Chapter 3 Symmetric Key Crypto Stream Ciphers Block Ciphers Block Cipher

© All Rights Reserved

4 views

Chapter 3 Symmetric Key Crypto Stream Ciphers Block Ciphers Block Cipher

© All Rights Reserved

- Cubical Key Generation and Encryption Algorithm
- final RSA Documentation
- ps2
- Hakin9_EN_05_2014 (1)
- A DNA and Amino Acids-Based Implementation of Playfair Cipher
- View
- Assigment2025 Cyber Security
- Cryptography and Learning Machines
- Security in Computing CS803
- IJAIEM-2014-01-07-010
- EMV_IssuerSecurityGuidelines[1]
- sscp.pdf
- ijnsa050206
- Security Issues in Cloud Computing
- Engl 1102 Assignment 2 Draft 2
- ElGamal Cryptosystem
- Security on the E-Commerce Site
- USING DYNAMIC DUAL KEYS ENCRYPTION ALGORITHM AS PARTIAL ENCRYPTION FOR A REAL-TIME DIGITAL VIDEO
- Crypto_Class_Slides.pdf.pdf
- encription

You are on page 1of 7

www.elsevier.com/locate/pla

Adrian Skrobek

Szczecin University of Technology, 71-210 Szczecin, Poland

Received 17 May 2006; accepted 21 October 2006

Available online 7 November 2006

Communicated by A.P. Fordy

Abstract

In [N.S. Philip, K.B. Joseph, Chaos for stream cipher, cs.CR/0102012] Philip and Joseph propose their own cipher algorithm. An efficient

attack on the values of the key of this cipher is presented in this Letter. Other weaknesses of this cipher are presented, and proposals of algorithm’s

improvement as well.

© 2006 Elsevier B.V. All rights reserved.

cryptographic algorithms call for discrete approach.

In [1] Philip and Joseph present the proposal of a cipher al- In the case of a logistic map

gorithm based on a couple of logistic maps and bitwise “xor” xn+1 = λxn (1 − xn ), 0λ4 (1)

operation. Most of the stream ciphers are based on pseudoran-

dom number generator. The sending party adds secret informa- the state xn+1 is entirely determined by the state xn . Although

tion to the carrying signal. The secret information is removed at the formed chaotic orbit looks as it was random, it is completely

the receiver side (this way the message is recovered; it is neces- predictable. A system based only on a logistic map is not safe

sary that the receiver can generate an identical carrying signal). from the cryptographic point of view. Two chaotic systems have

A good pseudorandom number generator must have a long cy- been considered, with orbits specified as {xn } and {xn } (both

cle length. systems share the λ system parameter).

Chaotic systems are characterized by properties, which are

promising for the designers of stream ciphers. They are char- 1.1. Cipher’s algorithm description

acterized by irregular run, though they are necessitarian. The

chaotic systems are well-used in analog systems, however in After some simplification of the original description, the

discrete systems the main problem is the finite precision of cal- cryptographic algorithm is described as below (the block dia-

culation. What makes it worse, is the fact that chaotic systems gram of this algorithm is shown on Fig. 1):

are expotentially sensitive to the initial conditions. None the Pn = xn ⊕ xn , (2)

less, it was observed that a combination of few chaotic systems

gives a sequence with a complicated structure. The research was Cn = Pn ⊕ yn , (3)

focused on the linear systems. In [1] the amplification of this xn+1 = f (xn , λ) ⊕ Cn , (4)

approach for non-linear systems is described. xn+1 = f (xn , λ), (5)

The discrete realization of chaotic systems is different in re-

lation to the analog realization, but it is still a good enough where, yn is plaintext stream, Cn is a ciphertext, ⊕ means

a bitwise xor operation. x0 , x0 and λ are the cipher’s key.

f (x, λ) = λx(1 − x) is the logistic map. The value of x0 is cal-

E-mail address: askrobek@wi.ps.pl (A. Skrobek). culated from the value of x0 , but the way to do it is not given

0375-9601/$ – see front matter © 2006 Elsevier B.V. All rights reserved.

doi:10.1016/j.physleta.2006.10.081

A. Skrobek / Physics Letters A 363 (2007) 84–90 85

of float number. As it has been mentioned in Section 1.1, the x0

value does not belong to the key. However, even if we have a

128-bit long key (λ and x0 ), the key entropy is lower because

some of its bits are constant. The key entropy could be esti-

mated at the level of 96 bits.

knows all the implementation details, the variables value range,

initial states and so on. The only unknown is the value of the

key, but its value range is known. This approach is consistent

to Kerckhoff’s principle, which states that the safety of a cipher

Fig. 1. Block diagram of the Philip–Joseph algorithm.

must rely only on the key safety [4,5].

