Beyond Statistical Analysis in Chaos-Based CSPRNG Design

,e design of cryptographically secure pseudorandom number generator (CSPRNG) producing unpredictable pseudorandom sequences robustly and credibly has been a nontrivial task. Almost all the chaos-based CSPRNG design approaches invariably depend only on statistical analysis. Such schemes designed to be secure are being proven to be predictable and insecure day by day. ,is paper proposes a design and instantiation approach to chaos-based CSPRNG using proven generic constructions of modern cryptography. ,e proposed design approach with proper instantiation of such generic constructions eventually results in providing best of both worlds that is the provable security guarantees of modern cryptography and passing of necessary statistical tests as that of chaos-based schemes. Also, we introduce a new coupled map lattice based on logistic-sine map for the construction of CSPRNG. ,e proposed pseudorandom number generator is proven using rigorous security analysis as that of modern cryptography and tested using the standard statistical testing suites. It is observed that the generated sequences pass all stringent statistical tests such as NIST, Dieharder, ENT, and TestU01 randomness test suites.


Introduction
Cryptographically secure pseudorandom number generator (CSPRNG) efficiently generates sequences that cannot be distinguished from random sequences by (computationally) efficient adversaries. e number of hardware and software implementations of CSPRNG based on chaotic maps has increased recently along with chaos-based cryptosystems. Chaotic maps are mathematical functions that exhibit random or chaotic behaviour that is hard to predict. e idea is to use the behaviour of such chaotic maps to produce chaotic sequences that are disordered, unpredictable, and sensitive to the initial conditions. However, the designers of such chaosbased cryptosystems claim security by statistical analysis of the topological properties of disorder as defined by the mathematical theory of chaos. More often, there is no rigorous provable security methodology that bridges the gap between statistical analysis of chaotic maps topological properties and security guarantees unlike modern cryptography. As a result, the use of chaos-based cryptosystems is disputed, especially for cryptographic applications, and they are often shown to be flawed, with such failures often attributed to the use of nonrigorous empirical-only methodology in the design process [1]. Modern cryptography instead creates cryptographic primitives by instantiating tried and tested over time standard generic constructions (such as Goldreich-Levin construction, Feistel structure, SPN, counter mode, and sponge construction) with new computationally efficient mathematical functions. We know that such designs drawing strength and credibility from the foundational generic constructions have been resilient to attacks for over sufficient period of time. However, in chaos-based cryptosystems, more often bespoke generic constructions are designed with standard candidate (mathematical) chaotic functions leading to faulty designs. is is largely due to lack of rigorous analysis treatment to bespoke generic constructions used to design cryptographic primitives unlike new instantiations of time-tested generic construction approach of modern cryptography. erefore, the need to bridge the gap between such chaos-based cryptosystem designs and modern cryptography to provide credible and robust cryptographic primitive designs is pertinent. is paper attempts to bridge this gap through demonstration of provably secure chaosbased CSPRNG design denoted G. We show in this paper that the sequences generated are computationally indistinguishable and hard to predict in the presence of efficient adversaries using modern cryptography design tools. Also, we show that such sequences pass all necessary statistical analysis tests that are required to a chaos-based cryptosystem design. erefore, the design approach advocates to consider statistical analysis as a necessary condition and mathematical simulation-based proofs as sufficient condition for credible chaos-based cryptographic primitive designs. Provable CSPRNG constructions instantiated with chaotic maps that they will pass all efficient statistical tests are hardly proposed to the best of our knowledge.
Generally, pseudorandom sequences generated from a potential CSPRNG G passes a subset of all statistical tests. e question of whether there exists a mechanism to determine the existence of a potential pseudorandom number generator G passes all efficient statistical tests is provided by the abstract notion of computationally indistinguishable (denoted ≈ c ) formalized in [2]. e abstract notion of computationally indistinguishable is proven in [2] to be equivalent to the abstract notion of unpredictability (denoted ≈ p ). e notion of computationally indistinguishable requires nonexistence of efficient (computationally bounded) distinguisher (D) which can distinguish samples taken from two different distributions. In the same way, the notion of unpredictability requires nonexistence of efficient (computationally bounded) predictor (P) which can predict the distribution from which a sample was taken given two sample distributions.
Based on the notion of computationally indistinguishable, one-way functions (OWFs) [3,4] or unpredictable functions (UFs) are designed based on assumptions that P ≠ NP and intractable problems. Furthermore, based on the assumption that OWFs or UFs exist, generic pseudorandom generator constructions are proposed [5][6][7]. e generic constructions provide a construction framework when instantiated with provable one-way functions or unpredictable functions can be composed to design pseudorandom number generator G [7]. ese abstract notions provides provability that such instantiated constructions will pass all efficient statistical tests and provably unpredictable. e chaotic maps when operated in the region of chaos or sensitive dependence on initial conditions (SDIC) exhibit function solutions or trajectories which are unpredictable and uniformly distributed in the state space. e design of PRNGs using chaotic maps have provided many efficient candidates for G. Moreover, such G using chaotic maps are entropy sources and generate sequences which look random and provide guarantees for conducted experiments but no guarantees for passing of all efficient statistical tests.
Yao [2] showed that the notion of unpredictability implies pseudorandomness. It was then shown that unpredictability ( ≈ p ) for bit sequences is equivalent to pseudorandomness with the notion of computationally indistinguishable ( ≈ c ). It is under the premise that existence of efficient predictor (P) to predict bit sequences from unpredictable functions can be used to construct efficient distinguisher (D) to look apart from uniformly random sequences U. Also, unpredictable functions imply one-way functions from which pseudorandom functions can be constructed. It is known that modern cryptography constructions from one-way functions to PRNGs are provably secure but take a toll on computational efficiency.
is fact makes pseudorandom generators constructed from unpredictable functions to PRNGs using chaotic maps as unpredictable functions relatively efficient [8].
is kind of modern cryptography design approach in chaos cryptography can lead to credible and robust designs. e proven modern cryptographic constructions such as Merkle-Damgard, sponge construction, and block cipher modes can be used by instantiating such proven constructions with suitable chaos-based functions. Such design approach will reduce the reliance of security assessment methods on statistical analysis. Moreover, statistical analysis is performed only on the produced output of cryptographic algorithms such as on ciphertexts obtained from an encryption mechanism, hash or message digest obtained from a hash algorithm, and pseudorandom bits obtained from a pseudorandom number generator. Also, statistical tests conducted only on the output of cryptographic algorithms generally do not capture the notion of attackers' potential, attackers' knowledge of the algorithm (Kerckhoffs' principle), and attackers' capabilities to interact or query the algorithm. Cryptographic algorithms are often vulnerable in real-world situations due to such attackers' characteristics. erefore, beyond statistical analysis, the design approach for chaos-based cryptographic design should be based more on instantiating proven constructions with chaotic maps as unpredictable functions rather designing new constructions on each proposed chaotic cryptographic algorithm.
Considering all the above factors, we demonstrate a design approach by instantiating a proven modern cryptographic PRNG construction with a new chaotic map based on coupled map lattices, prove its security using modern cryptographic attack models, and perform statistical analysis on the output. e proposed design approach can also be used for designing other chaos-based cryptographic primitives with proper instantiation of the chaotic maps. e chaotic maps should satisfy the conditions or properties as required by the choice of construction and security model to prove the security. For example, the choice of construction in this work requires that the instantiated chaotic map to be a unpredictable function, and hence, a map known to be noninvertible is used in the composition. Similarly, other chaotic maps can be used in the proposed approach depending on the choice of construction. PRNGs are required to produce output sequence of bits which are distributed almost uniformly. However, for a CSPRNG, the output sequence is required to have negligible probability to be distinguished by an adversary not knowing the initial seed from random sequence besides passing all polynomial-time (in respect of size of the seed) restricted statistical tests. Such CSPRNG can be used in stream ciphers and block ciphers as a submodule as required by the design. e main contributions of this paper are as follows: (1) We instantiate Goldreich-Levin generic construction with a new deterministic discrete coupled map lattice (δ) (2) We prove through theoretical security analysis methodology using modern cryptography tools that δ is an unpredictable function and subsequently, we prove the pseudorandomness of construction G as required by modern cryptography (3) e sequences generated using the proposed G are tested using standard statistical test suites and show that the sequences indeed pass all statistical analysis tests as required by chaos cryptography 1.1. Organization. In Section 2, we summarize the related works. e preliminaries and definitions are presented in Section 3. e construction and instantiation of the proposed CSPRNG G is presented in Section 4. e theoretical security analysis of the proposed construction using computational indistinguishability properties leading to security of the CSPRNG is presented in Section 5. e experimental tests for randomness using various statistical testing suites are given in Section 6. Section 7 discusses about various implementation issues. We conclude with final remarks in Section 8.

