A block cipher based on a suitable use of the chaotic standard map Shiguo Lian * , Jinsheng Sun, Zhiquan Wang Department of Automation, Nanjing University of Science and Technology, Nanjing 210094, PR China Accepted 29 November 2004 Abstract Due to their features of ergodicity, sensitivity to initial conditions and sensitivity to control parameters, etc., chaotic maps have good potential for information encryption. In this paper, a block cipher based on the chaotic standard map is proposed, which is composed of three parts: a confusion process based on chaotic standard map, a diffusion function, and a key generator. The parameter sensitivity of the standard map is analyzed, and the confusion process based on it is proposed. A diffusion function with high diffusion speed is designed, and a key generator based on the chaotic skew tent map is derived. Some cryptanalysis on the security of the designed cipher is carried out, and its computational complex- ity is analyzed. Experimental results show that the new cipher has satisfactory security with a low cost, which makes it a potential candidate for encryption of multimedia data such as images, audios and even videos. Ó 2005 Elsevier Ltd. All rights reserved. 1. Introduction With the desirable properties of ergodicity and high sensitivity to initial conditions and parameters [1], chaotic maps are very suitable for various data encryption schemes. In particular, chaotic maps are easy to be implemented by micro- processors and personal computers. Therefore, chaotic cryptosystems generally have high speed with low cost, which makes them better candidates than many traditional ciphers for multimedia data encryption. Early chaos-based cryptosystems, developed in the last decade, modulate messages with chaotic signals generated from continuous-time chaotic dynamic systems. This kind of cryptosystems depends heavily on the synchronization of two chaotic systems [2]. Although this approach can be directly used for analog devices such as walkie-talkies, it suf- fers from its poor noise performance and weak synchronizability: if the synchronization of the cryptosystem is robust, then it is vulnerable to controlled-synchronization type of attacks; but if not, then even the receiver may easily lose syn- chronization thereby leading to the failure of message recovery [3,4]. There are some other types of chaotic cryptosystems, most of which transform plaintext directly. And they are often classified into two types: chaotic stream cryptosystems and chaotic block cryptosystems. In chaotic stream cryp- tosystems, a key stream is produced by a chaotic map, which is used to encrypt a plaintext bit by bit [5,6]. A chaotic block cryptosystem, on the other hand, transforms a plaintext block by block with some chaotic maps. For example, a 0960-0779/$ - see front matter Ó 2005 Elsevier Ltd. All rights reserved. doi:10.1016/j.chaos.2004.11.096 * Corresponding author. E-mail address: [email protected](S. Lian). Chaos, Solitons and Fractals 26 (2005) 117–129 www.elsevier.com/locate/chaos
13
Embed
A Block Cipher Based on a Suitable Use of Chaotic Standard Map
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Chaos, Solitons and Fractals 26 (2005) 117–129
www.elsevier.com/locate/chaos
A block cipher based on a suitable use of the chaoticstandard map
Shiguo Lian *, Jinsheng Sun, Zhiquan Wang
Department of Automation, Nanjing University of Science and Technology, Nanjing 210094, PR China
Accepted 29 November 2004
Abstract
Due to their features of ergodicity, sensitivity to initial conditions and sensitivity to control parameters, etc., chaotic
maps have good potential for information encryption. In this paper, a block cipher based on the chaotic standard map
is proposed, which is composed of three parts: a confusion process based on chaotic standard map, a diffusion function,
and a key generator. The parameter sensitivity of the standard map is analyzed, and the confusion process based on it is
proposed. A diffusion function with high diffusion speed is designed, and a key generator based on the chaotic skew tent
map is derived. Some cryptanalysis on the security of the designed cipher is carried out, and its computational complex-
ity is analyzed. Experimental results show that the new cipher has satisfactory security with a low cost, which makes it a
potential candidate for encryption of multimedia data such as images, audios and even videos.
� 2005 Elsevier Ltd. All rights reserved.
1. Introduction
With the desirable properties of ergodicity and high sensitivity to initial conditions and parameters [1], chaotic maps
are very suitable for various data encryption schemes. In particular, chaotic maps are easy to be implemented by micro-
processors and personal computers. Therefore, chaotic cryptosystems generally have high speed with low cost, which
makes them better candidates than many traditional ciphers for multimedia data encryption.
