An Efficient Approach for Generating Secured Pseudo Random Numbers Based on a Chua’s Chaotic System Study and Real Time FPGA Implementation Lahcene Merah1, Adda ALI-PACHA1 and Naima HADJ SAID1 1 Department of electronics University of Science and Technology of Oran (USTO) BP 1505 El M’Naouer Oran 31036, ALGERIA Phone / Fax: 213 / 041 -- 46 26 85
[email protected],
[email protected] Abstract- This paper presents an efficient approach to increase the security of chaos-based PRBGs for cryptography purposes. We took the Chua’s chaotic system as an example; instead of using directly the output of Chua’s system as a pseudo random sequence, we pass it through a proposed logical circuit that enhance its feasibility, and generate a strong pseudo random sequence (PRS) suitable for cryptography issues (PRS with ideal statistical distribution). On the other side our proposed scheme increases also the length of the system key (which is enhance the resistance against brute force attacks) and relatively increases the cycle-length of the PRS. The NIST statistical tests are used to evaluate the randomness of the PRS. A Hardware realization is targeted by implementing our system on FPGA and evaluating the hardware implementation aside of cost and throughput that achieved. Keywords: Chaos, Chua, Cryptography, PRNG, NIST, FPGA.
1. Introduction Security has become a topic of increasing importance in communications because the Internet and personal communications systems are now accessible worldwide. In the last years, many researchers have exploited the close relationship between chaos and cryptography [1]. Chaotic cryptography has been widely investigated in the past few years; chaotic systems have been used to develop chaotic ciphers because the sensitivity to parameters and initial conditions, ergodicity, and pseudorandom behavior of chaotic systems satisfies the analogous requirements for a good cryptosystem [2]. A chaotic system is a non-linear, dynamic system. A dynamic system is simply a set of functions (rules, equations) that specify how variables change overtime. Several schemes have been developed which allow transforming the information signal into a chaotic waveform on the transmitter side and to extract the information signal from the transmitted waveform on the receiver side. The most important among them are: chaotic masking, chaos shift keying, and chaotic modulation [3]. By the incoming of digital computing, digital implementation of chaos becomes another challenge that hinders application of chaos in cryptography. This is in fact due to the finite precision of computers, this directly translated by a degradation of quality of chaotic signals. Short cycle-length, non-ideal statistical distributions, weakness against attacks and low throughput are the most known drawbacks of the DCM which reduces the cryptosystem security strength greatly. In this paper, we propose an effective approach in order to both increasing the key length (which enhance the resistance against attacks) and generating ideal statistical distributed chaotic sequences.
2. PRNGs, Chaos and cryptography Randomness in general means uncertainly and unpredictability. The random numbers can be divided into real random number and pseudo-random number [4]. An RNG (Random number generator) uses a nondeterministic source (i.e., the entropy source), along with some processing function (i.e., the entropy distillation process) to produce randomness. A PRNG (Pseudo random number generator) uses one or more inputs and generates multiple “pseudorandom” numbers. Inputs to PRNGs are called seeds. In contexts in which unpredictability is needed, the seed itself must be random and unpredictable [5]. Because of it is difficult to implement a real random number physically, and pseudo-random sequence cannot be forecasted
if its initial value and formula is unknown [4], so the pseudo-random number generators are still widely used in the fields of information encoding, communication, numerical simulation, computer games, statistical analysis and distributed computation [6]. In cryptography field, the PRNGs outputs are combined with the plaintext to form the ciphertext. In this case it is very important and unlike many other fields to make good PRNGs that offers a high unpredictability, a high sensitivity to the secret key, a high throughput, a low computation time, and low Hardware implementation complexity (i.e. low Hardware implementation cost, low power consummation,..). In this case the PRNG is called a cryptographically secure PRNG (CSPRNG) [7]. Many approaches proposed recently have the idea to replace traditional PRNGs by chaotic systems. In fact, chaotic systems have interest characteristics that make it the ideal alternative to the actual PRNGs. The random behavior and sensitivity to initial conditions and parameter settings allows chaotic systems to fulfill the classic Shannon requirements of confusion and diffusion [3].
