Cryptography using multiple one-dimensional chaotic maps - CiteSeerX

Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723 www.elsevier.com/locate/cnsns

Short communication

Cryptography using multiple one-dimensional chaotic maps N.K. Pareek

a,b

, Vinod Patidar a, K.K. Sud

a,b,*

a

b

Department of Physics, College of Science Campus, M.L.S. University, Udaipur 313002, India University Computer Centre, Vigyan Bhawan, New Campus, M.L.S. University, Udaipur 313002, India Received 4 November 2003; received in revised form 4 November 2003; accepted 16 March 2004 Available online 8 June 2004

Abstract Recently, Pareek et al. [Phys. Lett. A 309 (2003) 75] have developed a symmetric key block cipher algorithm using a one-dimensional chaotic map. In this paper, we propose a symmetric key block cipher algorithm in which multiple one-dimensional chaotic maps are used instead of a one-dimensional chaotic map. However, we also use an external secret key of variable length (maximum 128-bits) as used by Pareek et al. In the present cryptosystem, plaintext is divided into groups of variable length (i.e. number of blocks in each group is different) and these are encrypted sequentially by using randomly chosen chaotic map from a set of chaotic maps. For block-by-block encryption of variable length group, number of iterations and initial condition for the chaotic maps depend on the randomly chosen session key and encryption of previous block of plaintext, respectively. The whole process of encryption/decryption is governed by two dynamic tables, which are updated time to time during the encryption/decryption process. Simulation results show that the proposed cryptosystem requires less time to encrypt the plaintext as compared to the existing chaotic cryptosystems and further produces the ciphertext having flat distribution of same size as the plaintext. Ó 2004 Elsevier B.V. All rights reserved. PACS: 05.45.Vx; 05.45.)a Keywords: Discrete chaotic cryptography (DCC); Block ciphers; Secret-key cryptography

The recent developments in communication and computer technology have made the security and privacy of data a major problem and concern in diverse fields like internet banking, *

Corresponding author. Address: Department of Physics, College of Science Campus, M.L.S. University, Udaipur 313002, India. Tel.: +91-294-2418123; fax: +91-294-2471150. E-mail address: [email protected] (K.K. Sud). 1007-5704/$ - see front matter Ó 2004 Elsevier B.V. All rights reserved. doi:10.1016/j.cnsns.2004.03.006

716

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

e-commerce, business in general, defence, etc. This has led to the development of various techniques and adoption of cryptography. The main objective of cryptography is to develop a cryptosystem, which converts an original intelligible message, referred to as plaintext, into apparently random non-sense message, referred to as ciphertext and it also recovers the message back in its original form. We refer the readers for the basic terminology of cryptography to the Refs. [1,2]. Chaotic systems have a number of interesting properties such as sensitivity to initial condition and system parameter, ergodicity and mixing (stretching and folding) properties, etc. These properties make the chaotic systems a worthy choice for constructing the cryptosystems as sensitivity to the initial condition/system parameter and mixing properties are analogous to the confusion and diffusion properties of a good cryptosystem. In an ideal cryptosystem confusion reduces the correlation between the plaintext and ciphertext while diffusion transposes the data located at some co-ordinates of the input block to other co-ordinates of the output block [1]. In other words, we can say that diffusion changes the position of data while the data itself is modified during the confusion process. In recent years, a number of discrete chaotic cryptographic algorithms [3–12] have been proposed for realizing the private key cryptography with chaos. In most of the discrete chaotic cryptographic approaches [3–11] one chaotic map is used and either the system parameter or initial condition of the chaotic map or both are used as a secret key. Recently, Pareek et al. [12] have developed a cryptosystem using a one-dimensional chaotic map (logistic map) in which an external secret key has been used. Further in this algorithm neither system parameter nor initial condition of the chaotic map has been used as secret key however these parameters have been generated with the help of external secret key. For improving the security of discrete chaotic cryptosystem utilizing the external secret key [12], in this paper, we introduce the concept of using more than one one-dimensional chaotic maps in cryptography. Inclusion of more than one chaotic map increases the confusion in the encryption process and it results in a more secure cryptosystem due to the fact that more confusion in encryption makes cryptosystem more secure [1]. The proposed cryptosystem is a symmetric key block cipher algorithm in which multiple one-dimensional chaotic maps and an external secret key of variable length (maximum 128-bits as used by Pareek et al. [12]) are used. Further in the present cryptosystem, plaintext is divided into groups of variable length (i.e. number of blocks in each group is different) and these are encrypted sequentially by using randomly chosen chaotic map from a set of chaotic maps. For block by block encryption of variable length group, number of iterations and initial condition for the chaotic maps depend on the randomly chosen session key and encryption of previous block of plaintext, respectively. The whole process of encryption/ decryption is governed by two dynamic tables, which are updated from time to time during the encryption/decryption process. Now we discuss in detail the step by step procedure of the encryption/decryption in the proposed cryptosystem. 1. For the encryption/decryption, we divide plaintext/ciphertext into blocks of 8-bits and the blocks into groups of variable length (i.e. number of blocks in each group is different). Plaintext and ciphertext of n blocks can be represented as P ¼ P1 P2 P3 P4 . . . . . . Pn ðPlain textÞ; |{z} |{z} |ffl{zffl} G1

