Abstract
In recent years, there has been a surge in new chaos-based cryptographic algorithms, many of which claim to have unusually large keyspaces. Although cryptographic primitives such as symmetric-key ciphers should have a secret keyspace large enough to resist brute force attacks, simply increasing the size of a secret key may not lead to improved security margins. An n-bit key may not necessarily have a keyspace of \(2^n-1\) due to the key scheduling algorithm or how the key is used. In this paper, we cryptanalyse several chaos-based algorithms from the perspective of their key schedules. Our numerical analysis is based on the known-plaintext attack model, Kerckhoff’s principle and considers the number representations used for real number computation. Our analysis reveals that the actual security margins for these ciphers are significantly lower, some by a factor of over \(2^{100}\) than what was claimed. We then provide accurate keyspace estimates for these ciphers. Finally, we highlight alternative solutions for how secret keys can be used in the context of chaos-based cryptography and propose a simple key schedule as a proof of concept. Despite its simplicity, the proposed key schedule not only ensures that the keyspace matches the key length but also passes both the NIST and ENT statistical test suites, making it a viable option for generating secure cryptographic keys. Our work contributes towards addressing one of the fundamental problems in chaos-based cryptography that limits its real-world impact and reputation within the cryptographic community.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
A secret key is a sequence of bits that a cryptographic algorithm uses to convert plaintext into ciphertext and vice versa. A key is generally defined by its length in bits, n and the keyspace (number of possible keys) is normally derived as a function of the key length, \(2^{n}-1\). Symmetric encryption relies on a single key for both encryption and decryption while asymmetric or public-key encryption uses one for encryption and another for decryption. Communication between two parties is usually secured using symmetric encryption, with its secret key being distributed using asymmetric algorithms. The reason for this is that symmetric ciphers are significantly faster than their asymmetric counterparts. In practice, secret keys should be long enough to resist brute force attacks but short enough such that key management would not be costly. Since the focus of this paper is symmetric-key cryptography, the term cipher is used to refer to symmetric ciphers in the remainder of the paper.
Key schedule algorithms or key schedules are core components of symmetric-key ciphers, especially block ciphers. They take a secret or master key of a specified length (e.g. 128 or 256 bits) and generate round keys. These round keys are used in the round functions of a block cipher to iteratively transform a plaintext to a ciphertext. Despite their importance, key schedules or third-party cryptanalysis of key schedules receive comparatively less attention as compared to the encryption algorithm itself [1]. Generally, the key schedules of chaos-based ciphers leverage chaotic maps as a source of pseudo-randomness [2]. Most chaos-based ciphers have seemingly ad-hoc key schedules due to a lack of well-studied design paradigms.
Theoretically, we can express the computational security of an algorithm in terms of bits. A cipher is considered n-bit secure if the best attack requires about \(2^n\) operations to compromise its security. An n-bit secret key provides at most n-bit security since a brute force attack after \(2^n\) attempts will always succeed. In other words, the key size only provides an upper bound of a cipher’s security level. The security level may be lower than what has been implied by the key length if there exists an attack that breaks the cipher in fewer operations than expected. One straightforward example is DES, which takes in a 64-bit secret key but only 56 bits are actually in use (effective key length of 56 bits or effective keyspace of \(2^{56}\)). As such, simply designing a cipher to have longer secret keys does not guarantee security.
Unfortunately, the philosophy that longer keys are better seems to be a prevalent theme in chaos-based cryptography [3, 4], a field of study that explores the use of chaotic or dynamical systems in the design of cryptographic primitives. Chaos-based cryptography has been a heavily researched area in recent years [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23], with the majority of them being image ciphers. The main reason given by these researchers for proposing image ciphers based on chaos is that conventional symmetric-key ciphers such as block ciphers and stream ciphers are not suitable for images. However, there is a lack of evidence to support this claim given that conventional block or stream ciphers are being used to encrypt images and other forms of multimedia by being embedded into security protocols such as TLS or IPSec. Additionally, chaos-based ciphers lacked proper security analysis, relying mainly on empirical evidence. Even an insecure chaos-based cipher can pass commonly adopted statistical tests [24]. Unlike conventional ciphers like block or stream ciphers, the majority of chaos-based cryptosystems are not subject to third-party cryptanalysis. Combined with other practical issues [4], it is unsurprising that chaos-based cryptography remains only of academic interest without real-world adoption, especially when newer chaos-based ciphers are still repeating the same mistakes of old [25,26,27,28,29]. To overcome this problem, chaos-based researchers need to first acknowledge the flaws in the current methodology and work towards designing primitives based on commonly accepted notions of security.
In this paper, we contribute towards the latter by diving deep into a largely overlooked problem of chaos-based cryptosystems – their unusually large keyspaces. Problems with keyspace definition have been noted by other researchers years ago [3, 4]. We first cryptanalyse the key schedules of five chaos-based ciphers that claim to have large keyspaces. Five of them were selected after examining 15 ciphers recently published in Tier 1 and Tier 2 journals (based on Journal Citation Reports indexing). We show that the effective keyspace is significantly smaller than the key size implies due to practical and theoretical problems related to their key schedules. We then highlight alternative solutions to how secret keys can be used in the context of chaos-based cryptography. Lastly, we provide an example of a key schedule for chaos-based ciphers that ensures the involvement of every bit of the secret key in the generation of round keys. The goal of this paper is to bring to light yet another problem of chaos-based cryptography that needs to be acknowledged in future research to advance the field in the right direction. The main contributions of this paper are summarised below:
-
Cryptanalysis results of the key schedules of recent chaos-based ciphers to provide more accurate security estimates.
-
Recommendations for how secret keys can be used in the context of chaos-based cryptography to maximise keyspace.
-
A new chaos-based key schedule that ensures that each key bit plays an equal role in providing security.
The remaining parts of the paper are divided into the following sections: Section 2 provides some preliminary information about chaotic maps, chaos-based encryption, and the assumptions used in our analysis of their keyspaces. Section 3 delves into the analysis of recent chaos-based cryptographic algorithms with keyspace issues. Section 4 then highlights approaches to address these issues, which includes the design of a new chaos-based key schedule that is aligned with our findings. Finally, Section 5 concludes the paper.
2 Preliminaries
2.1 Chaotic maps and chaos-based cryptography
According to Devaney’s definition [30], chaotic systems exhibit three primary properties: sensitivity to initial conditions, topological mixing, and density of periodic orbits. In the case of sensitivity to initial conditions, even slight alterations in the initial conditions eventually result in highly divergent chaotic behaviours. Topological mixing indicates that the trajectory, originating from any region within the phase space, gradually encompasses the entire phase space over its evolution. The concept of periodic orbit density signifies that within a chaotic trajectory, points can approach other points in the phase space due to the existence of a strange attractor. These properties are analogous to the security requirements of cryptographic algorithms, and as such, have led to the popularity of chaos-based cryptography as a research area.
