Ramdomness quality of CI chaotic generators. Application to Internet security

Randomness Quality of CI Chaotic Generators: Applications to Internet Security

Abstract

Due to the rapid development of the Internet in recent years, the need to find new tools to reinforce trust and security through the Internet has became a major concern. The discovery of new pseudo-random number generators with a strong level of security is thus becoming a hot topic, because numerous cryptosystems and data hiding schemes are directly dependent on the quality of these generators. At the conference Internet’09, we have described a generator based on chaotic iterations, which behaves chaotically as defined by Devaney. In this paper, the proposal is to improve the speed and the security of this generator, to make its use more relevant in the Internet security context. To do so, a comparative study between various generators is carried out and statistical results are given. Finally, an application in the information hiding framework is presented, to give an illustrative example of the use of such a generator in the Internet security field.

{IEEEkeywords}

Internet security; Chaotic sequences; Statistical tests; Discrete chaotic iterations; Information hiding.

\IEEEpeerreviewmaketitle

1 Introduction

The development and popularity of the Internet, and its recent role in everyday life implies the need to protect data and privacy in digital world. This development has revealed new major security issues. For example, new concerns have recently appeared with the evolving of the Internet, as evoting, VoD or intellectual property protection. The pseudo-random number generators (PRNG) play an important role in all of these emerging techniques, because they are fundamental in cryptosystems and information hiding schemes. PRNGs are typically defined by a deterministic recurrent sequence in a finite state space, usually a finite field or ring, and an output function mapping each state to an input value. This is often either a real number in the interval or an integer in some finite range [8]. Conventionally, PRNGs based on linear congruential methods and feedback shift-registers are popular [6].

To use a PRNG with a large level of security is necessary to satisfy the Internet security requirements recalled above. This level depends on the proof of theoretical properties and results of numerous statistical tests. Many PRNGs have been proven to be secure, following a probabilistic approach. However, recently, several researchers have been exploring the idea of using chaotic dynamical systems for this purpose [5] [3]. The random-like, unpredictable dynamics of chaotic systems, their inherent determinism and simplicity of realization suggest their potential for exploitation as PRNGs. Such generators can strongly improve security in information hiding and cryptography: due to unpredictability, the possibilities offered to an attacker to achieve his goal are drastically reduced. For example the keys of cryptosystems need to be unpredictable enough, making it impossible for any search optimization based on the reduction of the key space to the most probable values. But the number of generators claimed as chaotic, which actually have been proven to be unpredictable (as it is defined in the mathematical theory of chaos) is very small.

This paper extends a study initiated in [2] and [13], and tries to fill this gap. In [2], it is proven that chaotic iterations (CIs), a suitable tool for fast computing iterative algorithms, satisfies the topological chaotic property, as it is defined by Devaney [4]. In the paper [13] presented at Internet’09, the chaotic behavior of CIs is exploited in order to obtain an unpredictable PRNG, which depends on two logistic maps. We have shown that, in addition of being chaotic, this generator can pass the NIST (National Institute of Standards and Technology of the U.S. Government) battery of tests [11], widely considered as a comprehensive and stringent battery of tests for cryptographic applications. In this paper, we have improved the speed and security of the former generator. Chaotic properties, statistical tests and security analysis [14] allow us to consider that this generator has good pseudo-random characteristics and is capable to withstand attacks. Moreover, its high linear complexity and its large key space lead to the conviction that this generator is suitable for applications in the Internet security field. After having presented the theoretical framework of the study and a security analysis, we will give a comparison based on statistical tests. Finally a concrete example of how to use these pseudo-random numbers for information hiding through the Internet is detailed.

The rest of this paper is organized in the following way. In Section 2, some basic definitions concerning chaotic iterations and PRNGs are recalled. Then, the generator based on discrete chaotic iterations is presented in Section 3. Section 4 is devoted to its security analysis. In Section 5, various tests are passed with a goal to achieve a statistical comparison between this new PRNG and other existing ones. In Section 6, a potential use of this PRNG in some Internet security field is presented, namely in information hiding. The paper ends with a conclusion and intended future work.

2 Basic recalls

2.1 Notations

the term of a sequence
the component of a vector
    
composition of a function
strategy a sequence which elements belong in
the set of all strategies
the binomial coefficient
bitwise exclusive or
the integer addition
the usual shift operators
a metric space
returns the highest integer smaller than
the factorial
the set of positive integers {1,2,3,…}

2.2 Chaotic iterations

Definition 1

The set denoting , let be an “iteration” function and be a chaotic strategy. Then, the so-called chaotic iterations are defined by [12]

(1)

In other words, at the iteration, only the th cell is “iterated”. Chaotic iterations generate a set of vectors (boolean vectors in this paper), which are defined by an initial state , an iteration function , and a chaotic strategy .

