Академический Документы
Профессиональный Документы
Культура Документы
a r t i c l e i n f o a b s t r a c t
Article history: A secure pseudo-random number generator three-mixer is proposed. The principle of the
Received 27 February 2013 method consists in mixing three chaotic maps produced from an input initial vector. The
Received in revised form 19 August 2013 algorithm uses permutations whose positions are computed and indexed by a standard
Accepted 20 August 2013
chaotic function and a linear congruence. The performance of that scheme is evaluated
Available online 31 August 2013
through statistical analysis. Such a cryptosystem lets appear significant cryptographic
qualities for a high security level.
Keywords:
Ó 2013 Elsevier B.V. All rights reserved.
Nonlinear chaotic function
Pseudo-random
Permutation
Cryptography
Statistical analysis
1. Introduction
The generation of pseudo-random numbers plays a critical role in large number of applications such as, numerical sim-
ulations, gaming industry, communications or cryptography [1]. A pseudo-random number generator (PRNG) is defined as
an algorithm enabling to generate sequences of numbers with some properties of randomness. The main advantages of such
generators are the rapidity and the repeatability of the produced pseudo-random sequences. In practice, the generation of
pseudo-random numbers is not trivial and the randomness quality of the produced sequence can be essential in the choice
of the application. One way to design such PRNG is connected to chaos theory [2]. That theory focuses primarily on the
description of these systems that are often very simple to define, but whose dynamics appears to be very confused. Chaotic
systems are characterized by their high sensitivity to initial conditions and some properties like ergodicity, pseudo-random
behavior and high complexity [2]. The extreme sensitivity to the initial conditions (i.e. a small deviation in the input can
cause a large variation in the output) makes chaotic system very attractive for cryptographic applications, specially for pseu-
do-random number generators. Therefore, several chaotic systems have been applied successfully to produce pseudo-ran-
dom sequences [3–7]. Many of these systems use the same standard chaotic function to generate efficiently pseudo-
random numbers [8–12].
In this paper, a new PRNG using a standard chaotic function is presented. The algorithm uses a degressive modulo to in-
dex progressively the positions of an initial vector before permuting their associated elements through the use of a xor oper-
ator. The chaotic permutations are achieved iteratively on the initial vector in order to produce three chaotic maps. These
1007-5704/$ - see front matter Ó 2013 Elsevier B.V. All rights reserved.
http://dx.doi.org/10.1016/j.cnsns.2013.08.032
888 M. François et al. / Commun Nonlinear Sci Numer Simulat 19 (2014) 887–895
maps are xored and the resulting sequence is the output of the algorithm. The choice of producing and xoring three chaotic
maps enlarges the complexity of the system and increases the difficulty for an attacker to extract sensitive informations from
the outputs. The advantage of the proposed PRNG is the free choice of the input vector and the randomnes quality of the
produced outputs. The paper is structured as follows, the description of the method is given in Section 2. Section 3, presents
the statistical analysis applied on a set of generated pseudo-random sequences. The security analysis of the PRNG is achieved
in Section 4, before concluding.
2. The generator
The PRNG algorithm is based on the construction of three chaotic maps obtained by permuting and shuffling the elements
of an initial input vector. The permutations are performed using a chaotic function to scramble the used positions. The cha-
otic function is given by the logistic function FðXÞ ¼ kXð1 XÞ (with 3:5699 < k < 4:0) and was already used in pseudo-ran-
dom number generation [8–12]. Here, we use the chaotic function with k ¼ 3:9999 which corresponds to a highly chaotic
case [13]. To initiate the permutation process, an input initial vector Iin of size N and a starting seed value X 0 are necessary.
The iterative form of the used chaotic function is:
The proposed cryptosystem integrates the chaotic function in the core of the PRNG and the algorithmic description of the
generator consists in the four following steps:
1. An initial vector Iin of size N is chosen (the choice is free). The vector Iin is transformed into the binary vector Ibin (i.e., by
taking the binary components in sequential order). The components of Ibin have only the values 0 or 1 and the vector
size is M ¼ N log2 N (with N ¼ 2x and x 1).
2. A seed value X 0 is chosen in 0:0; 0:5½ and initiates the iterative relation of Eq. (1). The choice of the seed value is
arbitrary.