Chaotic maps are iterative functions that have one or more initial states and control parameters. Iterating chaotic maps with small changes to these states or parameters can lead to entirely different trajectories. Researchers have used them to construct confusion and diffusion layers of cryptographic algorithms, leveraging their capability to produce random-like outputs that are difficult to predict or reverse engineer.
The logistic map is an example of a simple chaotic map with a single system state and control parameter. It is capable of producing chaotic behaviour with proper selection of the control parameter value (\(\approx 4\)). Its simplicity and relatively low complexity have led to its adoption in various cryptographic algorithms [15, 31, 32]. This map is mathematically defined as:
where \(x_{n}\) is the initial state variable at iteration n and r is the control parameter in the range of [0,4]. The lodistic map has chaotic behavior as r approaches 4 as shown in its bifurcation diagram in Fig. 1.
Apart from the logistic map, other well-known or popular chaotic maps that have been used in chaos-based cryptography including the tent map, Henon map and Arnold cat map. These chaotic maps have mainly been used in the design of multimedia ciphers [5, 33,34,35,36,37,38,39] and hash functions [40,41,42]. They have also seen applications in secure communication [34, 43,44,45], serving a role in pseudo-random number generators. The goal of using chaotic maps in these applications is supposedly to enhance randomness and complexity of cryptographic algorithms [46, 47]. Moreover, chaotic system or chaotic map have found applications in image watermarking schemes [48, 49].
Despite being an active research area, there has been a lack of real-world adoption of chaos-based primitives due to problems such as lack of detailed specification regarding the representation of real numbers, weak key handling, inaccurate justification regarding the keyspace, lack of proper security analysis through cryptanalysis, lack of comprehensive computational complexity analysis and comparison to cutting-edge cryptosystems. As other researchers [4, 50, 51] have noted, this problem has persisted over the years.
As highlighted in this section, the majority of work in chaos-based cryptography is on image encryption. Designers often justify the requirement for image-specific encryption algorithms by stating that conventional methods are inadequate for bulk data encryption or incapable of handling the substantial correlation among image pixels [44, 52,53,54]. However, conventional symmetric-key algorithms like block ciphers are the ones being used today to encrypt various types of data without any issues. Previous research has explicitly criticized the accuracy of such assertions [19].
2.2 Attack model and other assumptions
Attack model In this paper, we assume that the attacker operates in the known-plaintext attack model, whereby an attacker can observe ciphertexts and knows the associated plaintexts. This is the attack setting in which a brute force attack operates – an attacker guesses the secret key, submits a decryption query for a given ciphertext, and checks if the resulting plaintext matches the known plaintext. As such, schemes that rely on hashing the plaintext to generate the secret key or to modify the secret key [16, 25, 26, 55,56,57,58,59,60,61,62,63,64] will not be secure under this attack model since an attacker can generate these hash values themselves with knowledge of the plaintext. A known-plaintext attack is also one of the more realistic attack models since parts of certain messages could already be known to an attacker, such as the header or trailer information of a data packet or segment [65].
Even if we assume that an attacker operates in the ciphertext-only model, chaos-based ciphers that rely on hash functions to generate plaintext-dependent secret keys would need to communicate those keys to the recipient in a secure manner. Communication over the Internet takes place on various layers, which are secured using communication protocols such as Transport Layer Security (TLS) or Internet Protocol Security (IPsec). For TLS and IPsec, encryption keys are negotiated before setting up a communication session or a security association (SA), respectively, and will then be used throughout their agreed-upon lifetime. Therefore, a cipher that inherently requires a key exchange to occur for each message exchange would be highly impractical as the entire handshaking process would need to be repeated. Additionally, key exchange relies on asymmetric-key algorithms that are slower than symmetric-key, which would then impose significant computational overhead on communication.
Kerckhoff’s principle
Kerckhoff’s principle states that a cryptosystem should be secure even if everything about a system is known, except for its secret key. As stated by Claude E. Shannon, we need to assume that the enemy knows the system being used [66]. In contrast, keeping the entire algorithm or even part of the algorithm secret can be considered security through obscurity, a notion that is not recommended by standardization bodies. Unfortunately for some chaos-based cryptosystems, the supposed secret key also dictates basic operations such as the permutation pattern [25] or S-box [27]. Note that these ciphers have separate secret parameters for permutation and S-box, and these parameters were not derived from other parts of the secret key, and therefore akin to keeping these operations secret. If conventional ciphers adopt the same approach by keeping their permutation patterns or S-boxes secret, their effective keyspaces would also be larger but would no longer uphold Kerckhoff’s principle. As such, for some of these ciphers, we will also evaluate the effective keyspace if the parameters that determine these basic operations were to be made public. Then, comparisons with conventional cryptography can be made on a level playing field.
Number representation
Real numbers can be implemented on a computer using various formats. The most popular one is the 64-bit IEEE double-precision floating-point format. 1 bit is used as the sign, which is usually a constant since most chaotic maps used in chaos-based crypto operate on positive values, 11 bits to represent the exponent and 52 bits to represent the fraction. Most papers in literature usually estimate the keyspace based on computing precision, whereby the 64-bit IEEE representation has a computational precision of \(10^{-15}\approx 2^{-50}\), which implies a keyspace of 50 bits. This is derived from the fact that double-precision numbers have about 15 significant decimal digits [67]. We will adopt the same approach in our analysis.
3 Keyspace analysis of chaos-based encryption
Out of 15 reviewed recently proposed chaos-based algorithms [25,26,27,28,29, 55, 68,69,70,71,72,73,74,75,76] , we identified 5 ciphers with glaring keyspace issues for further analysis. We only cover ciphers whereby the keyspace reductions are obvious, rather than keyspace reductions based on the format of the floating point variable (e.g. fixed sign bits, value range) or the underlying properties of the chaotic map. The latter approaches may lead to further reductions and will be left for future work.
In the coming sections, we first introduce the design of each chaos-based cipher, focusing on how their secret keys are involved in encryption. We then perform a detailed numerical analysis based on the known-plaintext attack model, Kerckhoff’s principle and practical real number representation to better estimate the ciphers’ actual keyspaces and security margins.
3.1 Low energy interleaved chaotic secure image coding scheme for visual sensor networks using pascal’s triangle transform
3.1.1 Description
Suseela et al. [29] proposed a secure image coding scheme that uses a chaotic Pascal triangle transformation (PTT) that has two control parameters l and m and four seed values which we will denote as \(E_i\). It takes a pair of values (x, y) as input and produces a new pair (a, b). The plainimage P is first divided into \(2\times 2\) pixel blocks which are then permutated based on the sequence of numbers obtained from PTT. Then, three keys are generated denoted as \(C_1\), \(C_2\) and \(C_3\). \(C_1\) and \(C_2\) are 8-bit values due to the use of the \(\mod ~256\) operation while \(C_3\) is a 3-bit value since it is the hamming distance between 8-bit values \(C_1\) and \(C_2\). The pixel blocks are then circularly rotated based on \(C_3\). If \(C_3\) is even, pixels are rotated circularly to the left but if odd, they are rotated circularly to the right. This is considered the first diffusion phase of the cipher. The parameters l and m, which are kept secret, are used in this process. The resulting scrambled pixel blocks is denoted as D1x.