3. The proposed PRNG based on chaotic system A. The Chua’s circuit chaotic system We will demonstrate our approach by using well-known Chua’s circuit (Fig.1). The choice of the Chua’s circuit for this purpose is due to the fact that it is quite simple, has widely studied and it is easily realizable [8].
Fig.1: A version of Chua's circuit without Chua's Diode. Chua's circuit is the simplest electronic circuit that able to deliver a chaotic behavior. As shown in the Fig.1, the energy storage elements are two capacitors (labeled C1 and C2) and an inductor (labeled L1). There is an active resistor (labeled R). There is a nonlinear resistor made of two linear resistors and two diodes. At the far right is a negative impedance converter made from three linear resistors and an operational amplifier. The section to the right simulates Chua's diode, a component that is currently not sold commercially [9]. B. Modeling Chua’s circuit The Chua’s circuit can be modeled mathematically by a system of three dimensions of nonlinear ordinary differential equations as follow:
(1)
With |x 1| |x 1|. The variables x(t), y(t) and z(t) presents respectively the voltages across the capacitors C1 and C2 and the intensity of the current the inductor L1. The function f(x) describes the electrical response of the nonlinear resistor and parameters α and β are determined by the particular values of the circuit components.
C. Implementation of the Chua’s system In this section we will implement the Chua’s system through two steps. In the first step, we simulate the system using Xilinx System Generator tool (XSG) and Matlab/Simulink. In the second step we evaluate the outputs of the system without and with the proposed circuit. The evaluation is achieved by applying the NIST statistical test. The fixed point precision of 32 bits was used (20 bits for the fractional part). In order to get a chaotic regime, we must fixe the control parameters and the initial conditions at: α =15.6, β =-36, m0= -9/7 and m1 =-4/7. The initial conditions are chosen randomly as follow: x0=0.9654454, y0=1.0029554 and z0=1.4597855. The following figures present the different time stats of the digital Chua’s circuit: 8 15
15
1.5
10
10
1
5
5
0.5
0
0
-5
-5
-0.5
-10
-10
-1
6 4
0 X(t)
-2
X(t)
2
0
-4 -6 -8 1.5 1 3
0.5
2
0
-4
-2
0 Z(t)
2
4
-15 -1.5
6
-1
-0.5
0
0.5
-1.5
10
2
0.5
5
0
-2
Z(t)
15
1
Y(t)
1.5
0
-0.5
-4
1500
-2
0 Y(t)
2
4
6
2000
2500 Time
3000
3500
4000
4500
5000
-1.5 0
0
-5
-1
1000
-4
-3
4
500
-1.5 -6
1.5
-2
6
-6 0
1
-1
-1
X(t)
-15 -6
1 0
-0.5
-10
500
1000
1500
2000
2500 Time
3000
3500
4000
4500
5000
-15 0
500
1000
1500
2000
2500 Time
3000
3500
4000
4500
5000
Fig.2: A version of Chua's circuit without Chua's Diode.
4. The proposed scheme Our proposed idea works as follow: the output binary sequence of the x signal (32bit) pass through a logical circuit called Logical circuit 1 (LC1), the output of the Logical circuit 1 pass through what called hash block (its role is to change the positions of the bits of its input), in the same time pass through a second logical circuit (Logical circuit 2 or LC2) that has the same architecture as the first. The two logical circuits are controlled a block called Secret Key Generator Block (SKGB) which control also the hash block (Fig.3). The role of the secret key generator block is to generate the whole secret of the system; 244 bits (for the control parameters and the initial conditions of the digital Chua’s system), 1 bit that combined with 32 bits of the x signal on the logical circuit 1, 5 bits to control the hash block on the LC1 (that change the positions of the x signal bits randomly up to the value of the 5 bits that control it), 5 bits that also control the hash block on the LC2 (has the same function as the first of LC1) and finally a 5 bits that control the hash block of the output, this block hash the positions of the 32 bits of the two sequences at its input. The positions of the bits are chosen randomly up the value of the 5 bits from the SKGB.