Related Works
Entropy of nondeterministic source is used as input to the true random number generator (TRNG) that induces complex and unpredictability properties. For instance, mouse movements or electrical signal noise and bioelectrical signals can be utilized for TRNG process [9][10][11][12][13]. On the other hand, PRNG computed by a deterministic algorithm makes use of a complex mathematical formula in order to remain deterministic and yet unpredictable [14]. In recent years, chaos has been used extensively in computing cryptographically secure PRNGs as it is computationally infeasible to predict the preceding bits despite the visible part of the output dynamics. In spite of the hype surrounding the chaos-based PRNGs, there are many shortcomings of this technique which make them insecure to be used in cryptographic systems. e selection of the chaotic system is a indispensable problem in the generation of the pseudorandom bits. Various single-dimensional chaotic maps such as logistic map, multimodal maps, Tinkerbell map, quantum logistic map, and piecewise logistic map are used in the design of PRNGs [14][15][16][17]. García-Martínez and Campos-Cantón [14] employed a unidimensional multimodal discrete map in computing the pseudorandom bits. e positive and negative values of the multimodal map yield a complex sequence with long periods. Furthermore, the complex sequences are tested using the NIST statistical testing suite for its credibility. However, the statistical test showcased a number of weak keys causing improper functioning of the generator [18]. Wang et al. [19] present a PRNG based on a piecewise logistic map. Furthermore, the sequence generated from the map is transformed into PRNGs based on the S-box of AES. e author claims that the generated PRNGs have good statistical properties and no shorter periods. Inspite of the claims, the PRNG was found to be insecure where the auxiliary mechanism used in computing the control parameter of the system is exploited [20].
Xu et al. [16] proposed an algorithm to produce binary sequence that has three layers. e top layer consists of linear feedback shift register (LFSR) of 16 cells, the bit-reorganization (BR) at the middle, and a nonlinear function F in the bottom. e two chaotic maps are used as a nonlinear element to avoid the finite precision problem. However, PRNG does not enhance its security since the attacker is able to reconstruct the secret key after six iterations [21]. Hu et al. [11] proposed PRNGs based on quantum logistic map, whose randomness was merely based on the chaotic equation involved. e PRNG is subjected to various statistical tests on randomness using testing suites such as ENT, NIST, Dieharder, and TestU01. Although the author claims sufficient randomness, the PRNG has serious security implications. Degradation of security has emerged due to the poor selection of control parameter and the resulting secret key that leads to nonchaotic behaviour of the quantum logistic map [22]. Sahari and Boukemara proposed a 3D chaotic map by coupling two maps of piecewise and logistic maps in order to overcome the weaknesses of one-dimensional map. e PRNG has cryptographic statistical properties such as the simplicity, ergodicity, and higher sensitivity. Additionally, as generation process involves only multiplications and additions, realization by both hardware and software was made easy [23]. Fractional-order chaotic systems such as [24] are dynamical systems which rely on functional calculus and modelled as fractional differential equations. ey have the potential to exhibit chaos with low order as low as 0.3. Montero-Canela et al. [25] proposed a PRNG as part of their cryptosystem design using fractionalorder chaotic system specifically designed for Internet of ings. ough the work proves the properties of dynamics supported with standard statistical analysis, formal security proof capturing the attacker and attacks is not provided.
Another issue which is profoundly identified in the chaotic PRNG is the implementation of generators with finite precision [21,[26][27][28][29]. A number of studies have been conducted to solve the problem of dynamical degradation of the chaotic system caused by the data sequence with shorter period. us, the security of the cryptographic applications may become completely insecure. Flores-Vergara et al. [30] proposed a novel chaotic PRNG as an alternative to diminish the dynamical degradation of the chaotic dynamics. is method generates pseudorandom numbers with the double precision specified by the IEEE 754 standard for floatingpoint arithmetic. Nevertheless, the computational speed of the system is significantly influenced. François et al. [31] proposed a solution with the use of more than one chaotic map in cascade. e PRNG consists of mixing three chaotic maps generated from an input initial vector; however, it increases the overhead cost. Perturbation using a nonlinear element was one of the prospective ideas deployed to weed out the influence of shorter period. Dastgheib and Farhang Security and Communication Networks 3 [32] developed a multiple recursive generator based on a digitized sawtooth map. It is demonstrated that this map in a recursive structure and a tiny perturbation can potentially cause unpredictable longer periods in a finite precision. However, the aforementioned solutions such as combining multiple chaotic maps, holding higher precision, and perturbation methods can improve the average length of the period and short trajectories cannot be avoided indefinitely. It can be inferred from the above discussion that unlike cryptographic system, the chaos-based PRNGs lack instantiations based on mathematically proven constructions guarantee satisfiability of all required cryptographic statistical properties. However, chaos provides many potential functions for proven generic construction instantiations, but only the process of exploiting the right function with right properties has been nontrivial.

