, T 1), we are thus guaranteed an encryption of x + T k where x C i and k N. In the case of the originally proposed cryptosystem with no random pertubation, k = 0, meaning we are left with a simple substitution cipher. In the case of random perturbation, k is typically small (around 1 or 2) since encryption time is important. Such encryption is more difficult to deal with, but clearly a step down from the original system. This discussion above shows that the security of the cryptosystem in [1] relies on a small fraction of the many possible trajectories based on the secret key (r, x 0 ). This problem could easily be worked around by using much larger fixed point precision; however, a full analysis is warrented. The author is currently developing a practical attack on this cryptosystem. Bibliography [1] Baptista, M. S. Cryptography with Chaos. Physics Letters A 240 (1998): 50-54 [2] Ott, Edward. Chaos in dynamical systems. Cambridge University Press, 2002. [3] Davies, Brian. Exploring chaos. Theory and experiment. Perseus Books, 1999. [4] Jacobson, M. V. Topological and Metric Properties of One Dimensional Endomorphisms. Sov. Math. Dokl. 19 (1978): 1452. [5] http://home.hkstar.com/hmk409/research/ces/main.htm (Chaotic Encryption Standard) [6] http://icg.harvard.edu/math118r/ [7] Strogatz, S. H. Nonlinear dynamics and chaos. With Applications to Physics, Biology, Chemistry, and Engineering. Westview Press, 2000.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback