Randomness Quality of CI Chaotic Generators: Applications to Internet Security
Abstract
Due to the rapid development of the Internet in recent years, the need to find new tools to reinforce trust and security through the Internet has became a major concern. The discovery of new pseudorandom number generators with a strong level of security is thus becoming a hot topic, because numerous cryptosystems and data hiding schemes are directly dependent on the quality of these generators. At the conference Internet’09, we have described a generator based on chaotic iterations, which behaves chaotically as defined by Devaney. In this paper, the proposal is to improve the speed and the security of this generator, to make its use more relevant in the Internet security context. To do so, a comparative study between various generators is carried out and statistical results are given. Finally, an application in the information hiding framework is presented, to give an illustrative example of the use of such a generator in the Internet security field.
Internet security; Chaotic sequences; Statistical tests; Discrete chaotic iterations; Information hiding.
1 Introduction
The development and popularity of the Internet, and its recent role in everyday life implies the need to protect data and privacy in digital world. This development has revealed new major security issues. For example, new concerns have recently appeared with the evolving of the Internet, as evoting, VoD or intellectual property protection. The pseudorandom number generators (PRNG) play an important role in all of these emerging techniques, because they are fundamental in cryptosystems and information hiding schemes. PRNGs are typically defined by a deterministic recurrent sequence in a finite state space, usually a finite field or ring, and an output function mapping each state to an input value. This is often either a real number in the interval or an integer in some finite range [8]. Conventionally, PRNGs based on linear congruential methods and feedback shiftregisters are popular [6].
To use a PRNG with a large level of security is necessary to satisfy the Internet security requirements recalled above. This level depends on the proof of theoretical properties and results of numerous statistical tests. Many PRNGs have been proven to be secure, following a probabilistic approach. However, recently, several researchers have been exploring the idea of using chaotic dynamical systems for this purpose [5] [3]. The randomlike, unpredictable dynamics of chaotic systems, their inherent determinism and simplicity of realization suggest their potential for exploitation as PRNGs. Such generators can strongly improve security in information hiding and cryptography: due to unpredictability, the possibilities offered to an attacker to achieve his goal are drastically reduced. For example the keys of cryptosystems need to be unpredictable enough, making it impossible for any search optimization based on the reduction of the key space to the most probable values. But the number of generators claimed as chaotic, which actually have been proven to be unpredictable (as it is defined in the mathematical theory of chaos) is very small.
This paper extends a study initiated in [2] and [13], and tries to fill this gap. In [2], it is proven that chaotic iterations (CIs), a suitable tool for fast computing iterative algorithms, satisfies the topological chaotic property, as it is defined by Devaney [4]. In the paper [13] presented at Internet’09, the chaotic behavior of CIs is exploited in order to obtain an unpredictable PRNG, which depends on two logistic maps. We have shown that, in addition of being chaotic, this generator can pass the NIST (National Institute of Standards and Technology of the U.S. Government) battery of tests [11], widely considered as a comprehensive and stringent battery of tests for cryptographic applications. In this paper, we have improved the speed and security of the former generator. Chaotic properties, statistical tests and security analysis [14] allow us to consider that this generator has good pseudorandom characteristics and is capable to withstand attacks. Moreover, its high linear complexity and its large key space lead to the conviction that this generator is suitable for applications in the Internet security field. After having presented the theoretical framework of the study and a security analysis, we will give a comparison based on statistical tests. Finally a concrete example of how to use these pseudorandom numbers for information hiding through the Internet is detailed.
The rest of this paper is organized in the following way. In Section 2, some basic definitions concerning chaotic iterations and PRNGs are recalled. Then, the generator based on discrete chaotic iterations is presented in Section 3. Section 4 is devoted to its security analysis. In Section 5, various tests are passed with a goal to achieve a statistical comparison between this new PRNG and other existing ones. In Section 6, a potential use of this PRNG in some Internet security field is presented, namely in information hiding. The paper ends with a conclusion and intended future work.
2 Basic recalls
2.1 Notations
the term of a sequence  
the component of a vector  
composition of a function  
strategy  a sequence which elements belong in 
the set of all strategies  
the binomial coefficient  
bitwise exclusive or  
the integer addition  
the usual shift operators  
a metric space 
returns the highest integer smaller than  
the factorial  
the set of positive integers {1,2,3,…} 
2.2 Chaotic iterations
Definition 1
The set denoting , let be an “iteration” function and be a chaotic strategy. Then, the socalled chaotic iterations are defined by [12]
(1) 
In other words, at the iteration, only the th cell is “iterated”. Chaotic iterations generate a set of vectors (boolean vectors in this paper), which are defined by an initial state , an iteration function , and a chaotic strategy .
2.3 XORshift
XORshift is a category of very fast PRNGs designed by George Marsaglia [9]. It repeatedly uses the transform of exclusive or (XOR) on a number with a bit shifted version of it. The state of a XORshift generator is a vector of bits. At each step, the next state is obtained by applying a given number of XORshift operations to bit blocks in the current state, where or . A XORshift operation is defined as follows. Replace the bit block by a bitwise XOR of the original block, with a shifted copy of itself by positions either to the right or to the left, where . This Algorithm 2.3 has a period of .
the internal state (a 32bits word) \KwOut (a 32bits word) return
3 The new generation of CI pseudorandom sequence
3.1 Chaotic iterations as pseudorandom generator
Presentation
The novel generator is designed by the following process. First of all, some chaotic iterations have to be done to generate a sequence (, is not necessarily equal to 32) of boolean vectors, which are the successive states of the iterated system. Some of these vectors will be randomly extracted and our pseudorandom bit flow will be constituted by their components. Such chaotic iterations are realized as follows. Initial state is a boolean vector taken as a seed (see Section 3.1.2) and chaotic strategy is an irregular decimation of a XORshift sequence (Section 3.1.4). The iterate function is the vectorial boolean negation:
At each iteration, only the th component of state is updated, as follows: if , else .
Finally, some are selected
by a sequence as the pseudorandom bit sequence of our generator. The sequence
is computed from a XORshift sequence (see Section 3.1.3). So, the
generator returns the following values:
Bits:
or States:
The seed
The initial state of the system and the first term of the XORshift are seeded either by the current time in seconds since the Epoch, or by a number that the user inputs, as it is usually the case for every PRNG.
Sequence of returned states
The output of the sequence is uniform in , because it is produced by a XORshift generator. However, we do not want the output of to be uniform in , because in this case, the returns of our generator will not be uniform in , as it is illustrated in the following example. Let us suppose that . Then .