Next, a \(2\times 2\) matrix denoted by Gx is generated using two chosen prime numbers w and z and the current block position (a, b). This matrix consists of four 8-bit numbers. As the final step of the encryption process, each pixel of Gx is XOR-ed with one of the elements of D1x. This produces the final cipher pixel block which is denoted as Cx, and the process is repeated for all remaining pixel blocks. The whole process is illustrated in Fig. 2
Flowchart of the encryption process for [29]
3.1.2 Keyspace analysis
The authors claim that the encryption algorithm has \(2^{499}\) possible keys derived from the number of levels in Pascal’s triangle l, the rotation parameter m, the four seed values \(E_i\) of the PTT, and finally the diffusion keys (a, b, w, z) of each pixel block. It was also mentioned that the encryption algorithm uses the 64-bit double-precision numbers based on IEEE floating-point standard to represent all the keys used in the proposed encryption. Since there are 10 parameters that are supposedly part of the secret key, the keyspace is \(2^{50\times 10}\approx 2^{499}\) possible keys.
The designers point out that the PTT combines the first and second diagonal elements of level n and \(n+1\). Based on their cipher description, the original plainimage is divided into \(n\times n\) smaller pixel blocks, where n can be 2, 4 or 8. Knowledge of n would allow an attacker to determine the four seed values \(E_i\) of the PTT since Pascal’s triangle has a known structure. Even if n was kept secret, it would just be 2 bits of information since there are only 3 possibilities. Also, an attacker would not need to know l (the number of levels in Pascal’s triangle) since we need \(l>n\) for the encryption to be successful.
We also note that a and b can be generated if all parameters of the PTT are known. An attacker would just need to guess n and m to derive a and b from known values of x and y. As such, (a, b, l) should not be considered part of the secret key. Parameters w and z (which are relatively prime numbers) were used to produce the 4-byte matrix Gx. Even though w and z are both 64-bit values, an attacker can instead opt to guess the contents Gx, which consists of four bytes in total (32 bits). Having Gx is sufficient to perform decryption.
Based on these observations, the effective keyspace of the proposed scheme should only include m, n and Gx, which is around \(2^{50 + 2 + 32} = 2^{84}\). Hence, the security margin has been reduced by a factor of \(2^{415}\). This keyspace includes possible weak keys whereby certain values of l and m would not permute the plainimage at all due to the PTT being periodic. The designers themselves provided one such example, whereby \((l,m)=(2,192)\) would not permute an image with \(512\times 512\) pixels.
3.2 Novel medical image encryption scheme based on chaos and DNA encoding
3.2.1 Description
Belazi et al. [25] proposed a cipher that uses combination of two chaotic maps – the logistic-Chebyshev and sine-Chebyshev map. These chaotic maps have one initial condition and control parameter each, denoted as \((x_0,\alpha _0)\) and \((x_1,\alpha _1)\) respectively. These parameters are kept secret and are part of the secret key, along with two prime numbers \(p_1\) and \(p_2\).
The proposed encryption algorithm begins by using the SHA-256 hash function to generate new key values from \((x_0, x_1,\alpha _0,\alpha _1)\). The first hash value, denoted by \(\kappa _1\) is obtained from the original image while a second hash value, \(\kappa _2\) is generated from the sum of the pixels of the original image. Both hash values are divided into 8-bit blocks and are used to generate two new sets of parameters, \((x'_0,\alpha '_0,x'_1,\alpha '_1)\) and \((x''_0,\alpha ''_0,x''_1,\alpha ''_1)\).
The plainimage is divided into \(m\times n\) blocks that are then permuted using \(p_1\). The permuted blocks are recombined to obtain the permuted image, \(P_1\). \(P_1\) is split into four smaller sub-blocks that are each transformed using four different S-boxes. These are dynamic S-boxes generated using logistic maps initialized with different sets of parameters \((y^i_0, \beta ^i_0)\) where \(i=\{1,2,3,4\}\). Each pixel in each sub-block is substituted using these S-boxes. The output of the substitution process is a new image \(P_2\). The binary representation of \(P_2\) is then encoded into a DNA matrix \(P_3\) using an encoding rule specified by a random integer \(k_1\in \{1,...,8\}\).
A new DNA matrix, \(P_4\), is obtained by creating a complementary version of \(P_3\) based on the values of a matrix, X generated using the logistic-Chebyshev map with parameters \((x'_0,\alpha '_0)\). \(P_4\) is decoded using a DNA decoding rule specified by another random integer \(k_2\in \{1,...,8\}\) to obtain \(P_5\). A keystream denoted by U is generated using sine-Chebyshev with parameters \((x'_1,\alpha '_1)\) and is XOR-ed with \(P_5\) to obtain \(P_6\). The entire process is repeated using \(p_2\), \((x'_0,\alpha '_0)\) and \((x'_1,\alpha '_1)\) to obtain the final cipherimage, C. The whole process is illustrated in Fig. 3.
Flowchart of the encryption process for [25]
3.2.2 Keyspace analysis
The authors claimed that the keyspace of their cipher is greater than \(2^{716}\) when considering the initial conditions and control parameters of logistic-Chebyshev and sine-Chebyshev \((x_0,\alpha _0,x_1,\alpha _1)\), as well as the updated keys obtained from SHA-256 \((x'_0,\alpha '_0,x'_1,\alpha '_1,x''_0,\alpha ''_0,\) \(x''_1,\alpha ''_1)\). Integers m and n, the prime numbers \(p_1\) and \(p_2\) (with no length restrictions), the DNA encoding and decoding keys \(k_1\) and \(k_2\) respectively, and S-Box parameters \((y^i_0, \beta ^i_0)\) where \(i=\{1,2,3,4\}\) are all considered to be part of the secret key. The authors assume that each 64-bit double-precision number contributes 49 bits to the keyspace, or \(2^{49}\) possible values. It is not exactly clear how the authors arrived at \(2^{716}\) since there are at least 20 chaos-based parameters that are part of the key.
There are several parts of the key that can be easily guessed by an attacker. Integers m and n must satisfy \((M\times N)\mod (m\times n)=0\), which implies \((m\times n)\) divides \((M\times N)\). Additionally, we know that n is either 2, 4, or 8. Given a plainimage, we need to calculate the number of divisors of \((M\times N)\). For example, a \(1024\times 1024\) image has 1048576 pixel; 1048576 has 21 divisors. Then, the number of combinations of (m, n) is less than three times the number of possible divisors, which is around 6 bits of information. Even an 80 Gigapixel image would lead to only around 8 bits of information that need to be guessed.
The permutation function based on primes \(p_1\) and \(p_2\) involve modular multiplication:
for some integer l. Using a prime with i digits would lead to a computational complexity of around \(O(i\times j)\) for modular multiplication, where j is the number of digits of a. Thus using very large primes would be computationally inefficient. Let us assume conservatively that a prime number with at most 32-bit length (10 digits) is used.