Preliminaries and Notations
e choice of the dynamical system in this paper is limited to discrete dynamical functions as in [33]. A parametric discrete time dynamical system is a tuple denoted by D � (X, P, δ) where X ⊆ R n is the state space, P⊆R m is the parameter space, and δ: X × P ⟶ X is a function. e orbit or trajectory formed by such a discrete dynamical functions is denoted by O. For δ: For t ≥ 0, the time −t map of a continuous dynamical system is the transformation of state space which takes . e study of qualitative behaviour of the dynamical system is thus the analysis of the orbits formed by δ. e orbits could be periodic, eventually periodic, asymptotic, and more. To get rich complex behaviour, functions such as δ are formed as an array of cells called coupled map lattices (CMLs) similar to cellular automata arrays. e cells or array elements are called lattices. e CML exhibits spatiotemporal dynamics in discrete time in which each lattice executes a δ and x ⟵ δ(x) is coupled to its nearest lattice neighbours or coupled dynamically based on a configuration, denoted in the form In such a CML, the lattices are ordered on an l × n grid and each lattice can be considered as a function δ: X × X ⟶ X. A configuration of the CML denoted as D consists of real assignments to each of its lattices, ϵ and parameters for δ if any. A coupled map lattice (CML) as in [34][35][36][37] is denoted by a pair (X, δ), where X is a continuous set of states, and δ: X × X ⟶ X is a transition function. A configuration of a CML, at time t ∈ Z, D (t) : Z ⟶ X, is an assignment of a unique state to each lattice, where a lattice is represented by an integer. D (i,t) is the state of lattice i at time t is defined by D t � t ∈ Z, x ∈ X, p ∈ P, δ , and a configuration at time t uniquely determines a configuration at time t + 1 as while D (0) denotes an initial configuration. e dynamical system D with an initial configuration D 0 computes to reach a destination configuration D t , creating an orbit of points given by , and this notion of computability is formalized using [37] as follows.
We often for brevity denote in the context when configuration can be inferred and computable. In a complex dynamical system, the problem of determining the preimage is formalized [37] as follows.
Definition 2. Preimage problem: given a fixed dynamical system D and a configuration substring x determine whether there is a configuration substring x 0 such that A deterministic dynamical system does not always exhibit deterministic behaviour but rather exhibit chaotic or unpredictable behaviour or sensitive dependence to certain initial conditions or parameters. From [33], a deterministic dynamical system is said to be chaotic if δ has sensitive dependence on initial conditions, δ is topologically transitive, and periodic points are dense. From the multitude of definitions, Devaney [33] formalizes chaos using theory of topology and the qualitative behaviour of orbits in region of chaos for a D given that conditions for chaos exists, such as x 0 ⊢ k x t is unpredictable. is implication of chaos is formalized by the notion of approximately probabilistically irrelevant using measure theory defined in [38] is given below.
e intuition behind the above definition under the assumption that D is operating in its region of chaos, given x 0 predicting x t is negligible. e condition for predictability can be defined in terms of Lyapunov stability. A discrete deterministic dynamical system is said to be Lyapunov stable if two different orbits whose initial conditions are sufficiently small and progress in time arbitrarily close to each other towards infinity. e system as in [39] is given by where ε 0 is the lower bound on the level of measurement accuracy error of initial conditions and ε t is the practical lower bound on the tolerable error in the measurement accuracy of the predicted destination state. Given the preliminaries, the next section describes the constructions of a pseudorandom number generator applying these results or notions of dynamical systems and chaos.

