Cryptanalysis of a computer cryptography scheme based on a filter bank

The application of chaotic systems to cryptographical issues has been a very important research topic since the 1990s [1][2][3][4]. This interest was motivated by the close similarities between some properties of chaotic systems and some characteristics of well-designed cryptosystems [5, Table 1]. Nevertheless, there exist security defects in some chaos-based cryptosystems such that they can be partially or totally broken [6][7][8][9][10][11].

In [12] the encryption procedure is carried out by decomposing the input plaintext signal into two different subbands and masking each of them with a pseudo-random number sequence generated by iterating the chaotic logistic map. The decomposition of the input plaintext signal x[n] is driven by

(1)

where h 0 , h 1 are so-called “analysis filters” and K 0 , K 1 are gain factors.

Then, the masking stage generates the ciphertext signal (v 0 [n], v 1 [n]) according to the following equations:

where α i (u) = u + s i [n] and s i [n] is the state variable of a logistic map with control parameter λ i ∈ (3, 4) defined as follows

Substituting 3) and ( 4), we have

The secret key of the cryptosystem is composed of the initial conditions and the control parameters of the two logistic maps involved, i.e., s 0

The decryption procedure is carried out by doing

Then, the plaintext signal is recovered with the following filtering operations: where f 0 , f 1 are so-called “synthesis filters”. To ensure the correct recovery of the plaintext signal, the analysis and synthesis filters must satisfy a certain requirement as shown in Eq. ( 8) of [12]. The reader is referred to [12] for more information about the inner working of the cryptosystem.

This paper focuses on the security analysis of the above cryptosystem. The next section points out a security problem about the reduction of the key space. Section 3 discusses how to recover the secret key of the cryptosystem by a known-plaintext attack. In the last section the conclusion is given.

As it is pointed out in [5, Rule 5], the key related to a chaotic cryptosystem should avoid non-chaotic areas. In [12] it is claimed that the key space of the cryptosystem under study is given by the set of values λ i and s i [0] satisfying 3 < λ i < 4 and 0 < s i [0] < 1 for i = 0, 1. However, when looking at the bifurcation diagram of the logistic map (Fig. 1), it is obvious that not all candidate values of λ i and s i [0] are valid to ensure the chaoticity of the logistic map. There are periodic windows which have to be avoided by carefully choosing λ i . As a consequence, the available key space is drastically reduced.

For n = 0, the values of the subkeys s 0 [0] and s 1 [0] have been obtained. Furthermore, we can obtain the control parameters by just doing the following operations for i = 0, 1:

In [12], the authors did not give any discussion about the finite precision about the implementation of the cryptosystem in computers. If the floating-point precision is used, then the value of λ i can be estimated very accurately. It was experimentally verified that the error for the estimation of λ i using ( 13), and working with floating-point precision, was never greater that 4 • 10 -12 . If the fixed-point precision is adopted, the deviation of the parameter λ i estimated exploiting Eq. ( 13) from the real λ i may be very large. Fortunately, according to the following Proposition 1 [13, Proposition 2], the error is limited to 2 4 /2 L (which means only 2 4 possible candidate values to be further guessed) when s[n + 1] ≥ 0.5.

) is iterated with L-bit fixed-point arithmetic and that s(n + 1) ≥ 2 -i , where 1 ≤ i ≤ L. Then, the following inequality holds: |λ -λ| ≤ 2 i+3 /2 L , where

In this paper we have analyzed the security properties of the cryptosystem proposed in [12]. It has been shown that there exists a great number of weak keys derived from the fact that the logistic map is not always chaotic. In addition, the cryptosystem is very weak against a known-plaintext attack in the sense that the secret key can be totally recovered using a very short plaintext.

Consequently, the cryptosystem introduced by [12] should be discarded as a secure way of exchanging information.

In[12], the authors use x i to denote the state variable of the logistic map. However, this nomenclature may cause confusion because the plaintext signal is denoted by x. Therefore, we turn to use another letter, s. In addition, we unify the representation of x i (k) to be in the form s i [n] because all other signals are in the latter form.

This content is AI-processed based on open access ArXiv data.