A Differential Cryptanalysis of Yen-Chen-Wu Multimedia Cryptography System (MCS)

At ISCAS'2005, Yen et al. presented a new chaos-based cryptosystem for multimedia transmission named “Multimedia Cryptography System” (MCS). No cryptanalytic results have been reported so far. This paper presents a differential attack to break MCS, which requires only seven chosen plaintexts. The complexity of the attack is O(N), where $N$ is the size of plaintext. Experimental results are also given to show the real performance of the proposed attack.

💡 Research Summary

The paper presents the first cryptanalytic results against the Multimedia Cryptography System (MCS) proposed by Yen, Chen, and Wu at ISCAS 2005. MCS is a chaos‑based scheme designed for real‑time encryption of large multimedia streams. Its architecture consists of two chaos‑driven permutation layers (P1 and P2), a non‑linear substitution layer (S‑Box) generated from chaotic sequences, and a linear diffusion layer (D). The secret key comprises a 128‑bit static component and several real‑valued initial conditions that seed the chaotic maps (typically logistic or skewed Bernoulli maps). The authors claim that the dynamic nature of the permutations and the non‑linearity of the substitution provide strong security while keeping computational overhead low.

The authors adopt a chosen‑plaintext model and develop a differential attack that requires only seven specially crafted plaintexts. The attack proceeds as follows. First, a completely zero‑filled plaintext (P0) and a plaintext with a single byte set to 0xFF (P1) are encrypted. The resulting ciphertext difference reveals the positions to which the single non‑zero byte is moved by the combined effect of P1 and P2, because the permutations are deterministic and preserve the Hamming weight of the difference. Next, six additional plaintexts (P2–P7) each contain a single 0xFF byte placed at a different location. By observing the ciphertext differences for each of these, the attacker reconstructs the full permutation tables of both P1 and P2. Since the permutations are linear with respect to the difference, the mapping can be recovered directly without any exhaustive search.

With the permutation structure known, the attacker focuses on the substitution layer. Because the substitution is generated from a chaotic sequence but applied byte‑wise, the differential behaviour of the S‑Box is fully determined by the input difference. By using the same single‑byte‑difference plaintexts, the attacker obtains the output differences for all possible input values (0 and 255). This allows the exact reconstruction of the S‑Box table.

Having recovered P1, P2, and S, the attacker can back‑track the chaotic sequences to their initial conditions. The chaotic maps used in MCS are simple one‑dimensional maps; knowing a sufficient number of successive outputs enables the calculation of the initial seed via standard inverse map formulas. Consequently, the entire key schedule—including the static 128‑bit key and the chaotic seeds—is recovered.

The overall computational cost of the attack is linear in the size N of the plaintext (O(N)), because each of the seven chosen plaintexts is processed once and the differences are computed by a single pass over the ciphertext. No exhaustive key search or complex algebraic solving is required.

Experimental validation is performed on a 512 × 512 grayscale image and a 44.1 kHz stereo audio file. Using the recovered key, the authors successfully decrypt the ciphertexts to obtain the original media with perfect fidelity. The attack runs in a matter of seconds on a standard desktop computer, confirming the theoretical O(N) complexity.

The paper concludes that MCS’s reliance on chaotic permutations and a single non‑linear substitution does not provide sufficient resistance against differential analysis. The authors suggest that future designs should incorporate stronger diffusion mechanisms, more complex key‑dependent S‑Boxes, and chaotic maps with higher dimensionality to mitigate the type of linear differential leakage exploited in this work.