hardware realization of chaos based symmetric image...
TRANSCRIPT
Hardware Realization of
Chaos Based Symmetric
Image Encryption
Thesis by
Mohamed L. Barakat
In Partial Fulfillment of the Requirements
For the Degree of
Master of Science in Electrical Engineering
King Abdullah University of Science and Technology
Thuwal, Kingdom of Saudi Arabia
June 2012
2
COMMITTEE APPROVALS
Examination Committee:
Chair :
Dr. Khaled Nabil Salama
Supervisor
Assistant Professor
Member:
Dr. Mohamed-Slim Alouini
Professor
Member:
Dr. Tareq Al-Naffouri
Associate Professor
4
ABSTRACT Hardware Realization of Chaos Based Symmetric
Image Encryption
Mohamed L. Barakat
This thesis presents a novel work on hardware realization of symmetric image
encryption utilizing chaos based continuous systems as pseudo random number
generators. Digital implementation of chaotic systems results in serious degradations in
the dynamics of the system. Such defects are illuminated through a new technique of
generalized post proceeding with very low hardware cost. The thesis further discusses
two encryption algorithms designed and implemented as a block cipher and a stream
cipher. The security of both systems is thoroughly analyzed and the performance is
compared with other reported systems showing a superior results. Both systems are
realized on Xilinx Vetrix-4 FPGA with a hardware and throughput performance
surpassing known encryption systems.
5
ACKNOWLEDGEMENTS
First and foremost all praises to Allah the exalted and the most generous, for without
His mercy and blessings I would not be able to complete this thesis. From Him I seek
forgiveness for any unintended remissness and to Him I pray to earn Thawab from a
work direct to the benefit of the Umma and humanity.
Second I would like express my deep gratitude to my family and friends for their
continuous prayers and encouragement. My sincere appreciation also goes to Dr. Khaled
Salama and Dr. Ahmed Radwan for their guidance and fruitful advice throughout the
course of this research. Special thanks to those who I worked with in the research group
especially Mohamed Zidan and Abhinav Mansingka for their constructive collaboration.
Finally I would like to thank all my thesis committee members: Dr. Khaled Salama,
Dr. Slim Alouini, and Dr. Tareq Al-Naffouri for their time and effort.
6
TABLE OF CONTENTS
ACKNOWLEDGEMENTS ................................................................................................................. 5
TABLE OF CONTENTS .................................................................................................................... 6
LIST OF FIGURES ........................................................................................................................... 9
LIST OF TABLES ........................................................................................................................... 11
INTRODUCTION ............................................................................................................................ 13
I. Overview ........................................................................................................................... 13
II. Types of Encryption ..................................................................................................... 15
III. Image Encryption ......................................................................................................... 16
IV. Motivation and Contribution ...................................................................................... 17
CHAPTER ONE ............................................................................................................................. 19
I. Chaos and Encryption ..................................................................................................... 19
a. Introduction to Chaos .................................................................................................. 19
b. Chaos Based Cryptography ........................................................................................ 21
II. Literature Survey ......................................................................................................... 22
III. Digital Implementation of Chaos ................................................................................ 23
a. Hardware Realization .................................................................................................. 23
b. Defects in Digital Chaos ............................................................................................... 24
c. Post processing of CB-PRNGs .................................................................................... 27
CHAPTER TWO ............................................................................................................................. 35
I. Key Analysis ..................................................................................................................... 35
a. Key Space Analysis ...................................................................................................... 35
b. Key sensitivity Analysis ............................................................................................... 35
II. Histogram Analysis ...................................................................................................... 36
a. Visual Analysis ............................................................................................................. 36
b. Chi-square Test ............................................................................................................ 36
a. Cross Correlation ......................................................................................................... 38
b. Auto Correlation .......................................................................................................... 38
7
IV. Entropy Analysis .......................................................................................................... 38
V. Differential analysis ......................................................................................................... 39
a. NCPR ............................................................................................................................ 39
b. UACI ............................................................................................................................. 40
CHAPTER THREE ......................................................................................................................... 41
I. Encryption Algorithm ..................................................................................................... 41
a. Confusion ...................................................................................................................... 42
b. Diffusion ........................................................................................................................ 43
II. Hardware Realization .................................................................................................. 44
