^{1}

^{2}

^{1}

^{1}

^{2}

The design of cryptographically secure pseudorandom number generator (CSPRNG) producing unpredictable pseudorandom sequences robustly and credibly has been a nontrivial task. Almost all the chaos-based CSPRNG design approaches invariably depend only on statistical analysis. Such schemes designed to be secure are being proven to be predictable and insecure day by day. This paper proposes a design and instantiation approach to chaos-based CSPRNG using proven generic constructions of modern cryptography. The proposed design approach with proper instantiation of such generic constructions eventually results in providing best of both worlds that is the provable security guarantees of modern cryptography and passing of necessary statistical tests as that of chaos-based schemes. Also, we introduce a new coupled map lattice based on logistic-sine map for the construction of CSPRNG. The proposed pseudorandom number generator is proven using rigorous security analysis as that of modern cryptography and tested using the standard statistical testing suites. It is observed that the generated sequences pass all stringent statistical tests such as NIST, Dieharder, ENT, and TestU01 randomness test suites.

Cryptographically secure pseudorandom number generator (CSPRNG) efficiently generates sequences that cannot be distinguished from random sequences by (computationally) efficient adversaries. The number of hardware and software implementations of CSPRNG based on chaotic maps has increased recently along with chaos-based cryptosystems. Chaotic maps are mathematical functions that exhibit random or chaotic behaviour that is hard to predict. The idea is to use the behaviour of such chaotic maps to produce chaotic sequences that are disordered, unpredictable, and sensitive to the initial conditions. However, the designers of such chaos-based cryptosystems claim security by statistical analysis of the topological properties of disorder as defined by the mathematical theory of chaos. More often, there is no rigorous provable security methodology that bridges the gap between statistical analysis of chaotic maps topological properties and security guarantees unlike modern cryptography. As a result, the use of chaos-based cryptosystems is disputed, especially for cryptographic applications, and they are often shown to be flawed, with such failures often attributed to the use of nonrigorous empirical-only methodology in the design process [

Generally, pseudorandom sequences generated from a potential CSPRNG

Based on the notion of computationally indistinguishable, one-way functions (OWFs) [

Yao [

This kind of modern cryptography design approach in chaos cryptography can lead to credible and robust designs. The proven modern cryptographic constructions such as Merkle–Damgard, sponge construction, and block cipher modes can be used by instantiating such proven constructions with suitable chaos-based functions. Such design approach will reduce the reliance of security assessment methods on statistical analysis. Moreover, statistical analysis is performed only on the produced output of cryptographic algorithms such as on ciphertexts obtained from an encryption mechanism, hash or message digest obtained from a hash algorithm, and pseudorandom bits obtained from a pseudorandom number generator. Also, statistical tests conducted only on the output of cryptographic algorithms generally do not capture the notion of attackers’ potential, attackers’ knowledge of the algorithm (Kerckhoffs’ principle), and attackers’ capabilities to interact or query the algorithm. Cryptographic algorithms are often vulnerable in real-world situations due to such attackers’ characteristics. Therefore, beyond statistical analysis, the design approach for chaos-based cryptographic design should be based more on instantiating proven constructions with chaotic maps as unpredictable functions rather designing new constructions on each proposed chaotic cryptographic algorithm.

Considering all the above factors, we demonstrate a design approach by instantiating a proven modern cryptographic PRNG construction with a new chaotic map based on coupled map lattices, prove its security using modern cryptographic attack models, and perform statistical analysis on the output. The proposed design approach can also be used for designing other chaos-based cryptographic primitives with proper instantiation of the chaotic maps. The chaotic maps should satisfy the conditions or properties as required by the choice of construction and security model to prove the security. For example, the choice of construction in this work requires that the instantiated chaotic map to be a unpredictable function, and hence, a map known to be noninvertible is used in the composition. Similarly, other chaotic maps can be used in the proposed approach depending on the choice of construction. PRNGs are required to produce output sequence of bits which are distributed almost uniformly. However, for a CSPRNG, the output sequence is required to have negligible probability to be distinguished by an adversary not knowing the initial seed from random sequence besides passing all polynomial-time (in respect of size of the seed) restricted statistical tests. Such CSPRNG can be used in stream ciphers and block ciphers as a submodule as required by the design. The main contributions of this paper are as follows:

We instantiate Goldreich–Levin generic construction with a new deterministic discrete coupled map lattice (

We prove through theoretical security analysis methodology using modern cryptography tools that

The sequences generated using the proposed

In Section

Entropy of nondeterministic source is used as input to the true random number generator (TRNG) that induces complex and unpredictability properties. For instance, mouse movements or electrical signal noise and bioelectrical signals can be utilized for TRNG process [

In recent years, chaos has been used extensively in computing cryptographically secure PRNGs as it is computationally infeasible to predict the preceding bits despite the visible part of the output dynamics. In spite of the hype surrounding the chaos-based PRNGs, there are many shortcomings of this technique which make them insecure to be used in cryptographic systems. The selection of the chaotic system is a indispensable problem in the generation of the pseudorandom bits. Various single-dimensional chaotic maps such as logistic map, multimodal maps, Tinkerbell map, quantum logistic map, and piecewise logistic map are used in the design of PRNGs [

Xu et al. [

Another issue which is profoundly identified in the chaotic PRNG is the implementation of generators with finite precision [

The choice of the dynamical system in this paper is limited to discrete dynamical functions as in [

In such a CML, the lattices are ordered on an

Computable: a computation of a CML of length

We often for brevity denote

Preimage problem: given a fixed dynamical system

A deterministic dynamical system does not always exhibit deterministic behaviour but rather exhibit chaotic or unpredictable behaviour or sensitive dependence to certain initial conditions or parameters. From [

Approx. probabilistically irrelevant:

The intuition behind the above definition under the assumption that

A general approach towards construction of efficient encryption mechanism is used to generate a short random key

Let

The deterministic discrete dynamical system

Let the state space be

The function

where

Let

where

If

The choice of

The values of

We construct pseudorandom generator

Set

Set

Set

Set

For

Set

Set

Set

For

Let

Set

Output

Figure

Construction

The construction

Unpredictable function: the function

The theorem is proven through two claims, namely, the unpredictability of the

Given the initial state

Measuring the initial state

If a system

Consider the deterministic dynamical system

The above condition for weak pragmatic predictability can neither hold for the system

Nonlinearity due to addition of nonlinear term sine to the linear differential equation

Trajectory divergence or positive Lyapunov implies that the time-independent orbits will oscillate without being periodic in a finite region of the state space periodic making it unpredictable as observed from Figure

Orbits will contain all possible state values and thus simulate a statistical random experiment

Set of orbits starting from one finite state space will fill the entire state space as observed from Figure

Hence, the system

The second inequality follows from the fact that the state space is represented in finite arithmetic with

Considering that

Hence, Claim

Let

It is given that for the system

Given that

Combining forward and backward orbit computability probability from equations (

Hence, Claim

It follows from Claims

If

A function is one-way if the following two conditions hold [

There exists a polynomial-time algorithm

For every probabilistic polynomial-time algorithm

The above equation can be also represented succinctly as

The proof of the theorem is structured by means of proving each condition for one-way function described above holds for

Given

It is assumed that given

We can see the abovementioned way of computing recursively and using modular arithmetic which keeps the complexity of finite arithmetic computing deterministic within polynomial time as long as

Given

We construct the experiment

(

Choose uniform

The output of the experiment is defined to be 1 if

A closer observation of the definition of the experiment will reveal the fact that the experiment Invert is just a conceptual redefinition of the preimage problem defined in Section

The second and third equality follows from equation (

Now, from Claims

From Theorems

If

If

If

Let predictor be a construction as given below for

(

Assume two parties, the predictor

Let

Let

The protocol runs in

The initial configuration parameters are generated using parameter generation described in Section

From [

Rewriting the above equation, we get

The

The first inequality is obtained by rewriting equation (

Let

From

The central requirement for any PRNG to be practical is pseudorandomness and unpredictability (both forward and backward). A well-designed generator produces sequences that exhibit good statistical properties and are evenly distributed. To test the statistical strength of the designed PRNG, the sequence generated is subjected to rigorous statistical tests against the null hypothesis. The null hypothesis is that the sequence under test is random, and alternate hypothesis that the sequence is nonrandom. The statistical test suite describes the probability of the tested potential pseudorandom sequence, called test sequence, against a priori known truly random source or reference distribution. The intuition is that when the computed statistical value does not exceed the critical value, it means that a low probability event does not occur naturally, and hence, it must be random.