Early chaos-based cryptosystems, developed in the last decade, modulate messages with chaotic signals generated
from continuous-time chaotic dynamic systems. This kind of cryptosystems depends heavily on the synchronization
of two chaotic systems [2]. Although this approach can be directly used for analog devices such as walkie-talkies, it suf-
fers from its poor noise performance and weak synchronizability: if the synchronization of the cryptosystem is robust,
then it is vulnerable to controlled-synchronization type of attacks; but if not, then even the receiver may easily lose syn-
chronization thereby leading to the failure of message recovery [3,4].
There are some other types of chaotic cryptosystems, most of which transform plaintext directly. And they are
often classified into two types: chaotic stream cryptosystems and chaotic block cryptosystems. In chaotic stream cryp-
tosystems, a key stream is produced by a chaotic map, which is used to encrypt a plaintext bit by bit [5,6]. A chaotic
block cryptosystem, on the other hand, transforms a plaintext block by block with some chaotic maps. For example, a
0960-0779/$ - see front matter � 2005 Elsevier Ltd. All rights reserved.
118 S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129
cryptosystem based on the chaotic gradient tent map was constructed in [7], and the one based on the modified baker
map was suggested in [8]. These cryptosystems apply chaotic maps repeatedly, which guarantees the randomness of the
encrypted data. Their security is determined by the properties of the chaotic maps and the realization of the encryption
scheme. Notably, these cryptosystems often include digital data and analog data at the same time, which make them
rely heavily on the machine�s precision. Thus, the machine�s precision has to be considered in order to keep the decryp-
tion process symmetric to the encryption one, which decreases the speed of the encryption or decryption process.
In order to avoid the shortcomings of floating-point computing, some new cryptosystems based on discretized cha-
otic maps have been proposed. The core problem is how to obtain good discretized chaotic maps. Generally, chaotic
maps are discretized by rounding the floating data according to the computer�s resolution. As a result, these chaotic
cryptosystems depend on the mathematical properties of the corresponding continuous chaotic systems [9,10]. For
example, a cryptosystem was proposed in [10,11] by directly discretizing the 2-D baker map, and the relationship be-
tween the original map and the discretized map was then discussed in [12]. A cryptosystem based on the discretized tent
map was proposed in [13], in which, the discretization process avoids floating-point computing, increases the encryption
speed significantly and is therefore suitable for large-volume data encryption in real-time.
For cryptosystems, Shannon [14] defined the ideal security, perfect security and computational security, respectively.
A cryptosystem is regarded as having ideal security if the difficulty of ciphertext-only attack equals to the difficulty of
brute-force attack. In cryptosystems with ideal security, a ciphertext is uniformly and randomly distributed, which pre-
vents any attack. However, this kind of ideal cryptosystem does not exist in practice, so it is not useful for real design. A
cryptosystem is regarded as having perfect security if the ciphertext is independent of the plaintext, which means that the
ciphertext provides no help to attackers. Compared with the ideal security, perfect security is easier to be realized the-
oretically, but it is still difficult to be applied in practice. Shannon believed that, in practice, the security of a cryptosystem
depends on its computational complexity. If a cryptosystem is not ideally secure, but there is only one solution to it, and
any other solutions require very high computational complexity, then the cryptosystem is regarded as computationally
secure. Many cryptosystems are constructed based on high computational security, such as DES, IDEA, NSSU, etc.,
which are all implemented through confusion and diffusion processes, and are strengthened by increasing the loop time.
Based on the security defined by Shannon, some chaos-based block ciphers have been suggested [15–17]. An encryp-
tion scheme based on the discretized 2D chaotic maps, such as the cat map, the baker map and the standard map, was
proposed in [15]. It has been reported that some of the parameters of the cat map or baker map are not secure enough to
be used as encryption key. As a slight improvement, the 2D cat map and baker map were extended to 3D ones in
[16,17], respectively, based on which symmetric block ciphers were constructed and obtained improved applications.
For image encryption using the cat map, the image may be recovered by iterating the chaotic map for some rounds
under some control parameters. For image encryption using the baker map, the image may be kept unchanged after
some rounds of iteration under some control parameters. Therefore, these parameters should be excluded from encryp-
tion/decryption keys in order to obtain high security. Compared with the cat map and the baker map, the chaotic stan-
dard map has a larger parameter space, and there is no vulnerable parameters being reported to our knowledge. Thus, it
is worthy of being considered for better data encryption. In [15], only a discretization method was discussed for the
standard map, but its properties have not yet been fully analyzed. For this reason, the basic properties of the standard
map will be carefully analyzed in this paper, and some means will be proposed to improve its properties that are more
suitable for data encryption. Then, a symmetric block cipher based on the improved standard map will be designed,
which consists of three parts: a chaotic confusion process, a diffusion function, and a key generator. Finally, its security
and computational complexity will both be analyzed and tested.
