An improved chaotic cryptosystem with external key

9
An improved chaotic cryptosystem with external key Tao Xiang a, * , Kwok-wo Wong b , Xiaofeng Liao a a College of Computer Science, Chongqing University, Chongqing 400044, China b Department of Electronic Engineering, City University of Hong Kong, Hong Kong Received 18 August 2006; received in revised form 10 January 2007; accepted 11 April 2007 Available online 29 April 2007 Abstract In recent years, external key was introduced to chaotic cryptography by Pareek et al. and find its application in several discrete chaotic cryptosystems. The first part of this paper is devoted to the analysis of their essential weaknesses as well as some redundancies that contribute little to the security of those cryptosystems. Then, an improved scheme with all existing deficiencies and redundancies eliminated, is proposed. Theoretic analysis and numerical simulation both verify its superi- ority and security. Ó 2007 Elsevier B.V. All rights reserved. PACS: 05.45.Ac Keywords: Chaotic cryptography; External key; Chaotic map 1. Introduction Chaos, as characterized by the properties of ergodicity, unpredictability, and sensitivity to parameter and initial condition, is analogous to the requirements of cryptography. Over the past decade, there has been tre- mendous interest in studying chaotic cryptography, and an avalanche of chaos-based cryptosystems have been advanced. Most of these chaotic cryptographic approaches use the system parameter and/or initial condition of a chaotic map as the secret key. However, this practice may result in a weakness as illustrated in many suc- cessful attacks against these cryptosystems. Recently, Pareek et al. proposed two new chaotic cryptosystems using external key [1,2]. As a distinctive feature, the cryptosystems do not use explicitly the system parameter or initial condition of a chaotic map as a secret key. Instead, they employ a bit sequence to serve as the secret key, which is exactly the method used in traditional cryptosystems such as DES, AES, etc. However, some essential deficiencies in the way of deriving the initial condition and other system parameters from this key, as well as the principle of encryp- tion make these cryptosystems vulnerable to known-plaintext attack. Pareek’s cryptosystems are cryptana- lyzed in [3–5] successfully. 1007-5704/$ - see front matter Ó 2007 Elsevier B.V. All rights reserved. doi:10.1016/j.cnsns.2007.04.017 * Corresponding author. E-mail addresses: [email protected] (T. Xiang), [email protected] (K.-w. Wong), xfl[email protected] (X. Liao). Available online at www.sciencedirect.com Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887 www.elsevier.com/locate/cnsns

Transcript of An improved chaotic cryptosystem with external key

Page 1: An improved chaotic cryptosystem with external key

Available online at www.sciencedirect.com

Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887

www.elsevier.com/locate/cnsns

An improved chaotic cryptosystem with external key

Tao Xiang a,*, Kwok-wo Wong b, Xiaofeng Liao a

a College of Computer Science, Chongqing University, Chongqing 400044, Chinab Department of Electronic Engineering, City University of Hong Kong, Hong Kong

Received 18 August 2006; received in revised form 10 January 2007; accepted 11 April 2007Available online 29 April 2007

Abstract

In recent years, external key was introduced to chaotic cryptography by Pareek et al. and find its application in severaldiscrete chaotic cryptosystems. The first part of this paper is devoted to the analysis of their essential weaknesses as well assome redundancies that contribute little to the security of those cryptosystems. Then, an improved scheme with all existingdeficiencies and redundancies eliminated, is proposed. Theoretic analysis and numerical simulation both verify its superi-ority and security.� 2007 Elsevier B.V. All rights reserved.

PACS: 05.45.Ac

Keywords: Chaotic cryptography; External key; Chaotic map

1. Introduction

Chaos, as characterized by the properties of ergodicity, unpredictability, and sensitivity to parameter andinitial condition, is analogous to the requirements of cryptography. Over the past decade, there has been tre-mendous interest in studying chaotic cryptography, and an avalanche of chaos-based cryptosystems have beenadvanced. Most of these chaotic cryptographic approaches use the system parameter and/or initial conditionof a chaotic map as the secret key. However, this practice may result in a weakness as illustrated in many suc-cessful attacks against these cryptosystems.

