One-Time Pad, Arithmetic Coding and Logic Gates: An unifying theme using Dynamical Systems

One-Time P ad, Arithmetic Coding and Logic Ga tes: An unifying theme using D ynamic al Systems Nithi n Nagar a j and Prabhak ar G. V aidya Sc ho ol of Natura l Sci ences and Engineer ing Natio nal Institute o f Adv anced Studi es I ISc Camp u s, Banga lore 56001 2 Email: nithin nagara j@y aho o.com F ebruar y 22, 2008 Abstract In this letter, w e pro v e that the p erf ectly secure One-Time P ad (OTP) encryption can b e seen as finding the initial condition on the binary map under a random switc h ba sed on the p erfectly ra ndom pad. This turns out to b e a sp ecial case of Grangetto’s randomized arithmetic co ding p erformed on the Binary Map. F urthermore, we de riv e the set of p ossible p erfect secrecy systems using suc h an approac h. S ince OTP encryption is an XOR op era- tion, w e th us ha ve a dynamical systems implemen tation of the XOR gate. W e sho w similar implemen tations for o t her gates suc h as NOR, NAND, OR , XNOR, AND and NOT. The dynamical systems framew ork unifies the three areas to whic h Shannon made foundational con tributio ns: loss less compression (Source Co ding), p erfect encryption (Cryptogra ph y), and design of log ic gates (Computation). 1 Shannon’s Leg acy: Co ding, C ryptography and C om- putation Claude Shannon w as one of the most imp ortant figures in the information rev olut io n of the last century . He made f oundational con tributio ns to Co ding, Cryptograph y and Compu- tation. His master’s t hesis used Bo olean algebra to analyze and syn thesize switc hing a nd computer circuits [1]. In 1948, he form ulated a mathematical theory of communic ation where among other things, he w a s the first to define En tro p y as the f undamental limit of noiseless lo ssless source co ding [2]. In the follo wing year, he prov ed the p erfect secrecy 1 of the V ernam cryptogra phic system, also p opula r ly kno wn as One-Time P a d (O TP) [3]. OTP is the only metho d to b oast of p erfect secrecy . In this pap er, w e attempt to unify these three themes b y a dynamical systems frame- w ork. W e claim t ha t the three things are deeply related when view ed from a dynamical systems p ersp ectiv e. The letter is orga nized as f ollo ws. In Section 2 w e introduce the Bi- nary Map and its sk ew ed cousins, a piece-wise linear dynamical system whic h is Leb esgue measure (in this case, this is the proba bility measure) preserving, c haot ic and ergo dic. Sec- tion 3 in tro duces arithmetic co ding as finding the initial condition on the ske w ed Binary Map. Se ction 4 in tro duces Gr a ngetto’s randomized arithmetic co ding a nd establishes its connection with the OTP . Section 5 deals with generalizing OTP t o hig her alphab ets. Sec- tion 6 talks ab out implemen tation of logic gat es using randomized ar it hmetic co ding. W e conclude in Section 7. 2 The Bi nary Map and its Sk e w ed Cousin s The Binary Map (F ig. 1(a)) T : [0 , 1) → [0 , 1) is defined as: x 7→ 2 x, 0 ≤ x < 1 2 7→ 2 x − 1 , 1 2 ≤ x < 1 . It is w ell kno wn that the binary map is a non- linear chaotic dynamical system, whic h preserv es the Leb esgue measure [4]. F urthermore, ev ery initial condition in [0 , 1) has a unique sym b olic sequence and eve ry finite length ( > 0) sym b olic sequence corresp onds to a subset of [0 , 1) of non-zero measure. Since the binary map has the maxim um top ological en tropy for t w o sym b o ls (= l n (2)), all p ossible arrangemen ts of 0 and 1 can o ccur in its space of sym b olic sequence s. ‘0’ ‘1’ (b) p ‘0’ ‘1’ (a) 0.5 Figure 1 : (a) Binary Map. ( b) Sk ew ed Binary Map. Both these are examples o f G LS. The sym b ol ‘0’ corresp onds to the interv al [0 , 0 . 5) and the sym b ol ‘1’ corr esp onds t o the in terv al [0 . 5 , 1). The binary ma p b elongs to a larger class of dynamical systems kno wn as 2 Generalized Lur ¨ oth Series (GLS) [4]. GLS is studied fo r its n umber theoretical prop erties. The sk ew ed binary map is sho wn in F ig. 1(b). Here the sym b ols ‘0’ and ‘1’ corr esp o nd to the in terv als [0 , p ) and [ p, 1) resp ectiv ely (0 ≤ p ≤ 1, p = 0 . 