FPGA Design for Pseudorandom Number Generator Based on Chaotic Iteration used in Information Hiding Application

FPGA Design for Pseudorandom Number Generator Based on Chaotic Iteration used in Information Hiding Application

Abstract

Lots of researches indicate that the inefficient generation of random numbers is a significant bottleneck for information communication applications. Therefore, Field Programmable Gate Array (FPGA) is developed to process a scalable fixed-point method for random streams generation. In our previous researches, we have proposed a technique by applying some well-defined discrete chaotic iterations that satisfy the reputed Devaney’s definition of chaos, namely chaotic iterations (CI). We have formerly proven that the generator with CI can provide qualified chaotic random numbers. In this paper, this generator based on chaotic iterations is optimally redesigned for FPGA device. By doing so, the generation rate can be largely improved. Analyses show that these hardware generators can also provide good statistical chaotic random bits and can be cryptographically secure too. An application in the information hiding security field is finally given as an illustrative example.

1 Introduction

The extremely rapid development of the Internet brings more and more attention to the information security techniques, such as text, image, or video encryption, etc. As a result, highly qualified random sequences, as an inseparable part of encryption techniques, are urgently required. There are two kinds of random sequences: real random sequences generated by physical methods and pseudorandom sequences generated by algorithm simulations, which are in accordance with some kind of probability distributions. The implementation methods for different classes of random number generators are visualized in Figure 1. However, the constructions of the real random sequences are usually poor in speed and efficiency, and require considerably more storage space as well, and these defects restrict their usage in modern cryptography. On the one hand, field programmable gate arrays (FPGAs) have been successfully used for realizing the speed requirement in pseudorandom sequence generation, due to their high parallelization capability [13, 15, 25]. Advantages of such physical generation way encompass performance, design time, power consumption flexibility, and cost. On the other hand, there is a growing interest to use chaotic dynamical systems as PRNGs, among other things due to the unpredictability and distorted-like properties of such systems ([17, 14, 21]). Nowadays, such chaos-based generators have also been successfully used to strengthen optical communications [20].

Figure 1: Classification of random number generators

A short overview of our previous researches is given thereafter. It has firstly been stated that a tool called chaotic iterations (CIs), used in distributed computing, satisfies the chaotic property as it is defined by Devaney [16]. The chaotic behavior of CIs has then been exploited to obtain a class of unpredictable PRNGs [8]. This class receives two given, potentially defective, generators as input and mix them with chaotic iterations, producing by doing so a sequence having a better random profile than the two inputs taken alone [4]. Then, in [5], two new versions of such “CIPRNGs” have been proposed, involving respectively two logistic maps and two XORshifts.

In this paper, we continue the works initiated in [8, 5, 7, 4]: the two approaches introduced before are merged by proposing a discrete chaos-based generator designed on FPGA. The idea is to improve the efficiency of our formerly proposed generators, without any lack of chaos properties. To do so, a new model of CIPRNG Version 1 [8] on Field Programmable Gate Array is introduced and its security is proven in some cases. Additionally, the randomness of this novel proposal is evaluated by the famous NIST test suite (widely used as a randomness standard battery of tests [23]). Last but not the least, a potential usage of this generator in a cryptographic application is presented.

2 Definitions and terminologies

2.1 Notations

the term of a sequence
the component of a vector:
strategy a sequence which elements belong in
the set of all strategies
the set of sequences belonging into
the binomial coefficient
the integer addition
the usual shift operators
the set of positive integers {1,2,3,…}
the bitwise AND
the bitwise exclusive or between two integers.

2.2 Blum Blum Shub and XORshift

The Blum Blum Shub generator [12] (usually denoted by BBS) takes the form:

where is the product of two prime numbers (these prime numbers need to be congruent to 3 modulus 4), and is the returned binary sequence.

Input: (a 64-bit word)
Output: (a 64-bit word)
Parameters: (integers)

1:  
2:  
3:  
4:  
5:  An arbitrary round of XORshift 
Algorithm 1 XORshift algorithm

XORshift, on its part, is a category of very fast PRNGs designed by George Marsaglia [22]. Algorithm 1 shows its working procedure. The values of decide the offsets of shifting.

2.3 Chaotic iterations

Definition 1

The set denoting , let be an “iteration” function and be a strategy. Then, the so-called chaotic iterations are defined by [24]:

(1)

In other words, at the iteration, only the th cell is “iterated”. Note that in a more general formulation, can be a subset of components and can be replaced by , where , describing for example delays transmission. For the general definition of such chaotic iterations, see, e.g., [24].