This encryption algorithm is one of the examples of chaos-based ciphers that uses a hash function to increase the size of the key as mentioned in Section 2.2. Under the chosen-plaintext model, \((x'_0,\alpha '_0,x'_1,\alpha '_1,x''_0,\alpha ''_0,x''_1,\alpha ''_1)\) do not need to be guessed since they can be derived based on knowledge of the plainimage and \((x_0,\alpha _0,x_1,\alpha _1)\). We assume that each real number contributes \(2^{50}\) bits to the key, so \((x_0,\alpha _0,x_1,\alpha _1)\) contributes \(2^{50\times 4}=2^{200}\) to the keyspace. The keyspace also includes the eight parameters (400 bits) involved in generating the S-box, 64 bits of the prime numbers, 8 bits of (m, n), and 6 bits of the decoding key. The overall keyspace is thus \(2^{678}\), a reduction by a factor of \(2^{121}\). Furthermore, if Kerchoff’s principle is to be upheld, the four S-boxes should at least be made known. This would reduce the keyspace to around \(2^{278}\).
3.3 New image encryption algorithm with nonlinear-diffusion based on multiple coupled map lattices
3.3.1 Description
Wang et al. [26] proposed a new image encryption algorithm that utilizes multiple coupled map lattices (MCML). The chaotic system of the proposed algorithm has \(b_1\), \(b_2\), and \(b_5\) as its initial conditions and \(b_3\) and \(b_4\) as its control parameters.
The encryption algorithm starts by generating a secret key, denoted by K, using SHA-512 from the original image P. The key K is then divided into 5 groups, with each group having 80 bits. These groups are converted into real numbers (\(b_1\), \(b_2\), \(b_3\), \(b_4\) and \(b_5\)) which constitute the secret key. Then a two-dimensional array R with 2 rows and r columns are created, where the first row is assigned a sequence of numbers from 1 to r and the second row of R is filled with r real numbers between 0 and 1 by iterating the logistic map r times using \(b_1\) as the initial condition and a constant parameter 3.99. The position of the first row in R is rearranged based on the sorted values in the second row, resulting in a shuffled array R1. The first row of this new array R1 is a sequence of shuffled row indices, denoted by \(D_r\).
A similar process is applied to another 2D array C, which is created by iterating the logistic map using \(b_2\) as the initial value. The first row of this new array C1 is a sequence of shuffled row indices, denoted by \(D_c\). Thus, \(D_r\) and \(D_c\) are indexes that are generated for each pixel.
Finally, an array S is obtained from MCML using \(b_5\) as its initial value. The array has the same dimensions as the cipherimage C. The values of cipherimage C at position \(D_c\) and \(D_r\), is determined by accessing each pixel elements in the plainimage P and then combine with the row and column sequences of array S using modular addition. The whole process is illustrated in Fig. 4. We note that the proposed cipher resembles a stream cipher whereby S is the keystream that is used to encrypt the plainimage using modular addition, and as such does not actually have diffusion (each pixel is encrypted independently and does not affect other pixels).
Flowchart of the encryption process for [26]
3.3.2 Keyspace analysis
The authors of the proposed encryption algorithm claim that the keyspace of their cipher is around 400 bits. This estimation is made on the assumption that the secret key is composed of five parts (\(b_1\), \(b_2\), \(b_3\), \(b_4\), \(b_5\)) and each part is 80 bits in length. However, the authors did not specify how the 80 bits are converted to real numbers to be used as initial conditions and other parameters. It is likely that the authors are relying on an 80-bit extended precision format that is analogous to the IEEE 754 format [77] and has a precision of 64 bits. Thus, the effective keyspace should be \(64\times 5 = 320\) bits rather than 400 bits.
Unfortunately, not all devices would have a processor that supports 80-bit numeric data types. If a 64-bit double floating point number was used instead, then the effective keyspace is \(50\times 5= 250\) bits. In addition, we observed that a hash function was used to generate the entire secret key. As mentioned in Section 2.2, schemes that rely on hashing to generate or modify the secret key will not be secure in the known- or chosen-plaintext attack model.
3.4 A dynamic triple-image encryption scheme based on chaos, s-box and image compressing
3.4.1 Description
The proposed cipher utilizes two chaotic systems, a 2-dimensional logistic-sine-coupling map (2D-LSCM) and a sine-tent system (STS) [27]. The former chaotic system has one control parameter, \(\theta \) and two state variables x and y while the latter has one control parameter, \(\mu \) and one state variable, z. Later, we will see that the secret key comprises these parameters and state variables.
The proposed encryption algorithm first compresses three images based on a sequence of numbers obtained from 2D-LSCM. The control parameter and state variables involved are not part of the secret key but are made public. Notably, \(\theta \) is chosen randomly to ensure that the cipherimages are different even when the same plainimages are being encrypted. Thus, \(\theta \) can be viewed as some form of tweak [78]. After compression, the resulting image, denoted as C, is converted into a 1-dimensional vector and divided into four equal sub-blocks. These sub-blocks undergo a pixel-wise permutation based on another sequence of numbers obtained from 2D-LSCM. This time, the parameters involved, \(x_0\), \(y_0\) and \(\theta _1\) are kept secret and part of the secret key.
Finally, the shuffled blocks are combined into a single matrix \({img_p}\), which is then divided into \(16\times 16\) blocks. These blocks are modified in what is considered the diffusion phase of the cipher, whereby two more random number sequences were generated from STS and 2D-LSCM, both of which use a different set of parameters that are all kept secret. The random number sequence generated by STS using parameters \(z_0\) and \(\mu \) are used with another randomly selected odd integer d to generate what seems to be an 8-bit S-box. The diffusion phase then proceeds to perform modular addition between each pixel and the sequence generated from 2D-LSCM. After modular addition, each pixel is XOR-ed with one of the elements of the S-box selected using the position of the current pixel.
Therefore, the S-box does not actually contribute toward nonlinearity in the cipher since it is used in an entirely linear operation. It can be seen that there is no actual diffusion since the value of each pixel does not actually affect the other pixels. Figure 5 illustrated the encryption process.
Flowchart of the encryption process for [27]
3.4.2 Keyspace analysis
The authors claim that the keyspace of their cipher is around \(2^{561}\). Although not mentioned specifically, it seems that four different S-boxes were generated by using the same d and \(\mu \) but with varying \(z_0\). As such, there are 12 parts of the secret key, \((x_0,y_0,\theta _1,x_1,y_1,\theta _2,z^1_0,z^2_0,z^3_0,z^4_0,\mu ,d)\), where \(d\in [1,10^4-1]\) is the randomly selected odd integer used to generate the S-box. Assuming that we use 50 bits to represent each of these non-negative real numbers (due to the use of 64-bit double floating point numbers), the effective keyspace would be approximately \(2^{11\times 50}\times 10^4\approx 2^{563}\), which supports the authors’ claim.