Recently, Pareek et al. proposed two new chaotic cryptosystems using external key [1,2]. As a distinctivefeature, the cryptosystems do not use explicitly the system parameter or initial condition of a chaotic mapas a secret key. Instead, they employ a bit sequence to serve as the secret key, which is exactly the methodused in traditional cryptosystems such as DES, AES, etc. However, some essential deficiencies in the wayof deriving the initial condition and other system parameters from this key, as well as the principle of encryp-tion make these cryptosystems vulnerable to known-plaintext attack. Pareek’s cryptosystems are cryptana-lyzed in [3–5] successfully.

1007-5704/$ - see front matter � 2007 Elsevier B.V. All rights reserved.

doi:10.1016/j.cnsns.2007.04.017

* Corresponding author.E-mail addresses: [email protected] (T. Xiang), [email protected] (K.-w. Wong), [email protected] (X. Liao).

Page 2: An improved chaotic cryptosystem with external key

1880 T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887

In order to facilitate discussion, the cryptosystems proposed in [1,2] are abbreviated to PPS03 and PPS05,respectively. Although these two cryptosystems have some differences in the process of encryption/decryption,we can still give a generalized description of Pareek’s schemes as follows:

(1) Firstly, the symbol definition of secret key (K), plaintext (P), and ciphertext (C), which are all dividedinto blocks of 8 bits, is given by (1), (2), and (3), respectively:

K ¼ K1K2K3 � � �Ks ð1ÞP ¼ P 1P 2P 3 � � � P n ð2ÞC ¼ C1C2C3 � � �Cn ð3Þ

where s and n represent the block length of the key and the plaintext/ciphertext, respectively.As PPS05 employs multiple chaotic maps, we use the superscript m to distinguish them, e.g., •m repre-sents the variable or the chaotic map of mth chaotic system.

(2) Choose the chaotic system parameter by g(ym), where ym is a public independent variable.(3) Generate the initial value of the chaotic map (X0) by (4) and the number of iterations (T) by (5):

X 0 ¼ f ðK1;K2;K3; . . . ;KsÞ ¼ðð �

s

k¼1KkÞ=256þ Kr=256Þ mod 1; in PPS03

Psk¼1

ðKk=256Þ � bPs

k¼0

ðKk=256Þc; in PPS05

8>><>>: ð4Þ

T ¼ hðK1;K2;K3; . . . ;KsÞ ð5Þ

where Kr is a block randomly selected from {K1,K2,K3, . . . ,Ks}.

(4) Select a chaotic map Um and calculate the value of chaotic variable Xnew after T iterations. This process

can be described by (6)

X new ¼ UmðX 0; T Þ ð6Þ

(5) Use the calculated Xnew to encrypt/decrypt the plaintext/ciphertext block by (7)/(8).

Ci ¼ eðP i;X newÞ ¼ðP i þ bX new � 256cÞ mod 256; in PPS03

ðP i þ bX new � 105cÞ mod 256; in PPS05

(ð7Þ

P i ¼ dðCi;X newÞ ¼ðCi þ 256� bX new � 256cÞ mod 256; in PPS03

ðCi þ 256� ðbX new � 105cÞ mod 256Þ mod 256; in PPS05

(ð8Þ

(6) Update X0 by (9) and T by (10):

X 0 ¼X new; in PPS03Psk¼1

ðKk=256Þ � bPs

k¼0

ðKk=256Þc; in PPS05

8<: ð9Þ

T ¼Ci�1; in PPS03

hðK1;K2;K3; . . . ;KsÞ; in PPS05

�ð10Þ

(7) Go to step (4) until Pn/Cn is reached.

In the above procedures *(•) indicates that the function value of * is related to variable •. Please also notethat a constant value can be viewed as a special case of *(•). The above is just a generalized representation ofPareek’s cryptosystems. Detailed mathematical formulae can be found in [1,2].

2. Analysis of Pareek’s cryptosystems

We now investigate the essential weaknesses of Pareek’s cryptosystems and some redundancies that contrib-ute little to its security.