Chaotic iterations generate a set of vectors (Boolean vectors in this paper), they are defined by an initial state , an iteration function , and a strategy said to be a “chaotic strategy”. Being an iterative process producing binary vectors given a “seed” , such chaotic iterations can be used as pseudorandom number generators. The mathematical fundations of such a contruction is recalled in the next section.

2.4 Chaotic iterations as PRNG

Our generator denoted by is designed by the following process.

Let . Some chaotic iterations are fulfilled, with as iteration function and for strategy, to generate a sequence of Boolean vectors: the successive states of the iterated system. Some of these vectors are randomly extracted using , and their components constitute our pseudorandom bit flow.

Chaotic iterations are realized as follows. Initial state is a Boolean vector taken as a seed and chaotic strategy is constructed with PRNG2. Lastly, iterate function is the vectorial Boolean negation

To sum up, at each iteration only -th component of state is updated, as follows

(2)

Finally, let be a finite subset of . Some are selected by a sequence as the pseudorandom bit sequence of our generator, . So, the generator returns the following values: the components of , followed by the components of , followed by the components of , etc. In other words, the generator returns the following bits:

or the following integers:

In details, when considering the Boolean negation and two integer sequences and , we obtain the CIPRNG(,) version 1 published in [27]: is and the output of the generator is the subsequence , where and . Reason to be of the sequence is that, between two iterates of chaotic iterations, at most 1 bit will change in the vector, and thus the sequence cannot pass any statistical test: we must extract a subsequence of to produce the outputs. CIPRNG(,) version 2, for its part, will extract a subsequence from the strategy to prevent from negating several times a same position between two outputs.

Example 1

If we consider the Boolean negation for , then chaotic iterations of Definition 1 can be rewritten as: , where is such that its th binary digit is 1 if and only if . Such a particular chaotic iterations will be our generator called XOR CIPRNG [9].

2.5 PRNGs based on chaotic iterations

Let us now recall with more details some previous works in the field of CIPRNGs: chaotic iteration based pseudorandom number generators.

CIPRNG(PRNG1,PRNG2): Version 1

Let PRNG1 and PRNG2 be two given generators provided as input, or “entropy sources”. The objective of the CIPRNG approach is to mix them together using chaotic iterations, in such a way that chaos improve their statistics against well-known batteries of tests, while the speed of the resulted mixed PRNGs is of the same order than the slowest input. Additionally, we will show in a further section that if the PRNG1 is cryptographically secure, then it is the case too for the mixed CIPRNG(PRNG1,PRNG2). Thus expected properties of entropy sources could be, for instance, speed for PRNG2 and security or good statistical properties for PRNG1, even though, theoretically speaking, nothing is required for these inputs except that they must not be totally defective (chaos cannot correct constant inputs for instance).

Figure 2: Flow chart of CIPRNG version 1

Some chaotic iterations are fulfilled (see Flow chart 2) to generate a sequence of Boolean vectors, which are the successive states of the iterated system. Some of these vectors are randomly extracted and their components constitute the pseudorandom bit flow [8]. Chaotic iterations are realized as follows. The initial state is a Boolean vector taken as a seed and the chaotic strategy is constructed with PRNG2. At each iteration, only the -th component of state is updated. Finally, some are selected by a sequence , obtained using the PRNG1, as the pseudorandom bit sequence of our generator.

4 5 4
2 4 2 2 5 1 1 5 5 3 2 3 3
1 1 1 1
0 1 1 0
1 1 1 0
0 1 1 1
0 0 1 1

Output:

Table 1: Running example of CIPRNG version 1

The basic design procedure of the first version of the CIPRNG generator is summed up in Algorithm 9. The internal state is , whereas and are computed by PRNG1 and PRNG2. See Table 9 for a run example of this CIPRNG version 1.

Input: the internal state (an array of 1-bit words)
Output: an array of 1-bit words

1:  ;
2:  ;
3:  while  do
4:     ;
5:     ;
6:     ;
7:  end while
8:  ;
9:  return ;
Algorithm 2 An arbitrary round of the CIPRNG Version 1

CIPRNG(PRNG1,PRNG2): Version 2

The second version of the CI-based generators is designed by the following process [5]. First of all, some chaotic iterations have to be done to generate a sequence of Boolean vectors, which are the successive states of the iterated system. Some of these vectors will be randomly extracted and the pseudorandom bit flow will be constituted by their components. Such chaotic iterations are realized as follows.

  • Initial state is a Boolean vector taken as a seed.

  • Chaotic strategy is an irregular decimation of the PRNG2 sequence.