G2

G3

ð1Þ

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

C ¼ C1 C2 C3 C4 . . . . . . Cn ðCipher textÞ: |ffl{zffl} |{z} |fflffl{zfflffl} G1

717

ð2Þ

G3

G2

Secret key of 128-bits is fairly long and it is inconvenient to use such a long key directly for encryption/decryption, so it is divided into blocks of 8-bits named as session keys as K ¼ K1 K2 K3 K4 . . . K16 ðSecret keyÞ:

ð3Þ

We express the secret key in hexadecimal mode, so a 128-bits key will consist of total 32 alphanumeric characters (out of 0 to 9 and A to F) and each group of two alphanumeric characters will represent a session key. 2. As we have stated in the introductory paragraph of this paper that we are proposing a cryptographic algorithm using multiple one-dimensional chaotic maps. We use here four onedimensional chaotic maps––logistic map, tent map, sine map and cubic map and for convenience, we identify each chaotic map by an integer index (map number N ) i.e. logistic map by an integer 0, tent map by 1, sine map by 2 and cubic map by 3. In Table 1, we have given map number ðN Þ, governing equation and system parameter value in the chaotic range for each map used in our cryptographic algorithm. 3. Initially, we choose exactly same initial condition (IC) for each chaotic map which is generated from the session keys as R¼

16 X ðKi =256Þ;

ð4Þ

i¼1

IC ¼ R  bRc;

ð5Þ

here Ki and bc are, respectively, the decimal equivalent of the ith session key and the floor function. 4. We create a dynamic table DT1 (see Table 2) having number of rows equal to the total number of maps (four) used in the algorithm and two columns- one for map number ðN Þ and another for initial condition for the chaotic map N . We call it as dynamic table because with the encryption/decryption of each block of plaintext/ciphertext, the second column containing the initial condition for the chaotic map is updated and further the updation depends on the encryption/decryption of the previous block of plaintext/ciphertext (explained in Step 6). Initially, all the entries in the second column of DT1 are exactly same and is equal to the initial condition

Table 1 Map number, governing equations and system parameters values in chaotic range for the one-dimensional maps used in the present cryptographic algorithm Chaotic map

Map number (N )

Governing equation

System parameter value in chaotic range

Logistic map

0

k ¼ 3:99

Tent map

1

Sine map Cubic map

2 3

Xnþ1 ¼  kXn ð1  Xn Þ kXn If Xn > 0:5 Xnþ1 ¼ kð1  Xn Þ If Xn 6 0:5 Xnþ1 ¼ k sinðpXn Þ Xnþ1 ¼ kXn ð1  Xn2 Þ

k ¼ 1:97 k ¼ 0:99 k ¼ 2:59

718

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

Table 2 Dynamic table DT1 showing map numbers ðN Þ and their corresponding initial conditions (IC) Map number ðN Þ