3. A loop is started on the index i of the vector Ibin , with 0 6 i < M 2. With the current position i in Ibin , a new position j is
computed using the chaotic function:
c ¼ Floor½log10 M þ 3: ð3Þ
At each iteration i, the new position j has a value i < j < M. The elements of Ibin are transformed into Ibin ½i ¼ Q 3 and Ibin ½j ¼ Q1
with
The construction of the three chaotic maps consists in transforming the initial vector Iin into Ik by applying iteratively the
algorithm (i.e., k ¼ T=3 and T mod 3 ¼ 0). From Ik , a second application of k rounds is achieved to produce I2k and finally I3k is
obtained from I2k with k supplementary rounds. The three constructed vectors Ik ; I2k and I3k are chaotic vectors and are mixed
to produce the sequence Iout of size N:
Iout ¼ Ik I2k I3k : ð7Þ
M. François et al. / Commun Nonlinear Sci Numer Simulat 19 (2014) 887–895 889
The vector Iout corresponds to the output generated by the PRNG. It should be noted that, the idea consists in permuting
the binary values of positions i and j through a xoring operation on the vector Iin . Moreover, to improve the security of the
algorithm, the sequence Iout is obtained by xoring Ik ; I2k and I3k making the algorithm irreversible. As we should store three
vectors of size N at most, the memory space complexity is OðNÞ.
The security of the PRNG strongly depends on the number of round T. Therefore, it is necessary to determine an optimized
and efficient number of round permitting to generate sequences with high cryptographic qualities and assuring the security
of the algorithm. In any cryptosystem, for poor keys or limited key space K, the cryptosystem can be easily broken. Indeed,
given today’s computer speed, it is generally accepted that a key space of size smaller than 2128 is not secure enough. Here,
the PRNG allows to produce a large number of pseudo-random sequences from chosen keys. These keys correspond to two
kinds of input data:
At each round, the corresponding seed X i0 belongs to the interval 0:0; 0:5½, with c digits of accuracy (i.e., 10c ). Therefore, the
T=3 T=3 T=3 T
total number of possibilities for the seed space is ½5 10c1 1 ½5 10c1 1 ½5 10c1 1 ¼ ½5 10c1 1
T
(i.e., excluding the seed f0:0 0g for each round). To satisfy the condition ½5 10c1 1 > 2128 avoiding any brute-force
attack, the minimum number of rounds T 1 is:
" #
128
T 1 ¼ Floor þ 1: ð8Þ
log2 ð5 10c1 1Þ
The condition T ¼ T 1 assures the minimum entropy limit for the seed space but not necessarily the randomness quality of
the output sequence Iout . Indeed, an initial vector Iin with very low entropy can necessitate T P T 1 rounds, to obtain a high
level of randomness in Iout . Therefore, the number of rounds T must also be related to the distribution of bits ‘0’ and ‘1’ in Iin .
ð0Þ ð1Þ ð0Þ
Let consider that, in the input vector Iin , the occurency of the bit ‘0’ has a probability p0 > 0 (resp. p0 ¼ ð1 p0 Þ > 0 for the
ð0Þ
bit ‘1’) then, at each new round t, the probability pt is iteratively modified by:
2 2
ð0Þ ð0Þ ð0Þ
pt ¼ pt1 þ 1 pt1 8t P 1 ð9Þ
ð0Þ
and the limit of the suite pt must converge to 0.50 to assure a maximum Shannon’s entropy in the output sequence Iout . The
purpose is to find the number of rounds T 2 satisfying the relation:
ð0Þ
lim pt ¼ 0:50 1 ð10Þ
t>T 2
with 1 a fixed numerical tolerance (here 1 ¼ 0:001). The value T 2 is computed iteratively and can be large for Iin with very
low Shannon’s entropy or small for Iin with Shannon’s entropy closed to its maximum (i.e., 1 in base 2). Finally, the algorithm
must also assure high sensitivity to the initial input vector Iin . With the same set of seed values and two nearby initial vectors
Iin and Iin 0, the produced output sequences Iout and I0out are highly correlated. In that context, the security level is not maxi-
mum because, the sensitivity is not guaranteed. To avoid such problems, an additional hypothesis must be made. As the
treatment is based on the binary components, two initial input vectors Iin and Iin 0 of size M (in bits) are considered. With
two vectors Iin and I0in differing by only one bit, the probability s0 of identical elements between these two vectors is exactly
s0 ¼ ðM 1Þ=M. The theoretical evolution of the internal bits in each vector is the same and follows the relation of Eq. (9).
