Elsevier

Physics Letters A

Volume 276, Issues 1–4, 30 October 2000, Pages 191-196
Physics Letters A

Comment
Cryptanalysis of a chaotic encryption system

https://doi.org/10.1016/S0375-9601(00)00642-3Get rights and content

Abstract

Recently a new chaotic encryption system has been proposed by E. Alvarez et al. In this paper, several weaknesses of this cryptosystem are pointed out and four successful cryptanalytic attacks are described.

Introduction

The cryptosystem based on the iteration of a non-linear dynamical system presented in [1] is a symmetric cipher algorithm which encrypts an arbitrary long stream of bits, divided up into blocks of variable length, into a 3-tuple of numbers, using as secret key the parameter of the dynamical system: xn+1=f(xn,xn−1,…,xn−d+1). The encryption process can be described in the following way: choose a suitable real number k, the parameter of the dynamical system (1), as the key of the system. Next, consider the first block of information bits to be transmitted, of length b1, and start iterating (1) from arbitrary initial conditions (xd,xd−1,…,x1). Choose a threshold U1 and construct a chain C1 of 0's and 1's according to the convention: xnU1→0 and xn>U1→1. As this chain is being generated, keep looking for the repetition in it of the bits of the first block b1. When this pattern appears, record the value of xn1=(xn1,xn1−1,…,xn1−d+1) at which this pattern began and stop iterating. The array of d+2 real numbers (U1,b1,xn1) constitutes the ciphertext of the first block of b1 bits of the plaintext. The encryption process continues by selecting the next new b2-bit length block, a new threshold U2, and iterating from a new initial value until the same pattern is generated by the orbit of the dynamical system (1). The next ciphertext unit would be made up by the threshold, the block length, and the value of the iterate at which the pattern appeared: (U2,b2,xn2). This process goes ahead until the plaintext is exhausted.

The decryption process is straightforward. The ciphertext units are decrypted by iterating bi times the initial conditions xni, and using the threshold Ui to convert the sequence of real numbers thus obtained into the correct sequence of bits. This is done repeatedly for every 3-tuple of values received. To recover the correct sequence of bits the knowledge of the parameter value of the dynamical system (1) is required.

In [1], the authors give a sample implementation using the well known tent map (also called triangular map), defined as: f(x)=rxifx⩽0.5,r(1−x)ifx⩾0.5, with r=1.99 and the threshold fixed at U=0.5. The maximum values used for the block size and for the length of the chains Ci are stipulated to be bmax=16 and 104, respectively.

Section snippets

Security and cryptanalysis

When cryptanalyzing a cryptosystem, the general assumption made is that the cryptanalist knows exactly the design and working of the cryptosystem under study, i.e., he knows everything about the cryptosystem except the secret key. This is an evident requirement in today's secure communications systems, usually referred to as Kerchoff's principle. Every cryptosystem is characterized by a five-tuple (P, C, K, E, D), where the following conditions are satisfied [2]:

  • 1.

    P is a finite set of possible

Further inconsistencies found

Obviously, after our four different methods of attack with different levels of difficulty, it is not possible to talk about security with such a cryptosystem. There are some other important weaknesses worth mentioning.

In the description of this cryptosystem there is no indication about the precision being used. In [1], 6-digit precision is used for the encrypted message. This means that an exhaustive search to perform a brute-force attack on the key could be completed in 106 operations, clearly

Conclusions

We have showed that the chaotic cryptosystem proposed in [1] presents no security at all, since we have devised many different ways to break it, as explained in this paper. It is not clearly specified how to determine the keyspace, how to generate the initial values, how much precision to use in the computations and how to handle different machine accuracy. Furthermore, when the secret key is slightly modified, the pair of plaintext and decrypted text presents too many coincidences.

From every

Acknowledgements

This research was supported by CICYT, DGESIC and “Comunidad de Madrid”, Spain, under grants PB97-1151, TEL98-1020 and “Beca de Formación de Personal Investigador”, respectively.

References (4)

There are more references available in the full text version of this article.

Cited by (0)

View full text