The rest of this paper is organized as follows. In Section 2, a brief introduction to the chaotic standard map is given.
Its properties and some improvements are then analyzed and presented in Section 3. In Section 4, a new block cipher
based on the improved standard map is proposed, and its performances are analyzed and tested in Section 5. Finally,
some conclusions are drawn in Section 6.
2. Introduction to the standard map
The so-called standard map was introduced in [18,19], and is described by
aiþ1 ¼ ðai þ biÞmod2p;
biþ1 ¼ ðbi þ k sinðai þ biÞÞmod2p;
�ð1Þ
where k is the control parameter satisfying k > 0, and the ith states ai and bi both take real values in [0,2p) for all i. Thestandard map was discretized in a straightforward manner [15] by substituting x = aN/2p, y = bN/2p, K = kN/2p into
Eq. (1), which maps from [0,2p) · [0,2p) to N · N. After discretization, the map becomes
Table
Compa
Chaoti
Param
S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129 119
xiþ1 ¼ ðxi þ yiÞmodN ;
yiþ1 ¼ yi þ K sin xiþ1N2p
� �modN ;
(ð2Þ
where K is a positive integer.
The properties of this discretized map may not be as good as the original one [19], but it can be implemented in the
integer domain, which reduces the computational complexity and is more suitable for real-time data encryption. In the
following content, the properties of this discretized standard map is firstly analyzed, then improved by introducing some
means, and finally used in data encryption.
3. Data confusion based on the standard map
3.1. Parameter sensitivity
In the discretized standard map (2), the control parameter K has a large space, and the confusion modes according to
these parameters are different from each other. Compared with the discretized cat map and baker map, this parameter
space is much larger, which is shown in Table 1. Where, the image�s size is N · N. For the cat map [15], its two param-
eters both range from 0 to N � 1, and each of the parameter pairs makes the according confusion mode different from
others. Thus, the parameter space of the cat map is N2. For the baker map, its parameter space is 2N�1 that is verified in
[15]. For the discretized standard map, its parameter K determines the confusion mode. Considering that the number of
the confusion modes of an N · N image is not larger than N2!, the parameter space of K is N2!. As can be seen, the
parameter space of standard map is the largest one among the three ones, which makes the discretized standard
map a good candidate for data encryption.
Recall that secure cryptosystem requires not only a large key space but also a high key sensitivity. That is, a slight
change in the key should cause some large changes in the ciphertext. This property makes the cryptosystem of high
security against statistical or differential attack. Here, if the standard map is used to permute the plaintext, then the
parameter K is used as the key. Thus, the key sensitivity is based on the parameter sensitivity that is in close relation
with the iteration time n and the plaintext size N. In the following, the parameter sensitivity of the discretized standard
map is tested, and a suggestion for selecting suitable parameters n and N will be proposed.
For the standard map is used to realize data permutation, the parameter sensitivity is defined as the position differ-
ence rate (Pdr) of the ciphertexts, which is computed according to the following procedures.
Firstly, the ciphertexts generated from different control parameters (K � 1, K and K + 1) are computed as
120 S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129
same parameter, the sensitivity increases as the iteration time increases. This shows that the standard map cannot keep
high parameter sensitivity always and big values should be selected for n in order to obtain high security. Thus, when
the standard map is used to realize the confusion process, the iteration time should be no smaller than 4 in order to keep
Pdr higher than 95%. If higher security is required, the iteration time with higher position difference rate (n > 4) is
preferred.
In Fig. 1(b), the iteration time is n = 4, and the parameter ranges from 0 to 50,000. As can be seen, for a certain
image size, Pdr keeps in a certain range that is named vibration range here; for different image size, the Pdr vibration
range decreases as the image size increases. For example, the vibration range corresponding to N = 32 is 93.8–99.7%;
the one corresponding to N = 64 is 94.3–98.9%; the one corresponding to N = 128 is 95.2–98.8%; and the one corre-
sponding to N = 256 is 97.2–98.9%. The lower limit of the vibration range increases as the image size increases. In order
to keep Pdr > 95%, the image size should satisfy NP 128. It means that when the standard map is used to permute
images, the image size should have a strict lower bound in order to keep high security. Here, N P 128 is recommended
when nP 4.