The same seeds are used in both vectors, then the theoretical evolution of identical bits between Iin and I0in is the same as in a
simple binary vector with M 1 identical bits. This problem is similar to the previous one, but with a starting vector which is
completely unbalanced (i.e. M 1 bits ‘0’ and one bit to ‘1’). Therefore, the evolution of the probability s0 should follow the
relation of Eq. (9) such as:
2 2
ð0Þ ð0Þ
sr ¼ sr1 þ 1 sr1 8r P 1 ð11Þ
where 2 is equal to 1 . With these three indicators T 1 ; T 2 and T 3 , the relevant number of rounds T is:
T ¼ maxfT 1 ; T 2 ; T 3 g þ d; ð13Þ
with d ¼ ½3 maxfT 1 ; T 2 ; T 3 gmod 3 ensuring that T is a multiple of three. The number of rounds T is automatically computed
and adapted, from the characteristic of the initial vector Iin , to satisfy simultaneously the criteria of key space entropy,
890 M. François et al. / Commun Nonlinear Sci Numer Simulat 19 (2014) 887–895
maximum Shannon’s entropy and sensitivity to the initial conditions. By example, for an initial vector of size N ¼ 2048, (i.e.,
18
M ¼ 22528; T ¼ 18), the cryptosystem permits to produce exactly ð5 106 1Þ or approximately 2400 different pseudo-
random sequences. For the generation of any pseudo-random sequence, the parameters which must remained secret are:
3. Statistical analysis
The output sequences of any secure PRNG must have a high level of randomness and be completely independent. There-
fore, a statistical analysis taking into account these aspects of the produced sequences should be carefully conducted. Here,
the two proposed statistical analysis focuse both on the randomness level and the correlation between the produced
sequences.
The sequences are evaluated through statistical tests suite NIST. Such suite consists in a statistical package of fifteen tests
developed to quantify and to evaluate the randomness of binary sequences produced by cryptographic random or pseudo-
random number generators [14]. These tests assess the presence of a pattern which, if detected, would indicate that the se-
quence is not random. In each statistical test, a pv alue probability is computed. Each value summarizes the strength of the
evidence against the perfect randomness assumption. A pv alue of zero indicates that, the sequence appears to be completely
not random. A pv alue larger than 0.01 means that, the sequence is considered to be random with a confidence level of 99%. For
multiple tested sequences at the same time, each test defines a proportion g as the ratio of sequences passing successfully
the test relatively to the total number of tested sequences N k (i.e., g ¼ n½pv alue P 0:01=N k ). The proportion g is compared to
an acceptable proportion gaccept which corresponds to the ratio of sequences that should pass the test. The range of acceptable
proportions, excepted for the test ffi Random Excursion-Variant is determined by using the confidence interval defined as
pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
ð1 0:01Þ 3 0:01ð1 0:01Þ=N k [14]. The NIST tests are achieved on the three following classes of the sequences: individ-
ual sequences, concatenated sequence and resulting sequences.
1. Individual sequences: the N k sequences Ikout (with 1 6 k 6 N k ) are individually tested and the results are given as ratio of
success relatively to the threshold gaccept . That indicates the global randomness level of tested sequences.
2. Concatenated sequence: a new sequence is constructed by concatenating all the individual sequences: Icat 1 Nk
out ¼ fI out I out g
of binary size N k M. The randomness quality of the new sequence is also analysed with the NIST tests. For truly random
sequences Ikout (with 1 6 k 6 N k ), the concatenated sequence should also be random. Such analysis also gives an indication
about the potential correlation that can exist between the N k sequences Ikout .