Currently the classic types of attack are as follows (from the

in [1]. This transformation cannot be secret if the process of most complicated to the most simple one):

decryption is supposed to be possible. An assumption can be

made that x0 does not belong to the key. However, this does not (1) Ciphertext-only attack;

change the further cryptanalitycall deliberation. (2) Known plaintext attack;

In the proposed algorithm a value of x0 and the calculation (3) Chosen plaintext attack;

of x0 from x0 is sent to the recipient. Such an approach is not (4) Chosen ciphertext attack.

recommended: This transformation must be known, therefore it

decreases the key space by one parameter. The sense of using attacks other than ciphertext-only attack is

A stream cipher needs a pseudorandom number generator. shown when considering a cipher as one built into a crypto-

Linear shift registries (LFSR) are often used in classic ciphers. graphic device or, for example, during setting an SSL session.

These are generally linear systems. A non-linear transforma- In that situation, although the keys themselves are hidden, the

tion (xor operation), which causes a jump between trajectories attacker has a possibility to send any messages to the device or

(those leads to perturbations in the chaotic system) was used in the server.

the given example. A system like this is still necessitarian, how- A combination of attacks with chosen plaintext and chosen

ever its attractor is far more chaotic. The sequences generated ciphertext have been used in the Letter. This method is known

by the system are identical only in case, where the same plain- under the name of adaptive chosen plaintext attack and adap-

text is enciphered and the parameters x0 , x0 and λ are equal. It tive chosen ciphertext attack. It is based on the selection of a

was proposed to use a random number as a value of the x0 pa- plaintext based on previously acquired results.

rameter, using the current system time as the seed. This is not a

good idea because time can be estimated with a certain proba-

3. An attack on the first two blocks

bility.

The resistance to the brute force attack was estimated in [1]

An uncovered weakness of investigated cipher is a problem

by specifying a number of the significant bits of the key (xn ,

with encrypting blocks of plaintext with the same keystream. As

xn and λ) as a value of 2m + k, which gives 22m+k of combi-

it is described below, the analyzed algorithm encrypts the first

nations. With the assumption that k = m = 16 bits, the number

two blocks with the same keystream. This information could be

of combinations equals 248 . However, 248 is a way too small

usefull to decrypt the first two blocks of ciphertext when an at-

number. The case gets worse because of the fact, that xn comes

tacker obtains a temporary access to the encryption machinery.

from xn , so the number of combinations will be even smaller.

It uniquely results from the encryption algorithm that for a

Increasing the number of the significant bits of parameters or

given key x0 , x0 and λ, the value of P0 is always the same.

multiple encryption was proposed to improve the immunity to

Therefore, using a chosen or known plaintext attack, it can be

brute force attack. In the second case, a cryptanalyst has to con-

calculated that

sider the previous enciphered value or do 2n(2m+k) calculations.

The cipher, however, will be slower. α0 = P0 = C0 ⊕ y0 . (6)

1.2. Implementation details With knowledge of α0 for a given key, the first 8-byte block of

a ciphertext can be deciphered by calculating

Although the authors in [1] assume a 16-bit long decimal y0 = α0 ⊕ C0 . (7)

format, it is more natural to use widely applicable standard

IEEE-754 of floating point number representation [3]. In fact The calculation of the second block requires the evaluation of

because of size of the double precision float, the algorithm is

also more secure against the brute force attack. During investi- α1 = f (x0 , λ) ⊕ f (x0 , λ). (8)

86 A. Skrobek / Physics Letters A 363 (2007) 84–90

range of (0, 1). After research has been made, it turned out that

the most significant 8 bits of the parameter P0 have value 0. The

8th bit has the value 1 with a 1% probability, whereas the 9th

bit with a 16% probability. The remaining bits have a random

distribution. Therefore, decryption of the first 10 bits according

to the formula y0 = C0 is feasible with high probability.

