(ProQuest: ... denotes non-US-ASCII text omitted.)
Jun He 1 and Haifeng Qian 1 and Yuan Zhou 2 and Zhibin Li 1
Recommended by Ming Li
1, Department of Computer Science, East China Normal University, Shanghai 200241, China
2, National Computer Network Emergency Response Technical Team (Coordination Center of China), Beijing 100029, China
Received 31 January 2010; Accepted 15 April 2010
1. Introduction
Thechaos-based encryption scheme was first proposed in 1989 [1]. Following the work, a lot of cryptography researchers haveproposed many chaos-based encryption schemes (some of them are the improvements on the previous ones) [2-6]. Security of all these schemes relies on the properties of chaotic systems: the sensitive dependence on initial conditions and system parameters, pseudorandom property, nonperiodicity and topological transitivity.
There are two types of cipher schemes in the chaos-based cryptosystems: stream ciphers and block ciphers. In the chaotic stream ciphers [2, 7-9], a pseudorandom sequence is generated by chaotic sequence generator to encrypt the plaintext. However, the limited computational precision degrades the pseudorandom sequence to a periodic sequence eventually. The chaotic block ciphers adopt chaotic maps to generate parameters used in encryption and decryption procedures. Pareek has proposed two block ciphers based on external keys [10, 11]. But too much time consumption in computation makes them hard to implement in the real-time telecommunication.
Wang and Yu proposed a new block encryption scheme in [12] (the Wang-Yu scheme) by combining these two methods of chaotic cryptography. Their scheme provides not only good randomness but also high computational efficiency. In their scheme, several one-dimensional chaotic maps are used to generate pseudorandom sequences with independent and uniform distribution. Through a series of transformations, the sequences constitute a keystream randomly distributed in the key space. The keysteam is used to encrypt the plaintext by executing simple operations such as Exclusive-OR (XOR) and shifting repeatedly with sufficient rounds.
Generally speaking, a secure cipher is supposed to resist the following attacks: the chosen plaintext attacks (CPAs), the chosen ciphertext attacks (CCAs) and the known plaintext attacks (KPAs). Unfortunately, the Wang-Yu cipher cannot resist any of the above attacks because the keystream remains unchanged during the execution of the encryption procedure each time. Thus, for an attacker, knowing the keystream is equivalent to knowing the secret key.
Our Contributions
We point out the drawbacks of the Wang-Yu block cipher based on dynamic sequences generated by multiple chaotic systems. Their scheme is vulnerable to the following three kinds of attacks: the chosen plaintext attacks, the chosen ciphertext attacks, and the known plaintext attacks. In order to obtain a secure block cipher from chaotic systems, we make efforts to improve the Wang-Yu block cipher. We design a new block cipher which makes the keystream sensitive to any change of the plaintext and the ciphertext. Therefore, our new block cipher is able to resist the above attacks. On the other hand, our scheme preserves the high computational efficiency of the original one.
In Section 2, some essential notations and security definitions are introduced. In Section 3, the Wang-Yu block cipher is reviewed. In Section 4, we analyze the Wang-Yu scheme and show three different attacks to the scheme. In Section 5, an improved block cipher scheme is proposed. We analyze security and discuss the efficiency of the new scheme in Section 6. Finally, we conclude the paper in Section 7.
2. Preliminaries
2.1. Notations
We use the following notations:
P :: Plaintext,
Pi :: i th plaintext block,
C :: Ciphertext,
Ci :: i th ciphertext block,
L :: Number of plaintext blocks,
r :: Number of transformation rounds,
c(l) :: Index of a chosen chaotic map,
Bi(l) :: 64-bit temporary value in encryption/decryption transformation,
Sic(l) :: 64-bit value generated by a chaotic map in the Wang-Yu scheme,
Si :: Keystream of i th plaintext block in the Wang-Yu scheme,
SKic(l) :: 64-bit value generated by a chaotic map in the improved scheme,
SKi :: Key stream of i th plaintext block in the improved scheme,
xj :: A real number in (0,1) indexed by j .
