A Chaos Robustness Criterion for 2D Piecewise Smooth Map with Applications in Pseudorandom Number Generator and Image Encryption with Avalanche Effect

This study proposes a chaos robustness criterion for a kind of 2D piecewise smooth maps (2DPSMs). Using the chaos robustness criterion, one can easily determine the robust chaos parameter regions for some 2DPSMs. Combining 2DPSM with a generalized synchronization (GS) theorem, this study introduces a novel 6-dimensional discrete GS chaotic system. Based on the system, a 2word chaotic pseudorandom number generator (CPRNG) is designed. The key space of the CPRNG is larger than 2. Using the FIPS 140-2 test suit/generalized FIPS 140-2 test suit tests the randomness of the 1000 key streams consists of 20,000 bits generated by the CPRNG, the RC4 algorithm, and the ZUC algorithm, respectively. The numerical results show that the three algorithms do not have significant differences. The CPRNG and a stream encryption scheme with avalanche effect (SESAE) are used to encrypt an image.The results demonstrate that the CPRNG is able to generate the avalanche effects which are similar to those generated via ideal CPRNGs. The SESAE with one-time-pad scheme makes any attackers have to use brute attacks to break our cryptographic system.


Introduction
The dynamic behaviors of chaotic systems have some specific features, such as their extreme sensitivity to the variables of initial conditions and system parameters, pseudorandom property, and ergodic and topological transitivity.Particularly, the property of sensitive dependence on initial conditions and parameters and robustness are suitably used in information security field [1][2][3][4].
Piecewise smooth dynamical systems (PSDSs) can exhibit complex dynamic phenomena, including chaos.PSDSs are particularly relevant in many areas of engineering and applied science.As early as in the last seventies, Feigin published his pioneering work on the analysis of C-bifurcations in dimensional PWS systems (e.g., see [5][6][7]), which proposed the classification of the piecewise linear normal form for twoand three-dimensional piecewise smooth continuous maps.It makes it possible to follow closely the process of emergence of complex structures due to parameter variation.
In 1999, Banerjee and Grebogi [8] redeveloped the classification proposed by Feigin, putting his earlier results in the context of modern bifurcation analysis.Banerjee and Grebogi investigated the various types of border collision bifurcations that can occur in piecewise smooth maps by deriving a piecewise affine approximation of the map in the neighborhood of the border.In di Bernardo et al. 's book [9], the authors offer a very good survey of the rapidly developing area of the dynamics of nonsmooth systems and many beautiful examples of chaotic dynamics induced by nonsmooth phenomena.
Practical applications in chaos-based cryptography require the corresponding chaotic dynamical systems to be robust with respect to system parameters.In [10], Banerjee et al. have shown that such robust chaos can occur in piecewise smooth maps and obtained the conditions of existence of robust chaos.In [8], Banerjee and Grebogi have researched two-dimensional piecewise smooth maps and proposed the corresponding robust chaos theorems.

Mathematical Problems in Engineering
Since Matthews first proposed a chaotic encryption algorithm [11], there are increasing researches of chaotic encryption technology [12][13][14][15][16][17][18][19][20][21].In [14], a fast chaos-based image encryption system with stream cipher structure is proposed.The major core of the encryption system is a pseudorandom key stream generator based on a cascade of chaotic maps, serving the purpose of sequence generation and random mixing.In [18], a novel image encryption scheme was presented, which uses a chaotic random bits generator.The chaotic random bits generator is based on the coexistence of two different synchronization phenomena.In [19], a novel stream encryption scheme with avalanche effect (SESAE) was introduced.Using the scheme and an ideal pseudorandom number generator to generate a 2  -word key stream, one can encrypt a plaintext such that by using any key stream generated from a different seed to decrypt the ciphertext, the decrypted plaintext will become an avalanche-like text which has (2  − 1)/2  consecutive one's with a high probability.
Based on one theorem proposed by Banerjee and Grebogi, this paper introduces a chaos robustness criterion for a kind of 2-dimensional piecewise smooth maps (2DPSMs) and constructs a 2DPSM with robust chaos feature.Combing the chaos generalized synchronization (GS) theorem with the 2DPSM, this paper proposes a 6-dimensional chaotic generalized synchronization system (6DCGSS) and designs a 2 16 word chaotic pseudorandom number generator (CPRNG).At last, using the CPRNG and the SESAE encrypts an RGB image Panda and shows the performance of the CPRNG.
The rest of this paper is organized as follows.Section 2 proposes the chaos robustness criterion for the 2DPSMs and constructs a novel 2DPSM with robust chaos feature.Section 3 introduces the definition and theorem for GS and presents a novel 6DCGSS.Section 4 designs a 2 16 word CPRNG and makes the statistic tests for the CPRNG.Section 5 makes an image encryption experiment with avalanche effect.Section 6 performs security analysis on the proposed image encryption scheme.Finally, some concluding remarks are presented in Section 7.