5 corresp onds to the binary map). 2.1 Mo des of Sk ew ed Binary Map There are 8 differen t mo des of the sk ew ed binary map as shown in Fig. 2. The se a re obtained by a com binatio n of sw apping the tw o in t erv als corresp o nding to ‘0’ and ‘1’, and c hanging the sign of the slop e of the map in the tw o interv a ls. W e shall call a map with tw o alphab ets a dual o f the another if the t wo interv als along with their sym b ols are swapped. ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ Figure 2: Differen t mo des o f the sk ew ed binary map. The b ottom row are duals of the maps in the first ro w. The GLS can b e readily extended to larger alphab ets. 3 Arithmetic co ding se en as a Dynamical System Recen tly , we ha v e prop osed a metho d of lo ssless data compression where the (binary) message ( M ) is treated as the sym b olic sequence on the appropriate GLS ( p corresp onds to the probabilit y of the a lphab et ‘0’ in the message) and the initial c ondition is determin ed by iterating bac kw ards. The initial condition serve s as the compressed file whic h can b e used to determine the sym b olic sequence (message) at the deco der (giv en p ). W e called suc h a metho d as G LS-co ding. G L S- co ding is a g eneralization of arithmetic co ding whic h ac hiev es the Shannon’s en trop y rate for the source. Th us GLS-co ding yields optimal noiseless lossless data compression. F o r full details please r efer t o [5]. 3 4 Randomized Arithmetic Co ding and th e One Time P ad Grangetto’s Randomized Arithmetic Co ding is one of the earliest attempts to prov ide b oth source co ding and encryption using Arithmetic Co ding [6]. The idea of Ra ndomized Arithmetic Coding is to randomly swap (or not sw a p) the tw o in terv als corresponding to the sym b ols (‘0’ and ‘1’) at ev ery iteration based on a random priv ate binary k ey stream ( K ) whic h is av ailable only to the deco der of the intended party . This randomizes the lo catio n of the final in terv al while retaining compression efficiency . Ha ving already established that Arithmetic Co ding is a sp ecific mo de of GLS, w e can inte rpret Randomized Arithmetic Co ding a s a sw a pping b et w een tw o mo des of the G LS (the tw o mo des are duals of eac h other) a t ev ery iteratio n based on a priv ate key stream (Fig. 3). ‘0’ ‘1’ ‘1’ ‘0’ K=0 K=1 p p Figure 3: G r a ngetto’s Randomized Arithmetic Co ding. ‘ K ’ is the binary k ey s tream. When K = 0, the bac kw ard iteration is done on the sk ewe d binary map on the left and for K = 1, the bac kw ard iterat io n is done on it s dual on the righ t. Tw o imp ortan t p oints that need to b e remem b ered in ra ndo mized a rithmetic co ding are: 1. The k ey stream K should b e p erfectly r a ndom to ensure b est securit y . 2. The k ey stream K is as long as the uncompressed message M . 4.1 OTP is a sp ecial case of rand omized arithmetic co ding It turns out that OTP encryption and decryption can b e seen as sp ecial case of randomized arithmetic co ding. Instead of using the sk ew ed binary ma p, if we used the binary map then w e end up with the OTP encryption whic h Shannon show ed in 1949 t o b e p erfectly secure. Theorem: OTP encryption is equiv alen t to finding the initial condition for the sym b olic sequence M under switc hing based on k ey K o n the binary map and it s dual. 4 ‘0’ ‘1’ K=0 K=1 ‘1’ ‘0’ Figure 4 : OTP is a sp ecial case o f G rangetto’s Randomized Arithmetic Co ding p erformed on the binary map instead o f the sk ew ed binary map. Th us OTP can b e seen as finding the initial condition under random switc hing on the binary map and its dual. Pro of: W e shall pro ve that this is equiv alen t to an XOR op eration b et w een the message M and the k ey K . Since X OR op eration is equiv alen t to OTP encryption, w e would thu s ha ve a pro of of the