At each iteration, only the -th component of state is updated using the vectorial negation, as follows: if , else . Finally, some are selected by a sequence as the pseudorandom bit sequence of our generator, where is computed from PRNG1.

Input: the internal state ( bits)
Output: a state of bits

1:  for  do
2:     
3:  end for
4:  
5:  
6:  
7:  while  do
8:     
9:     
10:     if  then
11:        
12:        
13:     else if  then
14:        
15:     end if
16:  end while
17:  
18:  return
Algorithm 3 An arbitrary round of the CIPRNG Version 2

The basic design procedure of this CIPRNG Version 2 generator is summarized in Algorithm 18. The internal state is . and are those computed by the two inputted PRNGs. Finally, the value is the integers sequence defined in Eq.(3).

(3)

3 Security Analysis of CIPRNG Version 1

In this section the concatenation of two strings and is classically denoted by . In a cryptographic context, a pseudorandom generator is a deterministic algorithm transforming strings into strings and such that, for any seed of length m, (the output of on the input ) has size with . The notion of secure PRNGs can now be defined as follows.

3.1 Algorithm expression conversion

For the convenience of security analysis, CIPRNG Version 1 detailed in Algorithm 9 is converted as in Eq.(4), where internal state is , and are those computed by PRNG1 and PRNG2, whereas at each round, is updated to .

(4)

3.2 Security notion

Definition 2

A cryptographic PRNG is secure if for any probabilistic polynomial time algorithm D, for any polynomial p, and for all sufficiently large m’s,

(5)

where is the uniform distribution over and the probabilities are taken over , as well as over the internal coin tosses of .

Intuitively, it means that there is no polynomial time algorithm that can distinguish a perfect uniform random generator from with a non negligible probability. Note that it is quite easily possible to change the function into any polynomial function satisfying .

The generation schema developed in Eq.4 is based on two pseudorandom generators. Let be the “PRNG1” and be the “PRNG2”. We may assume, without loss of generality, that for any string of size , the size of is , then for any string of size , it has with , . It means that and . Let be the string of length such that and be the string of length s.t. ( and are the concatenations of ’s and ’s).

The generator defined in Algorithm 4 is mapping any string , of length , into the string , c.f. Eq.(4). One in particular has and . We announce that if the inputted generator is cryptographically secure, then the new one defined in Eq.(4) is secured too.

Proposition 1

If PRNG1 is a secure cryptographic generator, then for all PRNG2, we can have that is a secure cryptographic PRNG too.

Proof

The proposition is proven by contraposition. Assume that is not secure. By definition, there exists a polynomial time probabilistic algorithm , a positive polynomial , such that for all there exists satisfying

Consider a word of size .

  1. Decompose into .

  2. Pick a string of size uniformly at random.

  3. Pick a string of size : .

  4. Decompose into .

  5. Define .

  6. Compute .

  7. Return .

On one hand, consider for each the function from into mapping (each has length ) to . On the other hand, treat each by the function from into mapping (each has length ) to:

.
By construction, one has for every ,

(6)

Therefore, and using Eq.(6), one has

and, therefore,

(7)

Now, using Eq.(6) again, one has for every ,

(8)

Since where and are randomly generated. By construction, , hence

(9)

Compute the difference of Eq.(9) and Eq.(8), one can deduce that there exists a polynomial time probabilistic algorithm , a positive polynomial , such that for all there exists satisfying

proving that is not secure, which is a contradiction.

Compared to stream ciphers, which are symmetric key ciphers where plaintext digits are combined with a pseudorandom cipher digit stream (keystream), the CIPRNG method can be described as a post-treatment on two inputted PRNGs, that:

  1. add chaotic properties to these generators,

  2. by doing so, improve their statistical properties when the inputs are defective,

  3. while preserving their security, for instance when one of the input is cryptographically secure.

If PRNG1 is already used as a keystream in a stream cipher, because it is cryptographically secure, then the combined CIPRNG(PRNG1,XORshift), which runs potentially faster than PRNG1, can be used too as a keystream. The security comparison between CIPRNG and other designs is thus summarized in Proposition 1: the security ofCIPRNG(PRNG1,PRNG2) is directly related to the one of PRNG1, meaning that if PRNG1 is secure, then the resulted CIPRNG is secure too.

4 CIPRNG Version 1 Designed for FPGA

4.1 An efficient and cryptographically secure PRNG based on CIPRNG Version 1

In Algorithm 4 is given an efficient and cryptographically secure generator suitable for FPGA applications. It is based on CIPRNG Version 1 and thus presents a good random statistical profile.