Construction and Instantiation
A general approach towards construction of efficient encryption mechanism is used to generate a short random key k and then expand k using a pseudorandom generator G(k), into a longer sequence g that looks random, and use g as the key in one-time pad encryption as c � x ⊕ k since key generated from a truly random source such that |x| � |k| is not practical. e existence of such PRNGs g ⟵ G(k) is a contradiction to Shannon's theorem [40] assuming a computationally unbounded malicious adversary. However, the probability of a computationally unbounded adversary is almost negligible. erefore, without contradicting Shannon's theorem, it is surmised that the adversary is computationally bounded or efficient and also it is conjectured that G(k) exists if P ≠ NP [2]. Assuming P ≠ NP, the class of hard problems is used in cryptographic applications such as PRNG for generating sufficiently random looking sequences for cryptographic applications.
Let G be a pseudorandom generator as formalized in [41] that generates pseudorandom sequences which are sufficiently random. Let δ be a unpredictable function and let hc be a hard-core predicate of δ defined as hc(x, r): en, G(s): � δ(s)‖hc(s) is a pseudorandom generator with expansion factor l(n) � n + 1. e construction of G involves parameter generation and construction which uses a coupled map lattice.

Parameter Generation.
e deterministic discrete dynamical system D � X, P, δ { } is chosen as follows: (2) e function δ is the proposed one-dimensional coupled map lattice (CML) based on logistic-sine map given by where α ∈ R is control parameter, x j 0 is the initial state for lattice j ∈ Z, and ϵ is coupling coefficient. e choice of CML being composed of logistic-sine map lattices is to have a well-known noninvertible map which can be scaled and be able to scale the number of pseudorandom bits.
(3) Let hc denote a hard-core predicate of δ j of the j th lattice given by where x � x 1 . . . x n , r � r 1 . . . r n , j � 1 . . . m and m being the number of lattices in the δ 3 .
(4) If δ is an unpredictable function and hc a hard-core predicate of δ, then a pseudorandom number generator can be constructed for each lattice. We prove in Section 5 that δ is indeed unpredictable.
(5) e choice of p ∈ P is given by p � x 0 , k, α, r which are chosen such that e values of p are chosen to be α ∈ (0, 4) and ϵ � 0.1 based on observation from the experimental results which is shown in Figure 1. e bifurcation diagram, KS entropy diagram, and scatter plot depicted in Figure 1 show chaos and uniform distribution of function values for δ map defined in equation (3). e Lyapunov exponent is often used to quantify the amount of separation of nearby orbits. A positive Lyapunov value indicates that the system is chaotic. A KS entropy density normalizes the amount of chaos in a coupled map lattice where the combined measure of chaos across all lattices is required for assessing the overall chaos. A positive KS entropy value is indicative of δ being unpredictable and in chaos state as a whole or almost all lattices exhibiting a positive Lyapunov value. e higher percentage of lattices exhibiting chaotic behaviour and less periodic windows in bifurcation diagram make it suitable for cryptography. e KS entropy (h) and universality (hu) were determined as in [42] by varying α between (0, 4) for 25 lattices and 1000 iterations as shown in Figure 1.