There are an infinite number of statistical tests describing a methodology to test the existence of a prescribed pattern to prove that the tested sequence is nonrandom. The presence of an infinite number of statistical tests leads to no finite set of tests to quantify randomness. Therefore, the statistical tests are only a necessary condition and not a sufficient condition, but they are truly an indicator of randomness using probability. In this section, we analyze the statistical strength of the binary sequence generated by generators

NIST SP800-22 statistical test suite consists of 15 independent statistical tests to investigate the randomness of the arbitrary long binary sequence produced by the generators. For each test, with a fixed significant level (

NIST test results.

Test name (test no.) | ||
---|---|---|

0.01 | 0.9602 | |

Frequency (1) | 0.978072 | 0.9900 |

BlockFrequency (2) | 0.759756 | 1.0000 |

CumulativeSums-forward (3) | 0.249284 | 0.9800 |

CumulativeSums-backward (4) | 0.851383 | 0.9800 |

Runs (5) | 0.574903 | 0.9900 |

LongestRun (6) | 0.816537 | 0.9800 |

Rank (7) | 0.616305 | 1.0000 |

FFT (8) | 0.334538 | 0.9900 |

NonOverlappingTemplate | 0.497008 | 0.9900 |

OverlappingTemplate (157) | 0.978072 | 1.0000 |

Universal (158) | 0.779188 | 0.9900 |

ApproximateEntropy (159) | 0.534146 | 0.9900 |

RandomExcursions | 0.473546 | 0.9848 |

RandomExcursionsVariant | 0.327361 | 0.9848 |

Serial 1 (186) | 0.739918 | 0.9800 |

Serial 2 (187) | 0.911413 | 1.0000 |

LinearComplexity (188) | 0.474986 | 1.0000 |

Success | — | 15/15 |

The Dieharder test suite developed by Robert G. Brown consists of 31 stringent tests for distinguishability from random. The

Dieharder test results.