If , then no bit will change between the first and the second output of our PRNG. Thus .

If , then exactly one bit will change, which leads to three possible values for , namely , , and .

etc.
As each value in must be returned with the same probability, then the values , , and must occur for with the same probability. Finally we see that, in this example, must be three times more probable than . This leads to the following general definition for :
(2) 
Chaotic strategy
The chaotic strategy is generated from a second XORshift sequence . The sole difference between the sequences and is that some terms of are discarded, in such a way that: does not contain a same integer twice, where . Therefore, no bit will change more than once between two successive outputs of our PRNG, increasing the speed of the former generator by doing so. is said to be “an irregular decimation” of . This decimation can be obtained by the following process.
Let be a mark sequence, such that whenever , then (, the sequence is reset when contains times the number 1). This mark sequence will control the XORshift sequence as follows:

if , then , and

if , then is discarded.
For example, if and , then Another example is given in Table 2.3, in which means “reset” and the integers which are underlined in sequence are discarded.
3.2 CI(XORshift, XORshift) algorithm
The basic design procedure of the novel generator is summed up in Algorithm 3.2. The internal state is , the output state is . and are those computed by the two XORshift generators. The value is an integer, defined as in Equation 2. Lastly, is a constant defined by the user. {algorithm} \SetAlgoLined\KwInthe internal state ( bits) \KwOuta state of bits \For \For \If \ElseIf return
As a comparison, the basic design procedure of the old generator is recalled in Algorithm 3.2 ( and are computed by Logistic maps, and are constants defined by the user). See [13] for further informations.
the internal state ( bits) \KwOuta state of bits \If \Else
\For return
3.3 Illustrative example
In this example, is chosen for easy understanding. The initial state of the system can be seeded by the decimal part of the current time. For example, if the current time in seconds since the Epoch is 1237632934.484088, so , then in binary digits, i.e., .
To compute sequence, Equation 3 can be adapted to this example as follows:
(3) 
where is generated by XORshift seeded with the current time. We can see that the probabilities of occurrences of , , , , , are , , , , , respectively. This determines what will be the next output . For instance,

If , the following will be .