Notice: xorshift1, xorshift2 (64-bit XORshift generators)
Input: (a 16-bit word)
Output: (a 16-bit word)

1:  
2:  
3:  
4:  
5:  
6:  
7:  
8:  
9:  
10:  
11:  
12:  
13:  
14:  
15:  
16:  while  do
17:     
18:     
19:     
20:     
21:  end while
22:  
23:  
24:  
25:  
26:  
27:  
28:  
Algorithm 4 An efficient and cryptographically secure generator based on CIPRNG version 1

The internal state is a vector of bits, whereas two -bit XORshift generators () are provided as entropy sources. As it can be seen in the algorithm, the two outputs of XORshift generators are spread into four -bit integers. Then for each integer, there are bits components that can be found; every of these components are used to update the states. Lastly, the least significant bits (LSBs) of the output of the Blum Blum Shub generator decide if the state must be updated with the considered -bits block or not.

According to Section 3, this generator based on CIPRNG version 1 can turn to be cryptographically secure, if the PRNG1 entropy source is cryptographically secure. Here, this inputted generator is the well known BBS, which is believed to be the most secured PRNG method currently available [26]. The value is computed by a BBS with a modulo equal to bits. Then the LSBs of can be treated as secure, this is why we only considerate LSBs in this algorithm.

(a) XORshift
(b) BBS
(c) The proposed CIPRNG
Figure 3: The processing structure for BBS in FPGA (per clock step)

Following the approach detailed in [4], we thus have used chaotic iterations in order to improve the statistical behavior of the inputted generators. Here, two coupled bits XORshift generators together with one BBS are applied. By doing so, we obtain in Algorithm 4 a generator being both chaotic and cryptographically secure [9].

Method CIPRNG XORshift BBS
Frequency (Monobit) Test 0.073128 0.145326 0.32435
Frequency Test within a Block 0.719128 0.028817 0.000000
Runs Test 0.314992 0.739918 0.000000
Longest Run of Ones in a Block Test 0.445121 0.554420 0.000000
Binary Matrix Rank Test 0.888124 0.236810 0.000000
Discrete Fourier Transform (Spectral) Test 0.912003 0.514124 0.000000
Non-overlapping Template Matching Test* 0.500459 0.512363 0.000000
Overlapping Template Matching Test 0.702445 0.595549 0.000000
Universal Statistical Test 0.666230 0.122325 0.000000
Linear Complexity Test 0.475761 0.249284 0.000000
Serial Test* (m=10) 0.780099 0.495847 0.043355
Approximate Entropy Test (m=10) 0.679102 0.000000 0.000000
Cumulative Sums (Cusum) Test* 0.819200 0.074404 0.000000
Random Excursions Test* 0.697803 0.507812 0.000000
Random Excursions Variant Test* 0.338243 0.289594 0.000000
Success 15/15 14/15 2/15
Table 2: NIST SP 800-22 test results ()

Table 2 shows the test results of the proposed CIPRNG against the NIST battery [23]. Results of XORshift and BBS are provided too. According to NIST test suite, the sole BBS generator algorithm cannot produce a statistically perfect output. This is not contradictory with Prop. 1, as the cryptographically secure property is an asymptotic one: even though the Blum Blum Shum generator is cryptographically secure (which is a property independent from the chosen modulo ), the very small value chosen for makes it unable to pass the NIST battery. Obviously, best statistical performances are obtained using the proposed CIPRNG.

4.2 FPGA Design

In order to take benefits from the computing power of FPGA, a whole processing needs to spread into several independent blocks of threads that can be computed simultaneously. In general, the larger the number of threads is, the more logistic elements of FPGA are used, and the less branching instructions are used (if, while, …), the better the performances on FPGA are. Obviously, having these requirements in mind, it is possible to build a program similar to the algorithm presented in Algorithm 4, which produces pseudorandom numbers with chaotic properties on FPGA. To do so, Verilog-HDL [1] has been used to help programming. In this generator, there are three PRNG objects that use the exclusive or operation, two XORshifts, and a BBS, their processing are described thereafter.

Design of XORshift

The structure of XORshift designed in Verilog-HDL is shown in Figure a. There are four inputs:

  • The first one is the initial state, which costs 64 bits of register units,

  • the other three ones are used to define the shift operations.

Let us remark that, in FPGA, this shift operation costs nothing, as it simply consists in using different bit cells of the input. We can thus conclude that there are logic gates elements that are required for the XORshifts processing.