G Construction.
We construct pseudorandom generator G with expansion factor l + p(l), for some polynomial p. On input p from parameter generation described in Section 4.1, the G does the following:  Figure 2 shows the working of the construction G with m lattices and will output m bits. e claim that G construction is a cryptographically secure PRNG is proven in Section 5.

Theoretical Security Analysis
e construction G is based on the abstract notions of unpredictability. We analyse the security of the construction through a series of theorem using modern cryptography. First, we prove δ's unpredictability and then its one-way function property. We then show that the construction G instantiated with δ is next-bit unpredictable secure PRNG with polynomial expansion factor. We also show that construction G is secure against adversaries given adaptive queries. ese proof techniques are a design strategy which eventually helps in identification and removal of design weaknesses if not completely but to a large extend.

Theorem 1. Unpredictable function: the function δ: X × X ⟶ X is an unpredictable function in the chaotic interval
Proof.
e theorem is proven through two claims, namely, the unpredictability of the δ and hardness of preimage problem using the inherent properties of δ and choice of parameters made in the construction. ough the dynamic system is deterministic, it exhibits chaotic behaviour which makes predictions hard when they operate in their region of chaos. Given a deterministic dynamic system with an initial configuration D � δ, α, x 0 , k, l where x 0 is the initial state, δ is the function, k is the number of iterations, and l is the number of bits used for representation, two things are necessary for making predictions: (1) D 0 should be known and particularly x 0 , and the initial state should be measured with reasonable accuracy such that the errors in the prediction are small say ε (2) Given the initial state x 0 and k time steps, compute x 0 ⊢ k x t in polynomial time Measuring the initial state x 0 with the required accuracy to keep the prediction errors small and within ε is difficult even if we consider that the initial configuration D 0 is known [39]. erefore, meeting the two necessary conditions is nontrivial to make predictions in D. Let us assume that the computations are carried out in discrete time and continuous state space which are efficiently made discrete with finite precision arithmetic. □ Claim 1. If a system D � δ, α, x 0 , k, l with parameters x 0 ∈ [0, 1], α ∈ [a, b] as initial conditions chosen uniformly random such that then the system is pragmatically unpredictable where [a, b] is the chaotic interval and the following holds: Proof. Consider the deterministic dynamical system D � δ, α, x 0 , k , and it is said to be strongly pragmatically predictable if and only if the following holds [39]: where t p represents interested prediction time x, x ′ denotes state space, ε 0 denotes the smallest measurement accuracy of initial conditions, and ε t represents practically tolerable prediction error. e above equation intuitively gives the implication that the inability to predict x t with reasonable accuracy level below ε t at all times implies system's initial conditions could not be measured with accuracy less than ε 0 . In other words, if the system's initial conditions cannot be measured with at least the measurement accuracy ε 0 , the system is not strongly pragmatically predictable. Hence, strong pragmatic predictability condition cannot hold if the initial conditions are kept secret as in construction G, and therefore, |x 0 − x 0 ′ | ≫ ε 0 . Also, if the systems are carefully chosen such that the system is in chaotic regime, as described in Section 4 (parameter generation Section 4.1), it makes predictability hard even when the measurement of initial conditions is within ε 0 . If the system satisfies equation (6), then the equation for strong predictability cannot hold. e condition for weak pragmatic predictability is given by e above condition for weak pragmatic predictability can neither hold for the system D if |x 0 − x 0 ′ | ≫ ε 0 holds. e intuitive meaning of the above equation is that for all times and states in the chaotic region, if the initial state prediction error is less than ε 0 and final state prediction error is more than ε t , then the system is unpredictable. is also means sensitive dependence to initial conditions or chaos. Moreover, it is known that boundedness of the trajectories produces nonlinearity, being nonperiodic, simulates statistical random experiment, and fills the entire state space [39].
e system D when bounded in the interval (0, 1) by parameter generation will exhibit the following characteristics consequently: (1) Nonlinearity due to addition of nonlinear term sine to the linear differential equation (2) Trajectory divergence or positive Lyapunov implies that the time-independent orbits will oscillate without being periodic in a finite region of the state space periodic making it unpredictable as observed from Figure 1 (3) Orbits will contain all possible state values and thus simulate a statistical random experiment (4) Set of orbits starting from one finite state space will fill the entire state space as observed from Figure 1 after some time Hence, the system D is unpredictable if equation (6) holds. Moreover, equation (6) holds by assumption and given D\ x 0 , k, α , that is, all the dynamical system parameters except for x 0 , k, α , an approximation x 0 ′ such that |x 0 − x 0 ′ | ≫ ε 0 also holds, and then it implies that it is hard to Any adversary trying to predict x t ′ with practically relevant accuracy ε t has to exhaustively search all possible values of initial conditions over |X|, and then the probability of determining x t ′ from x 0 ′ assuming x 0 is chosen uniformly random which is given by e second inequality follows from the fact that the state space is represented in finite arithmetic with l bits. e quantity ε t |X| − 1 � ε t 2 − l ≤ negl(l) is negligible, and the above equation can be rewritten as Considering that sk � p � α, k, x 0 being kept secret by design and inference from the above equation that the probability of computing x 0 ⊢ k x t such that |x t − x t ′ | ≥ ε t given that |x 0 − x 0 ′ | < ε 0 is negligible, the above equation can thus be written as Hence, Claim 1 is proven.