2.2. Definitions and Security Notions
We review the definition of chaos and security notions for block cipher as follows.
Definition 2.1 (Chaos).
Chaos is aperiodic time-asymptotic behaviour in a deterministic system which exhibits sensitive dependence on initial conditions.
This definition contains three main elements.
(1) Aperiodic time-asymptotic behaviour : this implies the existence of phase-space trajectories which do not settle down to fixed points or periodic orbits. For practical reasons, we insist that these trajectories are not too rare. We also require the trajectories to be bounded, that is, they should not go off to infinity.
(2) Deterministic : this implies that the equations of motion of the system possess no random inputs. In other words, the irregular behaviour of the system arises from nonlinear dynamics and not from noisy driving forces.
(3) Sensitive dependence on initial conditions : this implies that nearby trajectories in phase-space separate exponentially fast in time; that is, the system has a positive Lyapunov exponent.
Definition 2.2 (One-way function).
A function f:{0,1}* [arrow right]{0,1}* is one-way if f(·) can be computed by a polynomial time algorithm, but for every randomized polynomial time algorithm ...9C; , [figure omitted; refer to PDF] for every polynomial p(n) and sufficiently large n , assuming that x is chosen from the uniform distribution on {0,1}n .
Definition 2.3 (Block cipher).
A symmetric key block cipher consists of two PPT algorithms (Ek (·),Dk (·)) with the following properties: for any random k∈R {0,1}κ , the encryption algorithm on input m∈{0,1}n and k , outputs a ciphertext c=Ek (m) ; the decryption algorithm on input c and k , outputs a plaintext m if c=Ek (m) . For any k∈R {0,1}κ and m∈{0,1}n , correctness requires the following to be hold: [figure omitted; refer to PDF]
Definition 2.4 (One-way CPA).
Let Ek (·) be a block cipher. If any adversary ...9C; (any PPT algorithm) that is allowed to obtain the ciphertext of any message, cannot extract the plaintext from a challenge ciphertext, we say that Ek (·) is one-way under the chosen plaintext attacks.
Definition 2.5 (One-way CCA).
Let Ek (·) be a block cipher. If any adversary ...9C; (any PPT algorithm) that is allowed to obtain the plaintext of any ciphertext (except for the challenge ciphertext), cannot extract the plaintext from a challenge ciphertext, we say that Ek (·) is one-way under the chosen ciphertext attacks.
Definition 2.6 (One-way KPA).
Let Ek (·) be a block cipher. If any adversary ...9C; (any PPT algorithm) that is given a set of random plaintexts and corresponding ciphertexts (except for the challenge ciphertext), cannot extract the plaintext from a challenge ciphertext. We say that Ek (·) is one-way under the known plaintext attacks.
3. Review of the Wang-Yu Block Cipher
3.1. Algorithm Description
In this section, we briefly review the block cipher proposed by Wang and Yu [12]. In their scheme, plaintext blocks are converted into ciphertext blocks after several round transformations with XOR and shift operations. A number of 64-bit binary strings as the keystreams are generated in such transformations.
Let us see how the keystream is generated. There are two tables in the Wang-Yu scheme. One table consists of four one-dimensional chaotic maps. The other called chaotic map set (CMS) includes initial values between 0 and 1, which are produced through a random number generator from a given secret key. At the beginning, one map is randomly chosen from the first table. An initial value is also chosen from the CMS table by certain rules. The chosen map is then iterated with the initial value for 64 times. Each time the map generates a new real number. If the new number is bigger than 0.5 , we get 1 for the corresponding digit. Otherwise, we get 0 . Eventually, we get a 64-bit binary string after 64 iterations.
3.2. Procedure in Detail
The Wang-Yu scheme is described as follows.
(i) Encryption of Pi ∈{0,1}64 : Ci =Ek (Pi ) .
(1) Initialization: Bi(0) =Pi ; l=1 ; d=1 ; r∈R {0,1}* ; CMS table[arrow left]k . Here, k∈R {0,1}64 is the secret key of the block cipher.