However, we note that the S-box used in the encryption process is derived from its own set of parameters rather than being derived from other parts of the key. As mentioned in Section 2.2, these parameters should ideally be made public if Kerckhoff’s principle is to be upheld. If this is the case, the keyspace will be effectively reduced to \(2^{6\times 50}=2^{300}\).
3.5 RGB image encryption through cellular automata, s-box and the lorenz system
3.5.1 Description
In 2022, Alexan et al. [68] proposed a scheme for encrypting color images using a combination of cellular automata, S-Box, and the Lorenz chaotic system. The chaotic system of the proposed cipher has \(\sigma \), \(\rho \), \(\beta \) as system parameters and x, y, z initial values.
The pixels of the image with (M \(\times \) N) size are first converted into a 1D bitstream denoted as d. The mean intensity of the image pixels denoted as \(P_{\mu }\) is calculated, and is multiplied by a magnifying factor \(f_M\) to get the value \(\mu \). Then each of the element of d are cyclically shifted to the right by \(\mu \) places. The resulting bitstream \(d_{\mu }\) is XORed with the first encryption key denoted as \(K_{CA}\), which is a bitstream of the same length as d and \(d_{\mu }\), and is made up of a repetition of the first \(N_{CA}\) bits resulting from the center column of Rule 30 Cellular Automata.
After the XOR operation, the resulting bitstream, \(C_0\), undergoes a substitution process utilizing an S-box generated based on the concepts of three operations: transformation, modular inverses, and a permutation, represented as \(S(C_0)\), to yield the resultant bitstream \(C_1\). The Lorenz system is then solved to obtain a 3D geometry, with x, y, and z coordinates of each point flattened into a single 1D array L. The values in L are plotted on a 2D plane, and a threshold value \(\lambda \) is chosen to generate a new bitstream v, where any values in L that are greaterthan \(\lambda \) are considered 1s, while any values that are less than or equal to \(\lambda \) are considered 0s.
Finaly, the bits in v of length \(N_L\) is repeated until they are of the same length as \(C_1\) to generate the second encryption key \(K_L\), and XOR it with \(C_1\) to obtain \(C_2\). Then \(C_2\) is reshaped into an image with the same dimensions (M x N) as the original image to obtain the encrypted image. The encryption process uses two encryption keys: \(K_{CA}\) and \(K_L\). \(K_{CA}\) is generated from the Rule 30 Cellular Automata, and \(K_L\) is generated from the Lorenz system. The whole process is described in Fig. 6.
Flowchart of the encryption process for [68]
3.5.2 Keyspace analysis
The authors claim that their cipher has a total keyspace of \(2^{425}\) drawing from the observation that there are eight parts of the secret key (\(P_{\mu },\sigma , \beta , \rho , N_{CA}, N_L, f_M\) and \(\lambda )\).
However, \(P_{\mu }\) and \(f_M\), which are both supposedly part of the secret key, are used to calculate a rotation constant called \(\mu \). The number of possible \(\mu \) values is limited by the number of pixels or the number of bits in an image. For instance, the largest known photograph in the world with 846 gigapixels would have a \(\mu \) value of no more than 32 bits since there is a maximum of \(\log _2(846\times 1024\times 1024\times 3)\approx 2^{32}\) RGB pixels. If the rotation was in terms of bits, then the keyspace of \(\mu \) is increased to \(2^{35}\). Similarly, the possible values of \(N_{CA}\) and \(N_L\) are also limited by the number of bits in the image.
Therefore, if we assume that the remaining parameters (\(\sigma , \beta , \rho , \lambda \)) can occupy the entire 50-bit space, then the key size would be around 50 + 50 + 50 + 50 + 35 + 35 + 35 = 305 bits, reducing the security margin by a factor of 120 bits. The keyspace would be even smaller for smaller images such as the \(256\times 256\) pixel images used for testing in the original paper. In this example, the keyspace would be reduced to just 260 bits (reduction of 165 bits).
4 Secret key recommendations
In this paper, we performed the keyspace analysis from a high-level perspective and we were able to reduce the keyspace of several chaos-based algorithms. A summary of our findings is shown in Table 1. Apart from keyspace reductions, our analysis also clearly depicts the lack of a standard way of designing chaos-based ciphers, with many of them having seemingly ad-hoc designs. It would be possible to reduce these keyspaces even further by considering how the control parameters and initial states (which are commonly used as part of the secret key) are represented using floating-point numbers. For example, the majority of parameters involved in these algorithms are positive values. If a technical standard for floating-point arithmetic such as the IEEE 754 representation is used, the sign bit will always be 0 and does not need to be guessed. Furthermore, some chaotic maps need to fix their control parameters to a certain range to avoid fixed or periodic behaviour. If these instances are not addressed, weak keys will exist that reduce the security of the cipher. On the other hand, restricting the parameter space would lead to secret key bits that are either constant or are biased.
Therefore, future designs should ensure that all bits of their secret key would play an equal role in the encryption process. Rather than using these keys to seed chaotic maps, they could instead be used to initialize registers [79] that are modified by the outputs generated by the maps. The modified registers can be used as round keys, whitening keys, feedback shift registers, or as the internal state of a sponge construction. Another option that designers can consider is the use of fixed-point arithmetic to represent real numbers as integers [80], which would further reduce ambiguity as to how the key bits are used in a cipher. Using fixed-point representation also contributes to the analyzability of a cipher, since all arithmetic operations on real numbers can be reduced to integer operations.
It was previously highlighted in [4] that the chaos-based cryptography community seems to regard having a longer key length as superior to a shorter one and highlighted the problem of having an unusually long key from the perspective of computational or conditional security. Unfortunately, this notion is still prevalent several years on as seen from some of the ciphers being analysed in this paper. Today, key sizes of 128 bits and 256 bits are still deemed efficient by many standards bodies and federal agencies. The German Federal Office for Information Security (also known as BSI) [81], ECRYPT-CSA [82], NIST [83] all recommend a minimum key size of 128 bits and up to 256 bits to assure long-term security. Even with the existence of quantum computers, the best-known quantum algorithm applicable to symmetric-key is Grover’s algorithm which can reduce the time required to brute force an N-bit key to \(\sqrt{N}\) time [84]. A 256-bit key would still provide 128 bits of security, which is more than sufficient. In contrast, it is not unusual for designers of chaos-based ciphers to claim that chaos-based ciphers having keys of 500 bits or more [5, 25, 28, 72, 73] is an advantage over classical encryption algorithms. Chaos-based ciphers should be designed to follow these internationally accepted standards not only to facilitate interoperability but also for easier key management.
Last but certainly not least, the hashing of the plaintext (or plainimage) to generate the secret key or parts of the secret key should be avoided in the design of newer ciphers. Not only is it impractical since it requires a fresh key exchange for each message, but these ciphers would also not be secure under the known or chosen plaintext attack model.