Ten first bits of the second block can be decrypted with

higher probability than in the case of the first block. Numbers

in the range of (0, 1) in a floating-point representation have the

9 first bits set to a known and fixed value. Bit 9 can be esti-

mated with approximately 90% probability. What follows from

the ciphering algorithm is this: y1 = P1 ⊕ C1 = x1 ⊕ x1 ⊕ C1 =

f (x0 , λ) ⊕ C0 ⊕ f (x0 , λ) ⊕ C1 . Researches have shown the

9 most significant bits can be uniquely estimated for the ex-

pression f (x0 , λ) ⊕ f (x0 , λ), however the 9th bit with a 90%

probability. It is possible then to decrypt the first 10 bits with

high probability, according to the formula y1 = C0 ⊕ C1 .

below. It allows to get all the values of the key. This attack

is a combination of attacks with chosen ciphertext and cho-

sen plaintext attacks. The idea is to make a chaotic system

run out of control, so that one of the systems enters a for-

bidden area. It is best for the next orbit value to be a “NaN”

(Not a Number) or infinity. This is impossible for the system

Fig. 2. Algorithm of an attack on first two blocks.

xn+1 = f (xn , λ), because the value of the control parameter

λ ∈ (3.57, 4). The initial value also will probably be selected

It is a constant value, dependent of the key, but independent of correctly, so x0 , x0 ∈ (0, 1). Although the involvement of the

the plaintext. As it turns out, the value of α1 can be calculated xor operation into the function of the system xn+1 = f (xn , λ)

from the ciphertext and the plaintext, using a known or chosen prevented previous attacks, in this case it gave a possibility of

plaintext attack. The value of α1 = C1 ⊕ C0 ⊕ y1 . an efficient attack on the algorithm.

Proof: To execute an attack, the values of x0 ⊕ x0 and f (x0 , λ) ⊕

C1 = P1 ⊕ y1 , (9) f (x0 , λ) have to be defined first. They can be acquired by deci-

phering the ciphertext specified by the sequence C2 = (0, 0). In

C1 = x1 ⊕ x1 ⊕ y1 , (10) accordance with the decrypting algorithm, we will get the se-

C1 = f (x0 , λ) ⊕ C0 ⊕ f (x0 , λ) ⊕ y1 , (11) quence P2 = (x0 ⊕ x0 ⊕ 0, f (x0 , λ) ⊕ f (x0 , λ) ⊕ 0) = (x0 ⊕

x0 , f (x0 , λ) ⊕ f (x0 , λ)) (details listed in Table 1). This se-

f (x0 , λ) ⊕ f (x0 , λ) = C1 ⊕ C0 ⊕ y1 = α1 . (12)

quence will be used to prepare a special plaintext sequence,

Knowing the value of α1 , the second block of the plaintext can which will then make the system run out of control to a for-

be calculated for any ciphertext, according to the formula bidden area. The chaotic system xn+1 = f (xn , λ) will run out

of control when its argument (previous orbit value) will be a

y1 = α1 ⊕ C0 ⊕ C1 . (13) large binary number. This effect cannot be obtained in the first

The above description has been shown on Fig. 2. step: The orbit value is dependent on x0 . It is known though,

that every orbit value of the logistic function is in the range

4. An attack on the constant bits of the ciphertext of (0, 1). In accordance with [3] the binary representation of a

normalized floating-point number ranging in (0, 1) contains the

The involvement of a non-linear transformation (i.e. opera- value 0x3f in the most significant byte. Let introduce constant

tions on numbers using floating-point arithmetic) to a logistic Imax (the maximum value of an integer without the sign and a

function makes the cryptanalysis of consecutive blocks more binary length equal to the length of a binary representation of a

complicated. Other weaknesses of the algorithm is explained floating-point number):

later. A cryptanalysis of at least a part of the ciphertext can be

done with a ciphertext only. According to the shown algorithm,

y0 = C0 ⊕ x0 ⊕ x0 . The values of x0 and x0 must enclose in the Imax = 0xffffffffffffffff. (14)

A. Skrobek / Physics Letters A 363 (2007) 84–90 87

Table 1

Initializing the chosen ciphertext attack with C2 = (0, 0)

n xn xn Pn Cn yn f (xn ) f (xn )

0 x0 x0 x0 ⊕ x0 0 x0 ⊕ x0 f (x0 ) f (x0 )

1 f (x0 ) f (x0 ) f (x0 ) ⊕ f (x0 ) 0 f (x0 ) ⊕ f (x0 ) f 2 (x0 ) f 2 (x0 )

Table 2

Chosen plaintext attack with y3 = (β0 , β1 , 0)

n xn xn Pn Cn yn f (xn ) f (xn )

0 x0 x0 x0 ⊕ x0 Imax ⊕ 1.0 β0 f (x0 ) f (x0 )