(2) c(l)∈R [0,3] , x0 [arrow left] value of c th column, d th row in the CMS table.
(3) For j=1 to 64:
(a) if c(l)=0 : xj =μxj-1 (1-xj-1 ) ;
(b) if c(l)=1 : xj =μsin(πxj-1 ) ;
(c) if c(l)=2 : xj =μcos (π|xj-1 -0.5|) ;
(d) if c(l)=3 : xj =1-μ|xj-1 -0.5| .
(4) For j=1 to 64: [figure omitted; refer to PDF] where x¯=0.5 . The keystream is Sic(l) =s1s2 ...s64 .
(5) Encryption transformation: [figure omitted; refer to PDF]
(6) If l=r , go to step (7); else l[arrow left]l+1 ; d[arrow left]d+1 ; goto step (2).
(7) Ci =Bi(2l) . Here, the operation "x<<y " represents a cyclic left shift of x by y bits.
(ii) Decryption of Ci ∈{0,1}64 : Pi =Dk (Ci ) .
Parameter and keystream generations here are the same as those in the encryption. The only difference is that the equations in step (5) should be replaced by [figure omitted; refer to PDF] Here, the operation "x>>y " represents a cyclic right shift of x by y bits.
3.3. Weaknesses of the Scheme
A keystream Si =(Sic(1) ,Sic(2) ,...,Sic(r) ) in the Wang-Yu scheme is generated by a certain secret key k . Then it is used to encrypt the plaintext according to the following rule: [figure omitted; refer to PDF] Decryption of a ciphertext block Ci can be accomplished by calculating the corresponding keystream Si if the key is given and doing the reverse operations of encryption ESi (·) . However, the block cipher is not secure because some problems occur in their keystream generation and the encryption algorithm. Exactly, if we know the keystream Si , we can recover the plaintext of a given ciphertext without the secret key.
In the next section we will show how to recover the keystream under the chosen plaintext attack, the chosen ciphertext attack and the known plaintext attack, respectively. We note that knowing the keystream Si generated by a certain secret key is equivalent to knowing the key indeed [3].
4. Cryptanalysis of the Wang-Yu Block Cipher
With the help of the keystream Si , we can recover the plaintext from a given ciphertext. Therefore, the following attacks focus on recovering the keystream Si . Suppose that we have a challenge ciphertext C composed by Ci (i=1,2,...,L ) to "decrypt" without the secret key. We shall calculate the keystream Si by launching one of the attacks described later.
The encryption transformation can be described as follows: [figure omitted; refer to PDF] For simplicity, the encryption procedure is described as follows: [figure omitted; refer to PDF] where Si =((((Sic(1) <<16 bits)[ecedil]5;Sic(2) )<<16 bits)...[ecedil]5;Sic(r) )<<16 bits . The operation (f)r represents that the action of f is repeated r times.
Since the keystream does not change for every plaintext blocks, we can get it from a given plaintext block and a corresponding ciphertext block. Then we can use it to recover the plaintexts from other ciphertexts. A plaintext block Pi can be recovered by using the known keystream Si and a given ciphertext block Ci as follows: [figure omitted; refer to PDF] Then, we can recover the plaintexts without the secret key. The following explains how to recover the plaintexts under three different attacks.
4.1. How to Recover the Plaintext under CPA
Suppose that we have obtained temporary access to the encryption machine. Given index i and a special plaintext block Mi , where Mi =(000...0)64 (the ciphertext block also consists of 64 bits), we can obtain the ciphertext block Di of the plaintext block Mi =(000...0)64 from the encryption machine.
So, the keystream Si can be generated from Mi and Di : [figure omitted; refer to PDF]
The recovered plaintext block can be obtained using the keystream Si and the ciphertext block Ci as follows: [figure omitted; refer to PDF]
The flowchart of this attack is given in Figure 1, and Figure 2 shows the simulation results of the chosen plaintext attack on a ciphered image of size 256×256 .