According to the above analysis, the control parameters have similar statistical properties, and can be used to obtain
high sensitivity if suitable iteration time and plaintext size are selected. Namely, the control parameters can be used as
encryption/decryption keys, and high key sensitivity can be guaranteed if the iteration time n and plaintext size N satisfy
the conditions: n P 4 and NP 128.
3.2. Corner-pixels confusion
In such chaotic maps as the standard map, cat map and baker map, the pixels at the corners of a square image have
some special properties. For example, in the cat map, the pixel at position (0,0) remains unchanged after any number of
iterations. That is, if (x0,y0) = (0,0), then ðxn0; yn0Þ ¼ ð0; 0Þ, where ðxni ; yni Þ (i = 0,1, . . . ,N � 1) denotes the position of pixel
(xi,yi) after n times of iterations. If the chaotic map is the baker map, the pixel at position (0,0) and (N � 1,N � 1) both
remain unchanged after any number of iterations. Similarly, for the standard map, the pixel at position (0,0) remains
unchanged after any number of iterations.
As can be seen, (0,0) is the first pixel�s position in a normal scan mode, but it cannot be permuted by any of the
chaotic maps mentioned above. This is actually a weakness of the permutation process based on such chaotic maps.
And it can do some help to the attackers although the permutation process is further strengthened by a diffusion pro-
cess. In order to avoid it, a simple method is proposed here to change the positions of the pixels at the corners ((0,0),
(0,N � 1), (N � 1,0) and (N � 1,N � 1)). That is, to change the normal scan order into a random one. After the iter-
ation of chaotic map, a random-couple (rx, ry) is generated, which represents the position of a randomly selected pixel in
the square image. Then, the whole image shifts in horizontal and vertical directions by rx and ry, respectively. That is,
the left-top pixel shifts from (0,0) to (rx, ry), which is shown in Fig. 2. Where, Fig. 2(a) is the normal scan mode, and Fig.
2(b) is the random-scan mode. Seen from Fig. 2(b), the image is shifted, and then the three outside parts (I, II and III)
are returned to the corresponding parts in the original image. The random shift process changes the normal scan mode
into a random one, so it is named a random-scan mode.
Fig. 2. Scan order in a square image: (a) normal scan mode, (b) random scan mode.
S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129 121
Here, the two parameters rx and ry both vary from 0 to N � 1. Thus, the random-scan process can be combined with
the chaotic permutation process, and the modified chaotic map becomes
xiþ1 ¼ ðxi þ rx þ yi þ ryÞmodN ;
yiþ1 ¼ yi þ ry þ K sin xiþ1N2p
� �modN :
(ð5Þ
Seen from (5), the modified map is still invertible, so the inverse-permutation process can be easily realized. This mod-
ified chaotic confusion process has two advantages: the random-couple can be generated under the control of keys,
which enlarges the cryptosystem�s key space; the random-scan process makes it difficult to break the diffusion key under
known-plaintext attacks. Referring to the first advantage, the key space for the random-couple is N2 (N is the width or
height of the image). As for the second advantage, the random-scan process confuses the position of the first pixel,
which makes attackers difficult to get the first pixel�s cipher-pixel, and thus increases the difficulty of breaking the dif-
fusion key. Clearly, this treatment indeed improves the security of the design.
3.3. Some means to reduce computational complexity
Generally, a chaotic map is iterated for several times in order to obtain high security when it is used to permute a
plaintext. According to the computation routine, the permutation process is often composed of two steps: position com-
puting and pixel moving. These two steps are repeated for n times, as shown in Fig. 3(a). In these two steps, position
computing is to get the destination position through Eq. (5), and pixel moving is to move the pixel from the original
position to the destination one. Thus, for each pixel, the permutation process makes up 7n times of multiplication/divi-
sion operations, 5n times of addition/subtraction operations, and n times of data moving operations. Suppose that the
Fig. 3. The permutation processes: (a) normal process, (b) improved method 1, (c) improved method 2.
122 S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129
operational times of multiplication/division, addition/subtraction and data moving are M, A and D, respectively. Then,
the operational time of pixel permutation satisfies
T 0 ¼ 7nM þ 5nAþ nD: ð6Þ
This is regarded as of high cost, especially when the plaintext is of large volume. So, it is necessary to reduce the com-
putational complexity.