Security and Communication Networks
Proof. It is given that for the system D, the following holds: and then for all the points in the forward predicted orbit O + is negligible, and then it can be written without loss of generality: Given that δ is a noninvertible map and probability of computing O + x 0 ′ is negligible, it implies that given a destination point in an orbit x t and predicting all the points backward towards the initial point x 0 in the backward orbit Combining forward and backward orbit computability probability from equations (15) and (16), we get Hence, Claim 2 is proven. It follows from Claims 1 and 2 that the function δ is unpredictable.

Corollary 1. Preimage δ k problem: let D be a system such that
, then the following holds in the chaotic interval:

Theorem 2. If δ ∈ D is unpredictable, then it is a one-way function in the chaotic interval
Proof. A function is one-way if the following two conditions hold [41]: (1) ere exists a polynomial-time algorithm M δ computing δ, that is, M(δ) � δ k (x 0 , l) for all x 0 ∈ (0, 1) and k, l ∈ poly(n) (2) For every probabilistic polynomial-time algorithm A, there is a negligible function negl such that e above equation can be also represented succinctly as e proof of the theorem is structured by means of proving each condition for one-way function described above holds for δ through claims as given below. □ Claim 3. Given D 0 and α, k, x 0 with finite precision, the function δ computes x 0 ⊢ k x t deterministically in polynomial time Proof. It is assumed that given D 0 is of finite precision and x 0 ∈ (0, 1). e δ k function computes x 0 ⊢ k x t at each lattice given by

(21)
We can see the abovementioned way of computing recursively and using modular arithmetic which keeps the complexity of finite arithmetic computing deterministic within polynomial time as long as k is polynomial.  Security and Communication Networks e second and third equality follows from equation (16) and Corollary 1. e fourth inequality proves Claim 4. Now, from Claims 3 and 4, it follows that δ is one way. From eorems 1, 2, and [41], the corollaries are as follows.

Corollary 2. If δ is a one-way function in the chaotic interval
and G(x, r) � (δ(x), r), then the function hc(x, r) � ⊕ n i�1 x i .r i where x � x 1 , . . . , x n and r � r 1 , . . . , r n is a hard-core predicate of G.

Corollary 4.
If G is a pseudorandom generator with expansion factor n + 1, then for any polynomial denoted poly(.), then there exists a pseudorandom generator G with expansion factor poly(n).

Theorem 3.
Let predictor be a construction as given below for Δ � δ n n∈N , an efficient R ⟶ R function ensemble, and let c ∈ N be some constant as follows. (1) Assume two parties, the predictor T and verifier V (2) Let D 0 denote the private initial configuration generated during parameter generation (3) Let x 0 be the initial state space and iterated k such that x t � δ k (x 0 ) or x 0 ⊢ k x t (4) e protocol runs in q − 1 rounds for q � n c . T sends to V a point x i ∈ X and in return V sends to T at the i th round of the protocol value y i computed as follows: T outputs a point x q which is not previously queried in x 1 x 2 . . . x q−1 and a string y q which is its guess for δ k+q (x q ) at the termination of the protocol Δ is unpredictable against an adaptive sample and an adaptive challenge if for any polynomial-time machine T and any constant c ∈ N, then Pr y q � δ k+q x q |y 1...q−1 ≤ negl(l).
Proof. e initial configuration parameters are generated using parameter generation described in Section 4.1 such that for D, the following condition for chaos or unpredictability holds: From [38], we know that predicting any point in a orbit at any level of precision ε > 0, all sufficiently past points are approximately probabilistically irrelevant. Hence, if the condition for chaos holds, then by Definition 2, we have for t m ≤ t n at level ϵ > 0 where ϵ is a negligible quantity, without loss of generality ϵ can be assumed to be equal to a small quantity negl(l): Rewriting the above equation, we get Pr y q � δ k α x q |y 1...q−1 − Pr y q � δ k α x q < negl(l).
e ϵ is negligible function of level of precision by definition and its equivalent to negl(l). Hence, it can be inferred that the probability conditioned on past observations has negligible effect under unpredictability assumption, and then it can be written as e first inequality is obtained by rewriting equation (26). e second inequality follows from eorem 2 and its corollary. e third and fourth inequality follows that the predictor's advantage is negligible. Hence, the adversary or the predictor T has negligible advantage in predicting given adaptive sample query access.

Security and Communication Networks
Corollary 5. Let δ be such that Pr[Predictor � 1] ≤ negl(k), then from [43], it holds that Corollary 6. From Corollaries 2-5, it follows that G is a secure next-bit unpredictable PRNG with expansion factor poly(n).