1 Ilarge f (x0 ) Ilarge ⊕ f (x0 ) 0 β1 −∞ f 2 (x0 )

2 −∞ f 2 (x0 ) −∞ ⊕ f 2 (x0 ) −∞ ⊕ f 2 (x0 ) 0 −∞ f 3 (x0 )

3 f 2 (x0 ) f 3 (x0 ) f 2 (x0 ) ⊕ f 3 (x0 ) – – f 3 (x0 ) f 4 (x0 )

Table 3

Chosen plaintext attack with y4 = (β0 , β1 , f 2 (x0 , λ), 0)

n xn xn Pn Cn yn f (xn ) f (xn )

0 x0 x0 x0 ⊕ x0 Imax ⊕ 1.0 β0 f (x0 ) f (x0 )

1 Ilarge f (x0 ) Ilarge ⊕ f (x0 ) 0 β1 −∞ f 2 (x0 )

2 −∞ f 2 (x0 ) −∞ ⊕ f 2 (x0 ) −∞ f 2 (x0 ) −∞ f 3 (x0 )

3 0 f 3 (x0 ) f 3 (x0 ) f 3 (x0 ) 0 0 f 4 (x0 )

4 f 3 (x0 ) f 4 (x0 ) f 3 (x0 ) ⊕ f 4 (x0 ) – – f 4 (x0 ) f 5 (x0 )

According to [3], its floating-point representation is −21023 . than there is available for the binary representation, thus the

Additionally, let us mark mathematical package returns the value of infinity. Addition-

ally, the value C1 = 0, so it does not change any bits of the value

Ilarge = 0xff d2 d3 . . . d15 . (15) x2 . The zero value comes from the fact that C1 = y1 ⊕ P1 =

The value of Ilarge is a number which contains the value 0xff Imax ⊕ 1.0 ⊕ f (x0 , λ) ⊕ f (x0 , λ) ⊕ f (x0 , λ) ⊕ C0 ⊕ f (x0 , λ) =

as the most significant byte and the remaining digits (hexadeci- Imax ⊕ 1.0 ⊕ f (x0 , λ) ⊕ f (x0 , λ) ⊕ Imax ⊕ 1.0 ⊕ x0 ⊕ x0 ⊕ x0 ⊕

mal) are undetermined. Passing the value x0 = 0.

After performing the above step it is known that the current

β0 = Imax ⊕ 1.0 ⊕ x0 ⊕ x0 (16) orbit value is xn+1 = f (xn , λ) = −∞. This value has an ap-

propriate binary representation. Block y2 = 0 is supposed to be

to the encrypting function as the first block, x0 ⊕ x0 ob-

encrypted in the next step, so that C2 = −∞ ⊕ x2 is acquired.

tained from the first step will cause that x1 = β0 ⊕ x0 ⊕ x0 ⊕

The values of each variable and expression are shown in Ta-

f (x0 , λ) = Ilarge will be a large binary number (in accordance

ble 2. Finally, x2 is evaluated from formula (18)

with [3] in the floating-point representation of the value of Ilarge

is, with high probability, smaller than −21009 ). This comes from x2 ≡ f 2 (x0 , λ) = −∞ ⊕ C2 . (18)

the fact that the result of the operation on the logistic map itself

will have a binary representation with the most significant bit To obtain all essential values of the key (it is known that xn =

value of 0x3f , by which it eliminates value of 1.0 in a sig- xn ⊕ Pn , Pn was obtained from the first stage of cryptanalysis)

nificant degree. The value of P0 eliminates passing of itself the value of one of the next orbits is f (xn , λ) or f (xn , λ) is re-

(obtained from the first step) as a part of y0 . quired. To get it, the encryption of the first two blocks should be

The above operation will cause the system to run out of performed once more (after resetting the internal state of the en-

control. To get the first part of the key, which in this case is crypter) and encrypt the lately obtained value f 2 (x0 , λ) as the

f 2 (x0 , λ), the value of the expression third block, number 0 as the fourth. This will be the cause for

the value x3 = 0, and as an effect of encryption of a block with

β1 = Imax ⊕ 1.0 ⊕ f (x0 , λ) ⊕ f (x0 , λ) (17) 0 value we get C3 = x3 (C3 = P3 ⊕ 0 = x3 ⊕ 0 ⊕ 0 = x3 ). The

should be encrypted as the second block. Equally to the first parameters and expressions values are shown in Table 3. Know-

block, the value f (x0 , λ) ⊕ f (x0 , λ) is obtained from the stage ing the values of x2 and x3 , a control parameter λ is calculated

of the initial attack. Delivering this value for deciphering in the from formula (19)

second block will cause that x2 = −∞. This is the result of the x3

fact that the previous value of x1 was a large binary number, λ= . (19)

x2 · (1 − x2 )

stored in all bits of the binary representation of a floating-point

number. The logistic map is a quadratic function, so after rising The value of x1 can be calculated from the reverse logistic map

it to the second power, the function requires greater more space iteration formula referring to the logistic map defined by the