Design of BBS

Figure b gives the proposed design of the BBS generator in FPGAs. There are two inputs of bits, namely and . Register stores the state of the system at each time (after the square computation). is also a register that saves the value of , which must not change. Another register is used to combine to a data having bits, with a view to avoid overflow. After the last computation, the three LSBs from the output of are taken as output. Let us notice that a BBS is performed at each time unit.

Design of CI

Two XORshifts and one BBS are connected to work together, in order to compose the proposed CIPRNG (see Figure c). As it can be shown, the four bits of the BBS output are switches for the corresponding bits outputs from XORshift. Every round of the processing costs two time units to be performed: in the first clock, the three PRNGs are processed in parallel, whereas in the second one, the results of these generators are combined with the current state of the system, in order to produce the output of bits.

Figure 4: Outputs of each component in clock step unit

In our experiments, the type from Altera company’s CYCLONE II FPGA series has been used. By default, its working frequency is equal to MHz. However, it is possible to increase it until MHz by using the phase-lock loop (PLL) device. In that situation, the CIPRNG designed on this FPGA can produce over Mbits per second (that is, , see Figure 4), while using of the logic elements in . This is nearly times faster than when it is processed in continuous method.

In the next section, an application of this CSPRNG designed on FPGA in the information hiding security fields is detailed, to show that this hardware pseudorandom generator is ready to use.

5 An Information Hiding Application

Information hiding has recently become a major information security technology, especially with the increasing importance and widespread distribution of digital media th-rough the Internet [28]. It includes several techniques like digital watermarking. The aim of digital watermarking is to embed a piece of information into digital documents, such as pictures or movies. This is for a large panel of reasons, such as: copyright protection, control utilization, data description, content authentication, and data integrity. For these reasons, many different watermarking schemes have been proposed in recent years. Digital watermarking must have essential characteristics, including: security, imperceptibility, and robustness. Chaotic methods have been proposed to encrypt the watermark before embedding it in the carrier image for these security reasons. In this paper, a watermarking algorithm based on the chaotic PRNG presented above is given, as an illustration of use of this PRNG based on CI.

5.1 Most and least significant coefficients

The definitions of most and least significant coefficients are shown at first, as they have been formerly introduced in [18, 11].

Definition 3

For a given image, the most significant coefficients (in short MSCs), are coefficients that allow the description of the relevant part of the image, i.e., its most rich part (in terms of embedding information), through a sequence of bits.

Definition 4

By least significant coefficients (LSCs), we mean a translation of some insignificant parts of a medium in a sequence of bits (insignificant can be understand as: “which can be altered without sensitive damages”).

These LSCs can be for example, the last three bits of the gray level of each pixel, in the case of a spatial domain watermarking of a gray-scale image.

In the proposed application, LSCs are used during the embedding stage: some of the least significant coefficients of the carrier image will be chaotically chosen and replaced by the bits of the mixed watermark. With a large number of LSCs, the watermark can be inserted more than once and thus the embedding will be more secure and robust, but also more detectable. The MSCs are only useful in the case of authentication: encryption and embedding stages depend on them. Hence, a coefficient should not be defined at the same time, as a MSC and a LSC; the last can be altered, while the first is needed to extract the watermark. For a more rigorous definition of such LSCs and MSCs see, e.g.[3].

5.2 Stages of the algorithm

We recall now a formerly introduced watermarking scheme, which consists of two stages: (1) mixture of the watermark and (2) its embedding [6].

Watermark mixture

Firstly, for safety reasons, the watermark can be mixed before its embedding into the image. A common way to achieve this stage is to use the bitwise exclusive or (XOR), for example, between the watermark and the above PRNG. In this paper and similarly to [6], we will use another mixture scheme based on chaotic iterations. Its chaotic strategy, defined with our PRNG, will be highly sensitive to the MSCs, in the case of an authenticated watermark, as stated in  [7].

Watermark embedding

Some LSCs will be substituted by all bits of the possibly mixed watermark. To choose the sequence of LSCs to be altered, a number of integers, less than or equal to the number of LSCs corresponding to a chaotic sequence , is generated from the chaotic strategy used in the mixture stage. Thus, the -th least significant coefficient of the carrier image is substituted by the bit of the possibly mixed watermark. In the case of authentication, such a procedure leads to a choice of the LSCs that are highly dependent on the MSCs.