a. Masking Unit ................................................................................................................ 45
b. Sorting Unit .................................................................................................................. 46
III. Security analysis ........................................................................................................... 49
a. Key Analysis ................................................................................................................. 49
b. Histogram Analysis ...................................................................................................... 50
c. Correlation Analysis .................................................................................................... 51
d. Entropy Analysis .......................................................................................................... 52
e. Differential Analysis .................................................................................................... 53
f. Comparison with Previous Work ............................................................................... 54
CHAPTER FOUR ........................................................................................................................... 56
I. Encryption Algorithm ..................................................................................................... 56
II. Hardware Realization .................................................................................................. 59
III. Security analysis ........................................................................................................... 63
a. Key Analysis ................................................................................................................. 63
b. Histogram Analysis ...................................................................................................... 64
c. Correlation Analysis .................................................................................................... 65
d. Entropy Analysis .......................................................................................................... 67
e. Differential Analysis .................................................................................................... 67
f. Comparison with Previous Work ............................................................................... 68
CONCLUSION ................................................................................................................................ 70
REFERENCES ................................................................................................................................ 72
8
LIST OF ABBREVIATIONS
Abbreviation Description
AES Advanced Encryption Standard
CB-PRNG Chaos-Based Pseudo Random Number Generators
DSA Digital Signature Algorithm
FFT Fast Fourier Transform
IDEA International Data Encryption Algorithm
MLE Maximum Lyapunov Exponent
MSE Mean Square error
NCPR Number of Pixels Change Rate
NIST National Institute of Standards and Technology
ODE Ordinary Differential Equation
PRNG Pseudo Random Number Generators
RC-4/5 Rivest Cipher 4/5
RSA Ron Rivest, Adi Shamir and Leonard Adleman Algorithm
UACI Unified Average Changing Intensity
USC-SIPI
University of Southern California – Signal and Image
Processing Institute
9
LIST OF FIGURES
Figure Description Page
Fig. 1.1 Symmetric encryption. 15
Fig. 1.2 Asymmetric encryption. 16
Fig. 2.1 Experimentally obtained (a) X-Y, (b) Y-Z, (c) Z-X attractors, in
addition to (d) time series, and (e) FFT of X. 25
Fig. 2.2 Auto-correlations of X, Y and Z. 26
Fig. 2.3 Histogram of the output (a) X, (b) Y, (c) Z. 26
Fig. 2.4 Representation of the proposed bit location permutation. 28
Fig. 2.5 Schematic of the proposed post-processing circuit. 30
Fig. 2.6 Experimentally obtained (a) U-V, (b) V-W, (c) W-U attractors, in
addition to (d) time series, and (e) FFT of U. 31
Fig. 2.7 Auto-correlations of U, V and W. 31
Fig. 2.8 Histogram of the output (a) X, (b) Y, (c) Z. 32
Fig. 4.1 Block diagram of the encryption system. 42
Fig. 4.2 The selection scheme in the confusion and diffusion process. 43
Fig. 4.3 The hardware architecture of the cipher. The decipher will have the
same architecture but reversing the process. 44
Fig. 4.4 Architecture of the insertion sort algorithm implemented as Parallel
Shift Sort scheme. 46
10
Fig. 4.5 Simulation results of the input image signal and output signals from
cipher and decipher. 48
Fig. 4.6
Experimentally obtained results of (a) input test image, (b) stair-case
input signal, (c) FFT of the input signal, (d) output signal from the
cipher, (e) FFT of the ciphered signal,, and (f) output signal from the
decipher.
48
Fig. 4.7
Key sensitivity on analysis showing (a) original, (b) ciphered, and (c)
wrong deciphered images, in addition to the corresponding visual
histogram analysis (d)-(f) respectively.
50
Fig. 4.8
Pixels correlation analysis (block size = 4) showing horizontal
correlation of (a) original, (b) ciphered, vertical correlation of (c)
original, (d) ciphered, and diagonal correlation of (e) original, (f)
ciphered.
52
Fig. 5.1 Circuit diagram of the fully digital 3rd order ODE-based chaos
generator with signum nonlinearity in X and controllable size. 60
Fig. 5.2
Circuit diagram of the encryption system. The ciphering is divided
into four main stages. 61
Fig. 5.3 Permutation scheme in both the cipher and decipher. 62
Fig. 5.4 Simulation results of the input image signals and output signals from
cipher and decipher. 62
Fig. 5.5
Experimentally obtained results of (a) input test image (RED
component), (b) stair-case input signal, (c) FFT of the input signal,
(d) output signal from the cipher, (e) FFT of the ciphered signal,, and
(f) output signal from the decipher.
63
Fig. 5.6 MSE values with respect to number of error bits in the decryption. 63
Fig. 5.7
Visual analysis for the encryption quality. (a) Original image, (b)
ciphered image, (c) wrong deciphered image (1-bit error in the key),
in addition to (d)-(f) histograms of the RGB components for the
original image and similarly (g)-(i) for the ciphered image.
65
Fig. 5.8
Visual inspection for the horizontal correlation. (a)-(c) Original
image RGB colors respectively, and similarly (d)-(f) ciphered image
RGB.
66
11
LIST OF TABLES
Table Description Page
Table 2.1 Comparison Between Chaos Systems and Cryptographic
Algorithms. 21
Table 2.2 Cross Correlation Coefficients of Original Chaos. 26
Table 2.3 Cross Correlation Coefficients of Processed Chaos. 31
Table 2.4
NIST SP. 800-22 and Xilinx Virtex 4 FPGA Experimental Results
Test Results for the Original, Von Neumann, 2-bit XOR Corrector,
Truncation, and Proposed Post Processing Technique with = 1, 2, 4,
8. Von Neumann is Implemented in Software
33
Table 2.5
System Descriptions, NIST SP. 800-22 Results, FPGA Results and
Oscilloscope Snapshots of the Attractors for the Original output and
Post Processed of Lorenz, Chen, Elwakil and Sprott Chaotic
Oscillators.