Figure 1: Flowchart of chosen plaintext attacks.
[figure omitted; refer to PDF]
Results of the CPA: (a) the original image P ; (b) ciphered image C of P ; (c) ciphered image of M = 0000; (d) recovered image.
(a) [figure omitted; refer to PDF]
(b) [figure omitted; refer to PDF]
(c) [figure omitted; refer to PDF]
(d) [figure omitted; refer to PDF]
4.2. How to Recover the Plaintext under CCA
Assume that we have obtained temporary access to the decryption machine. Given index i and a special ciphertext block Di , where Di =(000...0)64 (the challenge ciphertext block also consists of 64 bits), we can obtain the plaintext block Mi of the ciphertext block Di =(000...0)64 from the decryption machine. The keystream Si can be generated from Mi and Di by [figure omitted; refer to PDF]
The recovered plaintext block can be obtained by using the keystream Si and the ciphertext block Ci as follows: [figure omitted; refer to PDF]
The flowchart of this attack is given in Figure 3. Simulation results of a chosen ciphertext attack on a ciphered image of size 512×512 are given in Figure 4.
Figure 3: Flowchart of chosen ciphertext attacks.
[figure omitted; refer to PDF]
Results of the CCA: (a) the original image P ; (b) ciphered image C of P ; (c) plain image of the ciphered image D = 0000; (d) recovered image.
(a) [figure omitted; refer to PDF]
(b) [figure omitted; refer to PDF]
(c) [figure omitted; refer to PDF]
(d) [figure omitted; refer to PDF]
4.3. How to Recover the Plaintext under KPA
The knowledge of one plaintext block and its corresponding ciphertext block with the same length leads to potential damage of privacy for the cryptosystems. We know that given a plaintext block Mi and its corresponding ciphertext block Di , the keystream can be computed as follows: [figure omitted; refer to PDF]
The recovered plaintext block can be obtained by using the keystream Si and the ciphertext block Ci as follows: [figure omitted; refer to PDF]
The flowchart of this attack is given in Figure 5 and Figure 6 shows a recovered Lena image from the ciphertext by the known plaintext attack using a known pair of plaintext/ciphertext of Jet.
Figure 5: Flowchart of known plaintext attacks.
[figure omitted; refer to PDF]
Results of the KPA: (a) the original image P ; (b) ciphered image C of P ; (c) plain image M ; (d) ciphered image D of M ; (e) recovered image from C .
(a) [figure omitted; refer to PDF]
(b) [figure omitted; refer to PDF]
(c) [figure omitted; refer to PDF]
(d) [figure omitted; refer to PDF]
(e) [figure omitted; refer to PDF]
Therefore, we can draw the following conclusion from the above three attacks.
Theorem 4.1.
The Wang-Yu block cipher is not secure (i.e., not one-way) under any of the following attacks: the chosen plaintext attacks, the chosen ciphertext attacks and the known plaintext attacks.
5. Improvement
The ciphertext is independent from the keystream, which makes the encryption algorithm presented in [12] vulnerable to the above attacks. To enable the block cipher to be secure against the above attacks, a reasonable solution is shown. Actually, the ciphertext is sensitive to the change of the keystream and the plaintext in our improvement, which results in a cipher with enhanced security. In this section, we present the modification as follows.
(i) Encryption of Pi ∈{0,1}64 : Ci =Ek (Pi ) .
(1) Initialization: Bi(0) =Pi ; l=1 ; r∈R {0,1}* ; CMS table[arrow left]k ; P0 =1 ; C0 =1 . Here, k∈R {0,1}64 is the secret key of the block cipher.
(2) c(l)∈R [0,3] , d=(Pi-1 [ecedil]5;Ci-1 ) mod 128 , x0 [arrow left] value of c th column, d th row in the CMS table.