88 A. Skrobek / Physics Letters A 363 (2007) 84–90

value 0x3ff 0000000000000 is a binary representation of a real

number 1.0, and 0xffffffffffffffff is a value earlier de-

fined as Imax . Similarly, we evaluate

⊕ 0x000f 51b9da190082. (27)

After calculation β1 = 0xc000ae4625e6ff 7d. Afterwards we

encrypt the sequence y3 = {β0 , β1 , 0}, which gives us:

0x0000000000000000}. (28)

The sequent states of the encrypter are shown in Table 5 (deci-

mal representation is rounded). As it can be seen, the value x1 =

0xff e495182a9930be is the value earlier defined as Ilarge . It

is unknown exactly what value will that be (it depends on the

argument, which depends on the encrypter’s keys), but it will

surely be a value outside the valid range of (0, 1) (in this exam-

ple Ilarge = −1.1562 × 10308 ) causing the chaotic system to run

out of control in the next step. Indeed, the value of x2 = −∞.

As an additional effect it can be observed that the system’s state

x ‘jumped’ to system x in the third step. This results directly

from the construction of the sequence passed for encryption.

As a result of enciphering the y3 sequence we get the se-

quence

Fig. 3. Algorithm of an attack on parameters of the key.

C3 = {0xc00fffffffffffff, 0x0000000000000000,

formulas (20) 0xc01a8f e0ee102230} (29)

⎧

xn

⎪

⎨ 1− 1−4 λ in which the last element is −∞ ⊕ x2 (as appears in Table 2).

or

xn−1 =

2

(20) From the specification [3], confirmed by Table 5, it is known

⎪

⎩ 1+ 1−4 xλn that −∞ = 0xfff 0000000000000, so x2 = −∞ ⊕ C3 (2):

2 .

A step by step algorithm of the cryptanalytic process is shown x2 = 0xfff 0000000000000 ⊕ 0xc01a8f e0ee102230

at Fig. 3. = 0x3f ea8f e0ee102230. (30)

6. An example of an attack on the key values Finally x2 = 0.83006331. According to the procedure de-

scribed in the previous point, the next thing to do is to encrypt

Assuming that the ciphering keys are: the block y4 = {β0 , β1 , x2 , 0}. Let us encrypt the sequence:

x0 = 0.4 = 0x3f d999999999999a, (22) 0x3f ea8f e0ee102230, 0x0000000000000000}. (31)

x0 = 0.77 = 0x3f e8a3d70a3d70a4. (23) The internal states of the encrypter are specified in Table 6 (dec-

Let us decipher the sequence imal values are rounded). As the result of encryption we get the

sequence:

C2 = {0x0000000000000000, 0x0000000000000000}. (24)

The sequent values of the decoder’s chaotic systems are stated C4 = {0xc00fffffffffffff, 0x0000000000000000,

in Table 4 (decimal representation is rounded). As a result of 0xfff 0000000000000, 0x3f e01d4f 391519b3}. (32)

deciphering we get the sequence

The last value of the sequence is x3 = 0.50357782. The value of

P2 = {0x00313a4e93a4e93e, 0x000f 51b9da190082}. (25) the key λ can be calculated, accordingly to formula (19), when

Next, we evaluate knowing the values of x3 and x2 . After the end of calculation:

λ= = = 3.57.

⊕ 0x00313a4e93a4e93e. (26) x2 · (1 − x2 ) 0.83006331 · (1 − 0.83006331)

(33)

A. Skrobek / Physics Letters A 363 (2007) 84–90 89

Table 4

Decrypter’s internal states in initialization phase

n xn xn (hex) xn xn (hex)

1 0.8568 0x3f eb6ae7d566cf 41 0.632247 0x3f e43b5e0f 7f cf c3

2 0.4380167232 0x3f dc08774b4f af 7b 0.83006331 0x3f ea8f e0ee102230

Table 5

Encrypter states during the out of control runs

n xn xn (hex) xn xn (hex)