4.1 Key Schedule
In this section, we propose an example of a chaos-based key schedule that ensures that each bit of the secret key is involved in the generation of round keys. First, a 128-bit secret key is used to initialise four 32-bit registers. Then, the key schedule updates each register based on the output of a logistic map. For real number computation, we rely on a 48-bit fixed-point representation. Here, the leftmost two bits, known as the most significant bits (MSBs) represent integers, and the remaining 46 least significant bits (LSBs) represent fractions. The reason for having only two integer bits is that we will set the control parameter of the logistic map (1) to \(r=3.9999...\approx 4.0\), whereby the value of 3 only requires two bits.
The general idea is to take bits from the logistic map’s state variable (represented as fixed-point numbers) after each iteration and XOR them with the current value of each register. This process can be repeated as needed to generate multiple round keys or as a means to initialise an internal state. When iterating the logistic map, bits used to represent integers will only be used by the control parameter and not by the chaotic states. Since the chaotic state ranges from [0, 1), only fractional bits in its fixed-point representation will be modified each iteration. When selecting bits to update the key registers, we should then only consider the 46 LSBs representing fractions. Out of these 48, we opt for 32 LSBs to ensure that even the slightest changes to the chaotic state will be reflected.
Based on the bifurcation diagram of the logistic map in Fig. 1, we can see that the entire state space will be visited when the control parameter is close to 4. Therefore, the 32 least significant bits will be evenly distributed throughout the state space. These bits will be used to update the bits in the register, which can then be used to perturb the chaotic state to generate the next 32 bits. This process will ensure that each key bit stored in the 32-bit registers will be modified by evenly distributed bits. Figure 7 illustrates the overall flow of the proposed key scheduling algorithm.
We evaluate the randomness of the proposed key schedule using the NIST SP 800-22 test suite [85] and ENT [86]. After each iteration of the chaotic map, the four 32-bit words in the registers are taken as part of a keystream. We repeat the process until 100 keystreams of \(10^6\) bit length is generated for the test suite. The test was conducted according to NIST guidelines, where a significance level of \(\alpha \) = 0.01 was adopted [85]. Each binary sequence was assessed for every sub-test, where its \(P_{value}\) was computed and compared against the significance level. If the \(P_{value}\) is greater than or equal to \(\alpha \), the sequence passed the sub-test; otherwise, it failed. Tables 2 and 3 indicates that, despite its simplicity, the proposed key schedule successfully passes the entire NIST and ENT test suite.
5 Conclusion
In this paper, we have addressed a significant issue that has been largely overlooked in the design of chaos-based cryptographic algorithms – the secret key. By considering factors such as real number representation and conventional attack models, our cryptanalysis of five chaos-based ciphers has uncovered significantly lower key spaces (security margins) than what has been previously claimed, some by a factor of over \(2^{100}\). To address this issue, we have put forth a set of key schedule recommendations to ensure that each bit of the key plays an equal role in the encryption process and that the resulting key schedules are aligned with real-world applications. Additionally, we have proposed a simple chaos-based key schedule that incorporates all the aforementioned considerations and also provided theoretical justifications for its claimed keyspace. Experimentally, the proposed key schedule successfully passed both the NIST and ENT statistical test suites, indicating that highly complex designs are unnecessary to achieve desirable security properties. Moving forward, we recommend that future researchers take note of these issues and focus on rigorous security evaluations for chaos-based ciphers so that they will be better aligned with real-world security standards.
Research Data Policy and Data Availability Statement
The datasets generated during the current study are available from the corresponding author upon reasonable request.
References
Imdad M, Ramli SN, Mahdin H (2022) An enhanced key schedule algorithm of PRESENT-128 block cipher for random and non-random secret keys. Symmetry 14(3):604
Zhang B, Liu L (2023) Chaos-based image encryption: review, application, and challenges. Mathematics 11(11):2585
Alvarez G, Li S (2009) Cryptanalyzing a nonlinear chaotic algorithm (NCA) for image encryption. Commun Nonlinear Sci Numer Simul 14(11):3743–3749. https://doi.org/10.1016/j.cnsns.2009.02.033
Teh JS, Alawida M, Sii YC (2020) Implementation and practical problems of chaos-based cryptography revisited. J Inf Secur Appl 50:102421. https://doi.org/10.1016/j.jisa.2019.102421
Sekar JG, Periyathambi E, Chokkalingam A (2023) Hybrid chaos-based image encryption algorithm using Chebyshev chaotic map with deoxyribonucleic acid sequence and its performance evaluation. Int J Electr Comput Eng 13(6):(2088–8708)
Cheng Z, Wang W, Dai Y, Li L (2022) A high-security privacy image encryption algorithm based on chaos and double encryption strategy. J Appl Math 2022:1–14. https://doi.org/10.1155/2022/9040702
Zhang S, Liu L (2021) A novel image encryption algorithm based on SPWLCM and DNA coding. Math Comput Simul 190:723–744. https://doi.org/10.1016/j.matcom.2021.06.012
Li Z, Peng C, Tan W, Li L (2021) An effective chaos-based image encryption scheme using imitating Jigsaw method. Complexity 2021:1–18. https://doi.org/10.1155/2021/8824915
Guo Y, Yang J, Liu B (2021) Application of chaotic encryption algorithm based on variable parameters in RFID security. EURASIP Journal on Wireless Communications and Networking 2021(1). https://doi.org/10.1186/s13638-021-02023-0
Li S, Zhao L, Yang N (2021) Medical image encryption based on 2D Zigzag confusion and dynamic diffusion. Secur Commun Netw 2021:1–23. https://doi.org/10.1155/2021/6624809
Dong Y, Huang X, Mei Q, Gan Y (2021) Self-adaptive image encryption algorithm based on quantum logistic map. Secur Commun Netw 2021:1–12. https://doi.org/10.1155/2021/6674948
Gafsi M, Abbassi N, Hajjaji MA, Malek J, Mtibaa A (2020) Improved chaos-based cryptosystem for medical image encryption and decryption. Sci Program 2020:1–22. https://doi.org/10.1155/2020/6612390