The 2-Dimensional Piecewise Robust Chaotic Map
2.1.The Robust Chaos of Normal Form.In [22], Nusse and Yorke have proved that, using some coordinate transformations, any 2-dimensional piecewise smooth map (2DPSM) can be reduced to the normal form in some small neighborhood of the fixed point of the 2DPSM.The normal form is defined as follows: where  is a parameter and  , and  , are the traces and determinants of the corresponding matrices of the linearized map in the two subregions   and   given by Banerjee et al. have proposed the robust chaos theorem on the normal form as follows [8,10].
Theorem 1 (see [8,10]).If where  1 and  2 are the eigenvalues of coefficient matrix, then the 2DPSM has a bifurcation from no attractor to a chaotic attractor.The chaotic attractor for  > 0 is robust.
Formulas (3)- (5) give the criteria of the chaotic attractor appearing in 2DPSM (1).However, it will be difficult to determine the robust chaos regions for the system parameters.
Based on Theorem 1, this study proposes the following theorem which provides parameters inequalities to determine easily the robust chaos regions for the system parameters.
For any given nonnegative real numbers , one can determine the chaos regions on parameters {  ,   ,   } from inequalities (6)- (9).For example, choosing  = 2, the robust chaos regions of 2DPSM are shown in Figure 1.The position of the red dot in Figure 1 is located in the robust chaos region surrounding the two planes.

A Novel 2DPSM.
Let  = 1,  = 0.9,   = 0.09,   = 1.5,   = 0.2, and   = −2.2;then system (1) becomes The parameters satisfy the conditions given in Theorem 2: Therefore system (15) has a chaotic attractor.Select the following initial conditions: Then, the evolution of state variables  − () and  − () Extensive numerical simulations show that the dynamic behaviors of the chaotic map demonstrate chaotic attractor features as the theory expects.

A Novel 6DCGSS
3.1.Definition and Theorem on GS.First let us remember the definition and theorem for GS.
Definition 4 (see [23]).Consider two systems where If there exists a transformation  : R  → R  , where and an open subset  =   ×   ⊂ R  × R  such that all trajectories of ( 18) and ( 19) with initial conditions (X(0), then the systems in ( 18) and ( 19) are said to be in GS with respect to the transformation (X  ()).System ( 18) is called the driving system; system ( 19) is said to be the driven system.
In order to construct the new discrete chaotic system (DCS) with the generalized chaos synchronization (GCS) property, we present the following theorem.
Suppose that is an invertible transformation.If two systems (18) and (19) are in GS via the transformation (X  ), then the function (Y, X  ) given in (19) will have the following form: where and the function guarantees that the zero solution of the following error equation is asymptotically stable:

A Novel 6DCGSS
. Firstly, we propose a novel 3-dimensional chaotic system based on 2DPSM (15) and a trigonometric function: 2DPSM ( 15) is chaotic map, and trigonometric functions are bounded function.Hence system (28) is chaotic.Secondly, let the driving part of the 6DCGSS have the following form with system (28): In order to construct a GS driven system, define an invertible transformation  : R 3 → R 3 by where is an invertible matrix.Now let the driven part have the form From (32), it follows that (X, Y) can be represented by e()/9.It guarantees that the zero solution of the error equation ( 27) is asymptotically stable.From Theorem 5, systems (29) and (32) are GS with respect to the transformation H =  for any initial value (X(0), Y(0)) ∈ R 3 × R 3 .Since  is invertible, system (32) is also chaotic.