theorem. Let us consider all p ossibilities for o ne bit of the ke y K and one bit of the message M . When K = 0 a nd M = 0, the in terv al is mapp ed to [0,0.5). The initial condition is going to lie in this in terv al irrespective of future bits (this is b ecause the map is con tinuous in eac h of the in terv als). The first bit of the initial condition is g o ing to b e 0. When K = 0 and M = 1, the initial condition will lie in [0.5 ,1) whic h w ould mean that the first bit of the initial condition is 1. When K = 1 , the o ut puts are reve rsed. The output is sho wn in T able 1 . It can b e seen that this is equiv a len t to t he X OR op eration b et w een K and M . Subsequen t bits would follow the same lo gic (one can imag ine that the fir st bit of the initial condition has b een flushed a s output and the in terv al ha s b een rescaled to [0 ,1 ) to b egin enco ding the second bit of M with the second bit of K for switc hing).  T able 1: Switching b et w een the tw o maps is equiv a len t to X OR b et w een K and M . K M First bit o f initia l condition 0 0 0 0 1 1 1 0 1 1 1 0 W e a re effectiv ely attempting to c ompr ess the message stream M under the switc hing op eration. W e are p erforming G LS-co ding (or arithmetic co ding) o n the binary map and its dual. Ho w ev er, it m ust b e noted that since the tw o interv als for the binary map and its dual are of equal length, no compression will b e achie v ed by t he metho d. Th us the initial condition when expressed in binary need to ha ve the same length as the message stream M to enable lossless decompression (in this case, decryption). Decryption in volv es finding the sym b olic sequence on the binary map (and its dual under the op eration of switc hing 5 ‘0’ ‘1’ K=0 ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘1’ ‘0’ K=1 ‘1’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0’ Figure 5: P erfect secrecy system s equiv alen t to O TP . There is a c hoice of 4 mo des f o r K = 0 and K = 1 indep enden tly . Th us there are 16 p ossible p erfect secrecy systems whic h are equiv alen t to OTP . k ey K ) using the initial condition. 4.2 Other p erfect secrecy systems that are equiv alen t to OTP This connection b et w een ar it hmetic co ding, binary map and OTP enables us to find perfect secrecy systems whic h are all equiv alen t to OTP . W e kno w that the binary map has 4 p ossible mo des that corresp ond t o c ho osing either p ositiv e or negative slop e in the tw o in terv als and 4 other mo des that are duals. In order to obtain secrecy systems that are equiv a len t to OTP , w e can c ho ose an y of the 4 mo des for K = 0 and K = 1 indep enden tly . Th us there are 16 p ossible secrecy systems whic h are all p erfectly secure. The OTP is in 6 fact o ne o f them (Fig . 5). 5 n - O T P : ge n eralization to no n-binary alph ab ets The dynamical system viewp o in t that w e ha v e prop osed immediately enables us to g ener- alize OTP for no n-binary alphab ets ( n - O T P where n ≥ 2) while retaining p erfect secrecy . Supp ose w e hav e a message that tak es v alues from the ternary alphab et { 0 , 1 , 2 } . W e further assume tha t w e hav e a p erfe ct ra ndo m ke y stream that also take s v alues from the ternary alphab et. T o p erfo rm encryption, w e switc h b etw een the three GLS maps show n in Fig. 6 dep ending on the ke y v alue. ‘0’ ‘2’ K=0 ‘1’ ‘1’ ‘0’ K=1 ‘2’ ‘2’ ‘1’ K=2 ‘0’ Figure 6 : n - O T P : F or n = 3 and for an input ternary message M , the OTP can b e im- plemen ted a s finding the init ia l condition by switc hing b etw een the ab ov e three dynamical systems based on a random k ey K dra wn from the alphabet { 0,1,2 } with eq ual probabilities. This is equiv alen t to addition mo dulo 3 b et w een M and K . F or n > 2, there are m ultiple o ptions for choosing the n dynamical systems to switc h. Th us it is p ossible to generalize O TP encryption to larger alphab ets. 6 A Dynamical Syst e ms Imple men tatio n of X OR and other Lo g ic Gate s