1 −1.1562 × 10308 0xff e495182a9930be 0.632247 0x3f e43b5e0f 7f cf c3

2 −∞ 0xfff 0000000000000 0.83006331 0x3f ea8f e0ee102230

3 0.83006331 0x3f ea8f e0ee102230 0.50357782 0x3f e01d4f 391519b3

Table 6

Internal states of the encrypter while retrieving the x3 value

n xn xn (hex) xn xn (hex)

1 −1.1562 × 10308 0xff e495182a9930be 0.632247 0x3f e43b5e0f 7f cf c3

2 −∞ 0xfff 0000000000000 0.83006331 0x3f ea8f e0ee102230

3 0.0 0x0000000000000000 0.50357782 0x3f e01d4f 391519b3

4 0.50357782 0x3f e01d4f 391519b3 0.89245430 0x3f ec8ef c52a48605

With the values of λ, x3 and x2 now known, we calculate the (4) System is susceptible for running out of control.

value of x1 accordingly to formula (20):

The first inconvenience shows, that the key entropy which

x2

1− 1−4 λ 1 − 1 − 4 0.83006331

3.57 defines an upper bound of the cipher’s security [4] is weaker

x1 = = = 0.367753

2 2 than today’s security requirements [6]. This is because of fact,

(34) that initial values of chaotic systems depends of each other. This

or can be easily avoided by omitting the function that transforms

x2 one key into another and by defining explicitly all parts of the

1 + 1 − 4 1 + 1 − 4 0.83006331

3.57

x1 = λ

= = 0.632247. key. This way the key’s length will reach about 150 bits, what

2 2 can be treated as secure.

(35) A common feature of many ciphers (see e.g. cryptanalyses in

From the two possible results of the value of x1 , we calculate [7,8]) is a problem with encrypting blocks of plaintext with the

four potential x0 keys. One of them is correct. We use for- same keystream. The analyzed algorithm encrypts only the first

mula (20) analogically, but with input values of 0.367753 and two blocks with the same keystream. To prevent this, two first

0.632247. We then get four possible values of the key (some blocks can be passed as random numbers and can be omitted

values are rounded): 0.77, 0.23, 0.8833900, 0.1166099. The while decrypting. However it is better to pass a random number

correct key in this case is 0.77. To evaluate the x0 key, a xor as the first block (so-called “salt” value) to the encrypter, and

operation should be executed on the value of the x0 key and the send every following number as a result of xor operation of

first element of P2 sequence. Therefore: the first block with the block of plaintext. At the moment of

decryption the first block should be decrypted at first, then after

x0 = 0x3f e8a3d70a3d70a4 ⊕ 0x00313a4e93a4e93e

decrypting the following blocks, perform the xor operation of

= 0x3f d999999999999a. (36) the deciphered first block and the following deciphered blocks.

In result x0 = 0.4. This way to obtain all three numbers, which As it has been written in [5] and latter in [9], the security of

are the cipher’s key. a cipher must rely only on security of the key. So ability to gain

of any bit of the key reduces security of whole cipher. Chaotic

7. Improvement suggestions systems usually works within the real number domain. Further-

more, the range of those numbers is often limited within the

In consequence of the cryptanalysis the following weak- range of (0, 1). To minimize the predictability of the keystream

nesses of the encrypting algorithm have been noticed: bits and other variables of the encrypter’s state, the block should

be shortened to a number of bits which is less predictable (e.g.

(1) One part of the key depends on the other. to the 6 least significant bytes, if the binary representation of

(2) The first two blocks are always enciphered with the same a real number is 8-byte long). From researches made on the

key. keystream bits it results that the 6 least significant bytes have a

(3) Some of the keystream bits are predictable. random distribution and every bit is set with a 50% probability.

90 A. Skrobek / Physics Letters A 363 (2007) 84–90

In author’s opinion, a dangerous property of the described ber causes the system to pass to non-standard states, provid-

algorithm is the fact that arithmetic operations on floating-point ing some possible predictability of the ciphertext. It is recom-

numbers are mixed with bit operations on the binary represen- mended to use techniques which generate a different ciphertext

tation of these numbers. Chaotic systems works for orbits with for the same plaintext. This efficiently makes the cryptanalysis

values from (0, 1). Orbit values outside that range can cause harder to perform.

that system quickly reach orbit values equal to ∞ or −∞.

Because of the bitwise xor operation on the orbit and the ci- Acknowledgements

phertext, the orbit of the system can reach any value. To prevent

this, the floating-point modulo 1.0 operation can be used instead The author would like to thank Jerzy Pejaś, Ph.D. for his

of xor operation. The binary xor operation can also be left, but help in the preparation of this Letter.

with the condition that it can be only performed on the number

bits which are responsible for the value from range of (0, 1).