2.3 XORshift

XORshift is a category of very fast PRNGs designed by George Marsaglia [9]. It repeatedly uses the transform of exclusive or (XOR) on a number with a bit shifted version of it. The state of a XORshift generator is a vector of bits. At each step, the next state is obtained by applying a given number of XORshift operations to -bit blocks in the current state, where or . A XORshift operation is defined as follows. Replace the -bit block by a bitwise XOR of the original block, with a shifted copy of itself by positions either to the right or to the left, where . This Algorithm 2.3 has a period of .

{algorithm}\SetAlgoLined\KwIn

the internal state (a 32-bits word) \KwOut (a 32-bits word)   return An arbitrary round of XORshift algorithm

3 The new generation of CI pseudo-random sequence

3.1 Chaotic iterations as pseudo-random generator

Presentation

The novel generator is designed by the following process. First of all, some chaotic iterations have to be done to generate a sequence (, is not necessarily equal to 32) of boolean vectors, which are the successive states of the iterated system. Some of these vectors will be randomly extracted and our pseudo-random bit flow will be constituted by their components. Such chaotic iterations are realized as follows. Initial state is a boolean vector taken as a seed (see Section 3.1.2) and chaotic strategy is an irregular decimation of a XORshift sequence (Section 3.1.4). The iterate function is the vectorial boolean negation:

At each iteration, only the -th component of state is updated, as follows: if , else . Finally, some are selected by a sequence as the pseudo-random bit sequence of our generator. The sequence is computed from a XORshift sequence (see Section 3.1.3). So, the generator returns the following values:
Bits:

or States:

The seed

The initial state of the system and the first term of the XORshift are seeded either by the current time in seconds since the Epoch, or by a number that the user inputs, as it is usually the case for every PRNG.

Sequence of returned states

The output of the sequence is uniform in , because it is produced by a XORshift generator. However, we do not want the output of to be uniform in , because in this case, the returns of our generator will not be uniform in , as it is illustrated in the following example. Let us suppose that . Then .

  • If , then no bit will change between the first and the second output of our PRNG. Thus .

  • If , then exactly one bit will change, which leads to three possible values for , namely , , and .

  • etc.

As each value in must be returned with the same probability, then the values , , and must occur for with the same probability. Finally we see that, in this example, must be three times more probable than . This leads to the following general definition for :

(2)

Chaotic strategy

The chaotic strategy is generated from a second XORshift sequence . The sole difference between the sequences and is that some terms of are discarded, in such a way that: does not contain a same integer twice, where . Therefore, no bit will change more than once between two successive outputs of our PRNG, increasing the speed of the former generator by doing so. is said to be “an irregular decimation” of . This decimation can be obtained by the following process.

Let be a mark sequence, such that whenever , then (, the sequence is reset when contains times the number 1). This mark sequence will control the XORshift sequence as follows:

  • if , then , and

  • if , then is discarded.

For example, if and , then Another example is given in Table 2.3, in which means “reset” and the integers which are underlined in sequence are discarded.

3.2 CI(XORshift, XORshift) algorithm

The basic design procedure of the novel generator is summed up in Algorithm 3.2. The internal state is , the output state is . and are those computed by the two XORshift generators. The value is an integer, defined as in Equation 2. Lastly, is a constant defined by the user. {algorithm} \SetAlgoLined\KwInthe internal state ( bits) \KwOuta state of bits \For \For \If \ElseIf   return An arbitrary round of the new CI(XORshift,XORshift) generator

As a comparison, the basic design procedure of the old generator is recalled in Algorithm 3.2 ( and are computed by Logistic maps, and are constants defined by the user). See [13] for further informations.

{algorithm}\SetAlgoLined\KwIn

the internal state ( bits) \KwOuta state of bits \If \Else

\For   return An arbitrary round of the old PRNG

3.3 Illustrative example

In this example, is chosen for easy understanding. The initial state of the system can be seeded by the decimal part of the current time. For example, if the current time in seconds since the Epoch is 1237632934.484088, so , then in binary digits, i.e., .

To compute sequence, Equation 3 can be adapted to this example as follows:

(3)

where is generated by XORshift seeded with the current time. We can see that the probabilities of occurrences of , , , , , are , , , , , respectively. This determines what will be the next output . For instance,

  • If , the following will be .

  • If , the following can be , , or .

  • If , the following can be , , , , or .

  • If , the following can be , , or .

  • If , the following will be .