Extraction

The chaotic strategy can be regenerated, even in the case of an authenticated watermarking because the MSCs have not been changed during the stage of embedding the watermark. Thus, the few altered LSCs can be found, the mixed watermark can then be rebuilt, and the original watermark can be obtained. If the watermarked image is attacked, then the MSCs will change. Consequently, in the case of authentication and due to the high sensitivity of the embedding sequence, the LSCs designed to receive the watermark will be completely different. Hence, the result of the recovery will have no similarity with the original watermark: authentication is reached.

(a) General structure
(b) Schematic view
Figure 5: NIOS II setting in FPGA

5.3 The FPGA setting

The 32-bit embedded-processor architecture designed specifically for the Altera family of FPGAs is applied in this information hiding specific application. Nios II incorporates many enhancements over the original Nios architecture, making it more suitable for a wider range of embedded computing applications, from DSP to system-control [2].

Figure a shows the structure of this application. The NIOS II system can read the image from the HOST computer side. Via the bus control, pseudorandom bits are produced into the FPGA and according to the CIPRNG. Then the results are transmitted back into the host.

Attacks UNAUTHENTICATION AUTHENTICATION
Cropping Size (pixels) Similarity Size (pixels) Similarity
10 99.18% 10 50.06%
50 96.13% 50 54.44%
100 91.21% 100 52.04%
200 66.16% 200 50.88%
Rotation Angle (degree) Similarity Angle (degree) Similarity
2 96.11% 2 71.41%
5 93.66% 5 60.03%
10 92.55% 10 53.87%
25 82.05% 25 50.09%
JPEG compression
Compression Similarity Compression Similarity
2 81.90% 2 53.79%
5 66.43% 5 55.51%
10 61.82% 10 51.24%
20 54.17% 20 47.33%
Gaussian noise
Standard dev. Similarity Standard dev. Similarity
1 75.16% 1 51.05%
2 62.33% 2 50.35%
3 56.34% 3 49.95%

[0pt]

Table 3: Robustness agains attacks

In Figure b, the NIOS II is using the most powerful version the CYCLONE II can support (namely, the NIOS II/f one). KB on chip memory and MB SDRAM are set, and the device is used to enhance the clock frequency from to MHz. Finally, the data connection bus NIOS II system and generator works in 32 bits.

5.4 Results

For evaluating the efficiency and the robustness of the application, some attacks are performed on some chaotically watermarked images. For the attacks, the similarity percentages with the original watermark are computed. These percentages are the numbers of equal bits between the original and the extracted watermark, shown as a percentage. A result less than or equal to implies that the image has probably not been watermarked.

Cropping attack

In this kind of attack, a watermarked image is cropped. In this case, the results in Tab.3 have been obtained. In Figure 6, the decrypted watermarks are shown after a crop of 50 pixels and after a crop of 10 pixels, in the authentication case.

(a) Unauthentication
()
(b) Authentication
()
(c) Unauthentication
()
Figure 6: Extracted watermark after a cropping attack (zoom )

By analyzing the similarity percentage between the original and the extracted watermark, we can conclude that in the case of unauthentication, the watermark still remains after a cropping attack. The desired robustness is reached. It can be noticed that cropping sizes and percentages are rather proportional. In the case of authentication, even a small change of the carrier image (a crop by pixels) leads to a really different extracted watermark. In this case, any attempt to alter the carrier image will be signaled, thus the image is well authenticated.

Rotation attack

Let be the rotation of angle around the center of the carrier image. So, the transformation is applied to the watermarked image. The results in Tab.3 have been obtained. The same conclusion as above can be declaimed.

JPEG compression

A JPEG compression is applied to the watermarked image, depending on a compression level. This attack leads to a change of the representation domain (from spatial to DCT domain). In this case, the results in Tab.3 have been obtained, illustrating a good authentication through JPEG attack. As for the unauthentication case, the watermark still remains after a compression level equal to 10. This is a good result if we take into account the fact that we use spatial embedding.

Gaussian noise

A watermarked image can be also attacked by the addition of a Gaussian noise, depending on a standard deviation. In this case, the results in Tab.3 are obtained, which are quite satisfactory another time.

5.5 Discussion

Generally, the quality of a PRNG depends, to a large extent, on the following criteria: randomness, uniformity, independence, storage efficiency, and reproducibility. A chaotic sequence may satisfy these requirements and also other chaotic properties, as ergodicity, entropy, and expansivity. A chaotic sequence is extremely sensitive to the initial conditions. That is, even a minute difference in the initial state of the system can lead to enormous differences in the final state, even over fairly small timescales. Therefore, chaotic sequence fits the requirements of pseudorandom sequence well. Contrary to XORshift, our generator possesses these chaotic properties [10, 27]. However, despite a large number of papers published in the field of chaos-based pseudorandom generators, the impact of this research is rather marginal. This is due to the following reasons: almost all PRNG algorithms using chaos are based on dynamical systems defined on continuous sets (e.g., the set of real numbers). So these generators are usually slow, requiring considerably more storage space and lose their chaotic properties during computations. These major problems restrict their use as generators [19].