References

This can be achieved by performing the xor operation on the

subset of bits of mantissa only. Also one can use a fixed-point

[1] N.S. Philip, K.B. Joseph, cs.CR/0102012.

decimal format. I this case the xor operation should change only [2] H.-O. Peitgen, H. Jürgens, D. Saupe, Fractals for the Classroom, Springer-

a fraction part of the number. Verlag, New York, 1992.

The above observation was made only for cipher algorithm [3] S. Hollasch, IEEE Standard 754 Floating Point Numbers, IEEE, 2004.

described in [1]. A number of discrete time chaotic ciphers have [4] S. Vanstone, A. Menezes, P. van Oorschot, Handbook of Applied Cryp-

been examined (see e.g. [10–14]), but no one was designed in tography, CRC Press, 1997.

[5] A. Kerckhoffs (von Nieuwenhof), La cryptographie militaire, J. Sci. Mili-

the way that chaotic orbit (cipher’s internal state) was processed taires January (1883), (French) (Military cryptography).

by bitwise operation (although some cryptanalyses were per- [6] B. Schneier, N. Ferguson, Practical Cryptography, John Wiley & Sons,

formed successfully). Therefore, author claims not to mix the 2003.

bitwise and floating point operation in chaotic cipher’s design [7] G. Álvarez, F. Montoya, M. Romera, G. Pastor, Phys. Lett. A 311 (2003)

as a general rule, because of possibility the internal state of ci- 172.

[8] G. Jakimoski, L. Kocarev, Phys. Lett. A 291 (2001) 381.

pher to run out of control. [9] C.E. Shannon, Bell Syst. Tech. J. 28 (1949) 656.

[10] N.K. Pareek, V. Patidar, K.K. Sud, Phys. Lett. A 309 (2003) 75.

8. Summary [11] M.S. Baptista, Phys. Lett. A 240 (1998) 50.

[12] T. Habatsu, Y. Nishio, I. Sasase, S. Mori, A Secret Key Cryptosystem by

Iterating a Chaotic Map, Springer-Verlag, 1998.

The encrypting machine’s dependency on the generated ci-

[13] Z. Kotulski, J. Szczepanski, Ann. Phys. 6 (1997) 381.

phertext causes a possibility of the system to run out of control [14] E. Alvarez, A. Fernández, P. García, J. Jiménez, A. Marcano, Phys. Lett.

and getting predictable results. Moreover, combining binary A 263 (1999) 373.

representation of a floating-point number with a random num-

- Cubical Key Generation and Encryption AlgorithmUploaded bychethan
- final RSA DocumentationUploaded byKishore Pinninti
- ps2Uploaded byDonay X Small
- Hakin9_EN_05_2014 (1)Uploaded byPRekha
- A DNA and Amino Acids-Based Implementation of Playfair CipherUploaded byijcsis
- ViewUploaded byEvan Skull
- Assigment2025 Cyber SecurityUploaded bysimorange
- Cryptography and Learning MachinesUploaded byGabriela Mogos
- Security in Computing CS803Uploaded byDman
- IJAIEM-2014-01-07-010Uploaded byAnonymous vQrJlEN
- EMV_IssuerSecurityGuidelines[1]Uploaded bychinmay451
- sscp.pdfUploaded byMohamed Sabil
- ijnsa050206Uploaded byAIRCC - IJNSA
- Security Issues in Cloud ComputingUploaded bysingh400amit
- Engl 1102 Assignment 2 Draft 2Uploaded bywmeek26
- ElGamal CryptosystemUploaded byHanuma Pantham
- Security on the E-Commerce SiteUploaded byJoel Brown
- USING DYNAMIC DUAL KEYS ENCRYPTION ALGORITHM AS PARTIAL ENCRYPTION FOR A REAL-TIME DIGITAL VIDEOUploaded byIJAET Journal
- Crypto_Class_Slides.pdf.pdfUploaded byKent Johnson
- encriptionUploaded bylasanthahansi
- Implementing Protected and Less Complex Crito Devices with High Fault ExposureUploaded byseventhsensegroup
- NoverUploaded byMarioKundit
- Crypto StoryUploaded byAemenWaqas
- Ash WinUploaded byLalit Mohan
- 208892_2014 Exam 1Uploaded byGilbert Shih
- E com 4Uploaded byAnkur Singh
- JournalNX-3d Aes Pgp StegnographyUploaded byJournalNX - a Multidisciplinary Peer Reviewed Journal
- 35010729-securelockmobileUploaded bybacabacabaca
- Discussion NetworkingUploaded byNor Fitri Hana Jaafar
- Report Voting Tps17Uploaded byAstolfo Furioso