In this simulation, Additionally, is computed with a XORshift generator too, but with another seed. We have found

Chaotic iterations are made with initial state , vectorial logical negation and strategy . The result is presented in Table 1. Let us recall that sequence gives the states to return, which are here So, in this example, the output of the generator is: 10100111101111110011… or 4,4,11,8,1…

0 4 2 2
0 4 2 2
1 4 2 2 3 3 4 1 1 4
r r (1,0,0,0) (1,0,0,1) (1,1,0,1) (1,1,1,1,) r (0,0,1,0) (0,0,1,1) r (1,0,0,0) (1,0,0,1)
1 4 2 3 3 4 1 4
0 0 1 1 0
1 1 0 0 0
0 0 1 0 0
0 0 1 0 1

Binary Output:
Integer Output:

Table 1: Application example

4 Security analysis

4.1 Key space

The PRNG proposed in this paper is based on discrete chaotic iterations. It has an initial value . Considering this set of initial values alone, the key space size is equal to . In addition, this new generator combines digits of two other PRNGs. We used two different XORshifts here. Let be the key space of XORshift. So the total key space size is close to . Lastly, the impact of Equation 2 must be taken into account. This leads to conclude that the key space size is large enough to withstand attacks.

4.2 Devaney’s chaos property

Generally, the quality of a PRNG depends, to a large extent, on the following criteria: randomness, uniformity, independence, storage efficiency, and reproducibility. A chaotic sequence may satisfy these requirements and also other chaotic properties, as ergodicity, entropy, and expansivity. A chaotic sequence is extremely sensitive to the initial conditions. That is, even a minute difference in the initial state of the system can lead to enormous differences in the final state, even over fairly small timescales. Therefore, chaotic sequence fits the requirements of pseudo-random sequence well. Contrary to XORshift, our generator possesses these chaotic properties [2],[13]. However, despite a large number of papers published in the field of chaos-based pseudo-random generators, the impact of this research is rather marginal. This is due to the following reasons: almost all PRNG algorithms using chaos are based on dynamical systems defined on continuous sets (e.g., the set of real numbers). So these generators are usually slow, requiring considerably more storage space and lose their chaotic properties during computations. These major problems restrict their use as generators [7].
In this paper we don’t simply integrate chaotic maps hoping that the implemented algorithm remains chaotic. Indeed, the PRNG we conceive is just discrete chaotic iterations and we have proven in [2] that these iterations produce a topological chaos as defined by Devaney: they are regular, transitive, and sensitive to initial conditions. This famous definition of a chaotic behavior for a dynamical system implies unpredictability, mixture, sensitivity, and uniform repartition. Moreover, as only integers are manipulated in discrete chaotic iterations, the chaotic behavior of the system is preserved during computations, and these computations are fast.

4.3 Key sensitivity

As a consequence of its chaotic property, this PRNG is highly sensitive to the initial conditions. To illustrate this property, several initial values are put into the chaotic system. Let be the number of differences between the sequences obtained in this way. Suppose is the length of these sequences. Then the variance ratio , defined by , is computed. The results are shown in Figure 1 ( axis is sequence lengths, axis is variance ratio ). For the two PRNGs, variance ratios approach , which indicates that the system is extremely sensitive to the initial conditions.

Figure 1: Sensitivity analysis

5 Statistical analysis

5.1 Basic usual tests

Comparative test parameters

In this section, five well-known statistical tests [10] are used as comparison tools. They encompass frequency and autocorrelation tests. In what follows, denotes a binary sequence of length . The question is to determine whether this sequence possesses some specific characteristics that a truly random sequence would be likely to exhibit. The tests are introduced in this subsection and results are given in the next one.

Frequency test (monobit test) The purpose of this test is to check if the numbers of 0’s and 1’s are approximately equal in , as it would be expected for a random sequence. Let denote these numbers. The statistic used here is , which approximately follows a distribution with one degree of freedom when .

Serial test (2-bit test) The purpose of this test is to determine if the number of occurrences of 00, 01, 10 and 11 as subsequences of are approximately the same. Let , and denote the number of occurrences of , and respectively. Note that since the subsequences are allowed to overlap. The statistic used here is:
which approximately follows a distribution with 2 degrees of freedom if .

Poker test The poker test studies if each pattern of length (without overlapping) appears the same number of times in . Let and . Divide the sequence into non-overlapping parts, each of length . Let be the number of occurrences of the type of sequence of length , where . The statistic used is

which approximately follows a distribution with degrees of freedom. Note that the poker test is a generalization of the frequency test: setting in the poker test yields the frequency test.