34
Table 4.1 Synthesis Report for Different Block Sizes in the Cipher. 47
Table 4.2 Synthesis Report for Different Block Sizes in the Decipher. 47
Table 4.3 Correlation Coefficient Between the Plain Image and Wrong
Deciphered Image. 49
Table 4.4 Cross and Auto Correlation Coefficients of the Ciphered Image. 51
Table 4.5 Entropy Values for the Ciphered Image. 53
Table 4.6 Differential Analysis Tests. 53
Table 4.7 Correlation, Entropy and Differential Analysis Results for Gray-
Scale Images. 54
Table 4.8 Comparison Between the Proposed System and Other Reported
Block Ciphers. 54
12
Table 4.9 Comparison in the Hardware Performance Between the Proposed
Cipher and Other Reported Systems. 55
Table 5.1 Experimental Results on XC4VSX35-10FF668 FPGA for the Cipher
and Decipher Systems. 61
Table 5.2 Correlation Coefficients for the Horizontal, Vertical, and Diagonal
Orientations for Both Original and Ciphered Images. 66
Table 5.3 Entropy Results for Original and Ciphered images for all color
components. 67
Table 5.4 Differential Analysis Results for all Color Components. 67
Table 5.5 Correlation, Entropy and Differential Analysis Results for Colored
Images Obtained from USC-SIPI Image Database. 68
Table 5.6 Comparison in the Security Analysis Results Between the Proposed
Cipher and Other Reported Systems. 69
Table 5.7 Comparison in the Hardware Performance Between the Proposed
Cipher and Other Reported Systems. 69
13
INTRODUCTION
I. Overview
Cryptology is the study of hiding meaningful information during the course of
communication between two entities using a public channel assumed to be accessible by
third entities called the adversaries. The adversary is a third party that aims to either
decode the message being sent, interfere and corrupt the message, or recognize the
identity of the sender (source) or the receiver (destination). History of cryptology goes
back to the Greek era when Julius Caesar used a simple substitution algorithm, latter
known as the Caesar cipher, to communicate with his troops. The algorithm in its
primitive form shifts message letters by a fixed number in the alphabet [1]. At that time
the Caesar cipher remained a reasonably secure encryption until it was proved to
be vulnerable in the 9th century by a Muslim scholar Al-Kindi [2] in his book A
Manuscript on Deciphering Cryptographic Messages.
Cryptology is divided into two branches: Cryptography and Cryptanalysis.
Cryptography is the study of the methodology or the algorithm used for hiding the
information from the adversaries. In a system level, all cryptosystems are modeled as:
m: original message data
c: ciphered message data
K: set of possible keys involved
E: encryption transformation or function
14
D: decryption transformation or function
In the encryption process, a cipher is the algorithm used to encode the original data as
follows:
(1.1)
where Ke is the encryption key used in function E. It follows that the decryption process
is expressed as:
(1.2)
where Kd is the decryption key used in function D. Techniques developed in cryptography
are directly accountable for [3]:
1. Confidentiality: information protection from unauthorized access.
2. Data integrity: protection from any manipulation in the data by the adversary.
3. Non-repudiation: proof of the origin of the data.
4. Authentication divided into:
a. Entity authentication: guarantee the identities of parties in communication.
b. Message authentication: verification of integrity and authenticity of data.
On the other hand, cryptanalysis is concern about the security of the encryption
algorithm and studies all possible techniques (known as attacks) to fully recover or
partially reconstruct the message. Cryptanalysis put forth a practical assumptions based
on the adversary intelligence about the cryptosystem and the original message
characteristics. The resistance of the cryptosystem against cryptanalysis attacks is
considered as a measure of its performance; and thus, it is used as an evaluation.
Cryptosystems surviving all cryptanalysis attacks are considered secure.
15
II. Types of Encryption
Encryption systems can be classified on the basis of methods of key distribution, or
structure of the encryption algorithm. According to the key distribution, encryption
systems are categorized as symmetric systems and asymmetric systems. In the symmetric
systems, shown in Fig. 1.1, all users in the communication network (Bob, and Alice in
this example) share the same key (Ke = Kd). Both encryption and decryption are done
using this key. This type of systems depends on the assumption that the adversaries
cannot obtain the secret key which is not always practical. Examples of symmetric
encryption are: the Advanced Encryption Standard (AES), International Data Encryption
Algorithm (IDEA), and RC4.
On the other hand asymmetric systems, shown in Fig. 1.2, depend on different class
of mathematical transformations in which each user in the network has two keys: public
and private keys. The public key of each node is announced to every other node whereas
the private key is hidden. Messages are encrypted using the receiver’s public key and
can only be decrypted by corresponding private key (Ke ≠ Kd). The keys are related
mathematically through an irreversible function and thus the private key cannot be
Hello World £3$sD&*(=+
BobEncryption
Original
Message
KeyCiphered
Message
Hello World
Alice
Deciphered
Message
Decryption
Key
Communication
Channel
Fig. 1.1 Symmetric encryption.