Page 3: An improved chaotic cryptosystem with external key

T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887 1881

The first weakness of Pareek’s cryptosystems is the precision of the division operation, including the blocksize of secret key and the value space of X0 and T. Although PPS03 and PPS05 both employ a 128-bit externalkey, all the key-related calculations are based on its block unit. By using (4), X0 is restricted to {0,1/256,2/256, . . . , 255/256}, i.e. X0 2 {0,1/256,2/256, . . . , 255/256}. As this set only contains 256 elements, it is easyto get it by brute-force search. The situation is similar in the calculation of T [3,5].

The second problem is that the plaintext and the ciphertext are both divided into blocks of 8 bits, and theencryption and decryption are also based on this unit or restricted to it. An 8-bit block provides limited plain-text space as well as the corresponding ciphertext space.

Another serious flaw is found in (7) used for encryption. When Pi and Ci are known, it is easy to evaluatethe range of Xnew. Combined with the first weakness, an adversary can crack the cryptosystem [3,5].

Wei et al. pointed out in [4] that PPS05 is actually a stream cipher. What’s more, its keystream is onlyrelated to the secret key and independent of plaintext, which makes it vulnerable to known-plaintextattack. A remedy was suggested by Wei et al., but it did not eliminate the essential defects addressed above[5].

Besides the aforementioned deficiencies, there are also some redundant processes that contribute little tothe security of the cryptosystems but decelerate the encryption/decryption. The first redundancy is the varietyof the system parameter (k) of logistic map (x = kx(1 � x)) in PPS03. It is hoped that the time-varying k cal-culated by an updating equation can enhance the security of the cryptosystem. However, the parameter andinitial value of the equation are totally determinative and public, and an adversary can figure out the exact kused in each iteration. In addition, some calculated k may lead the system into period-3 or period-6oscillation[3].

The time-varying k was abandoned in PPS05 and multiple chaotic maps are employed to serve as a ‘‘secu-rity enhancer’’ instead. Unfortunately, due to the internal relation between (7) and (8) in [2] which are used tobuild DT2, as well as the limitation of the value space for switch parameters, an adversary can locate the cha-otic map used for the current iteration when the number of blocks in a group is given [5].

In PPS05, the block number of a group can be 1–16, and is changing during the encryption procedures.However, the real encryption operation governed by (7) is still based on one block a time. And all the blocksin the same group use the same chaotic map with the same initial condition and iteration number. This varietyin group size thereby gains little in security.

3. Proposed cryptosystem

After the analysis of Pareek’s cryptosystems, we now focus on the design of an improved version in whichall the existing advantages are kept whereas the weaknesses and the redundancies are eliminated.

Firstly, we reorganize the plaintext and ciphertext in the following form:

P ¼ P 1P 2P 3 � � � P b ð11ÞC ¼ C1C2C3 � � �Cb ð12Þ

where Pb and Cb are block unit of 64 bits. The subscript b stands for the block number.Although logistic map is both used in Pareek’s cryptosystems, the chaotic map adopted in this cryptosystem

is skew tent map, mathematically described in (13). It’s well known that logistic map’s invariant density is notuniform, whereas the skew tent map’s is. An illustration is given in Fig. 1. Therefore, the chaotic sequencegenerated by skew tent map is better for cryptographic purpose:

tðxÞ ¼x=p; x 2 ½0; pÞð1� xÞ=ð1� pÞ; x 2 ½p; 1�

�ð13Þ

The secret key (K) is still chosen from a 128-bit external binary sequence, and is represented in Fig. 2, whereA1, A2, B1, and B2 are 32-bit blocks. A = (A1A2)2. B = (B1B2)2. Let K(i) denotes the ith bit of K. ThenT0 = (K(60)K(61)K(62) � � �K(67))2.

Now the encryption/decryption procedures can be described as follows:

Page 4: An improved chaotic cryptosystem with external key

0 0.2 0.4 0.6 0.8 10

100

200

300

400

500

600

700

800

900

Logistic map0 0.2 0.4 0.6 0.8 1

0

50

100

150

200

250

Skewtent map

a b

Fig. 1. The distribution of chaotic variable.

