A Piecewise Linear Chaotic Map For Baptista-Type Cyptosystem Rhouma Rhouma and Safya Belghith Syscom Laboratory Ecole Nationale d’Ing´enieurs de Tunis (ENIT), 1002 Tunis, Tunisia. e-mail:
[email protected],
[email protected]
Abstract— In 1998, M.S. Baptista proposed a chaotic cryptosystem that has attracted much attention from the chaotic cryptography community. Some of its modifications and also attacks have been reported in recent years. We propose a modification in this cryptosystem which can make it faster. We use a piecewise linear chaotic map instead of the logistic map. Results show that the cryptosystem is sensitive to the secrets keys and the distribution of the ciphertext is uniform. Keywords— Chaos, piecewise map, logistic, cryptosystem.
I. I NTRODUCTION The growth of electronic commerce (e-commerce) and the emphasis of privacy have intensified the need to find a fast and secure cryptographic method. In general, there are two types of cryptographic schemes, namely, public-key schemes and private-key schemes. Well-known approaches such as RSA and elliptic curve cryptography (ECC) are classified as public-key cryptographic schemes. The encryption and decryption keys are not the same and the former key can be made public. On the other hand, cryptography with chaos falls into the category of private-key schemes that the same secret key is used for both encryption and decryption. In fact, this cryptographic approach relies on the properties that chaotic signals are usually noise-like and chaotic systems are very sensitive to initial condition. Therefore the secret keys are usually the system parameters and the initial condition. In 1998, Baptista proposed a chaotic cryptosystem that encrypts the message text as the number of iterations applied in the chaotic map in order to reach the region corresponds to that text [1]. The chaotic map chosen is the simple onedimensional logistic map governed by the equation (2). After its publication, several modified versions have been proposed [2-8]. On the other hand, some attacks have been reported as ways of breaking the original Baptista-type cryptosystem and some of its modified versions [9-13]. The next section gives a brief survey on the chaotic cryptosystem of Baptista [1]. The section 3 analyzes the defects of the Baptista cryptosystem. The proposed cryptosystem is presented in the section 4. The section 5 shows the results of the encryption of different files. Finally, conclusions are drawn in the section 6. II. BAPTISTA CRYPTOSYSTEM Given a one-dimensional chaotic map F : X → X and an interval X 0 = [xmin , xmax ) ⊆ X, divide X 0 into S ε −
intervals: ∀ i = 1 . . . S, Xi0 = [xmin + (i − 1)ε, xmin + iε), where ε = (xmax − xmin )/S. Assume that plain messages are composed by S different characters, α1 , . . . , αS , and use a bijective map: fε : Xε = {X10 , . . . , Xi0 , . . . , XS0 } → A = {α1 , . . . , αS } to associate the S different ε − intervals with the S different characters. By introducing an extra character β ∈ A, we can define a new function fS0 : X → A ∪ {β} as follows: ½ fS0 (x)
=
fS (Xi0 ), if x ∈ Xi0 β, if N OT
(1)
Based on the above notations, for a plain-message M = {m1 , m2 , . . . , mi , . . .}(mi ∈ A), the original Baptista-type cryptosystem can be described as follows. - the employed chaotic system: the logistic map : Fb (x) = bx(1 − x)
(2)
- the secretkey: The association map fS , the initial condition x0 and the control parameter b of the logistic map. -the encryption procedure: (0) (a) Initialize x0 = x0 (b) Encrypt the ith plain character mi as follows: iterate the chaotic state x satisfying fS0 (x) = mi , record the iteration number Ci as the ith cipher-message unit and (i)
(i−1)
x0 = F Ci (x0
) = F C1 +C2 +...+Ci (x0 )
-the decryption procedure: For each cipher-message unit Ci , (i−1) iterate the chaotic system for Ci times from x0 , and then (i) (i−1) Ci use x0 = F (x0 ) to derive the current plain character as follows : (i) mi = fS0 (x0 ). -Constraints on Ci : Each cipher-message unit Ci should satisfy N0 ≤ Ci ≤ Nmax (N0 = 250 and Nm ax = 65532 in [1]). Since there exist many options for each Ci in [N0 , Nmax ], an extra coefficient η ∈ [0, 1] is used to choose the right number: if η = 0, Ci is chosen as the minimal number satisfying fS0 (x) = mi and κ ≥ η simultaneously, where κ is a pseudo-random number with a normal distribution within the interval [0, 1].