(3) For j=1 to 64:
(a) if c(l)=0 : xj =μxj-1 (1-xj-1 ) ;
(b) if c(l)=1 : xj =μsin(πxj-1 ) ;
(c) if c(l)=2 : xj =μcos (π|xj-1 -0.5|) ;
(d) if c(l)=3 : xj =1-μ|xj-1 -0.5| .
(4) For j=1 to 64: [figure omitted; refer to PDF] where x¯=0.5 . The keystream is SKic(l) =s1s2 ...s64 .
(5) Encryption transformation: [figure omitted; refer to PDF]
(6) If l=r , goto step (7); else l[arrow left]l+1 ; d[arrow left]d+1 ; goto step (2).
(7) Ci =Bi(2l) .
(ii) Decryption of Ci ∈{0,1}64 : Pi =Dk (Ci )
Parameter and keystream generations here are the same as those in the encryption. The only difference is that the equations in step (5) should be replaced by [figure omitted; refer to PDF]
6. Security and Efficiency of the Improved Scheme
The block cipher algorithm in [12] is not secure since its keystream is reused each time, which makes the keystream easy to recover. Our proposed version of the scheme is designed in a PCBC (Propagating Cipher Block Chaining) mode [13]. Through this mode, an attacker cannot discover the relationship among the keystream, the plaintext and the ciphertext. In order to show that our improved cipher is secure, we consider the three kinds of attacks described previously to recover the keystream in our scheme. As a result, we find that the chosen plaintext attacks, the chosen ciphertext attacks and the known plaintext attacks all fail if the encryption algorithm and the decryption algorithm follow our proposal.
Moreover, the described attacks are harmless for the enhanced scheme. We assume that SKi is the keystream used in the encryption of i th block. The keystream SKi is computed as follows: [figure omitted; refer to PDF] Here, Pi-1 and Ci-1 are the plaintext block and the ciphertext block with index i-1 , respectively; Hk () is a one-way function from chaotic map iterations. Obviously, even if an attacker knows Pi-1 and Ci-1 , he cannot get SKi without the secret key.
Meanwhile, the above attacks cannot break our scheme since breaking the cipher is equivalent to knowing SKi . However, knowing SKi is impossible in our proposal. Thus, the algorithm is secure against the chosen plaintext attacks, the chosen ciphertext attacks and the known plaintext attacks.
In our scheme, one XOR and one MOD operations are added in the encryption of a plaintext block. The overload of the improved scheme does not influence the efficiency, compared with the Wang-Yu scheme. But our improved scheme achieves a high level of security.
The simulation for the proposed scheme is implemented in Matlab 7.0. Performance is measured on a 2.0 GHz Pentium Dual-Core with 1 GB RAM running Windows XP. The simulation results show that the average running speed of the Wang-Yu cipher and that of our improved cipher are 20.46 MB/s and 19.54 MB/s, respectively.
7. Conclusions
In this paper, three kinds of attacks are presented to break a recently proposed block cipher based on multiple chaotic systems. We show that the reuse of the keystream during the encryption iteration makes the Wang-Yu scheme insecure against the chosen plaintext attacks, the chosen ciphertext attacks and the known plaintext attacks. To enhance the security, we introduce a new method by updating the keystream in a way sensitive to the plaintext and the ciphertext.
Chaotic system is distinguished by its ergodicity and sensitivity to initial conditions and system parameters. These attributes allow the chaotic time series to be a promising alternative to the conventional cryptographic algorithms and image processing [14-21]. Fractal time series is distributed in a more random pattern than chaos time series does, due to the nondeterministic characteristic. Fractal time series differs from the conventional time series in the statistic properties [22-24]. Many open problems exist in this research area such as stationarity test problem [25], power spectrum problem [26, 27] and bound problem [28]. We are looking for possible ways to apply fractal time series to stochastic number simulation in cryptographic research.
Acknowledgment
This work has been supported by the Major Research plan of the National Natural Science Foundation of China (Grant no. 90718041), the National Natural Science Foundation of China (Grant nos. 10771072, 60703004 and 60873217), and the Research Fund for the Doctoral Program of Higher Education of China (Grant no. 20070269005).