Numerical Simulations.
Select the following initial conditions: The chaotic orbits of the state variables { 1 ,  2 ,  3 } for the first 5000 iterations are shown in Figures 3(a

Pseudorandomness Tests.
The FIPS 140-2 test consists of four subtests: Monobit Test, Poker Test, Runs Test, and Long Runs Test.Each test needs a single stream of 20,000 one and zero bits from the key stream generator.Any failure in the first three tests means that the corresponding quantity of the sequences falls out the required intervals listed in the second column in Table 1.The Long Runs Test is passed if there are no runs of length 26 or more.
It has been pointed out that the required intervals of the Monotone test and the Porker Test correspond to significant  = 10 −4 for the normal cumulative distribution and the  2 distribution, respectively, and the required intervals of the Runs Tests correspond approximately to the significant  = 1.6 × 10 −7 for the normal cumulative distribution [24,25].If we select the significant  = 10 −4 of all tests, 0 1 0 the corresponding accepted intervals are listed in the third column in Table 1.
According to Golomb's three postulates on the randomness [26], the ideal values of the first three tests should be those listed in the 4th column in Table 1.
In order to test the pseudorandomness of the CPRNG, we transform the 16-bit stream defined by (36) to the {0, 1} bit stream as follows.
Construct a transform  2 : {0, 1, . . ., 2 Let z = dec2bin(Y); then where dec2bin and z(:) are both Matlab commands.Then the transformation  : R → {0, 1} is defined via The FIPS 140-2 test is used to check 1,000 key streams randomly generated by CPRNG with random perturbing of the   2, in which the statistic results are described by mean values ± standard deviation (Mean ± SD).In [27], a new CPRNG1 was proposed.The test results show that there are 2 sequences failing to pass the FIPS 140-2 test, and there are 23 sequences failing to pass the G FIPS 140-2 test.The statistic test results are listed in the 4th column in Table 2.
The RC4 was designed by Rivest of the RSA Security in 1987, which has been widely used in popular protocols such as Secure Sockets.The RC4 algorithm PRNG can be designed via Matlab commands: as shown in Algorithm 1.
Here, "randi([0 254] , 1, 255)" generates a vector of uniformly distributed random integers {0, 1, . . ., 254} of dimension 255; "mod" means taking modulus after division; "zeros(1, )" is a zero row vector of dimension .Consequently, the RC4 algorithm PRNG is designed.Now, the FIPS 140-2 test is used to test the 1,000 key streams randomly generated by RC4 algorithm.Results show that 1000 sequences all passed the FIPS 140-2 test criteria and there are 18 sequences failing to pass the G FIPS 140-2 test.The statistic test results are listed in the 5th column in Table 2.
ZUC is a stream cipher that forms the heart of the third-generation partnership project (3 GPP) confidentiality algorithm 128-EEA3 and the 3GPP integrity algorithm 128-EIA3.Now, the FIPS 140-2 test suit is used to test the 1,000 key streams randomly generated by the ZUC algorithm program (see Appendix A in [28]).Results show that the 1000 sequences all passed the FIPS 140-2 test criteria, and there are 21 sequences failing to pass the G FIPS 140-2 test criteria.The statistic test results are listed in the 6th column in Table 2. Observing the statistical properties of the pseudorandomness of the sequences generated via the new CPRNG, RC4 algorithm, and the ZUC algorithm, we can find that the three algorithms do not have significant differences.And compared with CPRNG1, the new CPRNG has better randomness performance.