In the CIPRNG method, we do not simply integrate chaotic maps hoping that the implemented algorithm remains chaotic. Indeed, the PRNG we conceive is just discrete chaotic iterations and we have proven in [10] that these iterations produce a topological chaos as defined by Devaney: they are regular, transitive, and sensitive to initial conditions. This famous definition of a chaotic behavior for a dynamical system implies unpredictability, mixture, sensitivity, and uniform repartition. Moreover, as only integers are manipulated in discrete chaotic iterations, the chaotic behavior of the system is preserved during computations, and these computations are fast.

These chaotic properties are behind the observed robustness of the proposed information hiding scheme: transitivity, for instance, implies that the watermark is spread over the whole host image, making it impossible to remove it by a simple crop. Regularity implies that the watermark is potentially inserted several times, reinforcing the robustness obtained by topological mixing and transitivity. Expansivity and sensitivity guarantee us that authentication is reached, as in an authenticated watermarking, MSBs are taken into account, and even a slight alteration of these bits leads to a completely different extracted watermark due to these metrical properties. Finally, unpredictability plays obviously an important role in the security of the whole process againts malicious attacks, even if this role is difficult to measure precisely in practice.

6 Conclusion and future work

In this paper, the pseudorandom generator proposed in our former research work has been developed in terms of efficiency. We also have proven that this generator based on hardware can be cryptographically secure. By using a BBS generator and due to a new approach in the way the Version 1 CI PRNG uses its strategies, the generator based on chaotic iterations works faster and is more secure. This new CIPRNG is able to pass NIST test suite when considering software implementation, and to reach Mbps (with the throughtput is about each processing round) in FPGA hardware. These considerations enable us to claim that this CIPRNG(BBS, XORshift) offers a sufficient speed and level of security for a whole range of applications where secure generators are required as cryptography and information hiding.

In future work, we will continue to explore new strategies and iteration functions. The chaotic behavior of the proposed generator will be deepened by using the various tools provided by the mathematical theory of chaos. Additionally a probabilistic study of its security will be done. Lastly, new applications in computer science will be proposed, among other things in the Internet security field.