16
derived from the public key. Examples of private key encryption are: Digital Signature
Algorithm (DSA), and RSA.
BobPublic Key
Private Key
Hello World £3$sD&*(=+Encryption
Original
Message
Public Key
Ciphered
Message
Hello World
Deciphered
Message
Decryption
Private Key
Communication
ChannelAlice
Public Key
Private Key
Fig. 1.2 Asymmetric encryption.
In terms of the output data, encryption systems can be classified into block ciphers or
stream ciphers. Block ciphering transforms an original block of data into a block of
ciphered data of the same length. The length of the block used is called the block size.
Block ciphers require memory and are suitable in data storage applications. Examples of
block ciphers are: Data Encryption Standard (DES), Blowfish, and RC5. Stream ciphers
generally operate on smaller data units, ranging from one bit to one byte; and therefore,
can be designed to achieve faster data rates and smaller area than block ciphers.
Compression algorithms usually are associated with stream ciphers to get rid of the
redundancy in the bits. Stream ciphers are suitable for applications require fast
transmission rates such as mobile communications. Examples of stream ciphers are:
Rabbit, Salsa20, and Trivium.
III. Image Encryption
Image data characteristics are totally different from text data in terms of the nature of
the bits constituting image pixels and accordingly in terms of the security requirements in
17
encryption algorithms. Some features of image data are summed in [4] as: high
redundancy, bulk capacity, uneven distribution of color intensities, and strong correlation
between pixels in the horizontal, vertical, and diagonal orientations. Such characteristics
impose the following challenges in the image encryption [4]:
1. Bits in the ciphered image should appear random with uniform histogram and do
not imply any statistical relationship about the original image.
2. Correlation in the ciphered image is kept minimal in all directions.
3. Encryption is done for the whole image with equal security levels.
Perhaps the most important requirement in image encryption is to satisfy the
confusion and diffusion properties identified by Shannon [5]. Confusion in image
encryption refers to changing the value of each pixel in the original image through a
complex transformation. The relationship between original pixels and the corresponding
ciphered ones cannot be determined easily. Diffusion refers to the property of dividing
the influence of each bit in the original image over many bits in the ciphered image.
Consequently a change in one bit in the original image results in a completely different
ciphered image.
IV. Motivation and Contribution
Encryption using software platforms provides an access to several advanced
resources, and therefore, performs computationally more complex arithmetic operations
by the virtue of using micro-processors. However, it is inconvenient to use a micro-
processor in standalone applications, such as mobile devices, to provide secure
communications because of the huge area penalty. Unlike Software implementations,
18
encryption using hardware platforms provides an efficient solution for simple, yet secure,
encryption requiring small on-chip area and small power, and therefore, fewer resources.
In addition, a dedicated chip for encryption achieves much higher speeds in data
processing than a microprocessor running software. To the best knowledge of the author,
chaos-based ciphers utilized for image encryption applications have never been realized
on hardware.
This thesis presents an original work in the field of symmetric digital image
encryption exploiting chaos theory as an attempt to propose robust and secure ciphering.
The thesis includes two ciphering algorithms for image encryption operating as block and
stream ciphers in order to serve wide range of applications. The thesis focuses on the
circuit design and hardware realization of both ciphers in addition to presenting a
complete security analysis of the output. Furthermore, the results are compared with
previously reported systems and show superior performance. All systems are written in
VHDL and synthesized on Xilinx Virtex-IV FPGA.
The rest of the thesis is organized as follows: chapter one introduces chaos based
image encryption, discusses the flows in digital chaos, and proposes a solution for such
defects. Chapter two discusses the cryptanalysis framework followed in analyzing the
security of the proposed ciphers. Chapter three and four discussed the encryption
algorithm and the digital implementation for block and stream ciphers respectively.
Finally, the conclusion summarizes the work presented in this thesis and provides some
suggestions for the future work and research.
19
CHAPTER ONE
(DIGITAL CHAOS ENCRYPTION)
This chapter introduces chaos theory in general as a dynamical system and the
difference from other systems. Furthermore, it continues in discussing the relationship
between chaos and encryption. Finally, a discussion of the defects resulted from digital
implementation of chaos is presented and an efficient generalized solution is proposes.
I. Chaos and Encryption
a. Introduction to Chaos
Chaos is defined as the property exists in deterministic nonlinear dynamical systems
that show random behavior. A dynamical system is referred to a mathematical model,
usually for natural phenomena, includes the set of all possible states of the system in
addition to a fixed set of equations describing the evolution of the solution with time [6].
Chaotic systems are deterministic since the future behavior of the solution at any state is
fully determined by its fixed equations. Nonetheless, the behavior is unpredictable due to
the strong dependence of such system on the initial conditions producing an exponential
divergence in the solutions [7]. Chaotic dynamical systems can either be continuous or
discrete. Continuous dynamical systems can be expressed as follows:
(2.1)
20
where f is the function determining the behavior of the system, X is the set of the possible
state space and P is the space of control parameters. The curve ϕ(t,x) corresponds to the
evolution of the system over time and is called the trajectory or orbit. Similarly, discrete-
time dynamical systems can be expressed as follows:
(2.2)
where xn represents the state of the system and n is the iteration index with a trajectory
consists of the sequences x1, x2, x3, .. Generally, chaotic systems are characterized by [8]:
1. Sensitivity to initial conditions: achieves a positive maximum Lyapunov exponent
(MLE)1.