Initial condition (IC)

0 1 2 3

0.101562 0.101562 0.101562 0.101562

Table 3 Dynamic table DT2 showing number of blocks B in different groups of plaintext/ciphertext to be encrypted/decrypted using map number N with number of iterations IT Number of blocks ðBÞ in a group

Map number ðN Þ

Number of iterations for map N ðIT Þ

3 0 1 6 15 – –

3 0 1 2 3 – –

75 56 57 83 75 – –

value generated in the Step 3. If we use ‘3839384B4A44534457453233’ (expressed in hexadecimal) as the secret key then the dynamic table DT1 initially looks as shown in Table 2. 5. We create another dynamic table DT2 (see Table 3) having number of rows equal to the total number of session keys and three columns––first one for number of blocks ðBÞ of plaintext/ ciphertext, second one for the map number ðN Þ and the last one for number of iterations (IT). We fill the dynamic table DT2 with the help of linear congruential random number generator (LCG), which generates a sequence of random numbers with the following recurrence relation: Ynþ1 ¼ ðaYn þ cÞ mod m;

ð6Þ

where a, c and m, respectively, are multiplier, increment and modulus and are taken 5, 1 and 16 throughout the algorithm. The seed ðY0 Þ for the LCG is a secret key dependent integer and is Y0 ¼ bIC 102 c, here IC is initial condition generated in Step 3. The values of B, N and IT described above are generated from Ynþ1 as B ¼ Ynþ1 ;

ð7Þ

N ¼ Ynþ1 mod 4;

ð8Þ

IT ¼ decimal equivalant of the ððYnþ1 mod 16Þ þ 1Þth session key:

ð9Þ

If we consider the same secret key as in Step 4 then after complete fill up, the dynamic table DT2 looks as shown in Table 3. 6. During encryption/decryption of plaintext/ciphertext, we read the dynamic tables (DT1 and DT2) as follows: A group of B blocks (no. of blocks) of plaintext/ciphertext to be encrypted/

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

719

decrypted by iterating map N with initial condition IC and number of iterations IT. The values for B, N and IT are read from DT2 and the corresponding initial condition IC for map N is read from DT1. The new value of X ðXnew Þ, after IT iterations of map N , is used for encryption/decryption of plaintext/ciphertext as follows: Ci ¼ ðPi þ bXnew 105 cÞ mod 256;

ð10Þ

Pi ¼ ðCi þ 256  ðbXnew 105 c mod 256ÞÞ mod 256;

ð11Þ

here Pi and Ci are, respectively, the ASCII values corresponding to the ith block of plaintext and ciphertext. After encryption/decryption of each block of plaintext/ciphertext, in dynamic table DT1, we also replace the value of initial condition IC for map N used in the recent encryption/decryption of plaintext/ciphertext with the new value of X i.e. Xnew . In this way, we regularly update the dynamic table DT1 after encryption/decryption of each block of plaintext/ciphertext. 7. When dynamic table DT2 is completely exhausted i.e. encryption/decryption of total S (sum of all the values in column one of DT2) blocks is achieved, we fill the DT2 again with the help of LCG as explained in Step 5. This time we use the Xnew value obtained during the encryption/ decryption of the Sth block of plaintext/ciphertext for calculating the seed for the LCG as: IC ¼ Xnew . 8. We put the blocks corresponding to the ASCII values obtained in Step 6 ðCi =Pi Þ as the ciphertext/plaintext. The whole process of encryption/decryption continues till the plaintext/ciphertext is completely exhausted. In this cryptosystem, the process of decryption is completely similar to the encryption process. Only difference is in aforesaid Step 6 i.e. Eq. (10) is used for encryption while Eq. (11) for decryption process. If we consider the numerical values shown in DT1 and DT2 (Tables 2 and 3) then the complete processes of encryption and decryption for a specific plaintext ‘chaotic’ are shown in Tables 4 and 5, respectively. We have implemented the proposed algorithm using C++ programming language and observed the simulation results on a Pentium-III 500 MHz PC with 256MB RAM. In Table 6, we give the