References

  1. Verilog hdl. http://www.verilog.com/IEEEVerilog.html, 2008. Accessed: 30/09/2012.
  2. Introduction to the altera nios ii soft processor. http://coen.boisestate.edu/smloo/files/2011/11/, 2011. Accessed: 30/09/2012.
  3. Jacques Bahi, Jean-François Couchot, and Christophe Guyeux. Steganography: A class of secure and robust algorithms. The Computer Journal, 55(6):653–666, 2012.
  4. Jacques Bahi, Xiaole Fang, and Christophe Guyeux. An optimization technique on pseudorandom generators based on chaotic iterations. In INTERNET’2012, 4-th Int. Conf. on Evolving Internet, pages 31–36, Venice, Italy, June 2012.
  5. Jacques Bahi, Xiaole Fang, Christophe Guyeux, and Qianxue Wang. Evaluating quality of chaotic pseudo-random generators. application to information hiding. IJAS, International Journal On Advances in Security, 4(1-2):118–130, 2011.
  6. Jacques Bahi and Christophe Guyeux. A new chaos-based watermarking algorithm. In SECRYPT’10, Int. conf. on security and cryptography, pages 455–458, Athens, Greece, July 2010. SciTePress.
  7. Jacques Bahi and Christophe Guyeux. Topological chaos and chaotic iterations, application to hash functions. In IJCNN’10, Int. Joint Conf. on Neural Networks, joint to WCCI’10, IEEE World Congress on Computational Intelligence, pages 1–7, Barcelona, Spain, July 2010. Best paper award.
  8. Jacques Bahi, Christophe Guyeux, and Qianxue Wang. A novel pseudo-random generator based on discrete chaotic iterations. In INTERNET’09, 1-st Int. Conf. on Evolving Internet, pages 71–76, Cannes, France, August 2009.
  9. Jacques M. Bahi, Raphaël Couturier, Christophe Guyeux, and Pierre-Cyrille Héam. Efficient and cryptographically secure generation of chaotic pseudorandom numbers on gpu. CoRR, abs/1112.5239, submitted in Dec. 2011.
  10. Jacques M. Bahi and Christophe Guyeux. Hash functions using chaotic iterations. Journal of Algorithms & Computational Technology, 4(2):167–181, 2010.
  11. Jacques M. Bahi and Christophe Guyeux. An improved watermarking algorithm for internet applications. In INTERNET’2010. The 2nd Int. Conf. on Evolving Internet, pages 119–124, Valencia, Spain, September 2010. IEEE seccion ESPANIA.
  12. Lenore Blum, Manuel Blum, and Michael Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15:364–383, 1986.
  13. Slobodan Bojanic, Gabriel Caffarena, Slobodan Petrovic, and Octavio Nieto-Taladriz. Fpga for pseudorandom generator cryptanalysis. Microprocessors and Microsystems, 30(2):63 – 71, 2006.
  14. Songul Cecen, R. Murat Demirer, and Coskun Bayrak. A new hybrid nonlinear congruential number generator based on higher functional power of logistic maps. Chaos, Solitons & amp; Fractals, 42(2):847 – 853, 2009.
  15. J. L. Danger, S. Guilley, and P. Hoogvorst. High speed true random number generator based on open loop structures in fpgas. Microelectron. J., 40(11):1650–1656, November 2009.
  16. Robert L. Devaney. An Introduction to Chaotic Dynamical Systems, 2nd Edition. Westview Pr (Short Disc), March 2003.
  17. Massimo Falcioni, Luigi Palatella, Simone Pigolotti, and Angelo Vulpiani. Properties making a chaotic system a good pseudo random number generator. Phys. Rev. E, 72:016220, Jul 2005.
  18. Christophe Guyeux, Nicolas Friot, and Jacques M. Bahi. Chaotic iterations versus spread-spectrum: Chaos and stego security. In IIH-MSP’10, 6-th Int. Conf. on Intelligent Information Hiding and Multimedia Signal Processing, pages 208–211, Darmstadt, Germany, October 2010.
  19. L. Kocarev. Chaos-based cryptography: a brief overview. IEEE Circ Syst Mag, 7:6–21, 2001.
  20. Laurent Larger and John M. Dudley. Nonlinear dynamics: Optoelectronic chaos. Nature, 465(7294):41–42, 05 2010.
  21. Po-Han Lee, Yi Chen, Soo-Chang Pei, and Yih-Yuh Chen. Evidence of the correlation between positive lyapunov exponents and good chaotic random number sequences. Computer Physics Communications, 160(3):187 – 203, 2004.
  22. George Marsaglia. Xorshift rngs. Journal of Statistical Software, 8(14):1–6, 7 2003.
  23. Andrew Rukhin, Juan Soto, James Nechvatal, Elaine Barker, Stefan Leigh, Mark Levenson, David Banks, Alan Heckert, James Dray, San Vo, Andrew Rukhin, Juan Soto, Miles Smid, Stefan Leigh, Mark Vangel, Alan Heckert, James Dray, and Lawrence E Bassham Iii. A statistical test suite for random and pseudorandom number generators for cryptographic applications, Accessed: 30/09/2011. http://csrc.nist.gov/publications/nistpubs/800-22-rev1a/SP800-22rev1a.pdf.
  24. J. Terno. Robert, f., discrete iterations. a metric study. berlin-heidelberg-new york-tokyo, springer-verlag 1986. xvi, 195 s., 126 abb., dm138,–. isbn 3-540-13623-1 (springer series in computational mathematics 6) – translation from the french. ZAMM - Journal of Applied Mathematics and Mechanics / Zeitschrift für Angewandte Mathematik und Mechanik, 67(11):578–578, 1987.
  25. K. H. Tsoi, K. H. Leung, and P. H. W. Leong. Compact fpga-based true and pseudo random number generators. In Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM ’03, pages 51–61, Washington, DC, USA, 2003. IEEE Computer Society.
  26. F. Montoya Vitini, J. Monoz Masque, and A. Peinado Dominguez. Bound for linear complexity of bbs sequences. Electronics Letters, 34:450–451, 1998.
  27. Qianxue Wang, Christophe Guyeux, and Jacques Bahi. A novel pseudo-random generator based on discrete chaotic iterations for cryptographic applications. INTERNET ’09, pages 71–76, 2009.
  28. X. Wu and Z. Guan. A novel digital watermark algorithm based on chaotic maps. Physical Letters A, 365:403—-406, 2007.
Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
""
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
   
Add comment
Cancel
Loading ...
145400
This is a comment super asjknd jkasnjk adsnkj
Upvote
Downvote
""
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters
Submit
Cancel

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test
Test description