[1] R. Matthews, "On the derivation of a "chaotic" encryption algorithm," Cryptologia , vol. 13, no. 1, pp. 29-42, 1989.
[2] M. Götz, K. Kelber, W. Schwarz, "Discrete-time chaotic encryption systems. I. Statistical design approach," IEEE Transactions on Circuits and Systems I , vol. 44, no. 10, pp. 963-970, 1997.
[3] E. Alvarez, A. Fernández, P. Garcí, J. Jiménez, A. Marcano, "New approach to chaotic encryption," Physics Letters A , vol. 263, no. 4-6, pp. 373-375, 1999., [email protected]
[4] E. Biham, "Cryptanalysis of the chaotic-map cryptosystem suggested," in Proceedings of the Workshop on the Theory and Application of of Cryptographic Techniques (EUROCRYPT '91), vol. 547, of Lecture Notes in Computer Science, pp. 532-534, 1991.
[5] T. Stojanovski, L. Kocarev, "Chaos-based random number generators. I. Analysis," IEEE Transactions on Circuits and Systems I , vol. 48, no. 3, pp. 281-288, 2001.
[6] T. Stojanovski, J. Pihl, L. Kocarev, "Chaos-based random number generators. II. Practical realization," IEEE Transactions on Circuits and Systems I , vol. 48, no. 3, pp. 382-385, 2001.
[7] F. Dachselt, K. Kelber, W. Schwarz, "Discrete-time chaotic encryption systems--part III: cryptographical analysis," IEEE Transactions on Circuits and Systems I , vol. 45, no. 9, pp. 983-988, 1998., [email protected]
[8] S. Lian, J. Sun, J. Wang, Z. Wang, "A chaotic stream cipher and the usage in video protection," Chaos, Solitons and Fractals , vol. 34, no. 3, pp. 851-859, 2007.
[9] D. R. Frey, "Chaotic digital encoding: an approach to secure communication," IEEE Transactions on Circuits and Systems II , vol. 40, no. 10, pp. 660-666, 1993.
[10] N. K. Pareek, V. Patidar, K. K. Sud, "Cryptography using multiple one-dimensional chaotic maps," Communications in Nonlinear Science and Numerical Simulation , vol. 10, no. 7, pp. 715-723, 2005.
[11] N. K. Pareek, V. Patidar, K. K. Sud, "Discrete chaotic cryptography using external key," Physics Letters A , vol. 309, no. 1-2, pp. 75-82, 2003.
[12] X. Wang, Q. Yu, "A block encryption algorithm based on dynamic sequences of multiple chaotic systems," Communications in Nonlinear Science and Numerical Simulation , vol. 14, no. 2, pp. 574-581, 2009.
[13] J. Kohl, "The use of encryption in kerberos for network authentication," in Advances in Cryptology, vol. 435, of Lecture Notes in Computer Science, pp. 35-43, 1990.
[14] Z. H. Liu, "Chaotic time series analysis," Mathematical Problems in Engineering , vol. 2010, 2010.
[15] E. G. Bakhoum, C. Toma, "Dynamical aspects of macroscopic and quantum transitions due to coherence function and time series events," Mathematical Problems in Engineering , vol. 2010, 2010., [email protected]; [email protected]
[16] C. Cattani, A. Kudreyko, "Application of periodized harmonic wavelets towards solution of eigenvalue problems for integral equations," Mathematical Problems in Engineering , vol. 2010, 2010.
[17] G. Mattioli, M. Scalia, C. Cattani, "Analysis of large amplitude pulses in short time intervals: application to neuron interactions," Mathematical Problems in Engineering , vol. 2010, 2010.
[18] S. Y. Chen, Y. F. Li, J. Zhang, "Vision processing for realtime 3-D data acquisition based on coded structured light," IEEE Transactions on Image Processing , vol. 17, no. 2, pp. 167-176, 2008.