AA

1 A2 B1 B2

0 12731 63 95

B

60 67T0

Fig. 2. The representation of 128-bit secret key.

1882 T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887

(1) Two skew tent maps with different system parameters (t1 and t2) are utilized in this cryptosystem, andtheir system parameter p is set to 0.79 and 0.39 in t1 and t2, respectively. This configuration is public.Choose an external 128-bit binary sequence K as the secret key.

(2) Set block number b = 0. Determine the initial condition of two skew tent maps (X0 and Y0), as well asthe initial iteration number (T0) by (14), (15), and (16), respectively:

X 0 ¼ ð0:A� BÞ2 ð14ÞY 0 ¼ ð0:A1B2Þ2 ð15ÞT 0 ¼ ðKð60ÞKð61ÞKð62ÞÞ2 � � �Kð67Þ ð16Þ

where � is bit-wise exclusive-OR (XOR) operation. (0.A � B)2 denotes a fraction written in binarymode, and it has 64-bit decimal digits which are represented by (A � B)2. (0.A1B2)2 has the similar mean-ing. In this way, we convert a 128-bit key to the valid value range of initial condition of chaotic maps[0, 1] with 264 possible values. We also set a key-dependent value for T0 for the first time of chaoticiteration.

(3) b b + 1. Update Xb, Yb and Tb by (17), (18) and (19), respectively.

X b ¼X 0; b ¼ 1

Cb�1 � X b�1 � ðB2A1Þ2; b > 1

�ð17Þ

Y b ¼Y 0; b ¼ 1

Cb�1 � Y b�1; b > 1

�ð18Þ

T b ¼T 0; b ¼ 1

zðP b�1Þ � T b�1; b > 1

�ð19Þ

where z(•) is a bit-wise XOR function between bytes, e.g., z(X) = X(0�7) � X(8�15) � � � �.

(4) Iterate the first skew tent map with the initial condition Xb by T times and update Xb to the latest status.

This procedure is formulated as (20). The similar iteration of the second tent map is carried out just oncefor Yb, which is also described in (21)

X b ¼ tT1 ðX bÞ ð20Þ

Y b ¼ t2ðY bÞ ð21Þ

Page 5: An improved chaotic cryptosystem with external key

T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887 1883

(5) Use the updated Xb and Yb in step (4) to encrypt/decrypt the bth plaintext/ciphertext block by using (22)/(23);

Cb ¼ sðP bÞ � Cb�1 � X b � Y b ð22ÞP b ¼ s�1ðCb � Cb�1 � X b � Y bÞ ð23Þ

where C0 = (A2B1)2. s(•) is a permutation operation, formed by two steps, i.e., byte-wise rotate rightoperation and bit exchange. In the first step, the rotate number is determined by the byte-wise sum mod-ulo the length of bytes. For • = (AABBCCDD)16, which is denoted in hex, the rotate number is((AA)16 + (BB)16 + (CC)16 + (DD)16) mod 4. If this result is 2, s((AABBCCDD)16) is rotated to(CCDDAABB)16. The bit exchange operation means swapping the left part of certain length in the blockwith the remaining right part, and the dividing length is determined by the number of non-zero bits inA1B2. s�1(•) is the inverse operation of s(•), which refers to the similar bit exchange operation and thebyte-wise rotate left operation.

(6) Go to step (3) until the end of plaintext/ciphertext is reached.

4. Simulation results

We have realized the proposed algorithm as well as Pareek’s cryptosystems using C++ programming lan-guage and on a Pentium IV 2.0 GHz PC with 512MB RAM. The GNU multiple precision arithmetic library(GMP) [6] is adopted to calculate all chaotic iterations for minimizing the degeneration in discretization.