III. DEFECTS OF BAPTISTA CRYPTOSYSTEM
IV. USE OF A PWLCM
The figure (1), shows the diagram of bifurcation of the logistic map (equation 2) used in the cryptosystem. The figure points that when the control parameter b is far from the value 4, some trajectories fall down in situation that presents windows (a subinterval that the trajectory don’t visit). Con-sequently, that’s can cause the failure of the cryptosystem. The figure (2) shows the natural invariant density of the logistic map for the parameter a = 3.87 and for an iteration number’s of the trajectory equal to 65635. The horizontal axe covered the whole interval [0, 1] subdivided into 256 equal intervals. The vertical axe corresponds to the number of occurrence that the trajectory has visited for each subinterval. As a consequence of the natural invariant density of the logistic map, the trajectory will visit more frequently the unauthorized regions (0, 0.2) and (0.8, 1).
Let’s consider this Piecewise Linear Chaotic Map PWLCM [14] :
1 0.8
½
Xn /p if 0 ≤ Xn ≤ p (1 − Xn )/(1 − p) if p ≤ Xn ≤ 1 (3) The diagram of bifurcation of the map related to equation (3) is illustrated in the figure (3). It shows in one hand that for each value of the parameter p taken, the trajectory visits the whole interval [0, 1]. And in the other hand compared to the case of the logistic map (section 3), the risk to associate a window to some character is less. By computing the natural invariant density of PWLCM using the value p = 0.49954242565618, the figure (4) shows that the distribution is uniform. Tested for different values of the parameter p, the uniformity of the distribution is conserved. That allows choosing the whole interval [0, 1] to be divided into 256 subintervals associated to the 256 character of the alphabet. This can make the cryptosystem, using PWLCM, faster than the cryptosystems, using the logistic map, de-scribed in [1-8]. Xn+1 = T (Xn , p) =
1
0.4
0.8
0.2
0.6 Xn
Xn
0.6
0
3
3.2
3.4
3.6
3.8
0.4
4
b 0.2 Fig. 1.
Diagram of bifurcation of the logistic map.
0
0
0.2
0.4
2500 Fig. 3.
0.8
1
Diagram of bifurcation of the PWLCM map .
2000 1500
500
1000 500 0
0
0.2
0.4
0.6
0.8
1
Xn Fig. 2.
Number of occurence
Number of occurence
0.6 p
400 300 200 100
Natural invariant density of the logistic map.
0
Due to this result, the cryptosystem will need more iteration to reach the correspondent subinterval to encrypt each character. So, the procedure of the encryption and decryption will take more time.
0
0.2
0.4
0.6
0.8
1
Xn Fig. 4.
Natural invariant density of the PWLCM map.
A. Comparison In order to compare the performance of the proposed method with the original chaotic cryptographic scheme [1], we have used three files: - File 1: a text file of size of 0.21 Ko - File 2: a text file of size of 1.03 Ko - File 3: an image bitmap file of 1.67Ko These three files are used for encryption. Two algorithms are implemented using Matlab programming languages running on a personal computer with a Pentium IV − 2.53 GHz processor and 256 M B RAM : - Algorithm 1: Baptista’s original method with different values of the parameter η. The secret key b must be chosen in the interval [3.56, 4] on which the behave of the logistic map is chaotic (see the diagram of bifurcation in fig.1) and x0 is taken arbitrary. - Algorithm 2: The proposed method with different values of the parameter η. we can choose any value of the secret key p in the interval [0, 1] because the PWLCM map is always chaotic for any value of p in this interval (see diagram of bifurcation in fig.3) and x0 is taken arbitrary.
axe represents the plaintext formed by 600 character units and the vertical axe represent the error (err) function between two ciphertexts generated for the same plaintext but with two different values of x0 . Er(x0 ) = Cipher(x0 ) − Cipher(x0 + 10−15 )
(4)
Similar results of the sensibility for the secret key p are resumed in the figure 6. Er(p) = Cipher(p) − Cipher(p + 10−15 )
(5)
It’s known that the sensibility to the secrets key is a desired propriety in the cryptography. So the cryptosystem is more robust to the attacks. 2000 1000 Er(X0)
V. RESULTS
0 −1000
The encryption times and the total number of iterations are listed in Table 1. Analyzing the results listed in the table 1, the encryption of an image file of size 1.67 Ko, for the same value of η, needs 0.1001 seconds in the case of using the logistic map but it takes only 0.0801 seconds in the case of using the PWCLM. This results point that the proposed method is faster than the old version proposed by Baptista.