[19] S. Y. Chen, Y. F. Li, Q. Guan, G. Xiao, "Real-time three-dimensional surface measurement by color encoded light projection," Applied Physics Letters , vol. 89, no. 11, 2006., [email protected]
[20] S. Y. Chen, Y. F. Li, "Vision sensor planning for 3-D model acquisition," IEEE Transactions on Systems, Man, and Cybernetics, Part B , vol. 35, no. 5, pp. 894-904, 2005., [email protected]; [email protected]
[21] S. Y. Chen, Y. F. Li, J. Zhang, W. Wang Active Sensor Planning for Multiview Vision Tasks , Springer, Berlin, Germany, 2008.
[22] M. Li, "Fractal time series--a tutorial review," Mathematical Problems in Engineering , vol. 2010, 2010.
[23] M. Li, J. Y. Li, "On the predictability of long-range dependent series," Mathematical Problems in Engineering , vol. 2010, 2010.
[24] M. Li, "Generation of teletraffic of generalized Cauchy type," Physica Scripta , vol. 81, no. 2, 2010.
[25] M. Li, W. S. Chen, L. Han, "Correlation matching method of the weak stationarity test of LRD traffic," Telecommunication Systems , vol. 43, no. 3-4, pp. 181-195, 2010.
[26] M. Li, S. C. Lim, "Power spectrum of generalized Cauchy process," Telecommunication Systems , vol. 43, no. 3-4, pp. 219-222, 2010., [email protected]; [email protected]
[27] M. Li, S. C. Lim, "A rigorous derivation of power spectrum of fractional Gaussian noise," Fluctuation and Noise Letters , vol. 6, no. 4, pp. C33-C36, 2006.
[28] M. Li, W. Zhao, "Representation of a stochastic traffic bound," Parallel and Distributed Systems , vol. 21, no. 9, pp. 1368-1372, 2010.
You have requested "on-the-fly" machine translation of selected content from our databases. This functionality is provided solely for your convenience and is in no way intended to replace human translation. Show full disclaimer
Neither ProQuest nor its licensors make any representations or warranties with respect to the translations. The translations are automatically generated "AS IS" and "AS AVAILABLE" and are not retained in our systems. PROQUEST AND ITS LICENSORS SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES FOR AVAILABILITY, ACCURACY, TIMELINESS, COMPLETENESS, NON-INFRINGMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Your use of the translations is subject to all use restrictions contained in your Electronic Products License Agreement and by using the translation functionality you agree to forgo any and all claims against ProQuest or its licensors for your use of the translation functionality and any output derived there from. Hide full disclaimer
Copyright © 2010 Jun He et al. Jun He et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract
Wang and Yu proposed a block cipher scheme based on dynamic sequences generated by multiple chaotic systems, which overcomes the problem of periodical degradation on random sequences due to computational precision. Their scheme has a feature that a plaintext is encrypted by a keystream created from several one-dimensional chaotic maps. However, this feature results in some weaknesses of the encryption algorithm. We show three kinds of attacks in this paper, through which one can recover the plaintext from a given ciphertext without the secret key. We also present an improvement on their scheme, which prevents the three attacks mentioned above. Security of the enhanced cipher is presented and analyzed, which shows that our improved scheme is secure under the current attacks.
You have requested "on-the-fly" machine translation of selected content from our databases. This functionality is provided solely for your convenience and is in no way intended to replace human translation. Show full disclaimer
Neither ProQuest nor its licensors make any representations or warranties with respect to the translations. The translations are automatically generated "AS IS" and "AS AVAILABLE" and are not retained in our systems. PROQUEST AND ITS LICENSORS SPECIFICALLY DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION, ANY WARRANTIES FOR AVAILABILITY, ACCURACY, TIMELINESS, COMPLETENESS, NON-INFRINGMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Your use of the translations is subject to all use restrictions contained in your Electronic Products License Agreement and by using the translation functionality you agree to forgo any and all claims against ProQuest or its licensors for your use of the translation functionality and any output derived there from. Hide full disclaimer