We randomly select a secret key K = (8D6CFB3A538F493DAEDCFD2CFA87A5E6)16, and use P = ‘‘An

Improved Chaotic Cryptography with External Key’’ as the plaintext. The corresponding ciphertext using K

and P is denoted as E(P,K).Firstly, we investigate the confusion and diffusion effect [7] of the proposed cryptosystem, and then com-

pare it with Pareek’s cryptosystems. In order to demonstrate the confusion effect, the plaintext (P) and theciphertext (E(P,K)) generated by different cryptosystems are plotted in Fig. 3a, d, and g. It is easily found thatthe plaintext and ciphertext in the proposed cryptosystem (Fig. 3a) are totally different both in 8-bit value andtrendline pattern. The situation is similar to PPS03 (Fig. 3d). But for PPS05, some segments of ciphertext seemjust be transformed vertically (Fig. 3g). Then, we change the first hexadecimal number of K from 8 to F andthe first character of P from ‘A’ to ‘b’, and denote the new key and plaintext as K 0 and P 0 respectively. Thediffusion effects when plaintext is changed are shown in Fig. 3b, e, and h. From Fig. 3h we can see that thereare no plaintext dependent diffusion effects in PPS05. When the first character of the plaintext is changed, onlythe first byte of ciphertext is influenced, while the remainders keep unchanged. In PPS03, the first several bytesof ciphertext are not changed in Fig. 3e. The situation is substantially improved in our scheme because thecipher block chaining (CBC) mode is employed. The ciphertext sequences for slightly different plaintext havelittle correlation in Fig. 3b. The diffusion effects when key changed are shown in Fig. 3c, f, and i. Both PPS03and PPS05 are some kind of sensitive to the key. However, the distribution and difference of ciphertext inPPS05 are a kind of uneven (Fig. 3i), and the first several bytes of ciphertext in PPS03 still remain unchanged(Fig. 3f). The improved version outperforms them in the sensitivity to secret key. Fig. 3c reveals that a littlechange in secret key leads to significant difference in ciphertext.

We also use a 30KB audio file of wav format as the plaintext to investigate the distribution differencebetween the plaintext and the corresponding ciphertext, and the results are shown in Fig. 4. The distributionof the plaintext depicted in Fig. 4a reveals a spike-like modal which leaks the relative occurrence frequency ofa 8-bit value in the plaintext. Actually, various valid plaintext files (especially the character-based text files)have inherent regularities in content distribution from a statistical point of view, which gives rise to statisticalcryptanalysis. However, the ciphertext generated by the proposed cryptosystem, plotted in Fig. 4b, flats thedistribution well and thus makes it immune to statistical attacks. In Pareek’s cryptosystems, there are someobvious spikes in the distribution of ciphertext, as shown in Fig. 4c and d, especially in the former figure.

As the size of ciphertext and the speed of encryption are another two aspects of importance for a crypto-system, we select five prevalent types of plaintext to investigate the performance of the proposed cryptosystemin these two aspects. The detailed results are listed in Table 1. The ideal length of ciphertext can be equivalent

Page 6: An improved chaotic cryptosystem with external key

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

PE(P,K)

Proposed cipher

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

E(P,K)E(P’,K)

Proposed cipher

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

E(P,K)E(P,K’)

Proposed cipher

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

PE(P,K)

PPS03

0 10 20 30 40 50 600

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

E(P,K)E(P’,K)

PPS03

0 10 20 30 40 50 600

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

E(P,K)E(P,K’)

PPS03

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

PE(P,K)

PPS05

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

E(P,K)E(P’,K)

PPS05

0 10 20 30 40 500

50

100

150

200

250

300

Symbol Number

8-bi

t Val

ue

E(P,K)E(P,K’)

PPS05

a b c

d e f

g h i

Fig. 3. Confusion and diffusion effect when using different ciphers. (a), (d), (g) The plot of plaintext (P) vs. ciphertext (E(P,K)). (b), (e), (g)The diffusion effect when changing plaintext from P to P 0 with K. (c), (f), (i) The diffusion effect when changing key from K to K 0 with P.

1884 T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887

to that of plaintext because it is a one-to-one map between plaintext and ciphertext when the key is given. Butin some existing chaotic cryptosystems, the ciphertext length is twice that of its corresponding plaintext [8–10].In our improved version, the virtue of size identity between plaintext and ciphertext in Pareek’s systems is alsopreserved. This can be concluded from the procedures of encryption, or verified from the data in the secondand the third columns of Table 1.