Alghafis A, Munir N, Khan M (2020) An encryption scheme based on chaotic Rabinovich-Fabrikant system and S8 confusion component. Multimed Tools Appl 80(5):7967–7985. https://doi.org/10.1007/s11042-020-10142-x
Guesmi R, Farah MAB (2020) A new efficient medical image cipher based on hybrid chaotic map and DNA code. Multimed Tools Appl 80(2):1925–1944. https://doi.org/10.1007/s11042-020-09672-1
Pan C, Ye G, Huang X, Zhou J (2019) Novel meaningful image encryption based on block compressive sensing. Secur Commun Netw 2019:1–12. https://doi.org/10.1155/2019/6572105
Luo Y, Lin J, Liu J, Wei D, Cao L, Zhou R et al (2019) A robust image encryption algorithm based on Chua’s circuit and compressive sensing. Signal Process 161:227–247. https://doi.org/10.1016/j.sigpro.2019.03.022
Broumandnia A (2019) Designing digital image encryption using 2D and 3D reversible modular chaotic maps. J Inf Secur Appl 47:188–198. https://doi.org/10.1016/j.jisa.2019.05.004
An FP, Liu J (2019) Image encryption algorithm based on adaptive wavelet chaos. J Sensors 2019:1–12. https://doi.org/10.1155/2019/2768121
Zhang Y (2018) Test and verification of AES used for image encryption. 3D Research 9(1). https://doi.org/10.1007/s13319-017-0154-7
Li Z, Peng C, Li L, Zhu X (2018) A novel plaintext-related image encryption scheme using hyper-chaotic system. Nonlinear Dyn 94(2):1319–1333. https://doi.org/10.1007/s11071-018-4426-4
Fu C, Zhang GY, Zhu M, Chen Z, Lei WM (2018) A new chaos-based color image encryption scheme with an efficient substitution keystream generation strategy. Secur Commun Netw 2018:1–13. https://doi.org/10.1155/2018/2708532
Hamza R (2017) A novel pseudo random sequence generator for image-cryptographic applications. J Inf Secur Appl 35:119–127. https://doi.org/10.1016/j.jisa.2017.06.005
Zhang X, Cao Y (2014) A novel chaotic map and an improved chaos-based image encryption scheme. Sci World J 2014:1–8. https://doi.org/10.1155/2014/713541
Preishuber M, Hütter T, Katzenbeisser S, Uhl A (2018) Depreciating motivation and empirical security analysis of chaos-based image and video encryption. IEEE Trans Inf Forensics Secur 13(9):2137–2150
Belazi A, Talha M, Kharbech S, Xiang W (2019) Novel medical image encryption scheme based on chaos and DNA encoding. IEEE Access 7:36667–36681. https://doi.org/10.1109/access.2019.2906292
Wang X, Zhao H, Wang M (2019) A new image encryption algorithm with nonlinear-diffusion based on multiple coupled map lattices. Opt Laser Technol 115:42–57. https://doi.org/10.1016/j.optlastec.2019.02.009
Lidong L, Jiang D, Wang X, Zhang L, Rong X (2020) A dynamic triple-image encryption scheme based on chaos, S-Box and image compressing. IEEE Access 8:210382–210399. https://doi.org/10.1109/access.2020.3039891
Yepdia LMH, Tiedeu A, Kom G (2021) A robust and fast image encryption scheme based on a mixing technique. Secur Commun Netw 2021:1–17. https://doi.org/10.1155/2021/6615708
Suseela G, Phamila YAV, Niranjana G, Ramana K, Singh S, Yoon B (2021) Low energy interleaved chaotic secure image coding scheme for visual sensor networks using Pascal’s triangle transform. IEEE Access 9:134576–134592. https://doi.org/10.1109/access.2021.3116111
Devaney R (2018) An introduction to chaotic dynamical systems. CRC Press
Ye G, Jiao K, Pan C, Huang X (2018) An effective framework for chaotic image encryption based on 3D logistic map. Secur Commun Netw 2018:1–11. https://doi.org/10.1155/2018/8402578
Dai H, Ren H, Chen Z, Yang G, Yi X (2018) Privacy-preserving sorting algorithms based on logistic map for clouds. Secur Commun Netw 2018:1–10. https://doi.org/10.1155/2018/2373545
Liao X, Li K, Yin J (2017) Separable data hiding in encrypted image based on compressive sensing and discrete fourier transform. Multimed Tools Appl 76:20739–20753
Lahcene M, Noureddine C, Lorenz P, Adda AP (2023) Securing information using a proposed reliable chaos-based stream cipher: with real-time FPGA-based wireless connection implementation. Nonlinear Dyn 111(1):801–830
Alawida M (2023) A novel chaos-based permutation for image encryption. J King Saud Univ-Comput Inf Sci 35(6):101595
Pourjabbar Kari A, Habibizad Navin A, Bidgoli AM, Mirnia M (2021) A new image encryption scheme based on hybrid chaotic maps. Multimed Tools App 80:2753–2772
Zhu C, Sun K (2018) Cryptanalyzing and improving a novel color image encryption algorithm using RT-enhanced chaotic tent maps. IEEE Access 6:18759–18770. https://doi.org/10.1109/access.2018.2817600
Valli D, Ganesan K (2017) Chaos based video encryption using maps and Ikeda time delay system. Eur Phys J Plus 132:1–18
Wen W, Tu R, Wei K (2019) Video frames encryption based on DNA sequences and chaos. In: Eleventh international conference on digital image processing (ICDIP 2019), vol 11179. SPIE, pp 756–760
Abdelfatah RI, Baka EA, Nasr ME (2021) Keyed parallel hash algorithm based on multiple chaotic maps (KPHA-MCM). IEEE Access 9:130399–130409
Teh JS, Alawida M, Ho JJ (2020) Unkeyed hash function based on chaotic sponge construction and fixed-point arithmetic. Nonlinear Dyn 100(1):713–729. https://doi.org/10.1007/s11071-020-05504-x
Ahmad M, Khurana S, Singh S, AlSharari HD (2017) A simple secure hash function scheme using multiple chaotic maps. 3D Res 8(2). https://doi.org/10.1007/s13319-017-0123-1
Shi Z, Bi S, Zhang H, Lu R, Shen X (2015) Improved auxiliary particle filter-based synchronization of chaotic Colpitts circuit and its application to secure communication. Wirel Commun Mob Comput 15(10):1456–1470
Rathore V, Pal AK (2021) An image encryption scheme in bit plane content using Henon map based generated edge map. Multimed Tools Appl 80:22275–22300
Chen Y, Xie S, Zhang J (2022) A hybrid domain image encryption algorithm based on improved Henon map. Entropy 24(2):287
Sharma M, Ranjan RK, Bharti V (2022) A pseudo-random bit generator based on chaotic maps enhanced with a bit-XOR operation. J Inf Secur Appl 69:103299
Alawida M, Samsudin A, Teh JS (2020) Enhanced digital chaotic maps based on bit reversal with applications in random bit generators. Inf Sci 512:1155–1169
Zainol Z, Teh JS, Alawida M et al (2022) An FPP-resistant SVD-based image watermarking scheme based on chaotic control. Alex Eng J 61(7):5713–5734
Guo JM, Riyono D, Prasetyo H (2019) Hyperchaos permutation on false-positive-free SVD-based image watermarking. Multimed Tools Appl 78:29229–29270
Alvarez G, Amigó JM, Arroyo D, Li S (2011) Lessons learnt from the cryptanalysis of chaos-based ciphers. In: Studies in computational intelligence. Springer, Berlin Heidelberg, pp 257–295