Empirical and Statistical Analysis
e central requirement for any PRNG to be practical is pseudorandomness and unpredictability (both forward and backward). A well-designed generator produces sequences that exhibit good statistical properties and are evenly distributed. To test the statistical strength of the designed PRNG, the sequence generated is subjected to rigorous statistical tests against the null hypothesis. e null hypothesis is that the sequence under test is random, and alternate hypothesis that the sequence is nonrandom. e statistical test suite describes the probability of the tested potential pseudorandom sequence, called test sequence, against a priori known truly random source or reference distribution. e intuition is that when the computed statistical value does not exceed the critical value, it means that a low probability event does not occur naturally, and hence, it must be random.
ere are an infinite number of statistical tests describing a methodology to test the existence of a prescribed pattern to prove that the tested sequence is nonrandom. e presence of an infinite number of statistical tests leads to no finite set of tests to quantify randomness. erefore, the statistical tests are only a necessary condition and not a sufficient condition, but they are truly an indicator of randomness using probability. In this section, we analyze the statistical strength of the binary sequence generated by generators G using statistical randomness testing suites, namely, NIST 800-22 randomness test suite [44], Dieharder battery of test [45], ENT [46], and TestU01 [47,48]. e pseudorandom binary bits are generated using G and instantiated with δ with m � 100, and p(l) � 10 6 is used for both proposed generators. All other parameters are chosen as described in Section 4.1.

NIST Test
Results. NIST SP800-22 statistical test suite consists of 15 independent statistical tests to investigate the randomness of the arbitrary long binary sequence produced by the generators. For each test, with a fixed significant level (α � 0.01), the quality of the sequence is given as p values. If the p value is ( > 0.01), the generated sequence passes the test; otherwise, it fails. e sample size of 100 binary sequences for each test is used with the bit length of the order 10 6 . e interpretation of the empirical results can be done from the proportion of passing of a test, i.e., the pass rate. e minimum pass rate is calculated from the sample size and the significant level as given in [44]. e minimum pass rate for 100 binary sequences with 0.01 significance level is 0.9602. e test is statistically successful if at least 96 sequences out of 100 sequences pass the test and the generator G successfully passed all the 15 tests as seen in Table 1 confirming the randomness of the generated sequence.

Dieharder Test Results.
e Dieharder test suite developed by Robert G. Brown consists of 31 stringent tests for distinguishability from random. e p value distribution generated by each test for Dieharder in contrast to NIST test suite is analyzed by a Kuiper-Kolmogorov-Smirnov (KKS) test, which has a higher sensitivity to deviations from an equal distribution. A random sequence with size 10 6 bit sequence from generators G is used as input for the Dieharder test suite. Table 2 shows the result of the Dieharder battery of tests. e number of trials used in each test is given as tsample. e generators passed all the 31 stringent tests, which indicate that there is evidence of randomness at a high confidence level.

ENT Test Results.
e ENT battery of tests consists of 5 tests for randomness. Table 3 shows the ENT test results. e information density of the sequence is evaluated using the entropy test expressed as number of bits per byte. Entropy quantifies how much expected information is contained in the generated sequence. G shows a maximum level of entropy (ideal value is 8) indicating a good measure of randomness. e chi-square test indicates that the generated sequence is random, and it is extremely sensitive to errors in PRNG. e arithmetic mean is the sum of all the bytes in the generated file divided by the file length. G is very close to random, i.e., within the mean range of 127 ± 0.01. e Monte Carlo value converges to π with minimal error 0.01 percent for G signifying that the sequence is close to random. e serial correlation coefficient (SCC) test indicates that there is no correlation between each byte with the previous byte in the sequence.

TestU01 Results.
e results for TestU01 are shown in Table 4 is indicates that the generated binary sequence has good randomness and hence unpredictable.
Experimentally through a series of stringent battery of the test, it is seen that generator G has passed all the randomness tests successfully in agreement to the security analysis presented in Section 5. erefore, it is evident that the generated sequences exhibit good statistical evidence of randomness and can be used confidently in sensitive applications.