As we noted earlier, it is we ll kno wn t hat the OTP encryption is an X OR (exclusiv e-OR) op eration b et w een message stream M and the k ey stream K . This means that w e hav e a dynamical system implemen tation of the X OR g ate. Is it p o ssible to get other lo gic gates from t his fr a mew ork? 6.1 XNOR, OR, AND, NAND, NOR and NOT gates W e sho w that it is p ossible to implemen t the w ell kno wn log ic gates XNOR , OR, AND, NAND, NOR and NOT gates as finding the initial condition b y switc hing of appr op riate dynamical systems. Please see Fig. 7 for a description of the implemen tation of logic gates. 7 K=0 K=1 ‘1’ ‘0’ ‘0’ ‘1’ ‘1’ ‘0’ ‘0’ ‘1’ ‘0’ ‘1’ ‘0,1’ ‘0,1’ ‘0’ ‘1’ ‘0,1’ ‘1’ ‘0’ ‘1’ ‘0’ ‘0,1’ ‘1’ ‘0’ XNOR OR AND NAND NOR NOT Figure 7 : XNOR, OR, NOR, AND and NAND logic gates implemen ted as finding the initial condition by switc hing of dynamical systems. NOT gate is just finding the initial condition on the single dynamical system sho wn. The NOT gate do es no t inv olv e a switc hing op eration. The NOT op eration can b e seen as finding the initial condition on t he binary map with the sym b ols fo r the tw o interv als sw app ed. One can easily extend this metho d for an y logical gate. It is a lso p ossible to extend these systems to higher a lpha b ets just lik e ho w w e did for OTP . The ternary-OTP described in Section 5 w o uld corresp onds to addition mo dulo 3 of M and K . There has alr eady b een substan tial research on logic gate implemen tation b y a dy- namical system approac h and t he building of a chaotic computer (a computer where the comp onen t s are non-linear) [7, 8, 9]. An adv an ta g e our implemen tation has is that the input can b e a stream o f sym b ols which can b e buffered a nd the logical output whic h is an initial condition (a real n um b er who’s binary represen tation is the logical o utput) can also b e stored and the o ut put can b e giv en as a stream instead of p erforming the op eration for ev ery bit. In a sense, the dynamical system can b e used b o th to p erform the lo gical op- eration and ac cumulate and stor e the logical output sim ultaneously . It remains to b e seen 8 whether the new implemen t a tions prop osed in this pap er can b e deploy ed in the hardw are in an efficien t manner (fast, precise, compact and lo w-p ow er implemen tation). 7 Conclus ions W e ha v e established that finding the initial co ndition under switching of dynamical systems belonging to the class of Generalized Lur¨ oth Series acts as an unifying framew ork f or lossless compression, randomized arithmetic co ding, p erfect secrecy systems and implemen tation of logic gates. References [1] C.E. Shannon, A Sym b olic Analysis of R ela y and Switc hing Circuits, Thesis (M.S), Massac h usetts Institute of T ec h., Dept. of Electrical Engineering (1940) [2] C.E. Shannon, A Mathematical Theory o f Communic ation, Bell Sys. T ec h. J. 27 (1948) 379–423. [3] C.E. Shannon, Comm unication Theory of Secrecy Systems, Bell System T ec hnical Jour- nal 28 (19 49) 656–715 . [4] K. Da jani, C. Kraaik amp, Ergo dic Theory of Num b ers, 29. Mathematical Asso ciation of America, W a shington, DC (2002) [5] N. Nagara j, P .G. V aidy a, K.G. Bhat, Arithmetic Co ding as a Non-linear D ynamical Sys- tem, Comm. in Non-linear Science and Numerical Sim. doi 1 0.1016/j .cnsns.2007.12 .001 (2007) [6] M. Grangetto, A. Grosso, E. Magli, Selectiv e Encryption of JPEG2000 Images b y Means of Ra ndomized Arithmetic Co ding, IEEE 6t h W orkshop on Multimedia Signal Pro cess - ing, Sienam, Italy (2004) 347–350. [7] S. Sinha, W.L. D itto, Dynamics based computation, Ph ys. Rev. Lett. 8 1 ( 1998) 21 5 6– 2159. [8] S. Sinha, W.L. Ditto , Computing with distributed chaos, Ph ys. Rev. E. 60 (1999) 363 – 3 7 7. [9] T. Munak ata, S. Sinha, W.L. D itto, Chaos Computing: Implemen tation of F undamen tal Logical G ates b y Chaot ic Elemen t s, IEEE T rans o n circuits and sys.-I: F undamen tal theory and apps. 49(11) ( 2 002) 1629 – 1633. 9