- One-Time Pad or vernam Cipher.pptUploaded byrsvishalsingh93
- 3914-10363-1-PB.pdfUploaded byvikram
- Cryptography and Network Security_.pdfUploaded byperhacker
- cryptoUploaded bydjkitoo
- BonehShoup_0_4Uploaded byronaldo.zani
- Codes and CiphersUploaded byperhacker
- crypto_outreach1_2Uploaded bySlow Hand
- Crypto 101Uploaded byYoeza Sapoetro
- One Time Pad the Only Unbreakable CipherUploaded byperhacker
- Problems of the Unbreakable CipherUploaded byperhacker
- Cryptanalysis of the Vigenere CipherUploaded byperhacker
- Creating and Cracking Codes and CiphersUploaded byperhacker
- Codes and Ciphers (Cryptology)Uploaded byperhacker
- Codes and Ciphers - Fourier and BlahutUploaded byperhacker
- CHAPTER 01 - Basics of Coding TheoryUploaded bybinduscribd
- A Symmetric Key Cryptographic Algorithm.pdfUploaded byperhacker
- Famous Unsolved Codes Ciphers Dorabella Cipher Voynich ManuscriptUploaded byperhacker
- Block Cipher vs Stream CipherUploaded byperhacker
- Chapter 3 Symmetric Key Crypto Stream Ciphers Block Ciphers Block CipherUploaded byperhacker
- chapter-3-symmetric-key-crypto-stream-ciphers-block-ciphers-block-cipher.pptUploaded byperhacker
- streamkilUploaded byshakeelss
- Unbreakable CipherUploaded byperhacker
- Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers Modern VersionUploaded byperhacker
- Bit Cipher 1 Example of Bit Cipher 2 Practical Stream Cipher 3Uploaded byperhacker
- A Chaotic Stream Cipher Based on Symbolic Dynamic Description and SynchronizationUploaded byperhacker
- A Chaotic Stream Cipher and the Usage in Video ProtectionUploaded byperhacker
- Arithmetic Compression With CUploaded byperhacker

- Data Structure Lec18 HandoutUploaded byJʋŋaiɗ Aĸɓar
- 101 Unix CommandsUploaded bybrahmaqa1
- Using Pushdown OptimizationUploaded byPradeep Kothakota
- nuUploaded bywawawa2
- CHAPTER 01 - Basics of Coding TheoryUploaded byVarshaPishareddy
- teen protocolUploaded byZia Ur Rahman
- DocumentUploaded bymanishchaurasia056
- A Methodology to Design FPGA-Based PID Controllers (2006) - IEEE ArticleUploaded byRené Pereira
- Genetic Algorithms _ 0-1 KnapsackUploaded byswatsurmy
- Alan Kay: Transforming the Computer Into a Communication MediumUploaded byKarthik Biztrotter
- MisterUploaded byTezadeLicenta
- e23633 Database Upgrade Guide 11.2Uploaded byanthony.martorana9959
- The Secrets of Exploiting Local and Remote File Inclusion (Part 2) - WebcastUploaded bysresearcher7
- DIF-FFTUploaded bySaleem Almaqashi
- Salesforce Migration GuideUploaded byAjay Tyagi
- Creating GDL Objects E-GuideUploaded byVali Enciu
- Real6410 WinCE Development ManualUploaded byhyrup
- SOP TemplateUploaded byMarvin Xavier
- Struts TutorialUploaded byUnnikrishnan Krishnan
- PCpaK User ManualUploaded byJure Mrduljas
- final-test-280708-1222266131666280-9Uploaded bychiritaaalex
- How to Upgrade and Install RAM Memory HP Pavilion Ze4900 CTO Notebook PCUploaded byjimgblk
- django templates cheat sheetUploaded bywindoze007
- Femap API ReferenceUploaded byMSC Nastran Beginner
- Modbus configuration example for an Allen Bradley Micrologix 1400 - Mesta Automation.pdfUploaded byFernandoCamargo
- JSchartsUploaded byClaudine Gidoux
- CoreRefrenceJS15Uploaded byStephanie Cee
- DVRNVR HDD Compatible List v3.1.0_20141231Uploaded byLuis Alberto Sierra
- Mobhci HeinrichsUploaded byarchitectintx
- webconf-nodejs-production-architecture-130112173041-phpapp02.pdfUploaded bycyberndut