2. Ergodicity: the dynamical orbit passes through all regions in the phase space.
3. Short term predictability: the next state of the system is predictable knowing the
current one.
4. Continuous broad-band power spectrum.
Chaos theory was first discovered by Lorenz in 1963 [9] and grasped the attention of
many researchers afterwards. In nature, chaos has been observed in the weather [10],
population growth [11], molecular vibrations [12], in addition to dynamics of the solar
system [13]. Chaotic behavior was also found in laboratory-controlled environment such
as fluid dynamics [14], lasers [15], electrical circuits [16], and chemical reactions [17].
The realization of chaotic systems in analog [18] [19] or digital [20] [21] encouraged
their utilization in various fields targeting a wide range of applications. Nowadays chaos
is applied in microbiology [22], geology [23], economics [24] and many areas.
1 Given an arbitrary change in initial conditions, the MLE approximates the long-term divergence in the
output through the relation e [108].
21
b. Chaos Based Cryptography
With a noise-like output and sensitivity to initial conditions, it follows naturally to
employ chaos in security applications. Chaos was first utilized in the communication
field [25] to provide the desired security through several modulation schemes of
controllable continuous chaotic systems such as: additive masking [26] [27], chaos shift
keying [28] [29], and message embedding [30] [31]. Nowadays, chaotic oscillators are
used as pseudo random number generators (PRNGs) providing the needed randomness
for cryptographic applications. Similarities between chaotic systems and cryptographic
algorithms are listed in [32] [33] and can be summarized in Table 2.1. Chaotic systems
and cryptographic algorithms are both sensitive to initial conditions and control
parameters (or the key incase of the algorithms), as well as provide a random behavior
with long periods. Cryptographic algorithms generally operate on the original data
through rounds of encryption resulting in the desired diffusion and confusion. The
ergodic and mixing properties of chaotic systems yield a similar effect in spreading the
initial conditions on the entire phase space. Finally, cryptographic algorithms are defined
on finite sets, whereas, chaotic system are only defined on real numbers [34].
Table 2.1
Comparison Between Chaos Systems and Cryptographic Algorithms
Chaos Systems Cryptographic Algorithms
Defined over the set of real numbers Defined over finite set of integers
Iterations Rounds
Parameters and initial conditions Encryption key
Sensitive to initial conditions Diffusion
Deterministic dynamics Deterministic pseudo-randomness
22
II. Literature Survey
Chaos-based block ciphers have been previously implemented on software platforms
utilizing chaotic maps [35] [36] [37] [38] or continuous chaotic oscillators [39] [40] [41]
[42]. Although chaotic maps are easier in the hardware realization, continuous chaotic
oscillators have a higher throughput because they have higher dimensions. Most of the
proposed hardware designs discussed chaos-based ciphering only [43] [44] but not
specifically utilized for image encryption applications. The work documented in [45]
discussed an FPGA implementation of a chaos based image encryption utilizing Lorenz's
and Lu's differential systems as the random sequence generators. It was extended in [46]
to build a self-synchronizing cipher designed for applications such as data encryption and
secure communications of embedded systems. In both papers, the security of the system
against statistical attacks is not fully analyzed.
Unlike block ciphers [47], stream ciphering operates on smaller data units and
satisfies the high throughput requirement for data transmission [48]. Examples stream
ciphers are: RC4 [49] used in 802.11 Wi-Fi security protocol, E0 [50] used in Bluetooth
protocol, A5/1 [50] used in GSM communications, and SNOW 3G [51] used by the
3GPP group as a mobile cellular standard. Chaotic stream ciphers exploit CB-PRNGs to
generate a key stream necessary for masking and defusing image pixels. Flaws in CB-
PRNGs result in weak encryption prone to various cryptanalysis attacks [52]; and
therefore, are solved by the hybridization of two or more chaotic systems [39] [53] [54]
[40]. Consequently, hardware realization of such systems occupies larger areas and
operates on lower throughput rates losing the sole advantages of stream encryption. In
23
general, chaos based stream ciphers have been previously realized on hardware as in [55]
[56] [57]. However, such realizations were never tested for image encryption
applications.
III. Digital Implementation of Chaos
a. Hardware Realization
Discrete chaotic systems such as: Logistic map [58] [59], Tent map [60], Henon map
[61], in addition to continuous systems such as: Lorenz [62] [63], Chua [64] [65], Chen
[66], and Jerk [67] were previously realized in analog implementations. Such realization
utilizes passive elements like resistors, inductors, and capacitors to calculate and store the
states of the chaotic system. Consequently, the state space in the analog circuits is defined
on the set of real numbers and matches the theoretical one. However, chaotic systems in
analog are affected by process variations and the operating temperatures [20] in addition
to occupying a large on-chip area due to the use of passive elements which is
inconvenient in today’s technology. Moreover, storing system’s states in analog using
inductors or capacitors creates a major problem in the synchronization between two
chaotic oscillators due to the leakage current and the difficulty in setting two initial
conditions to be exactly the same.