3. Resulting sequences: N resulting sequences Ires of size N k are constructed by collecting, for each position 1 6 j 6 N, the
value of each sequence Iout . Therefore, Ijres ¼ fI1out ½j; . . . ; INoutk ½jg. The randomness of the resulting sequences is analysed
by applying the NIST tests. If truly random sequences are superimposed on each other, the resulting sequences should
also be random (with N k as large as N). The analysis is interesting especially for sequences produced with successive seeds
and shows the hidden linear structures between the produced sequences Ikout with 1 6 k 6 N k .
The purpose of the second approach is to check the correlation between the produced sequences. The correlation is ana-
lysed globally by computing the correlation coefficients of each pair of sequences [15]. Let the two sequences
Ixout ¼ ½x1 ; . . . ; xN and Iyout ¼ ½y1 ; . . . ; yN , we have:
PN
i¼1 ðxi xÞ ðyi yÞ
C Ixout ;Iy ¼ h i1=2 hP i1=2 ð14Þ
out PN 2 N 2
i¼1 ðxi xÞ i¼1 ðyi yÞ i
P P
where x ¼ Ni¼1 xi =N and y ¼ Ni¼1 yi =N are the mean values of Ixout and Iyout , respectively. For two uncorrelated sequences,
C Ixout ;Iy ¼ 0. A strong correlation occurs between Ixout and Iyout for C Ixout ;Iy ’ 1. The coefficients C Ixout ;Iy are computed for each
out out out
pair of produced sequences and the distribution of the values is presented by a histogram. The interests of such an approach
x y
is the correlation sensitivity for sequences Iout ; Iout produced from nearby or successive seed values.
The analysis of qualities of the produced PRNG outputs are achieved on two subspaces of sequences. The sequences are
produced by using two different initial vectors I1in ¼ ½0; 1; . . . ; 2047 and I2in ¼ ½2011; 0; . . . ; 0 of size N ¼ 2048. The Shannon’s
entropy are 1 and 0.0050 for the vector I1in and I2in , respectively. The choice of such two initial vectors allows to illustrate that
any kind of starting vector can be chosen, as long as it remains secret and different from the zero vector. For the generation of
M. François et al. / Commun Nonlinear Sci Numer Simulat 19 (2014) 887–895 891
the two groups of sequences, the computed number of round is T ¼ 18 with c ¼ 7 digits for the accuracy. The sets of used
seed values are: fX 10 ; . . . ; X 18 1 17
0 g with fX 0 ; . . . ; X 0 g ¼ f0:0933309., 0.2491771, 0.4338708, 0.1548937, 0.0271939, 0.0109258,
0.2667414, 0.3798145, 0.3092353, 0.4284346, 0.4320174, 0.2817204, 0.3172682, 0.3517917, 0.298557, 0.0978801,
0:2465197g and X 18 0 in f0:4603520; . . . ; 0:4643519g. The seed values selected during the last round are consecutive with
an accuracy step equal to 107 . For each case, the number of generated sequences is N k ¼ 40000 and each sequence has a
size of 22528 bits. The seed values X i0 with 1 6 i 6 17 are arbitrarily chosen in the interval 0:0; 0:5½ with c digits of accuracy.
The analysis of randomness and correlation are achieved on the two subspaces of sequences.
4. Security analysis
With the design of a new cryptosystem, a global security analysis must be conducted. The analysis is based both on the
quality of the outputs of the PRNG and on the various existing attacks that can break the PRNG. Even if all the existing attacks
can not be tested, the PRNG must resist to some basic-known attacks and all the critical points related to the cryptosystem
should be analyzed properly [2]. The security element is a prerequisite which can necessitate to redesign a PRNG if a weak-
ness appears. Therefore, the investigated points are: the key sensitivity, the key choice and the quality of the produced out-
puts. Moreover, two basic attacks are also evaluated: brute-force attack [2] and differential attack [16].
A efficient PRNG based on a chaotic function, should be very sensitive with respect to the keys. Indeed, flipping one bit in
a key must give completely different pseudo-random sequence. Such a characteristic corresponds to the diffusion property
Table 1
Results of the NIST tests on the 40,000 generated sequences from the initial vector I1in . The ratio g of pv alue passing the tests are given for individual and resulting
sequences and the pv alue is given for the concatenated sequence.
