CommentCryptanalysis of a chaotic encryption system
Introduction
The cryptosystem based on the iteration of a non-linear dynamical system presented in [1] is a symmetric cipher algorithm which encrypts an arbitrary long stream of bits, divided up into blocks of variable length, into a 3-tuple of numbers, using as secret key the parameter of the dynamical system: The encryption process can be described in the following way: choose a suitable real number k, the parameter of the dynamical system (1), as the key of the system. Next, consider the first block of information bits to be transmitted, of length b1, and start iterating (1) from arbitrary initial conditions (xd,xd−1,…,x1). Choose a threshold U1 and construct a chain C1 of 0's and 1's according to the convention: xn⩽U1→0 and xn>U1→1. As this chain is being generated, keep looking for the repetition in it of the bits of the first block b1. When this pattern appears, record the value of at which this pattern began and stop iterating. The array of d+2 real numbers () constitutes the ciphertext of the first block of b1 bits of the plaintext. The encryption process continues by selecting the next new b2-bit length block, a new threshold U2, and iterating from a new initial value until the same pattern is generated by the orbit of the dynamical system (1). The next ciphertext unit would be made up by the threshold, the block length, and the value of the iterate at which the pattern appeared: (). This process goes ahead until the plaintext is exhausted.
The decryption process is straightforward. The ciphertext units are decrypted by iterating bi times the initial conditions , and using the threshold Ui to convert the sequence of real numbers thus obtained into the correct sequence of bits. This is done repeatedly for every 3-tuple of values received. To recover the correct sequence of bits the knowledge of the parameter value of the dynamical system (1) is required.
In [1], the authors give a sample implementation using the well known tent map (also called triangular map), defined as: with r=1.99 and the threshold fixed at U=0.5. The maximum values used for the block size and for the length of the chains Ci are stipulated to be bmax=16 and 104, respectively.
Section snippets
Security and cryptanalysis
When cryptanalyzing a cryptosystem, the general assumption made is that the cryptanalist knows exactly the design and working of the cryptosystem under study, i.e., he knows everything about the cryptosystem except the secret key. This is an evident requirement in today's secure communications systems, usually referred to as Kerchoff's principle. Every cryptosystem is characterized by a five-tuple (P, C, K, E, D), where the following conditions are satisfied [2]:
- 1.
P is a finite set of possible
Further inconsistencies found
Obviously, after our four different methods of attack with different levels of difficulty, it is not possible to talk about security with such a cryptosystem. There are some other important weaknesses worth mentioning.
In the description of this cryptosystem there is no indication about the precision being used. In [1], 6-digit precision is used for the encrypted message. This means that an exhaustive search to perform a brute-force attack on the key could be completed in 106 operations, clearly
Conclusions
We have showed that the chaotic cryptosystem proposed in [1] presents no security at all, since we have devised many different ways to break it, as explained in this paper. It is not clearly specified how to determine the keyspace, how to generate the initial values, how much precision to use in the computations and how to handle different machine accuracy. Furthermore, when the secret key is slightly modified, the pair of plaintext and decrypted text presents too many coincidences.
From every
Acknowledgements
This research was supported by CICYT, DGESIC and “Comunidad de Madrid”, Spain, under grants PB97-1151, TEL98-1020 and “Beca de Formación de Personal Investigador”, respectively.
References (4)
- et al.
New approach to chaotic encryption
Phys. Lett. A
(1999) - et al.
Misiurewicz points in one-dimensional quadratic maps
Physica A
(1996)