Digital design provides area efficiency, repeatability, portability, lower power
consumption, and integrability with IC technology [68]. Finite point representation
utilizing registers through fixed point or floating point representation is used to store the
states of the system. This digital realization guarantees the synchronization between two
systems with the same initial conditions. Discrete chaotic maps are very simple and
24
straightforward in digital [69] [70]. On the other hand, continuous chaotic systems are
first discretized, solved numerically using techniques like: Runge-Kutta, mid-point, or
Euler, and finally realized in digital [20] [71] [72] [73].
b. Defects in Digital Chaos
The performance of PRNGs is evaluated on the basis of period length,
unpredictability, and other statistical properties. Digital chaos based pseudo random
number generators (CB-PRNGs) suffer from serious dynamical degradations due to
quantization error and finite representation of system states, including loss of ergodicity
and shorter pseudo-orbits [74]. To thoroughly examine the defects in CB-PRNGs, a 3rd
order jerk chaotic system with maximum function nonlinearity, previously proposed and
realized in analog form in [75], is implemented digitally. The chaotic system is described
by the following set of first-order ODEs [75]:
(2.3a)
(2.3b)
(2.3c)
This system is digitally implemented in hardware by realizing the numerical solution
of the ODE exactly similar to [20] [71] [72] [73]. Euler approximation technique is
adopted here with a fixed point representation and a step-size h = 2-3
. The attractors (X-
Y-Z phase plots) of the output of the implemented circuit are shown in Fig. 2.1 (a-c)
implying a good correspondence with the analog attractor in [75]. Phase space
boundedness is a necessary but insufficient condition to indicate chaos. Finite fixed point
representations adopted for the digital realization of chaotic systems cause the output to
25
follow effectively periodic trajectories that are pseudo-chaotic [74] and approximate the
truly chaotic trajectories of the ODE. However, a positive maximum Lyapunov exponent
(MLE) for the output time series indicates the presence of chaotic dynamics. The
software based on [76] enables the calculation of the MLE from a time series of discrete
data and thus treats the digital output as if it were sampled from a truly chaotic source.
Using a 32-bit implementation, the MLE was found to be 0.1362. The system was
implemented on Xilinx-Virtex 4 FPGA.
(a)
(b)
(c)
(d)
(e)
Fig. 2.1 Experimentally obtained (a) X-Y, (b) Y-Z, (c) Z-X attractors, in addition to (d) time series,
and (e) FFT of X.
Due to the finite point representation, the most-significant bits are the primary
contributors in constructing the attractor shape illustrated in Fig. 2.1. Consequently, they
have slower transition rates compared to the low significant bits, and thus represent the
short-term predictability apparent in all chaotic systems [77]. In a digital context, this
creates an uneven distribution of pseudo-randomness across the output bits. The most
significant bits are not only biased but also highly correlated while the lower significance
bits show statistical randomness. The time series output and FFT of X are shown in Fig.
26
2.1 (d, e) indicating the short-term predictability in the output time series and an uneven
distribution of the power over the frequency spectrum in the FFT. Such characteristics in
CB-PRNGs reveal statistical information to the adversaries and result in weak encryption
prone to various cryptanalysis attacks [52]. To quantitatively assess the short-term
predictability, the auto-correlations of {X, Y, Z} outputs is shown in Fig. 2.2 and the
cross-correlation coefficients are shown in Table 2.2. Clearly, the outputs of the original
chaotic system are highly correlated and therefore suffer from short-term predictability.
Table 2.2
Cross Correlation
Coefficients of Original
Chaos
X - Y X - Z Y - Z
-0.0461 -0.7479 -0.0613
Fig. 2.2 Auto-correlations coefficient of X, Y and Z.
. One of the important features in cryptographically secure PRNGs is to have a uniform
histogram with no bias [52]. Fig. 2.3 depicts the histograms of the native {X, Y, Z}
output for 2,000,000 iterations and essentially approximates the probability density
function of the outputs. The output is not uniformly distributed over the entire range of
state space revealing statistical information about the nature of the chaotic system and
thus is not favorable in secure cryptography.
(a)
(b)
(c)
Fig. 2.3 Histogram of the output (a) X, (b) Y, (c) Z.
27
c. Post processing of CB-PRNGs
The possible area efficiency, high throughput and relatively easy digital
implementation of CB-PRNGs strongly motivate good post-processing techniques to
overcome statistical flaws in the output. The Von Neumann technique [78], XOR
correctors [79] [80], truncation of defective bits [71], hash-function post processing [68],
and linear code correctors [81] [82] are some known solutions to overcome bias and
enhance random properties of PRNGs [83]. While most previous solutions can solve
statistical defects, none of them preserves the raw RNG throughput and some incur a
huge hardware overhead. Nonetheless, XOR-based correctors in particular are efficient
solutions to remove statistical bias with a controllable hardware cost, according to the
equation [84]:
(2.4)
where X and Y are independent random variables with E(X) = µ and E(Y) = ν denoting
expectation values and ρ denoting correlation coefficient between X and Y. Assuming that
X is an ideal random variable (µ = 0.5) and Y is loaded with bias (ν = 0.5), the expression
indicates that the XOR operation gives a result with lower bias (E (X Y) 0.5) provided
that the correlation is low (ρ 0).
