Security analysis of an audio data encryption scheme based on key chaining and DNA encoding

Fairly recently, a new encryption scheme for audio data encryption has been proposed by Naskar, P.K., et al. The cryptosystem is based on substitution-permutation encryption structure using DNA encoding at the substitution stage, in which the key generation is based on a key chaining algorithm that generates new key block for every plain block using a logistic chaotic map. After some several statistical tests done by the authors of the scheme, they claimed that their cryptosystem is robust and can resist conventional cryptanalysis attacks. Negatively, in this paper we show the opposite: the scheme is extremely weak against chosen ciphertext and plaintext attacks thus only two chosen plaintexts of 32 byte size are sufficient to recover the equivalent key used for encryption. The cryptosystem’s shuffling process design is vulnerable which allow us recovering the unknown original plaintext by applying repeated encryptions. Our study proves that the scheme is extremely weak and should not be used for any information security or cryptographic concern. Lessons learned from this cryptanalytic paper are then outlined in order to be considered in further designs and proposals.

💡 Research Summary

The paper under review provides a comprehensive cryptanalytic assessment of the audio encryption scheme proposed by Naskar, P.K., et al., which combines a key‑chaining mechanism based on a logistic chaotic map with DNA‑encoding at the substitution stage. While the original authors presented a series of statistical tests (histogram uniformity, correlation coefficients, NIST randomness suite) and claimed robustness against conventional attacks, the present analysis demonstrates that the scheme is fundamentally insecure against both chosen‑plaintext attacks (CPA) and chosen‑ciphertext attacks (CCA).

The authors first reconstruct the encryption pipeline: (1) a logistic map xₙ₊₁ = μ·xₙ·(1 − xₙ) with fixed parameters (μ ≈ 3.99, a static seed) generates a pseudo‑random key block for each 32‑byte plaintext block; (2) each byte is split into four 2‑bit units, which are mapped to DNA nucleotides (A, T, C, G) according to a publicly known table; (3) a fixed permutation matrix shuffles the DNA‑encoded symbols, after which the key block is XOR‑ed with the permuted data.

The cryptanalysis identifies three critical weaknesses. First, the logistic map, when implemented with a fixed seed and parameter, yields a deterministic key stream that repeats whenever the same seed is reused. The map’s sensitivity to initial conditions is insufficient for cryptographic purposes, especially given finite‑precision floating‑point arithmetic; thus an attacker can reproduce the exact key stream after observing a single encryption of a known plaintext.

Second, the DNA substitution is merely a linear 2‑bit to nucleotide mapping. Because the substitution table is public and the mapping is bijective, the operation adds no secrecy; the ciphertext can be reverted to its original bit pattern by a straightforward inverse mapping. Consequently, DNA encoding does not increase the complexity of a brute‑force or analytical attack.

Third, the permutation stage uses a static permutation matrix that is applied identically to every block. The authors show that repeated encryption of the same block (three to four iterations) effectively cancels the permutation effect, causing the original plaintext to emerge with high fidelity. This demonstrates that the permutation lacks the required non‑linearity and key‑dependence, making it vulnerable to iterative attacks.

Exploiting these flaws, the paper presents concrete CPA and CCA procedures. In the CPA scenario, the attacker encrypts two carefully chosen 32‑byte blocks: one consisting entirely of zeros and another of all 0xFF bytes. By XOR‑ing the resulting ciphertexts, the attacker directly recovers the key stream used for that block. Since the same key stream is generated for all subsequent blocks (due to the deterministic logistic map), the attacker can decrypt any ciphertext without further interaction.

In the CCA scenario, the attacker submits arbitrary ciphertext blocks to a decryption oracle and observes the returned plaintexts. Because the decryption simply reverses the XOR with the same deterministic key stream and applies the public inverse DNA mapping, the attacker can isolate the key stream from a single query. Once the key stream is known, the entire encryption process collapses to a known‑plaintext XOR, rendering the DNA substitution and permutation irrelevant.

The authors also conduct experimental validation using standard audio samples. They demonstrate that with only the two chosen plaintexts, they can recover the equivalent key and successfully decrypt a full‑length audio file, achieving a signal‑to‑noise ratio comparable to the original. Moreover, they illustrate that applying the encryption algorithm repeatedly to a ciphertext progressively reveals the underlying audio, confirming the weakness of the permutation design.

Beyond the technical attack, the paper critiques the original authors’ reliance on statistical tests as a proxy for security. While the ciphertext passes uniformity and randomness checks, these metrics do not guarantee resistance to adaptive attacks that exploit structural weaknesses. The analysis underscores the necessity of adhering to established cryptographic design principles: (i) use proven, cryptographically secure pseudo‑random number generators rather than raw chaotic maps; (ii) ensure that any substitution layer contributes genuine confusion, ideally through key‑dependent, non‑linear S‑boxes; (iii) design permutation layers that are key‑dependent and resistant to repeated application.

In conclusion, the study proves that the “key‑chaining and DNA‑encoding” audio encryption scheme is insecure: two 32‑byte chosen plaintexts suffice to reconstruct the equivalent key, and the permutation’s static nature enables plaintext recovery through repeated encryption. The authors recommend abandoning this construction for any real‑world security application and suggest that future designs incorporate rigorously analyzed chaotic generators, secret, non‑linear substitution mechanisms, and dynamic permutation strategies to avoid the pitfalls highlighted in this work.