−2000
η = 0.9
Encryption time (s) / decryption time Mean value of the ciphertext / Total number of iterations File 1 File 2 File 3 0.04 / 0.01 0.12 / 0.02 0.10 / 0.03 648.63 / 136214 619.42 / 657835 1617.90 / 970765 0.07 / 0.01 0.21/0.03 0.23/0.04 1409.9 / 296088 1467.5/1558518 4508.5 / 2705123
Proposed method p=0.7
η = 0.7
0.02 / 0.01 564.76 / 118602
0.11 / 0.04 556.39 / 590892
0.08 / 0.04 1096.8 / 658059
−1000
η = 0.9
0.04 / 0.01 1128.6 / 237003
0.20 / 0.06 1219.6/1295201
0.20 / 0.07 2956.5 / 1773923
−2000
η = 0.7
B. Security of the cryptosystem To evaluate the robustness of the cryptosystem we have cho-sen to measure the sensitivity of the cryptosystem for a little variation of the secret key. This experience shows that the proposed version is sensitive to the secret key x0 . A less variation in the value of x0 of 10−15 gives a different ciphertext. The figure 5 shows this sensibility, the horizontal
600
2000 1000 Er(p)
Baptista method b =3.78
200 400 plaintext
Fig. 5. Sensitivity of the cryptosystem for the secret key x0 (x0 = 0.320312500681207).
Table 1. The encryption time on files of different sizes and types at different parameter values using the proposed and Baptista method’s
Parameters
0
0
0
200 400 plaintext
600
Fig. 6. Sensitivity of the cryptosystem for the secret key p (p = 0.432031250064543).
VI. CONCLUSION The speed of the cryptosystem of Baptista becomes faster by using the piecewise linear map besides using the logistic map, due to two reasons. The first one is the uniformity of the
invariant density function generated by the PWCLM and the second one is the use of the whole interval of variation [0, 1]. As a result, there’s an equiprobability in visiting each subinterval. The sensitivity for the secret keys of the cryptosystem is also approved. R EFERENCES [1] M.S. Baptista. Cryptography with chaos . Phys. Lett. A , 240 (1998) 50–54. [2] W-K. Wong, L-P. Lee, K-W. Wong. A modified chaotic cryptographic method. Comput. Phys. Communication, . 138 (3) (2001) 234–236. [3] K-W. Wong. A fast chaotic cryptographic scheme with dynamic look-up table. Phys. Lett. A , 298 (4) (2002) 238–242. [4] K-W. Wong. A combined chaotic cryptographic and hashing scheme. Phys. Lett. A, 307 (5-6) (2003) 292–298. [5] K-W. Wong, S-W. Ho, C-K. Yung. A chaotic cryptography scheme for generating short ciphertext. Phys. Lett. A 310 (1) (2003) 67–73. [6] A. Palacios and H. Juarez. Cryptography with cycling chaos. In Phys. Lett. A, 303 (5-6) (2002) 345–351. [7] S. Li, X. Mou, Z. Ji, J. Zhang, Y. Cai. Performance analysis of Jakimoski−Kocarev attack on a class of chaotic cryptosystems. In Phys. Lett. A, 307 (1) (2003) 22–28. [8] R. Rhouma, S. Belghith. A Multidimensional map for a chaotic cryptosystem. In EUSIPCO 2006 Italy CD–ROM, Pisa-Italy, September 2006. [9] G. Jakimoski, L. Kocarev. Analysis of some recently proposed chaosbased encryption algorithms. In Phys. Lett. A, 291 (6) (2001) 381–384. [10] G. Alvarez, F. Montoya, M. Romera, G. Pastor. Cryptanalysis of an ergodic chaotic cipher. In Phys. Lett. A, 311 (2-3) (2003) 172–179. [11] G. Alvarez, F. Montoya, M. Romera, G. Pastor. Keystream cryptanalysis of a chaotic cryptographic method. In Comput. Phys. Communication, . 156 (2) (2003) 205–207. [12] G. Alvarez, F. Montoya, M. Romera, G. Pastor. Cryptanalysis of dynamic look-up table based chaotic cryptosystems. In Phys. Lett. A, 326 (3-4) (2004) 211–218. [13] S. Li, G. Chen , K-W. Wong , X. Mou , Y. Cai. Baptista-type chaotic cryptosystems: problems and countermeasures. In Phys. Lett. A, 332 (2004) 368-375. [14] S. Li, Q. Li , W. Li , X. Mou , Y. Cai. Statistical properties of digital piecewise linear chaotic maps and their roles in cryptography and pseudorandom coding. In Cryptography and Coding. LNCS, Berlin Heidelberg: Springer-Verlag, (2260) 2001. p.205–210.