This report proposes a novel generic nonlinear XOR-based post-processing technique
with rotation and feedback to suppress short-term predictability and maximize the
throughput for CB-PRNGs with low hardware cost. The proposed post-processor uses a
subset of the random bits to suppress the bias in the non-random bits and consequently,
preserve throughput as follows:
28
1. Detection of Random Bits
The NIST SP. 800-22 test suite [85] assesses the statistical characteristics of the
output bitstreams, each of which is isolated and individually examined. Bitstreams that
fail the NIST tests are judged to be generated at defective bit locations. From a digital
implementation perspective, the number of defective bits in the bus width depends on the
number of integer bits in the fixed point representation, the Euler step size, and the
system characteristics, all of which are held constant here. It is found that a set of high-
significance bits from the X, Y and Z outputs of the generator are statistically defective.
2. Bit Location Permutation
Assume output branches {X, Y, Z} are corrected to the corresponding outputs {U, V,
W} respectively after applying the proposed post processing. Within a single branch, let
the number of statistically defective high-significance bits be β and let the total bus width
be N. In the proposed technique, the defective bits are overlapped, partially or fully, with
α statistically random bits from the same branch. The resulting bus of width γ = α + β is
rotated right by β-bits, creating a permutation P. This operation is illustrated in Fig. 2.4
and is described as follows (where B is bit position and U represents a bus of width N):
(2.5)
Fig. 2.4 Representation of the proposed bit location permutation.
29
3. Feedback and XORing
The output U is delayed one cycle, permuted, fedback, and bitwise XORed with the
corresponding un-rotated bits of the native output from the current cycle, described
mathematically as follows:
(2.6)
where {Xi} represents the N-bit native chaotic output, {Ui} represents the N-bit post-
processed output, P(Ui-1) represents the permutation described in (2.5) and Fig. 2.4, B
represents the bit position and i denotes the iteration number. The resultant output bit
stream is linearly independent from the bits constituting the operation due to feedback.
4. Choosing an Overlap Width
The proposed post processing technique utilizes α statistically random bits to reduce
the bias in the most significant β bits of each output branch. The correlation value ρ
described in (2.5) is inversely proportional to the size of α given the high correlation
initially depicted in the most significant bits of the native output. Thus, the width of α is
tuned such that ϵ ≤ α ≤ β where ϵ is the minimum number of random bits required for
effective reduction of bias and is dependent on the severity of the correlation in the top β
bits, the system characteristics, and implementation parameters. In this work, it has been
experimentally determined. Hardware efficiency motivates the upper bound for α ≤ β
wherein XOR operations between bits that are already statistically random bits is
avoided.
The circuit schematic of the proposed technique is shown in Fig. 2.5, where P
represents (2.5). The permutation is implemented through simple re-ordering of bits and
30
requires no hardware. Total hardware utilization for the post processor is 2-input XOR
gates and 1 N-bit register. Then the circuit is replicated for each of the three outputs of
the native chaotic system {X, Y, Z}, giving new post-processed outputs {U, V, W}.
Fig. 2.5 Schematic of the proposed post-processing circuit.
For the chaotic generator under test in this thesis, the defective bits in each of {X, Y,
Z} has been experimentally verified to be β = 14 with the minimum random bits required
for bias reduction determined as ϵ = 4. The system output is enhanced after applying the
proposed post processing technique. Fig. 2.6(a-c) depicts the U-V, V-W and W-U phase
plots in which values are seen to be uniformly distributed. The post processing enables
full coverage of phase space when compared to the original attractors in Fig. 2.1(a-c),
indicating period extension for the same bus width, arising from the introduction of
additional nonlinearities through the post-processor. A comparison of the output time
series of X from Fig. 2.1(d) and U in Fig. 2.6(d) reveals that short-term predictability is
completely dissolved when observing the post-processed output. The FFT of the native
output X shown in Fig. 2.1(e) and corrected output U are shown in Fig. 2.6(e), imply that
the post processing is able to efficiently spread signal power over the whole spectrum and
give the appearance of white noise, desirable for many applications.
31
(a)
(b)
(c)
(d)
(e)
Fig. 2.6 Experimentally obtained (a) U-V, (b) V-W, (c) W-U attractors, in addition to (d) time
series, and (e) FFT of U.
The auto-correlations of {U, V, W} are shown in Fig. 2.7 and the cross-correlation
coefficients are shown in Table 2.3. Unlike original auto-correlations depicted in Fig. 2.2,
the post-processed outputs have favorable delta-like auto-correlation. In addition, the post
processing suppresses the native cross-correlations. These findings indicate that the
proposed post processing has eliminated bias and suppressed short-term predictability.