Arroyo D, Li S, Amigó JM, Alvarez G, Rhouma R (2010) Comment on “Image encryption with chaotically coupled chaotic maps”. Physica D 239(12):1002–1006. https://doi.org/10.1016/j.physd.2010.02.010
Ge B, Chen X, Chen G, Shen Z (2021) Secure and fast image encryption algorithm using hyper-chaos-based key generator and vector operation. IEEE Access 9:137635–137654. https://doi.org/10.1109/access.2021.3118377
Ali TS, Ali R (2022) A novel color image encryption scheme based on a new dynamic compound chaotic map and S-box. Multimed Tools Appl 81(15):20585–20609. https://doi.org/10.1007/s11042-022-12268-6
Arif J, Khan MA, Ghaleb B, Ahmad J, Munir A, Rashid U et al (2022) A novel chaotic permutation-substitution image encryption scheme based on logistic map and random substitution. IEEE Access 10:12966–12982. https://doi.org/10.1109/access.2022.3146792
Xu Q, Sun K, He S, Zhu C (2020) An effective image encryption algorithm based on compressive sensing and 2D-SLIM. Opt Lasers Eng 134:106178. https://doi.org/10.1016/j.optlaseng.2020.106178
Chai X, Fu X, Gan Z, Lu Y, Chen Y (2019) A color image cryptosystem based on dynamic DNA encryption and chaos. Signal Process 155:44–62. https://doi.org/10.1016/j.sigpro.2018.09.029
Xu Q, Sun K, Cao C, Zhu C (2019) A fast image encryption algorithm based on compressive sensing and hyperchaotic map. Opt Lasers Eng 121:203–214. https://doi.org/10.1016/j.optlaseng.2019.04.011
Sahasrabuddhe A, Laiphrakpam DS (2021) Multiple images encryption based on 3D scrambling and hyper-chaotic system. Inf Sci 550:252–267
Chai X, Wu H, Gan Z, Han D, Zhang Y, Chen Y (2021) An efficient approach for encrypting double color images into a visually meaningful cipher image using 2D compressive sensing. Inf Sci 556:305–340
Gan ZH, Chai XL, Han DJ, Chen YR (2018) A chaotic image encryption algorithm based on 3-D bit-plane permutation. Neural Comput Appl 31(11):7111–7130. https://doi.org/10.1007/s00521-018-3541-y
Liu H, Zhao B, Huang L (2019) Quantum image encryption scheme using Arnold transform and S-box scrambling. Entropy 4:343. https://doi.org/10.3390/e21040343
Cheng G, Wang C, Xu C (2020) A novel hyper-chaotic image encryption scheme based on quantum genetic algorithm and compressive sensing. Multimed Tools Appl 79(39–40):29243–29263
Zheng J, Zeng Q (2022) The unified image encryption algorithm based on composite chaotic system. Multimed Tools Appl 2022:1–20
Zhu S, Deng X, Zhang W, Zhu C (2023) Secure image encryption scheme based on a new robust chaotic map and strong S-box. Math Comput Simul 207:322–346. https://doi.org/10.1016/j.matcom.2022.12.025
Schneier B (1996) Applied cryptography-protocols, algorithms, and source code in C, 2nd Edition. Wiley; 1996
Shannon CE (1949) Communication theory of secrecy systems. Bell Syst Tech J 28(4):656–715
Harris SL, Harris D (2021) Digital design and RISC-V computer architecture textbook. In: ACM/IEEE workshop on computer architecture education, WCAE 2021, Raleigh, NC, USA, June 17, 2021. IEEE; 2021. pp 1–5. Available from: https://doi.org/10.1109/WCAE53984.2021.9707615
Alexan W, ElBeltagy M, Aboshousha A (2022) RGB image encryption through cellular automata, S-box and the Lorenz system. Symmetry 14(3):443
Agarwal S (2019) A fractal based image cipher using Knuth shuffle method and dynamic diffusion. IJCNC 11:81–100
Mansouri A, Wang X (2020) A novel one-dimensional sine powered chaotic map and its application in a new image encryption scheme. Inf Sci 520:46–62
Wang X, Guan N (2020) A novel chaotic image encryption algorithm based on extended Zigzag confusion and RNA operation. Opt Laser Technol 131:106366. https://doi.org/10.1016/j.optlastec.2020.106366
Vidhya R, Brindha M, Gounden NA (2019) A secure image encryption algorithm based on a parametric switching chaotic system. Chin J Phys 62:26–42. https://doi.org/10.1016/j.cjph.2019.09.011
Malik MA, Bashir Z, Iqbal N, Imtiaz MA (2020) Color image encryption algorithm based on hyper-chaos and DNA computing. IEEE Access 8:88093–88107
Zhang Y (2018) The unified image encryption algorithm based on chaos and cubic S-Box. Inf Sci 450:361–377
Luo Y, Yu J, Lai W, Liu L (2019) A novel chaotic image encryption algorithm based on improved baker map and logistic map. Multimed Tools Appl 78:22023–22043
Rostami MJ, Shahba A, Saryazdi S, Nezamabadi-pour H (2017) A novel parallel image encryption with chaotic windows based on logistic map. Comput Electr Eng 62:384–400
80C187 80-bit Math Coprocessor (2023) Available from: https://www.datasheetcatalog.com/datasheets_pdf/8/0/C/1/80C187.shtml
Liskov M, Rivest RL, Wagner D (2010) Tweakable block ciphers. J Cryptol 24(3):588–613. https://doi.org/10.1007/s00145-010-9073-y
Teh JS, Samsudin A (2017) A chaos-based authenticated cipher with associated data. Secur Commun Netw 9040518(1–9040518):15
Alawida M, Samsudin A, Teh JS, Alkhawaldeh RS (2019) A new hybrid digital chaotic system with applications in image encryption. Sig Process 160:45–58
for Information Security FO (2023) Cryptographic mechanisms: recommendations and key lengths. Bonn, Germany. BSI TR-02102-1, Version 2023-01
ECRYPT-CSA (2018) Algorithms, key size and protocols report. European Commission D5:4
of Standards NI, Technology (2002) Recommendation for key management: Part 1-General. Washington, D.C.: U.S. Department of Commerce; 2001. Federal Information Processing Standards Publications (FIPS PUBS) 140–2, Change Notice
Grover LK (1996) A fast quantum mechanical algorithm for database search. In: STOC. ACM, pp 212–219
Bassham III LE, Rukhin AL, Soto J, Nechvatal JR, Smid ME, Barker EB et al (2010) Sp 800-22 rev. 1a. a statistical test suite for random and pseudorandom number generators for cryptographic applications. National Institute of Standards & Technology
Walker J (2008) ENT: a pseudorandom number sequence test program. Software and documentation available at /www fourmilab ch/random/S, ENT
Acknowledgements
Abubakar Abba is funded under the Tertiary Education Trust Fund (TETFUND) Nigeria.
Funding
Open Access funding enabled and organized by CAUL and its Member Institutions.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing Interests
The authors declare that they have no competing interests.
Compliance with Ethical Standards
This article does not contain any studies with human participants performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Abba, A., Teh, J.S. & Alawida, M. Towards accurate keyspace analysis of chaos-based image ciphers. Multimed Tools Appl (2024). https://doi.org/10.1007/s11042-024-18628-8
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11042-024-18628-8