Table 4 Encryption of a specific plaintext ‘chaotic’ using external secret key ‘3839384B4A44534457453233’ (expressed in hexadecimal) Plaintext block number

Plaintext symbol

Map number N

IC for map N

IT for map N

Output of ðPi Þ map N ðXnew Þ

ðCi Þ

1 2 3 4 5 6 7

c h a o t i c

3 3 3 1 2 2 2

0.101562 0.503917 0.577983 0.101562 0.101562 0.969888 0.138090

75 75 75 57 83 83 83

0.503917 0.577983 0.207845 0.338707 0.969888 0.138090 0.645938

58 46 145 189 80 90 180

99 104 97 111 116 105 99

720

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

Table 5 Decryption of a specific plaintext ‘chaotic’ using external secret key ‘3839384B4A44534457453233’ (expressed in hexadecimal) Ciphertext block Map number number N

IC for map N

IT for map N

Output of map N ðXnew Þ

ðCi Þ

ðPi Þ

Plaintext symbol

1 2 3 4 5 6 7

0.101562 0.503917 0.577983 0.101562 0.101562 0.969888 0.138090

75 75 75 57 83 83 83

0.503917 0.577983 0.207845 0.338707 0.969888 0.138090 0.645938

58 46 145 189 80 90 180

99 104 97 111 116 105 99

c h a o t i c

3 3 3 1 2 2 2

Table 6 Details of the encryption time and ciphertext file size for five different types of plaintext files using present cryptosystem as well as Pareek et al.’s [12] cryptosystem File type

Plaintext file size (KB)

Encryption time (in seconds)a using present cryptosystem min.–max. (mean)b

Encryption time (in seconds)a using Pareek et al.’s cryptosystem [12] min.–max. (mean)b

Ciphertext file size produced by both the cryptosystems (KB)

Text files (*.txt)

30 90 240

0.16–0.33 (0.27) 0.55–0.99 (0.79) 1.42–2.52 (2.10)

0.22–0.33 (0.27) 0.88–1.21(1.03) 2.48–3.18 (2.75)

30 90 240

Document files (*.doc)

30

0.17–0.33 (0.27)

0.27–0.33 (0.29)

30

90 240

0.49–0.94 (0.79) 1.42–2.52 (2.09)

0.99–1.27 (1.10) 2.64–3.35 (2.90)

90 240

Music files (*.mp3)

404 948

2.69–4.84 (4.05) 5.55–9.94 (8.28)

4.06– 4.94 (4.33) 8.13–10.05 (8.78)

404 948

Executable files (*.exe)

909

5.32–9.56 (7.93)

7.85–9.44 (8.61)

909

1193

6.98–12.47 (10.40)

13.35–16.85(14.47)

1193

540 1444

3.18–5.65 (4.71) 8.52–15.16 (12.61)

4.66–5.71 (4.98) 12.09–14.61 (13.10)

540 1444

Video files (*.avi) a

These results are obtained by implementing the algorithms in C++ on a Pentium III 500 MHz PC with 256 MB RAM. b Minimum and maximum time for the encryption of plaintext files corresponding to randomly chosen 100 different keys. Mean time is given in brackets.

encryption time and size of ciphertext files for five different types of plaintext files using the present cryptosystem as well as Pareek et al.’s cryptosystem [12]. One remark we would like to make here is that both algorithms are completely key dependent so the encryption time will always depend on the distribution of key. We have calculated the encryption time using hundred different keys (arbitrarily chosen) and mention a range as well as mean encryption time corresponding to