In order to analyze the efficiency of the proposed cryptosystem, we also measured its average encryptionspeed when encrypting plaintext of various sizes and types. The only relative time-consuming operation inthe proposed scheme is the iteration of the first skew tent map in step (4). Although the second skew tentmap is also involved in (21), it is iterated only once when encrypting/decrypting one block. When the sizeof plaintext is fixed, the other computation overhead is always the same regardless of the key, except the iter-ation of the first skew tent map governed by Tb. Since the value range of Tb is [0, 255], we can use the medianvalue 128 to evaluate the average speed of the proposed cryptosystem. For each plaintext file, we repeat theencryption process for 10 times. The average value is calculated and listed in the fourth column of Table 1.This principle certainly holds when Pareek’s cryptosystems are considered, and the iteration number T is fixed

Page 7: An improved chaotic cryptosystem with external key

0 50 100 150 200 2500

1000

2000

3000

4000

5000

6000

8bit Value

Num

ber o

f occ

urre

nce

Plaintext

0 50 100 150 200 2500

50

100

150

8bit Value

Num

ber o

f occ

urre

nce

Ciphertext

0 50 100 150 200 2500

50

100

150

200

8bit Value

Num

ber o

f occ

urre

nce

Ciphertext

0 50 100 150 200 2500

20

40

60

80

100

120

140

160

8bit Value

Num

ber o

f occ

urre

nce

Ciphertext

ba

c d

Fig. 4. (a) The distribution of plaintext of a 30k wav file. (b) The distribution of ciphertext using the proposed cipher. (c) The distributionof ciphertext using PPS05. (d) The distribution of ciphertext using PPS03 cipher.

Table 1Details of the encryption time (in seconds) and ciphertext file size for five different types of plaintext files

File type Plaintext filesize (KB)

Ciphertext filesize (KB)

Encryption time(proposed cipher)

Encryptiontime (PPS05)

Encryptiontime (PPS03)

Text files (*.txt) 30 30 0.19 0.21 1.8190 90 0.60 0.62 5.48

240 240 1.62 1.71 15.55

Document files (*.doc) 30 30 0.15 0.19 1.8190 90 0.45 0.66 5.46

240 240 1.32 1.64 14.55

Executable file (*.exe) 488 488 2.49 3.38 29.57914 914 4.78 6.24 55.42

Audio files (*.wav) 255 255 1.32 1.73 15.46

Video files (*.avi) 544 544 2.86 3.66 32.98636 636 3.30 4.29 38.54

1,230 1,230 6.59 8.51 76.43

T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887 1885

to 256 and 128 for PPS03 and PPS05, respectively, according to their calculation [1,2]. From the comparisonof the last three columns of Table 1, the proposed cipher runs clearly faster than Pareek’s ciphers. The accel-eration relies on the following aspects: firstly, we do not increase the average iteration number; secondly, theplaintext is encrypted by a larger block; finally, all the redundant operations are abandoned.

Page 8: An improved chaotic cryptosystem with external key

1886 T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887

5. Security analysis

The proposed cipher is based on Pareek’s schemes, whereas all the existing weaknesses are eliminated bydifferent approaches, together with the redundant operations that contribute little to the security.

Firstly, we expand both the block size of plaintext/ciphertext and the precision of chaotic variable to64 bits. This gives a much larger space (264) for the plaintext/ciphertext in a block as well as the initial con-dition of the chaotic map. Compared to the 8-bit block size and only 256 possible values for X0 in the originalschemes, this improvement gets rid of the brute-force attack that can serve as a foundation for further crypt-analysis [3,5]. What’s more, the initial conditions of the two skew tent maps X0 and Y0 are determined by keydependant transformations. Even when they are known, an adversary cannot recover the key.

Besides the above expansion, we also introduce a permutation scheme into the plaintext block. Quite a lotof existing chaotic cryptosystems operate on a byte-wise plaintext block but do not possess any confusion ordiffusion operation within the block. The permutation operation in our cipher is carried out by s(•), which isboth plaintext and key dependent.