Table 2
Results of the NIST tests on the 40000 generated sequences from the initial vector I2in . The ratio g of pv alue passing the tests are given for individual and resulting
sequences and the pv alue is given for the concatenated sequence.
14
12 I1in
I2in
Frequency (in %)
10
0
−0.08 −0.06 −0.04 −0.02 0 0.02 0.04 0.06 0.08
Correlation coefficient value
Fig. 1. Distribution of correlation coefficients C Ixout ;Iy on the interval [0.08, 0.08]. The tested sequences are produced from the two initial vectors I1in and I2in ,
out
using the same set of seed values.
for the chaos based system. In the proposed PRNG, the key is given by two kinds of inputs: an initial vector Iin and a set of
initial seed values Sin . Therefore, the key sensitivity analysis must be achieved on these two inputs.
seed corresponding to the last round and the sets are: S1;b 1 29 30;b
in ¼ fX 0 ; . . . ; X 0 ; X 0 g and S1;c 1 29 30;c
in ¼ fX 0 ; . . . ; X 0 ; X 0 g, where
X 30;b
0 ¼ 0:37201638374 and X 30;c
0 ¼ 0:37201638376. The seed values of the last round differ by only 1011 . To illustrate the
sensitivity related to the initial seed value, the correlation coefficients between the produced sequences J 1;a 1;b 1;c
out , J out and J out
are computed and the results are given in Table 3. The similar analysis is done with the input vector K in ¼ ½2011; 0; . . . ; 0,
producing K 1;a 1;b 1;c
out ; K out and K out (see Table 3). The two input vectors J in and K in have the same length N ¼ 8388608 and the cor-
relation coefficients are close to 0. That illustrate the uncorrelated tested sequences. An additional correlation test is
achieved on the three produced sequences J 1;a 1;b 1;c 1;a 1;b 1;c
out ; J out and J out (resp. K out ; K out and K out ) by using the NIST tests. The three se-
quences are concatenated to form one sequence J 1;abc
out (resp. K 1;abc
out ) of length 25165824 (i.e., 578813952 in bits). The results
of the NIST tests are given by Table 4. All the pv alue are larger than 0.01. The concatenated sequence can be viewed as a
M. François et al. / Commun Nonlinear Sci Numer Simulat 19 (2014) 887–895 893
Table 3
Correlation coefficients between the output sequences V out produced from the initial vector Jin (resp. K in )
with slightly different seed sets S1;a 1;b 1;c
in ; Sin and Sin . The vector V out ¼ J out is produced by J in and V out ¼ K out is
produced by K in .
V 1;a 1;b
out =V out V 1;a 1;c
out =V out V 1;b 1;c
out =V out
random sequence (in each case) and the produced sequences from nearby seed values are weakly correlated. These results
show the high sensitivity related to the initial seed value.
J 1;b
in and J 1;c
in by K 1;a
in ¼ ½2011; 0; . . . ; 0, K 1;b
in ¼ ½2010; 0; . . . ; 0 and K 1;c
in ¼ ½2012; 0; . . . ; 0. The produced sequences are K 1;a
out ; K 1;b
out
1;c
and K out . The results of correlation analysis are given in Table 5. The computed coefficients of correlation are close to 0
and show the decorrelation between the tested sequences. The produced sequences J 1;a 1;b 1;c 1;a 1;b
out , Jout and J out (resp. K out ; K out and
K 1;c
out ) are concatenated to form one sequence J 1;abc
out (resp. K 1;abc
out ) of length 25165824. The results of the NIST tests on the con-
catenated sequence formed from nearby initial vectors are given by Table 6. The results of the NIST tests show that, the con-
catenated sequence satisfy all requirements of randomness and the sequences produced from nearby initial vectors are
weakly correlated. Finally, these results show the high sensitivity of the cryptosystem relatively to the initial input vector.
The initial vector Iin and the set of seed values Sin are the input parameters of the PRNG and the choice of such parameters
must be adapted to the application domain and security requirement. criteria of randomness, decorrelation and sensitivity to
initial conditions. The outputs of the PRNG should have good cryptographic properties such as criteria of randomness, dec-
orrelation and sensitivity to initial conditions.