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

721

each plaintext file. We also found that the encryption time for any mentioned plaintext file using a key other than earlier used hundred keys always falls in the corresponding range, however mean time may change accordingly in the range. We observe from the Table 6 that both cryptosystems produce the ciphertexts of same size as that of its corresponding plaintext. It is so because both cryptosystems map one to one correspondence between plaintext and ciphertext. It is to be noted here that for the chaotic cryptographic schemes developed by Baptista [6], Wong et al. [9] and Wong [10], the ciphertext length is twice that of its corresponding plaintext. However, in a recent attempt Wong et al. [11] have proposed a modification in an earlier chaotic cryptographic scheme [10] to produce short ciphertext, which is slightly longer than its corresponding plaintext. In Wong et al.’s algorithm [11] security can be increased by using long session key as well as large value of a parameter p used in the algorithm but trade-offs are at the cost of longer ciphertext (due to the use of long session key) and encryption time (due to the use of large p value). In the present cryptosystem also security can be improved by increasing the length of external secret key, which requires only a slight modification in the algorithm but with no trade-off. As the increase in the secret key length does not affect the one to one correspondence between the plaintext and ciphertext and hence the present algorithm results in same sized ciphertext. As far as encryption time is concerned, after much experimentation, it is observed that the encryption time also does not increase drastically with the increase in the secret key length however, negligible variations are observed. The possible cause for this may be due to the fact that the increase in the secret key length does not lead to increase in total number of operations required for encryption/ decryption of a particular plaintext as summation of all session keys is required once in the algorithm (Step 3), except this the total number of operations in the whole process remains almost unchanged. We would like to mention here that the number of iterations (IT) for chaotic maps during encryption/decryption may change in the interval [0; 255] depending on the composition of secret key, so the total number of operations for encryption/decryption of a particular block will vary but the total number of operations required for encryption/decryption of a chosen plaintext will be almost constant irrespective of the composition and length of the secret key. Another important feature, we observe from Table 6 is that the time taken by the present cryptosystem is less compared to the time taken by the Pareek et al.’s cryptosystem [12] to encrypt the same plaintext file. In addition, Pareek et al. [12] have made a comparison for the encryption time between their algorithm and the algorithms developed by Baptista [6], Wong et al. [9], Wong [10] and concluded that their algorithm is faster than the existing algorithms. Here we have only made a explicit comparison between the Pareek et al.’s algorithm [12] and the present algorithm and found that the present algorithm is faster than the Pareek et al.’s algorithm [12] (see Table 6). So intuitively, we can conclude that the present algorithm is faster than the existing chaotic cryptographic schemes [6,9,10,12]. We also observe from Table 6 that as the size of the plaintext is increased, the difference between the time taken by both cryptosystems (present and the cryptosystem presented in Ref. [12]) increases i.e. for encryption of large plaintext files the present cryptosystem is faster than the earlier one [12]. In the present cryptosystem there is more confusion in the encryption process because of the use of multiple one-dimensional chaotic maps while in the chaotic cryptosystems developed by Baptista [6], Wong et al. [9], Wong [10] and Pareek et al. [12], a one-dimensional chaotic map is used and it is well known that the confusion in the encryption process is ultimately related to the security i.e. more confusion leads to more

722

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

security [1]. Hence it can be said that by using the present cryptosystem one can transmit the large multimedia files within shorter time and with more security as compared to the existing chaotic cryptosystems [6,9,10,12]. Besides the fast encryption speed and production of the ciphertext having same size as its corresponding plaintext, the present cryptosystem also possesses the three basic properties of an ideal cryptosystem i.e. the ciphertext distribution is flat, flipping of one bit in the plaintext as well as the change in the composition or size of the secret key creates a completely different ciphertext. For the brevity, we have not given all the results here. However we have shown in Fig. 1(a), the ASCII value distribution of a ciphertext corresponding to a 50000-block all-zero plaintext (i.e. all the symbols in the plaintext are ‘0’) using the secret key ‘41422D31393F686A232467683C3E5A58’ (expressed in hexadecimal) and in Fig. 1(b), the histogram of the ciphertext shown in Fig. 1(a). Similarly, in Fig. 1(c) and (d), respectively, we have shown the ASCII value distribution and the histogram of a ciphertext corresponding to a 50000-block all-z plaintext (i.e. all the symbols in the