Runs test The purpose of the runs test is to figure out whether the number of runs of various lengths in the sequence is as expected, for a random sequence. A run is defined as a pattern of all zeros or all ones, a block is a run of ones, and a gap is a run of zeros. The expected number of gaps (or blocks) of length in a random sequence of length is . Let be equal to the largest integer such that . Let be the number of blocks and gaps of length in , for each . The statistic used here will then be:

which approximately follows a distribution with degrees of freedom.

Autocorrelation test The purpose of this test is to check for coincidences between the sequence and (non-cyclic) shifted versions of it. Let be a fixed integer, . The is the amount of bits not equal between the sequence and itself displaced by bits. The statistic used is: , which approximately follows a normal distribution if . Since small values of are as unexpected as large values, a two-sided test should be used.

Comparison

Method Monobit Serial Poker Runs Autocorrelation Time
Logistic map 0.1280 0.1302 240.2893 26.5667 0.0373 0.965s
XORshift 1.7053 2.1466 248.9318 18.0087 -0.5009 0.096s
Old CI(Logistic, Logistic) 1.0765 1.0796 258.1069 20.9272 -1.6994 0.389s
New CI(XORshift,XORshift) 0.3328 0.7441 262.8173 16.7877 -0.0805 0.197s
Table 2: Comparison with Old CI(Logistic, Logistic) for a bits sequence

We show in Table 2 a comparison between our new generator CI(XORshift, XORshift), its old version denoted Old CI(Logistic, Logistic), a PRNG based on logistic map, and a simple XORshift. Time (in seconds) is related to the duration needed by each algorithm to generate a bits long sequence. The test has been conducted using the same computer and compiler with the same optimization settings for both algorithms, in order to make the test as fair as possible. Similar results have been achieved for different sequence lengths (see Figure 2). The results confirm that the proposed generator is a lot faster than the old one, while the statistical results are better for most of the parameters, leading to the conclusion that the new PRNG is more secure than the old one. Although the logistic map also has good results, it is too slow to be implemented in Internet applications.

Figure 2: Comparison through various well-known tests

5.2 NIST statistical test suite

Among the numerous standard tests for pseudo-randomness, a convincing way to prove the quality of the produced sequences is to confront them with the NIST (National Institute of Standards and Technology) Statistical Test Suite SP 800-22, released by the Information Technology Laboratory in August 25, 2008. This package of 15 tests was developed to measure the randomness of (arbitrarily long) binary sequences produced by either hardware or software based cryptographic (pseudo-)random number generators. These tests focus on a variety of different types of non-randomness that could occur in such sequences.

In our experiments, 100 sequences (s = 100) of 1,000,000 bits are generated and tested. If the value of any test is smaller than 0.0001, the sequences are considered to not be good enough and the generator is unsuitable. Table 3 shows of the sequences based on discrete chaotic iterations using different schemes. If there are at least two statistical values in a test, this test is marked with an asterisk and the average value is computed to characterize the statistical values. We can conclude from Table 3 that both the old generator and CI(XORshift, XORshift) have successfully passed the NIST statistical test suite.

Method Old CI New CI
Frequency (Monobit) Test 0.595549 0.474986
Frequency Test within a Block 0.554420 0.897763
Runs Test 0.455937 0.816537
Longest Run of Ones in a Block Test 0.016717 0.798139
Binary Matrix Rank Test 0.616305 0.262249
Discrete Fourier Transform (Spectral) Test 0.000190 0.007160
Non-overlapping Template Matching Test* 0.532252 0.449916
Overlapping Template Matching Test 0.334538 0.514124
Maurer’s “Universal Statistical” Test 0.032923 0.678686
Linear Complexity Test 0.401199 0.657933
Serial Test* (m=10) 0.013396 0.425346
Approximate Entropy Test (m=10) 0.137282 0.637119
Cumulative Sums (Cusum) Test* 0.046464 0.279680
Random Excursions Test* 0.503622 0.287409
Random Excursions Variant Test* 0.347772 0.486686
Success 15/15 15/15
Table 3: SP 800-22 test results ()

6 Application example in digital watermarking

In this section, an application example is given in the field of digital watermarking: a watermark is encrypted and embedded into a cover image using the scheme presented in [1] and CI(XORshift, XORshift). The carrier image is the well-known Lena, which is a 256 grayscale image, and the watermark is the pixels binary image depicted in Figure 3.