Key Space.
The key set parameters of CPRNG include the initial conditions X(0), Y(0), the parameters set {  ,   ,   , , }, and the matrix  = ( , ).It can be proved that if the perturbation matrix Δ = ( , ) satisfies       ,      < 0.98217 (42) the matrix  + Δ is still invertible.Therefore the CPRNG has 3 + 3 + 5 + 9 key parameters denoted by Let the key set be perturbed by where The Matlab platform uses double precision decimal computations.That means that each computed decimal number where Therefore, there are larger 10 15 possible key values.According to the permutation and combination theory, our 20 keys have a key space which is larger than 10 20×15 > 2 996 .

The Correlation of Key
Stream.Now we compare the difference between the key stream  = (S) with 20000-code length generated by key set (43) with the key streams   's generated by perturbed key set (44), respectively.The comparing results are shown in the 3rd column in Table 3. Observe that the average percent of different codes is 50.029%.It is very close to the ideal different value of 50%.
Here SV represents statistic values, DC represents different codes, and CC represents correlation coefficients between the key stream and the perturbed key streams.
Let us compare 1000 different codes with length 20000 and the correlation coefficients of the key streams   's,  1 's,   's, and   's generated via our CPRNG, the CPRNG1 [27],   4.
The results suggest that the key streams generated via the perturbed keys of our CPRNG are almost completely independent.

A SESAE Experiment on CPRNG
Based on the 2 16 -word CPRNG defined by (36) and the stream encryption scheme with avalanche effect (SESAE) [19], this subsection investigates an image encryption example.And the secret key is changed for each plaintext.
First, let us remember the definition of SESAE.
(1) The ciphertext  = (, ) is determined by where ∼   is defined as the bit string obtained by replacing all "1"s in   with "0"s and all "0"s in   with "1"s.(2) The corresponding decrypted plaintext  =  −1 (, ) is determined by Definition 7 (see [19]).A PRNG, , which generates binary bit key streams, is called an ideal PRNG, if  has the following properties: (1) The period of any key stream generated by the PRNG is larger than 2  .Its seed space and key space are larger than 2 512 .
(2) In one period of pseudorandom key streams generated by the PRNG, the distribution of different -bit segments in the key stream is homogenous.That is, if the period  =  × 2  , then the number of each different -bit segment is equal to .If the period  is not an integer multiple of 2  , then the difference between the numbers of different -bit segments is at most one.
(3) The two key streams P 1 , P 2 generated by any two different seeds have (2  − 1)/2  × 100% different bit segments.Now let us consider a SESAE experiment on CPRNG, encrypting and decrypting an RGB image "Panda" with 128× 128 pixels as shown in Figure 8(a).(2) The sender uses CPRNG (36) with initial conditions (33) and (34) to generate a 2 16 -word key stream with length  + 1000.And then drop the first 1000 iterative values to obtain a key stream: (3) The sender uses formula (48) to encrypt the plaintext steam , obtaining a ciphertext  = (, ).In order to increase the security of the SESAE, we now propose one-time-pad scheme as follows: Let   ⊂   be the seed space (i.e., perturbed initial conditions (33) and (34)).Sender Alice and receiver Bob share a secret function  :   →   .In the simplest case,  can be chosen as an invertible matrix.Before each communication, Alice selects randomly an element  ∈   and sends it to Bob.Then, they can use  as the seed for one-time encryption.

Security Analysis
A good encryption scheme should be able to resist all kinds of known attacks, such as statistical attack and differential attack.This study has performed some security analyses on the proposed image encryption scheme, including key space analysis, key sensitivity analysis, and correlation analysis.They have demonstrated the security of the SESAE.

Key Space Analysis.
The size of the key space is the total number of different keys that can be used in the encryption.The Matlab platform uses double precision decimal computations.That means that each computed decimal number has 16 bits' accuracy.
Therefore, the size of the key space for our 20 keys is larger than 10 15×20 > 2 996 .The key space is large enough to make brute-force attacks infeasible.