Fig.3: the proposed scheme.
The logical circuits behaves as follow, the x binary sequence pass through the hash block of the LC1 that changes the positions of the bits and generate a new 32 bits sequence. The incoming bit from the SKGB is XORed (XOR) with the LSB of the new binary sequence generated from the hash block of the LC1. The result is then out to outside and in the same time XORed and inverted with the next bit (XNOR). This operation is repeated until the MSB. The LC2 do exactly the same thing; it input the binary sequence generated from the LC1 and outputs a new binary sequence of 32 bits of length. The last hash block of the output takes the two 32 bits sequences generated both from the LC1 and LC2 and combine them to give a binary sequence of 64 bit of length.
Fig.4: The principal functioning of the logical circuits
5. Performance of the proposed scheme versus the direct use of digital Chua’s system output A. Evaluation using the NIST statistical tests The evaluation is achieved by applying the NIST statistical test. If the pseudo random number sequence (PRNS) is qualified as secured PRNS (SPRNS), it must pass all the NIST statistical tests. The NIST application contains 15 tests applicable to the binary sequence that generated from a PRNG. We said that the test is passed if the p-value (level of significance) is equal or higher to 0.01 [10]. The following table shows the evaluation results using the NIST tests, for both, the x binary sequence (XBS) and the output of the proposed circuit output (PCO). Table.1 NIST Statistical tests results Test Frequency Block Frequency (m = 128) Cusum-Forward Cusum-Reverse Runs Long Runs of Ones Rank Spectral DFT NonOverlapping Templates (m=9) Overlapping Templates (m = 9) Universal Approximate Entropy (m = 10) Random Excursions (x = +1) Random Excursions Variant (x = -1) Linear Complexity (M = 500) Serial (m = 16, ∇ )
The XBS P_value status 0.00000 Fail 0.00001 Fail 0.00025 Fail 0.00001 Fail 0.52384 Pass 0.00000 Fail 0.00000 Fail 0.00080 Fail 0.00162 Fail 0.00000 Fail 0.00000 Fail 0.00000 Fail 0.00000 Fail 0.00000 Fail 0.00000 Fail 0.00000 Fail
The PCO P_value status 0.20173 Pass 0.02952 Pass 0.19493 Pass 0.06101 Pass 0.51235 Pass 0.01424 Pass 0.89321 Pass 0.19876 Pass 0.35421 Pass 0.01838 Pass 0.24558 Pass 0.09876 Pass 0.02334 Pass 0.32234 Pass 0.07643 Pass 0.02399 Pass
It is clear from the table.1 that all the NIST tests are failed for the x binary sequence, whereas all the tests are passed for the output of the proposed circuit. What can be concluded from this is, although the chaotic aspect of the digital Chua’s output; however, it cannot qualify as Secured pseudo random sequence. The good NIST testes results of the proposed circuit prove strongly the usefulness of the generated sequence for cryptographic issues. B. Hardware implementation and achieved throughput This section is focused to the hardware FPGA implementation of both the digital Chua’s system without and with the proposed circuit. The following items are used for this task; one of recent families of FPGAs technology was used; it is the SPARTAN 6 XC6SLX45 chip from XILINX, embedded on ATLYS complete circuit board from DIGILENT INC and EE Board oscilloscope. The Fig.5 shows the FPGA chip resources utilization summary, Fig.5 (a) form the Digital Chua’s system alone, and the Fig.5 (b) Digital Chua’s system with the proposed circuit. It seems clear from this figure that there is no remarkable difference between the two implementation costs. If we look to the achieved speed of both implementations from the Fig.6, we remark that with the digital Chua’s system a 28.01 MHz is achieved while 27.89 MHz with the proposed circuit is achieved. However, by looking to the throughput, the digital Chua’s system can deliver 32 bit of data per cycle, whereas the proposed circuit can deliver a 64 bits per cycle. This means: The throughput in the first case: 32 × 28.01 = 0.89 Gbit/s The throughput in the second case: 64 × 27.89 = 1.8 Gbit/s The proposed circuit can deliver a double throughput compared with Digital Chua’s circuit alone. (a)
(b)
Fig.5: FPGA chip resources utilization report. (a)
(b)
Fig.6: FPGA implementation timing report.