4.2.1. Inputs
The choice of the input parameters is completely free. In this paper, for the generation of pseudo-random sequences, the
initial vectors I1in ¼ ½0; 1; . . . ; 2047 and I2in ¼ ½2011; 0; . . . ; 0 were chosen to show that pseudo-random sequences can be
Table 4
1;abc
Results of the NIST tests on the concatenated sequence J out (resp. K 1;abc
out ) from the three produced sequences of initial vector J in (resp. K in ).
Table 5
Correlation coefficients between the output sequences V out produced from slightly different initial input
vectors J 1;a 1;b 1;c 1;a 1;b 1;c
in , J in and J in (resp. K in , K in and K in ). The vector V out ¼ J out is produced by J in and V out ¼ K out is
produced by K in .
V 1;a 1;b
out =V out V 1;a 1;c
out =V out V 1;b 1;c
out =V out
Table 6
Results of the NIST tests on the concatenated sequence J 1;abc 1;abc 1;a 1;b 1;c 1;a 1;b
out (resp. K out ) from the three produced sequences of initial vectors J in ; J in and J in (resp. K in ; K in and
K 1;c
in ).
generated from initial vectors with low Shannon’s entropy. For applications requiring a maximum level of security, both the
set of seeds Sin and the initial vector Iin are parts of the secret key and can be chosen from a complex ‘‘source’’ (e.g., function,
image, physical process, etc.). The set of seeds Sin and the initial vector Iin should not be easily founded without informations.
The choice of these inputs (complex and secret) for the generation of pseudo-random sequences is an asset to the
cryptosystem.
4.2.2. Outputs
One of the major aspects of any kind of PRNG is the randomness level of the produced sequences. According to Kerckhoffs’
principle [17], the security of a cryptosystem only depends on its keys. Nowadays, various statistical tests are available to
evaluate a PRNG for cryptographic purposes. In fact, the National Institute of Standards & Technology (NIST) proposes a bat-
tery of tests that must be performed on the generated outputs [14]. Others tests exist in the litterature, such as TestU01 [18]
or the DieHARD suites [19]. These three are commonly used even if, the NIST tests are the most applied. Here, the NIST tests
were used to quantify and to evaluate the randomness level of the produced pseudo-random sequences. Moreover, all the
produced sequences pass successfully the statistical tests and the correlation between sequences are also been evaluated.
The sensitivity to the key (seed and initial vector) is also analysed and the results have shown that the proposed PRNG is
very sensitive to these initial parameters. The statistical analysis clearly show the quality of produced sequences and the
proposed PRNG does not present weak or degenerate outputs.
Any new PRNG must be analysed against attacks in order to check if the generator can resist. Here, the resistance of the
produced sequences is evaluated against both basic attacks as the brute-force attack and differential attack.
that a key space of size smaller than 2128 is not secure enough. For the generation of pseudo-random sequences, we assume
that the initial vector Iin is chosen and fixed. Therefore, the key space consists in considering all the combinations of T sets of
seeds (each seed being in the interval 0:0; 0:5½ with c digits of accuracy). The algorithm takes into account the constraint of
T
128 bits of entropy and allows to generate ð5 10c1 1Þ distinct sequences, with T ¼ maxfT 1 ; T 2 ; T 3 g þ d and
d ¼ ½3 maxfT 1 ; T 2 ; T 3 gmod 3 (see Eq. (13)). By example, for N ¼ 2048 (i.e., c ¼ 7 and T ¼ 18), the algorithm enables to pro-
duce about 2400 (i.e., larger than 2128 Þ differents pseudo-random sequences. Therefore, the entropy of the key space is larger
than 128 bits which avoids brute-force attack.
1. Subtraction modulus: the differences related to both input and output are defined by Dx ¼ jx x0 j and Dy ¼ jy y0 j,
respectively.
2. The xor difference defined by Dx ¼ x x0 and Dy ¼ y y0 .
For nearby seed values used with the same input vector, the sequences are intended to be completely different. The only weak
point would happen when two nearby vectors are used with the same seed values. Nevertheless, such a situation was already
considered in the design of the algorithm in order to produce secure outputs and avoiding such a type of attack. Indeed, in the
subSection 2.2, the computation of the number of rounds T includes hypothesis on T 3 and permits to produce decorrelated
outputs from two nearby inptut vectors. Therefore, for every size of the initial vector, the algorithm assures to generate very
different pseudo-random sequences. That is also illustrated through the example given in subSection 4.1.2, highlighting the
sensitivity related to nearby initial input vectors.