In Pareek’s cryptosystems, the encryption formula (7) leaks directly the value of single chaotic variablesused to encrypt each block. The known-plaintext attack can easily derive these values which are critical todeduce the key. In our improved version, the two chaotic variables Xb and Yb, whose initial values and updat-ing procedures are related to the key and the ciphertext, respectively, are employed to mask the plaintext (see(22)). In this manner, only the value of Xb � Yb can be obtained, but none of Xb or Yb alone is available to theattacker.

The problem that the sequence of Xb is independent of plaintext was solved by Wei et al. by associating theiteration number with the plaintext [4]. In the proposed scheme, a similar method is employed in (16). Mean-while, the updating of Xb is also associated with the status of Xb�1, the last ciphertext block (Cb�1), and thekey (B2A1). Besides, a simple and efficient method, i.e. the CBC mode, is also adopted in (12) to enhance thediffusion effect of plaintext.

As mentioned in Section 2, there are several redundant operations in Pareek’s cryptosystems which contrib-ute little to the security. In order to simplify the cryptosystem and accelerate the encryption/decryption speed,these redundant operations are eliminated in our scheme. From the simulation results and the analysis, thesesimplifications do not downgrade the security. Indeed, it improves the performance.

Although there are many advantages in the proposed cipher as stated above, one rule should be kept inmind for selecting the secret key in practical use: do not choose a secret key whose four parts A1, A2, B1,and B2 are exactly identical. Otherwise, the initial conditions of chaotic maps are zeros and no valid chaoticiterations exist under this condition.

6. Conclusion

In this paper, a generalized description of Pareek’s cryptosystems is given. Their inherent weaknesses aswell as some redundancies that contribute little to the security are presented. Based on these analyses, animproved cryptosystem is proposed. In the improved scheme, all the existing weaknesses of Pareek’s crypto-systems are eliminated by different approaches. In order to obtain chaotic sequences with better cryptographicfeature, two skew tent maps are utilized to instead of logistic map. The redundant operations are then aban-doned to simplify and accelerate the cipher. Some new features such as permutation within ciphertext block,using two independent chaotic variables to mask the plaintext, etc., are also introduced into the system. Sim-ulation results and theoretic analyses both prove its superiority to the original cryptosystems.

Acknowledgement

The work described in this paper was fully supported by a grant from CityU (Project No. 7001927).

References

[1] Pareek NK, Patidar V, Sud KK. Discrete chaotic cryptography using external key. Phys Lett A 2003;309:75–82.

Page 9: An improved chaotic cryptosystem with external key

T. Xiang et al. / Communications in Nonlinear Science and Numerical Simulation 13 (2008) 1879–1887 1887

[2] Pareek NK, Patidar V, Sud KK. Cryptography using multiple one-dimensional chaotic maps. Commun Nonlinear Sci Numeri Simul2005;10:715–23.

[3] Alvarez G, Montoya F, Romera M, Pastor G. Cryptanalysis of a discrete chaotic cryptosystem using external key. Phys Lett A2003;319:334–9.

[4] Wei J, Liao XF, Wong KW, Zhou T. Cryptanalysis of a cryptosystem using multiple one-dimensional chaotic maps. CommunNonlinear Sci Numeri Simul 2007;12:814–22.

[5] Li CQ, Li SJ, Alvarez G, Chen GR, Lo K-T. Cryptanalysis of a chaotic block cipher with external key and its improved version.Chaos, Solitons & Fractals. doi:10.1016/j.chaos.2006.08.025.

[6] http://www.swox.com/gmp/.[7] Shannon CE. Communication theory of secrecy systems. Bell Syst Tech J 1948;28:656–715.[8] Baptista MS. Cryptography with chaos. Phys Lett A 1998;240:50–4.[9] Wong WK, Lee LP, Wong KW. A modified chaotic cryptographic method. Phys Lett A 2001;138:234–6.

[10] Wong KW. A fast chaotic cryptographic scheme with dynamic look-up table. Phys Lett A 2002;298:238–42.