If , the following can be , , or .

If , the following can be , , , , or .

If , the following can be , , or .

If , the following will be .
In this simulation, Additionally, is computed with a XORshift generator too, but with another seed. We have found
Chaotic iterations are made with initial state , vectorial logical negation and strategy . The result is presented in Table 1. Let us recall that sequence gives the states to return, which are here So, in this example, the output of the generator is: 10100111101111110011… or 4,4,11,8,1…
0  4  2  2  
0  4  2  2  
1  4  2  2  3  3  4  1  1  4  
r  r (1,0,0,0)  (1,0,0,1)  (1,1,0,1)  (1,1,1,1,)  r (0,0,1,0)  (0,0,1,1)  r (1,0,0,0)  (1,0,0,1)  
1  4  2  3  3  4  1  4  
0  0  1  1  0  
1  1  0  0  0  
0  0  1  0  0  
0  0  1  0  1 
Binary Output:
Integer Output:
4 Security analysis
4.1 Key space
The PRNG proposed in this paper is based on discrete chaotic iterations. It has an initial value . Considering this set of initial values alone, the key space size is equal to . In addition, this new generator combines digits of two other PRNGs. We used two different XORshifts here. Let be the key space of XORshift. So the total key space size is close to . Lastly, the impact of Equation 2 must be taken into account. This leads to conclude that the key space size is large enough to withstand attacks.
4.2 Devaney’s chaos property
Generally, the quality of a PRNG depends, to a large extent, on the following criteria: randomness, uniformity, independence, storage efficiency, and reproducibility. A chaotic sequence may satisfy these requirements and also other chaotic properties, as ergodicity, entropy, and expansivity. A chaotic sequence is extremely sensitive to the initial conditions. That is, even a minute difference in the initial state of the system can lead to enormous differences in the final state, even over fairly small timescales. Therefore, chaotic sequence fits the requirements of pseudorandom sequence well. Contrary to XORshift, our generator possesses these chaotic properties [2],[13].
However, despite a large number of papers published in the field of chaosbased pseudorandom generators, the impact of this research is rather marginal. This is due to the following reasons: almost all PRNG algorithms using chaos are based on dynamical systems defined on continuous sets (e.g., the set of real numbers). So these generators are usually slow, requiring considerably more storage space and lose their chaotic properties during computations. These major problems restrict their use as generators [7].
In this paper we don’t simply integrate chaotic maps hoping that the implemented algorithm remains chaotic. Indeed, the PRNG we conceive is just discrete chaotic iterations and we have proven in [2] that these iterations produce a topological chaos as defined by Devaney: they are regular, transitive, and sensitive to initial conditions. This famous definition of a chaotic behavior for a dynamical system implies unpredictability, mixture, sensitivity, and uniform repartition. Moreover, as only integers are manipulated in discrete chaotic iterations, the chaotic behavior of the system is preserved during computations, and these computations are fast.
4.3 Key sensitivity
As a consequence of its chaotic property, this PRNG is highly sensitive to the initial conditions. To illustrate this property, several initial values are put into the chaotic system. Let be the number of differences between the sequences obtained in this way. Suppose is the length of these sequences. Then the variance ratio , defined by , is computed. The results are shown in Figure 1 ( axis is sequence lengths, axis is variance ratio ). For the two PRNGs, variance ratios approach , which indicates that the system is extremely sensitive to the initial conditions.
5 Statistical analysis
5.1 Basic usual tests
Comparative test parameters
In this section, five wellknown statistical tests [10] are used as comparison tools. They encompass frequency and autocorrelation tests. In what follows, denotes a binary sequence of length . The question is to determine whether this sequence possesses some specific characteristics that a truly random sequence would be likely to exhibit. The tests are introduced in this subsection and results are given in the next one.
Frequency test (monobit test) The purpose of this test is to check if the numbers of 0’s and 1’s are approximately equal in , as it would be expected for a random sequence. Let denote these numbers. The statistic used here is , which approximately follows a distribution with one degree of freedom when .
Serial test (2bit test) The purpose of this test is to determine if the number of occurrences of 00, 01, 10 and 11 as subsequences of are approximately the same. Let , and denote the number of occurrences of , and respectively. Note that since the subsequences are allowed to overlap. The
statistic used here is:
which approximately follows a distribution with 2 degrees of freedom if .
Poker test The poker test studies if each pattern of length (without overlapping) appears the same number of times in . Let and . Divide the sequence into nonoverlapping parts, each of length . Let be the number of occurrences of the type of sequence of length , where . The statistic used is
which approximately follows a distribution with degrees of freedom. Note that the poker test is a generalization of the frequency test: setting in the poker test yields the frequency test.
Runs test The purpose of the runs test is to figure out whether the number of runs of various lengths in the sequence is as expected, for a random sequence. A run is defined as a pattern of all zeros or all ones, a block is a run of ones, and a gap is a run of zeros. The expected number of gaps (or blocks) of length in a random sequence of length is . Let be equal to the largest integer such that . Let be the number of blocks and gaps of length in , for each . The statistic used here will then be:
which approximately follows a distribution with degrees of freedom.
Autocorrelation test The purpose of this test is to check for coincidences between the sequence and (noncyclic) shifted versions of it. Let be a fixed integer, . The is the amount of bits not equal between the sequence and itself displaced by bits. The statistic used is: , which approximately follows a normal distribution if . Since small values of are as unexpected as large values, a twosided test should be used.
Comparison
Method  Monobit  Serial  Poker  Runs  Autocorrelation  Time 