(a) The original image
(b) The watermark
Figure 3: Original images
(a) Differences with the original
(b) The encrypted watermark
Figure 4: Encrypted watermark and differences

The watermark is encrypted by using chaotic iterations: the initial state is the watermark, considered as a boolean vector, the iteration function is the vectorial logical negation, and the chaotic strategy is defined with CI(XORshift, XORshift), where initial parameters constitute the secret key and . Thus, the encrypted watermark is the last boolean vector generated by these chaotic iterations. An example of such an encryption is given in Figure 4.

Let be the booleans vector constituted by the three last bits of each pixel of Lena and defined by:

(4)

The watermarked Lena is obtained from the original Lena, whose three last bits are replaced by the result of chaotic iterations with initial state and strategy (see Figure 4).

The extraction of the watermark can be obtained in the same way. Remark that the map of the torus, which is the famous dyadic transformation (a well-known example of topological chaos [4]), has been chosen to make highly sensitive to the strategy. As a consequence, is highly sensitive to the alteration of the image: any significant modification of the watermarked image will lead to a completely different extracted watermark, thus giving a way to authenticate media through the Internet.

7 Conclusion and future work

In this paper, the pseudo-random generator proposed in [13] has been improved. By using XORshift instead of logistic map and due to a rewrite of the way to generate strategies, the generator based on chaotic iterations works faster and is more secure. The speed and randomness of this new PRNG has been compared to its former version, to XORshift, and to a generator based on logistic map. This comparison shows that CI(XORshift, XORshift) offers a sufficient speed and level of security for a whole range of Internet usages as cryptography and data hiding.

In future work, we will continue to try to improve the speed and security of this PRNG, by exploring new strategies and iteration functions. Its chaotic behavior will be deepened by using the various tools provided by the mathematical theory of chaos. New statistical tests will be used to compare this PRNG to existing ones. Additionally a probabilistic study of its security will be done. Lastly, new applications in computer science will be proposed, especially in the Internet security field.

References

  1. J. M. Bahi and C. Guyeux. A new chaos-based watermarking algorithm. In SECRYPT 2010, International conference on security and cryptography, pages ***–***, Athens, Greece, 2010. To appear.
  2. J. M. Bahi and C. Guyeux. Topological chaos and chaotic iterations, application to hash functions. WCCI’10: 2010 IEEE World Congress on Computational Intelligence, Accepted paper, 2010.
  3. S. Cecen, R. M. Demirer, and C. Bayrak. A new hybrid nonlinear congruential number generator based on higher functional power of logistic maps. Chaos, Solitons and Fractals, 42:847–853, 2009.
  4. R. L. Devaney. An Introduction to Chaotic Dynamical Systems. Redwood City: Addison-Wesley, 2nd edition, 1989.
  5. M. Falcioni, L. Palatella, S. Pigolotti, and A. Vulpiani. Properties making a chaotic system a good pseudo random number generator. arXiv, nlin/0503035, 2005.
  6. D. E. Knuth. The Art of Computer Programming, Volume 2: Seminumerical Algorithms. Addison-Wesley, 1998.
  7. L. Kocarev. Chaos-based cryptography: a brief overview. IEEE Circ Syst Mag, 7:6–21, 2001.
  8. P. L’ecuyer. Comparison of point sets and sequences for quasi-monte carlo and for random number generation. SETA 2008, LNCS 5203:1–17, 2008.
  9. G. Marsaglia. Xorshift rngs. Journal of Statistical Software, 8(14):1–6, 2003.
  10. A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of applied cryptography. CRC Press, 1997.
  11. NIST Special Publication 800-22 rev. 1. A statistical test suite for random and pseudorandom number generators for cryptographic applications. August 2008.
  12. F. Robert. Discrete Iterations. A Metric Study, volume 6. Springer Series in Computational Mathematics, 1986.
  13. Q. Wang, C. Guyeux, and J. M. Bahi. A novel pseudo-random generator based on discrete chaotic iterations for cryptographic applications. INTERNET ’09, pages 71–76, 2009.
  14. F. Zheng, X. Tian, J. Song, and X. Li. Pseudo-random sequence generator based on the generalized henon map. The Journal of China Universities of Posts and Telecommunications, 15(3):64–68, 2008.
Comments 0
Request Comment
You are adding the first comment!
How to quickly get a good reply:
  • Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
  • Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
  • Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
""
The feedback must be of minimum 40 characters and the title a minimum of 5 characters
   
Add comment
Cancel
Loading ...
128905
This is a comment super asjknd jkasnjk adsnkj
Upvote
Downvote
""
The feedback must be of minumum 40 characters
The feedback must be of minumum 40 characters
Submit
Cancel

You are asking your first question!
How to quickly get a good answer:
  • Keep your question short and to the point
  • Check for grammar or spelling errors.
  • Phrase it like a question
Test
Test description