5. Conclusions
A new cryptographically secure pseudo-random number generator was described. The algorithm is based on the combina-
tion of three chaotic maps. The maps are determined from an initial input vector by combining a chaotic function and the xor
operator during the generation process. The coupling of chaotic function with the xor operation, drastically disrupts the internal
structure of the initial vector and induces progressively an unpredictable randomness effect. Such a PRNG has shown its ability
to produce a very large number of pseudo-random sequences which can be useful in several cryptographic applications. The
advantages of the PRNG are: a large key space, a high sensitivity related to the input vector or chosen seed values, the unpre-
dictability of pseudo-random sequences, the security level against several attacks and the simplicity of implementation.
Acknowledgements
Authors thank the Centre de Calcul Intensif ROMEO II for computational facilities, the Région Champagne-Ardennes and
the Conseil Régional de l’Aube for financial supports.
References
[1] Sun F, Liu S. Cryptographic pseudo-random sequence from the spatial chaotic map. Chaos Solitons Fractals 2009;41:2216–9.
[2] Álvarez G, Li S. Some basic cryptographic requirements for chaos-based cryptosystems. Int J Bifur Chaos 2006;16:2129–51.
[3] Guyeux C, Wang Q, Bahi JM. A pseudo random numbers generator based on chaotic iterations: application to watermarking. Web Inf Syst Min
2010;6318:202–11.
[4] Zheng F, Tian X, Song J, LI X. Pseudo-random sequence generator based on the generalized Henon map. J Chin Univ Posts Telecommun 2008;15:64–8.
[5] Pareek NK, Patidar V, Sud KK. A random bit generator using chaotic maps. Int J Netw Sect 2010;10:32–8.
[6] Patidar V, Sud KK. A novel pseudo random bit generator based on chaotic standard map and its testing. Electron J Theor Phys 2009;6:327–44.
[7] Orúe AB, Álvarez G, Guerra A, Pastor G, Romera M, Montoya F. Trident, a new pseudo random number generator based on coupled chaotic maps.
Comput Intell Secur Inf Syst Adv Intell Soft Comput 2010;85:183–90.
[8] Bose R, Banerjee A. Implementing symmetric cryptography using chaos functions. In: Proc. 7th int. conf. on adv. comput. commun.; 1999. p. 318–21.
[9] Baptista MS. Cryptography with chaos. Phys Lett A 1998;240:50–4.
[10] Patidar V, Sud KK. A pseudo random bit generator based on chaotic logistic map and its statistical testing. Informatica 2009;33:441–52.
[11] Cecen S, Demirer RM, Bayrak C. A new hybrid nonlinear congruential number generator based on higher functional power of logistic maps. Chaos
Solitons Fractals 2009;42:847–53.
[12] Xuan L, Zhang G, Liao Y. Chaos-based true random number generator using image. IEEE Int Conf Nanjing Comput Sci Inf Syst 2011:2145–7.
[13] Pareek NK, Patidar V, Sud KK. Image encryption using chaotic logistic map. Image Vision Comput. 2006;24:926–34.
[14] Rukhin A, Soto J, Nechvatal J, Smid M, Barker E, Leigh S, et al. A statistical test suite for random and pseudorandom number generators for
cryptographic applications. NIST Spec Pub Rev 2010;1a.
[15] Cheng G, Mao Y, Chui C. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos Solitons Fractals 2004;21:749–61.
[16] Biham E, Shamir A. Differential cryptanalysis of the data encryption standard. London: Springer-Verlag; 1993.
[17] Menezes AJ, Oorschot PCV, Vanstone SA. Handbook of appliyed cryptography. CRC Press; 1996.
[18] L’ecuyer P, Simard R. TestU01: A C library for empirical testing of random number generators. ACM Trans Math Soft 2007;33:40 (Article 22).
[19] Marsaglia G. Diehard: a battery of tests of randomness; 1996. http://stat.fsu.edu/geo/diehard.html.