Logistic map  0.1280  0.1302  240.2893  26.5667  0.0373  0.965s 
XORshift  1.7053  2.1466  248.9318  18.0087  0.5009  0.096s 
Old CI(Logistic, Logistic)  1.0765  1.0796  258.1069  20.9272  1.6994  0.389s 
New CI(XORshift,XORshift)  0.3328  0.7441  262.8173  16.7877  0.0805  0.197s 
We show in Table 2 a comparison between our new generator CI(XORshift, XORshift), its old version denoted Old CI(Logistic, Logistic), a PRNG based on logistic map, and a simple XORshift. Time (in seconds) is related to the duration needed by each algorithm to generate a bits long sequence. The test has been conducted using the same computer and compiler with the same optimization settings for both algorithms, in order to make the test as fair as possible. Similar results have been achieved for different sequence lengths (see Figure 2). The results confirm that the proposed generator is a lot faster than the old one, while the statistical results are better for most of the parameters, leading to the conclusion that the new PRNG is more secure than the old one. Although the logistic map also has good results, it is too slow to be implemented in Internet applications.
5.2 NIST statistical test suite
Among the numerous standard tests for pseudorandomness, a convincing way to prove the quality of the produced sequences is to confront them with the NIST (National Institute of Standards and Technology) Statistical Test Suite SP 80022, released by the Information Technology Laboratory in August 25, 2008. This package of 15 tests was developed to measure the randomness of (arbitrarily long) binary sequences produced by either hardware or software based cryptographic (pseudo)random number generators. These tests focus on a variety of different types of nonrandomness that could occur in such sequences.
In our experiments, 100 sequences (s = 100) of 1,000,000 bits are generated and tested. If the value of any test is smaller than 0.0001, the sequences are considered to not be good enough and the generator is unsuitable. Table 3 shows of the sequences based on discrete chaotic iterations using different schemes. If there are at least two statistical values in a test, this test is marked with an asterisk and the average value is computed to characterize the statistical values. We can conclude from Table 3 that both the old generator and CI(XORshift, XORshift) have successfully passed the NIST statistical test suite.
Method  Old CI  New CI 