6. Conclusion We have seen in this paper that although digital Chua’s system has many attractive characteristics for cryptography, however its output sequence cannot be qualified as secured pseudo random sequence (SPRS). This can be proven by applying the NIST statistical tests. In order to exploit the chaotic characteristics of the digital Chua’s system and in the same time generating a SPRS, we have proposed an additional circuit that generates a SPRS. The NIST statistical tests show that the proposed circuit has strong cryptographic
characteristics and increases the secret key length. On the other hand; Hardware FPGA implementation shows that the proposed circuit offers a double throughput with no additional implementation cost.
Fig.7: Digital Chua’s system real time outputs.
7. References [1] A. Fúster-Sabatera, P. Caballero-Gilb, “Chaotic modelling of the generalized self-shrinking generator,” Applied Soft Computing 11 (2011) 1876–1880, Elsivier. [2] Xiaomin Wanga, and al, “Secure chaotic system with application to chaotic ciphers,” Information Sciences 221 (2013) 555–570, Elsivier. [3] Amit Pande, Joseph Zambreno, “Design and Hardware Implementation of a Chaotic Encryption Scheme for Realtime Embedded,” IEEE Conference Publications, International Conference on Signal Processing and Communications (SPCOM), 18-21 July 2010,pp. 1- 5, Bangalore. [4] SHEN Hai-Wei, LI Jin-Ping, “ A high-speed and long-period combined pseudo-random number generator,” IEEE Conference Publications, Second International Symposium on Computational Intelligence and Design, 2009. ISCID '09, 12-14 Dec. 2009, Changsha, pp. 112 – 114, ISBN: 978-0-7695-3865-5. [5] National Institute of Standards and Technology, U.S Department of Commerce, “A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications,” NIST Special Publication 80022, Revision 1a, April 2010. [6] Chengyan Jiang , Siyuan Wu , “ Valid Algorithm of Converting Chaos Sequences to Uniformity Pseudo-random Ones ,” IEEE Conference Publications, International Symposium on Information Engineering and Electronic Commerce, 2009. IEEC '09, 16-17 May 2009, Ternopil, pp. 295 – 298, ISBN: 978-0-7695-3686-6. [7] Ziqi Zhu, Hanping Hu, “ A Dynamic Nonlinear Transform Arithmetic for Improving the Properties Chaos-based PRNG,” , IEEE Conference Publications, Proceedings of the 8th World Congress on Intelligent Control and Automation, July 6-9 2010, Jinan, pp. 7055 – 7060, ISBN: 978-1-4244-6712-9. [8] Ali Oksasoglu, Tayfun Akgul, “Chaotic Masking Scheme with a Linear Inverse System,” Physical Review Letters, Vol.75, Number 25, pp4595, 18 Dec 1995. [9] Chua's circuit; available online at http://en.wikipedia.org/wiki/Chua's_circuit [10] Lahcene Merah, Adda ALI-PACHA, Naima HADJ SAID, “Generating a Cryptographically Secure PseudoRandom Sequence from the Quadratic Chaotic Map Study and Real Time FPGA Implementation,” First International Workshop on Mathematics and Computer Science (IWMCS2012) December 16-17, 2012, Tiaret, Algeria.