Discussion
Implementation of cryptographic primitives for practical usage and for memory-constrained devices requires standardization in implementation. Also, the choice of operations involved in the algorithm directly affects the choice of hardware. In this proposal, we have focused to establish a solid approach to create robust and credible chaos cryptographic primitive design methodology. However, it can be observed from the construction that the design uses logisticsine map-based lattices composed into a CML, and hence, the design only requires implementing mainly logistic-sine map in hardware. erefore, the performance of the CML and the proposed CSPRNG in hardware or specific suitability to resource constrained devices can be assumed to be on par with the performance similar to that of LS map implementations as in [49,50]. Furthermore, in future we would like to study the performance of the construction on hardware implementations.
As dynamical system with chaotic behaviour, its trajectory will never repeat in theory but due to finite precision limitations in digital implementations may give rise to cycles. e robustness to dynamical degradation is thus captured by measuring the cycle length of symbols or bits produced by a chaotic systems. Since the proposed system passed all NIST tests with 1 million bit length output sequence from the proposed CSPRNG, including the random excursion test which captures the notion of cycle lengths in the output sequence, it can be safely assumed that effect of dynamical degradation is negligible for all practical purposes. Moreover, the experiments are carried out using Python 3.7 which adheres to the IEEE Standard for Floating-Point Arithmetic (IEEE 754), thereby restricting the key    space to single and double precision. In this CSPRNG, the only secret is the initial seed or initial vector. erefore, the key length is proportional to the precision or number of bits used to represent one initial seed in a lattice times the total number of lattices in the CML. For example, if a double precision IEEE 754 representation takes 53 significant and 11 exponent bits, then for 25 lattices, the key length is 275 and the total key space is in the order of 2 275 without considering the parameters of logistic-sine map which are nondominant factors in the order. Similarly, for a single precision, the total key space is in the order of 2 200 . In chaosbased cryptography, a key space above 2 128 is considered secure to be used for encryption, and hence, for the proposed CSPRNG, the probability of a brute force attack is negligible. Provable security has been demonstrated in chaos cryptography with the Chebyshev chaotic map in a multiparty computation setting using the hardness of computational Diffie-Hellman (CDH) problem's chaotic equivalent computational chaotic Diffie-Hellman (CCDH) problem in their designs. Such designs use the computational chaotic Diffie-Hellman problem posed by Chebyshev maps to build one-way functions. However, to the best of our knowledge, hardly any provable security is proposed in chaos cryptography for a CSPRNG setting. Some of the works using provable security under multiparty computation setting are [51][52][53] in which the authors present a formal proof of security in a multiparty computation setting to establish a secret key between parties which do not have a preshared secret key for secure communication. Iwasaki and Umeno [54] improved a vector space cipher by modelling a linear masking attack and proved that the improved algorithm can resist linear masking attack but did not use any standard provable security framework for encryption. e reasoning behind the choice of Chebyshev map used in such designs is due to its inherent property of CCDH which perfectly fits in the provable security framework for multiparty computation setting. Similarly, the proposed CSPRNG uses a CML composed of the LS map which is known to exhibit noninvertible property and fits well in the provable security framework for CSPRNG setting. Hence, any chaotic maps or flows can be used in the provable security framework if it would fit in the choice of provable security framework and setting. e proposed chaos-based CSPRNG design methodology demonstrates such instantiation of construction with a chaotic map for a choice of provable security framework and setting. Moreover, the authors in [55] provide a checklist and the proposed work captures those that are pertinent to a CSPRNG setting. e modern cryptography's provable security frameworks are indeed designed to capture such notions of attack and attacker capabilities enlisted in [55], and their correlation to this work is as follows: (1) Cryptographic primitive's algorithm should be stated explicitly in the form of mathematical model as described in Section 4.2 (2) Propositions for algorithms stated and proven explicitly as described from eorems 1 to 3 (3) Specification of domain and range as described in Section 4.2 parameter generation (4) Models capturing attackers' knowledge of the algorithm and security depending on just secret key as demonstrated through eorems 1 to 3 (5) Proof-driven design approach as demonstrated through in eorems 1 to 3 (6) Discussion on hardness assumptions and dynamic degradation as demonstrated through eorems 1 to 3 and Section 7 (7) Scope of attacks and robustness as captured through the notion of eorems 1 to 3

Conclusion
e theory that a deterministic system shall produce deterministic output has been proven otherwise with the study of dynamical systems. e construction G is based on the results that deterministic dynamical systems can produce chaos over long range. Moreover, when such systems are made to operate in the region of chaos by choosing system parameters appropriately, they tend to become unpredictable. More precisely, the chosen function δ exhibits unpredictability proving computation of the defined preimage problem as hard or unpredictable making them candidate unpredictable functions according to modern cryptography. It is a proven fact that the pseudorandom number generator constructions satisfying the abstract notions of computational indistinguishability will pass all efficient statistical tests. Such notions to the best of our knowledge hardly have been applied in the design of pseudorandom generator constructions using chaos. is paper presents CSPRNG using the proven Goldreich-Levin generic construction of modern cryptography and then instantiated it with a new CML (δ), namely, G. e security is proven using the abstract notions of unpredictability, a proven equivalent to computational indistinguishability and modern cryptography primitive design tool. e pseudorandom generator G is then proven to be computationally indistinguishable. Pseudorandom sequences generated from such design are then tested using standard statistical randomness test suites used by chaos-based cryptography designers, namely, NIST, Dieharder, ENT, and TestU01. e pseudorandom sequences generated from G passed all the tests of NIST, Dieharder, ENT, and TestU01 (tests for bits) test suites proving the claims of abstract notions of unpredictability. Hence, the premise that statistical analysis is used as a necessary condition and rigorous mathematical simulationbased proof is used as sufficient condition is demonstrated to eventually produce better designs. us, we believe that the demonstrated design approach will provide new directions beyond statistical analysis in designing chaos-based cryptographic primitives by using modern cryptography design tools. Also, it will motivate chaos-based designers to more often instantiate time-tested proven generic constructions with candidate chaotic functions rather than design generic constructions for new cryptographic primitives. is kind of design approach will lead to robust and credible chaotic cryptographic primitives and prevent depreciating motivation on chaos-based cryptographic primitive design.

Data Availability
No data were used to support this study.

Conflicts of Interest
e authors declare that they have no conflicts of interest.