Frequency (Monobit) Test  0.595549  0.474986 
Frequency Test within a Block  0.554420  0.897763 
Runs Test  0.455937  0.816537 
Longest Run of Ones in a Block Test  0.016717  0.798139 
Binary Matrix Rank Test  0.616305  0.262249 
Discrete Fourier Transform (Spectral) Test  0.000190  0.007160 
Nonoverlapping Template Matching Test*  0.532252  0.449916 
Overlapping Template Matching Test  0.334538  0.514124 
Maurerâs âUniversal Statisticalâ Test  0.032923  0.678686 
Linear Complexity Test  0.401199  0.657933 
Serial Test* (m=10)  0.013396  0.425346 
Approximate Entropy Test (m=10)  0.137282  0.637119 
Cumulative Sums (Cusum) Test*  0.046464  0.279680 
Random Excursions Test*  0.503622  0.287409 
Random Excursions Variant Test*  0.347772  0.486686 
Success  15/15  15/15 
6 Application example in digital watermarking
In this section, an application example is given in the field of digital watermarking: a watermark is encrypted and embedded into a cover image using the scheme presented in [1] and CI(XORshift, XORshift). The carrier image is the wellknown Lena, which is a 256 grayscale image, and the watermark is the pixels binary image depicted in Figure 3.
The watermark is encrypted by using chaotic iterations: the initial state is the watermark, considered as a boolean vector, the iteration function is the vectorial logical negation, and the chaotic strategy is defined with CI(XORshift, XORshift), where initial parameters constitute the secret key and . Thus, the encrypted watermark is the last boolean vector generated by these chaotic iterations. An example of such an encryption is given in Figure 4.
Let be the booleans vector constituted by the three last bits of each pixel of Lena and defined by:
(4) 
The watermarked Lena is obtained from the original Lena, whose three last bits are replaced by the result of chaotic iterations with initial state and strategy (see Figure 4).
The extraction of the watermark can be obtained in the same way. Remark that the map of the torus, which is the famous dyadic transformation (a wellknown example of topological chaos [4]), has been chosen to make highly sensitive to the strategy. As a consequence, is highly sensitive to the alteration of the image: any significant modification of the watermarked image will lead to a completely different extracted watermark, thus giving a way to authenticate media through the Internet.
7 Conclusion and future work
In this paper, the pseudorandom generator proposed in [13] has been improved. By using XORshift instead of logistic map and due to a rewrite of the way to generate strategies, the generator based on chaotic iterations works faster and is more secure. The speed and randomness of this new PRNG has been compared to its former version, to XORshift, and to a generator based on logistic map. This comparison shows that CI(XORshift, XORshift) offers a sufficient speed and level of security for a whole range of Internet usages as cryptography and data hiding.
In future work, we will continue to try to improve the speed and security of this PRNG, by exploring new strategies and iteration functions. Its chaotic behavior will be deepened by using the various tools provided by the mathematical theory of chaos. New statistical tests will be used to compare this PRNG to existing ones. Additionally a probabilistic study of its security will be done. Lastly, new applications in computer science will be proposed, especially in the Internet security field.
References
 J. M. Bahi and C. Guyeux. A new chaosbased watermarking algorithm. In SECRYPT 2010, International conference on security and cryptography, pages ***–***, Athens, Greece, 2010. To appear.
 J. M. Bahi and C. Guyeux. Topological chaos and chaotic iterations, application to hash functions. WCCI’10: 2010 IEEE World Congress on Computational Intelligence, Accepted paper, 2010.
 S. Cecen, R. M. Demirer, and C. Bayrak. A new hybrid nonlinear congruential number generator based on higher functional power of logistic maps. Chaos, Solitons and Fractals, 42:847–853, 2009.
 R. L. Devaney. An Introduction to Chaotic Dynamical Systems. Redwood City: AddisonWesley, 2nd edition, 1989.
 M. Falcioni, L. Palatella, S. Pigolotti, and A. Vulpiani. Properties making a chaotic system a good pseudo random number generator. arXiv, nlin/0503035, 2005.
 D. E. Knuth. The Art of Computer Programming, Volume 2: Seminumerical Algorithms. AddisonWesley, 1998.
 L. Kocarev. Chaosbased cryptography: a brief overview. IEEE Circ Syst Mag, 7:6–21, 2001.
 P. L’ecuyer. Comparison of point sets and sequences for quasimonte carlo and for random number generation. SETA 2008, LNCS 5203:1–17, 2008.
 G. Marsaglia. Xorshift rngs. Journal of Statistical Software, 8(14):1–6, 2003.
 A. Menezes, P. van Oorschot, and S. Vanstone. Handbook of applied cryptography. CRC Press, 1997.
 NIST Special Publication 80022 rev. 1. A statistical test suite for random and pseudorandom number generators for cryptographic applications. August 2008.
 F. Robert. Discrete Iterations. A Metric Study, volume 6. Springer Series in Computational Mathematics, 1986.
 Q. Wang, C. Guyeux, and J. M. Bahi. A novel pseudorandom generator based on discrete chaotic iterations for cryptographic applications. INTERNET ’09, pages 71–76, 2009.
 F. Zheng, X. Tian, J. Song, and X. Li. Pseudorandom sequence generator based on the generalized henon map. The Journal of China Universities of Posts and Telecommunications, 15(3):64–68, 2008.