Test name (test no) | ||
---|---|---|

Diehard Birthday (0) | 100 | 0.623511 |

Diehard OPERMS (1) | 1000000 | 0.892017 |

Diehard 32 × 32 Binary (2) | 40000 | 0.563151 |

Diehard 6 × 8 Binary Rank (3) | 100000 | 0.925417 |

Diehard Bitstream (4) | 2097152 | 0.851563 |

Diehard OPSO (5) | 2097152 | 0.867954 |

Diehard OQSO (6) | 2097152 | 0.415923 |

Diehard DNA (7) | 2097152 | 0.442299 |

Diehard Count the 1 s (stream) (8) | 256000 | 0.874544 |

Diehard Count the 1 s (byte) (9) | 256000 | 0.177324 |

Diehard Parking Lot (10) | 12000 | 0.909532 |

Diehard Min. Distance (2d Circle) (11) | 8000 | 0.362603 |

Diehard 3d Sphere (Min. Distance) (12) | 4000 | 0.616346 |

Diehard Squeez (13) | 100000 | 0.140148 |

Diehard Sums (14) | 100 | 0.040395 |

Diehard Runs | 100000 | 0.562278 |

Diehard Craps | 200000 | 0.569362 |

Marsaglia and Tsang GCD | 10000000 | 0.931485 |

STS Monobit | 100000 (100) | 0.716828 |

STS Runs (101) | 100000 | 0.801802 |

STS Serial (generalized) (102) | 100000 | 0.422199 |

RGB Bit Distribution | 100000 | 0.597944 |

RGB Generalized Min. Distance | 10000 | 0.550842 |

RGB Permutations | 100000 | 0.497884 |

RGB Lagged Sum | 1000000 | 0.494495 |

RGB Kolmogorov–Smirnov (204) | 10000 | 0.240666 |

Byte Distribution (205) | 51200000 | 0.665759 |

DAB DCT (206) | 50000 | 0.441544 |

DAB Fill Tree | 15000000 | 0.393346 |

DAB Fill Tree 2 | 5000000 | 0.385133 |

DAB Monobit 2 (209) | 65000000 | 0.009707 |

Success counts | 31/31 | — |

The ENT battery of tests consists of 5 tests for randomness. Table

ENT test results.

Test name | |
---|---|

Sample size (bytes) | 246460416 |

Entropy (bits) | 7.999999 |

Chi-square | 272.11 |

Arithmetic mean | 127.4943 |

Monte Carlo value for pi | 3.141934062 |

SCC |

The results for TestU01 are shown in Table

TestU01 test results.

Length | Rabbit | Alphabit | Blockalphabit |
---|---|---|---|

38/38 | 17/17 | 17/17 |

Experimentally through a series of stringent battery of the test, it is seen that generator

Implementation of cryptographic primitives for practical usage and for memory-constrained devices requires standardization in implementation. Also, the choice of operations involved in the algorithm directly affects the choice of hardware. In this proposal, we have focused to establish a solid approach to create robust and credible chaos cryptographic primitive design methodology. However, it can be observed from the construction that the design uses logistic-sine map-based lattices composed into a CML, and hence, the design only requires implementing mainly logistic-sine map in hardware. Therefore, the performance of the CML and the proposed CSPRNG in hardware or specific suitability to resource constrained devices can be assumed to be on par with the performance similar to that of LS map implementations as in [

As dynamical system with chaotic behaviour, its trajectory will never repeat in theory but due to finite precision limitations in digital implementations may give rise to cycles. The robustness to dynamical degradation is thus captured by measuring the cycle length of symbols or bits produced by a chaotic systems. Since the proposed system passed all NIST tests with 1 million bit length output sequence from the proposed CSPRNG, including the random excursion test which captures the notion of cycle lengths in the output sequence, it can be safely assumed that effect of dynamical degradation is negligible for all practical purposes. Moreover, the experiments are carried out using Python 3.7 which adheres to the IEEE Standard for Floating-Point Arithmetic (IEEE 754), thereby restricting the key space to single and double precision. In this CSPRNG, the only secret is the initial seed or initial vector. Therefore, the key length is proportional to the precision or number of bits used to represent one initial seed in a lattice times the total number of lattices in the CML. For example, if a double precision IEEE 754 representation takes 53 significant and 11 exponent bits, then for 25 lattices, the key length is 275 and the total key space is in the order of

Provable security has been demonstrated in chaos cryptography with the Chebyshev chaotic map in a multiparty computation setting using the hardness of computational Diffie–Hellman (CDH) problem’s chaotic equivalent computational chaotic Diffie–Hellman (CCDH) problem in their designs. Such designs use the computational chaotic Diffie–Hellman problem posed by Chebyshev maps to build one-way functions. However, to the best of our knowledge, hardly any provable security is proposed in chaos cryptography for a CSPRNG setting. Some of the works using provable security under multiparty computation setting are [

Cryptographic primitive’s algorithm should be stated explicitly in the form of mathematical model as described in Section

Propositions for algorithms stated and proven explicitly as described from Theorems

Specification of domain and range as described in Section

Models capturing attackers’ knowledge of the algorithm and security depending on just secret key as demonstrated through Theorems

Proof-driven design approach as demonstrated through in Theorems

Discussion on hardness assumptions and dynamic degradation as demonstrated through Theorems

Scope of attacks and robustness as captured through the notion of Theorems

The theory that a deterministic system shall produce deterministic output has been proven otherwise with the study of dynamical systems. The construction

No data were used to support this study.

The authors declare that they have no conflicts of interest.