Here, two kinds of methods are proposed to reduce the processing computational complexity, as shown in Fig. 3(b)
and (c), respectively. The first method is to compute the permutation mode firstly, which contains the pixels� positioninformation. Then the pixels are permuted according to the computed mode for n times. As is clear, this method com-
putes the permutation mode only once, and thus decreases the computational complexity. Now, the operational time is
reduced to
T 1 ¼ 7M þ 5Aþ nD: ð7Þ
In the second method, the computational efficiency for the permutation mode is reduced greatly. This is based on the
introduction of a sine table. Note that, in Eq. (5), the horizontal position of a pixel ranges from 0 to N � 1, thus the
function sin xnþ1N2p has only N different values. Although there are N2 pixels in an image, most of the sine values are com-
puted repeatedly. By constructing a sine table of size N, the computational complexity is decreased to
T 2 ¼ 3M þ 5Aþ I þ nD; ð8Þ
where I is the operational time of once table index. Considering that N is relatively small, the operational time of once
table index is often much less than the one of multiplication/division, that is,
I < 4M :
Thus, T2 is smaller than T1, and the following relationship is satisfied:
T 0 > T 1 > T 2: ð9Þ
In practice, N ranges from 64 to 1024. Taking 16-bit operations for example, the cost for table restoring is no bigger
than 2 kb, which has very little effect on other operations.
4. The cryptosystem based on the modified standard map
This cryptosystem is based on chaotic confusion and diffusion. The improved standard map is used here to realize
position confusion, while the diffusion function is used to realize data diffusion. And the operations are repeated several
times to strengthen the cryptosystem. The encryption process is shown in Fig. 4. Where, P and C are the plaintext and
Fig. 4. Encryption and decryption processes of the chaotic cipher: (a) encryption process, (b) decryption process.
S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129 123
ciphertext, respectively, Kc and Kd are the keys of the confusion process and diffusion process, respectively. The con-
fusion process Ce(Pi,Kci) is firstly repeated for n times, then together with the diffusion process De(Mi,Kdi), are repeated
for m times. Pi, Mi and Ci are the plaintext, mid-text and ciphertext of the ith encryption process, and m is the number
of repetitions. The decryption process is symmetric with the encryption one, and the decryption keys are the same as the
encryption ones.
Seen from Fig. 4, the encryption process is
P iþ1 ¼ CiðP 0 ¼ P ; i ¼ 0; 1; . . . ;m� 1Þ;Ci ¼ DeðMi;KdiÞ ¼ DeðCn
eðP i;KciÞ;KdiÞ
(ð10Þ
and this process is repeated for m times. Similarly, the decryption process is
Ciþ1 ¼ P iðC0 ¼ C; i ¼ 0; 1; . . . ;m� 1Þ;P i ¼ Cn
dðMi;KciÞ ¼ CndðDdðCi;KdiÞ;KciÞ
(; ð11Þ
where Kci and Kdi are the ith confusion key and diffusion key, respectively. Since the encryption process and the decryp-
tion process are symmetric in this cryptosystem, the encryption keys are the same as the decryption keys. For the con-
fusion process C(P,K) has been analyzed above, the following analysis emphasizes on the diffusion process D(M,K) and
the key generator.
4.1. Diffusion function
In the well-known DES algorithm, the diffusion function is realized by substitution. Here, the diffusion process De(-
Mi,Kdi) is realized by a diffusion function that spreads changes from one pixel to another under the control of key Kdi.
The diffusion function is defined as
c�1 ¼ Kdi;
ck ¼ pk � q½f ðck�1Þ; L�;
(ð12Þ
where pk is the kth pixel in mid-text Mi,ck is the kth diffused pixel, and L is the amplitude of each pixel. Here, c�1 is the
original value of the diffusion function, which acts as part of the key of the cryptosystem. And f(Æ) is the logistic map
that is defined as
f ðck�1Þ ¼ 4ck�1ð1� ck�1Þ: ð13Þ
And q[Æ] is the quantization process defined by
qðX ; LÞ ¼ 2L � X ; ð14Þ
where X = 0Æx0x1x2 � � �xL � � �, and xi is a binary number (0 or 1). The inverse diffusion function is
c�1 ¼ Kdi;
pk ¼ ck � q½f ðck�1Þ; L�;
(ð15Þ
where the parameters are the same as the ones defined in (12).