Key Sensitivity Analysis.
After changing   to RGB images, all images become almost pure white images.There are total of 393216 {0, 1} codes in each decrypted image.Among the decrypted images, the minimum number of 0s in the decrypted images is 0 and the maximum one is 16.Let  , denote the th image having number "" of 0 codes.
The first five decrypted images with minimum zero codes and the last five images with maximum zero codes (denoted  5 lists the statistical data of the first 10 decrypted images with minimum "0"s codes and the last 10 decrypted images with maximum "0"s codes.Here  1 and  2 represent the number of "0"s and the number of the color pixels with brightness less than 255, respectively.Percentage represents the percentage of "1" codes in the decrypted image. Observe that the percentages of the numbers of "1" codes are in the range [99.9959%, 100%], which is very close to the ideal value (2 16 − 1)/2 16 × 100% ≈ 99.9984% [19].
In summary, the simulation shows that using the image encrypting algorithm to encrypt RGB images is able to generate encrypted images with significant avalanche effects and be sensitive with respect to the secret key.6 lists some statistic data of the norms between the original key stream  0 and the key stream  , used in the ten decrypted images shown in Figures 8(c)-8(l), respectively.

Correlation Analysis. Table
The comparison results show that in the norms between the original image and the corresponding decrypted images there are no significant correlations.

Conclusions
The main results of this paper are summarized as follows: (1) It proposes a chaos robustness criterion theorem which provides parameter inequalities to determine easily the robust chaos parameters regions for the 2DPSM.And a novel 2DPSM is designed to illustrate the theorem.
(2) It constructs a 6-dimensional chaotic GS system (6DCGSS), based on the 2DPSM and the GS theorem.
The key space of the CPRNG is larger than 2 996 , which is large enough against brute-force attacks.
(3) It compares the testing results by the FIPS 140-2 test suit/generalized FIPS 140-2 test suit for 1000 key streams consisting of 20,000 bits generated by the CPRNG, the RC4 algorithm, and the ZUC algorithm, respectively.The numerical results show that the three algorithms do not have significant differences.And compared with CPRNG1, the new CPRNG has better randomness performance.
(4) It shows an image encryption example by using the CPRNG and SESAE.The simulation results suggest that the decrypted ciphertext will become a monotone white text if a key stream is used with different seeds generated by CPRNG to decrypt the ciphertext.The results show that the encrypted image has significant avalanche effect.
Furthermore, to prevent opponents' attacks, we propose "one-time-pad" scheme.In summary, chaotic map criterion Theorem 2 and generalized synchronization Theorem 5 make us able to design CPRNGs with large key space, which have function similar to one-time-pad scheme.

Table 1 :
The required intervals of the FIPS 140-2 Monobit Test, Porker Tests, Runs Test.Here, MT, PT, and LT represent the Monobit Test, the Porker Test, and the Long Runs Test, respectively. represents the length of the run of a tested sequence. 2 DT represents  2 distribution.All sequences pass the FIPS 140-2 test, and there are 12 sequences failing to pass the G FIPS 140-2 test.The statistic test results are listed in the 3rd column in Table initial conditions X(0), Y(0), the parameters {  ,   ,   , , }, and the parameters of matrix  = ( , ) in the range || ∈ [10 −16 , 10 −1 ], respectively.

Table 2 :
[27]tested Mean ± SD of the FIPS 140-2 tested values of 1,000 key streams generated by the new CPRNG, CPRNG1[27], the RC4, and ZUC CPRNG.Here, MT, PT, and LT represent Monobit Test, Poker Test, and Long Runs Test.SD represents the standard diviation.

Table 3 :
The statistic data for the percentages of the codes of the key streams variations between  and   's,  1 and  1 's,  0 and   's, and  0 and   's.

Table 4 :
[27]statistic data for the percentages of the codes of the key streams variations between  and   's,  1 and   's,  0 and   's, and  0 and   's.The comparing results are shown in Table3.Compare the unperturbed key streams ,  1[27],  0 , and  0 of each PRNG with the 1000 key streams   's generated by the Matlab function randi([0 1] , 1, 20000).The comparing results are shown in Table

Table 5 :
The statistical data of the first 10 images with minimum "0"s codes and the last 10 decrypted images with maximum "0"s codes.