Fig. 1. We show in frame (a) the ASCII value distribution of a ciphertext corresponding to a 50000-block all-zero plaintext using an external secret key ‘41422D31393F686A232467683C3E5A58’ (expressen in hexadecimal) and in frame (b) the histogram of the ciphertext shown in frame (a). In frames (c) and (d), respectively, the ASCII value distribution and histogram of a ciphertext corresponding to a 50000-block all-z plaintext using the external secret key ‘77682D5459247E254064235567685751’ (expressed in hexadecimal).

N.K. Pareek et al. / Communications in Nonlinear Science and Numerical Simulation 10 (2005) 715–723

723

plaintext are ‘z’) using the secret key ‘77682D5459247E254064235567685751’ (expressed in hexadecimal). It is clear from Fig. 1 that for both the plaintexts having long strings of same blocks, the ciphertexts are uniformly distributed in the complete interval of ASCII values [0; 255]. We can also observe from the histograms (Fig. 1(b) and (d)) that in both the ciphertexts, every symbol having the ASCII value 0–255 is occurring with an average frequency of about 200. Hence the present cryptosystem produces flat ciphertexts with no visible patterns, irrespective of the composition of plaintext as well as of the secret key. In summary, we have extended the idea of discrete chaotic cryptography using external key [12] further by including multiple one-dimensional chaotic maps in the algorithm. The inclusion of more than one 1D maps increases the confusion in the encryption process and results in a more secure cryptosystem due to the fact that more confusion in encryption makes the cryptosystem more secure [1]. We have found that the present cryptosystem is faster than the existing chaotic cryptosystems. We have used in the present algorithm only four prototype chaotic maps however, it can be easily extended to any number of 1D chaotic maps.

Acknowledgements The support from the special assistance programme of the University Grants Commission (UGC), New Delhi to the Department of Physics, M.L.S. University is gratefully acknowledged. One of us (VP) also acknowledges to the University Grants Commission (UGC), New Delhi for providing senior research fellowship.

References [1] Schneier B. Applied cryptography: protocols, algorithms and source code in C. New York: John Wiley and Sons; 1996. [2] Menezes AJ, Oorschot PCV, Vanstone SA. Handbook of applied cryptography. Boca Raton, Florida, USA: CRC Press; 1997. [3] Matthews RAJ. On the derivation of a chaotic encryption algorithm. Cryptologia 1989;XII(1):29–42. [4] Habutsu T, Nishio Y, Sasase I, Mori S. A secret key cryptosystem by iterating a chaotic map. In: Advances in cryptology-EUROCRYPT’91. Berlin: Springer; 1991. p. 127–40. [5] Kotulski Z, Szczepanski J. Discrete chaotic cryptography. Ann Phys 1997;6(5):381–94. [6] Baptista MS. Cryptography with chaos. Phys Lett A 1998;240(1–2):50–4. [7] Kotulski Z, Szczepanski J, G orski K, Paszkiewicz A, Zugaj A. Application of discrete chaotic dynamical systems in cryptography––DCC method. Int J Bifurcat Chaos 1999;9:1121–35. [8] Alvarez E, Fernandez A, Garcia PJimenezJ, Marcano A. New approach to chaotic encryption. Phys Lett A 1999;263:373–5. [9] Wong WK, Lee LP, Wong KW. A modified chaotic cryptographic method. Comput Phys Commun 2000;138:234– 6. [10] Wong KW. A fast chaotic cryptography scheme with dynamic look-up table. Phys Lett A 2002;298:238–42. [11] Wong KW, Ho SW, Yung CK. A chaotic cryptography scheme for generating short ciphertext. Phys Lett A 2003;310:67–73. [12] Pareek NK, Patidar V, Sud KK. Discrete chaotic cryptography using external key. Phys Lett A 2003;309:75–82.