4.2. Key generation and distribution
The proposed cryptosystem is composed of multi-processes, so it is necessary to introduce a key generator to realize
sub-key generation and distribution. In the modified cryptosystem, the key space is composed of three parts: confusion
key, random-scan key and diffusion key. These keys are changed once after every n iterations. Thus, for the encryption
process with m-time repetition, m key-triples are generated in the encryption process that is symmetric with the decryp-
tion one. Here, a key generator is proposed based on the skew tent map, which is shown in Fig. 5. The key generation
process is applied both in encryption and in decryption processes, where the user key is divided into six parts:
X1,X2,X3,K1,K2,K3. Among them, Xi and Ki (i = 1,2,3) are used, respectively, as the initial value and the parameter
of the skew tent map, which are used to generate the keys of the confusion process, the random-scan process and
the diffusion process, respectively. The skew tent map is described by
xjþ1 ¼ f ðxj; hÞ ¼xjh 0 < xj 6 h;1�xj1�h h < xj 6 1;
(ð16Þ
Tent MapX1
K1
Tent MapK1
Tent MapX1
m-1
K1
...
Tent MapX2
K2
Tent MapK2
Tent MapX2
m-1
K2
...
Tent MapX3
K3
Tent MapK3
Tent MapX3
m-1
K3
...
X1m
X2m
X3m
Fig. 5. Key generation process.
124 S. Lian et al. / Chaos, Solitons and Fractals 26 (2005) 117–129
where h is the chaotic map�s control parameter (ranging from 0 to 1), xj and xj+1 are the jth and the j + 1th states,
respectively. Let X ti (t = 1,2,3, . . . ,m) denote the key in the tth iteration, we define it as
X ti ¼ ½f ðX t�1
i ;KiÞ þ f ðX t�1ði�2Þmod3þ1;Kði�2Þmod3þ1Þ�mod1
¼ F ði; tÞmod1 ¼F ði; tÞ 1 P F ði; tÞ P 0;
F ði; tÞ � 1 F ði; tÞ > 1;
( ð17Þ
where X 0i ¼ X i (i = 1,2,3). Thus, X t
1 is the confusion key, X t2 is the random-scan key, and X t
3 is the diffusion key in the
tth iteration. The process is applied for m times, and the generated sub-keys are in close relation with the user key when
the iteration time m is not smaller than 3. Thus, a slight change in the user key will cause great changes in these sub-
keys, which gives the cryptosystem a high key sensitivity.
5. Performance analysis
5.1. Security analysis
5.1.1. Key space
As mentioned above, the key of the cryptosystem is composed of three parts: permutation parameter K, random-
scan key [rx, ry], and diffusion key c�1. Thus, for an N · N sized plaintext, the size of the space of permutations is
N2!, the one of random-scan is N2 and the one of diffusion is L (the gray level of each pixel). These three parts are inde-
pendent from each other. Therefore, for m iterations, the size of the space of the whole encryption process is
HðN ; L; n;mÞ ¼ ðN 2! � N 2 � LÞm: ð18Þ
Here, it is proposed to take n = 4, m = 4 and L = 256. If N P 128, and the total size satisfies H(N, 256,4,4) > 2256. That
is, if the user key has 256 bits, then there is no contradiction among these keys, which keeps the cryptosystem of high
security against brute-force attacks.
5.1.2. Confusion and diffusion
Confusion and diffusion [14] are two basic design criteria for secret-key encryption algorithms with high computa-
tional security. Confusion means that the ciphertext depends on the plaintext and the key in a complicated and involved
way. Diffusion requirement on a cipher means that each plaintext bit should influence every ciphertext bit and each key
bit should influence every ciphertext bit.
In the proposed cryptosystem, it is satisfied that
Ci ¼ DeðMi;KdiÞ ¼ DeðCneðP i;KciÞ;KdiÞ:
Here, Ce(Pi,Kci) is a chaotic map, so the relationship between Kci, Pi and Mi is nonlinear. Similarly, De(Mi,Kdi) is a
nonlinear function, which means that the relationship between Kdi, Mi and Ci is nonlinear. Therefore, the ciphertext
Ci is nonlinearly dependent on the plaintext Pi and the key Ki. Hence, the proposed cryptosystem satisfies the confusion
design criterion. What�s more, the chaotic map has a high parameter-sensitivity. That is, a one-bit change in the key
causes great changes in the ciphertext, which means that the ciphertext Ci depends on each bit of the key Ki. On the
other hand, the diffusion function has a high diffusion-speed. That is, a one-bit change in the plaintext causes great