Table 2.3
Cross Correlation
Coefficients of Processed
Chaos
U - V U - W V - W
-0.0006 -0.0008 0.0011
Fig. 2.7 Auto-correlations of U, V and W.
Similar to Fig. 2.3, Fig. 2.8 shows the histograms of the processed {U, V, W} outputs
over 2,000,000 iterations. Clearly, post-processing results in a desired uniform
distribution, spreading values equally over the full range of the state space.
32
(a)
(b)
(c)
Fig. 2.8 Histogram of the output (a) X, (b) Y, (c) Z.
The NIST SP. 800-22 statistical test suite [85] is used to assess randomness properties
of the system output using 2,000,000 iterations. Table 2.4 summarizes the NIST results
for a 32-bit implementation of the chaotic system under test and compares the
performance of the proposed post-processing technique with Von Neumann post
processing, 2-bit simple XOR correction and truncation of defective bits. Results are
represented by the proportion of passing sequences (PP) and the validity of P-value
distribution (PV). Von Neumann correction examines successive non-overlapping pairs
of bits from a single bitstream and produces the first bit only if the pair is different,
giving a compression ratio of 4 on average. This technique has been applied through
software in this report. In 2-bit simple XOR correction, pairs of bits are taken from the
biased and non-biased sections of the N-bit bus (i.e. bit N is compared with bit 1, bit N-1
with bit 2, etc.) and XORed, giving a compression ratio of 2. Truncation simply
eliminates statistically defective bits and thus does not require hardware. The results in
Table 2.4 show that the proposed technique provides full passage of NIST for all bits.
Moreover, the minimum value for efficient bias reduction of the statistically defective
bits is verified as α = ϵ = 4 with β = 14 in each of {X, Y, Z}.
33
Table 2.4
NIST SP. 800-22 and Xilinx Virtex 4 FPGA Experimental Results Test Results for the Original, Von
Neumann, 2-bit XOR Corrector, Truncation, and Proposed Post Processing Technique with = 1, 2,
4, 8. Von Neumann is Implemented in Software
Test Original
V. Neum
[78] XOR
[79] Trunc.
[71]
Proposed Post Processing
α = 1 α = 2 α = 4 α = 8
PV PP PV PP PV PP PV PP PV PP PV PP PV PP PV PP
M. bits X 0.72 X 0.80 1.00 1.00 1.00 1.00 0.99 0.98
B. Freq. X 0.74 X 0.81 1.00 1.00 X 0.94 0.98 0.96 0.99
C. Sums X 0.71 X 0.80 0.99 1.00 1.00 1.00 0.99 0.98
Runs X 0.60 X 0.64 1.00 1.00 1.00 1.00 1.00 0.98
L. Run X 0.69 X 0.73 1.00 0.98 0.99 0.99 0.98 0.98
Rank X 0.85 X 0.80 0.98 1.00 1.00 0.98 0.99 1.00
FFT X 0.72 X 0.76 1.00 0.98 1.00 0.99 1.00 1.00
N. O. T. X 0.68 X 0.73 0.99 0.99 0.99 X 0.95 0.99 0.99
O. Temp. X 0.69 X 0.73 0.98 1.00 1.00 1.00 1.00 0.98
Universal X 0.71 X 0.74 0.98 0.98 1.00 0.99 1.00 0.98
Ap. Entr. X 0.57 X 0.61 1.00 0.96 1.00 1.00 1.00 0.99
R. Exc. 0.99 0.97 0.99 0.99 0.99 0.99 0.99 0.99
R. E. V. 0.99 0.99 1.00 1.00 1.00 1.00 0.99 0.99
Serial X 0.57 X 0.65 0.99 0.99 0.98 0.98 0.99 0.99
L. Comp. X 0.94 X 0.81 1.00 0.96 1.00 0.98 1.00 1.00
Final Result Fail Fail Pass Pass Fail Fail Pass Pass
Experimental Results on the XC4VSX35-10FF668 FPGA (30,720 LUTs and 30,720 FFs)
Total LUTs 193 193 241 193 247 247 247 259
Total FF 96 96 96 96 141 144 150 162
Freq. [MHz] 160.80 160.80 160.80 160.80 160.80 160.80 160.80 160.80
Out B/Cycle 96 24 48 54 96 96 96 96
T.put [Gb/s] 15.44 3.86 7.72 8.68 15.44 15.44 15.44 15.44
The performance of the proposed technique is further evaluated for four different
chaotic oscillators: Lorenz [9], Chen [86], Elwakil [87] as implemented in [20], and
Sprott [75], as implemented in [73]. Full descriptions of the tested systems along with the
implementation parameters: bus width (N), integer width (NI), fraction width (NF), Euler
step size (h) and post processing parameters (α , β) are provided in Table 2.5. In all cases,
α = ϵ such that hardware efficiency is maximized. Table 2.5 also summarizes NIST
results before and after applying the proposed post processing for each system. Clearly,
the results verify the generalized behavior of the proposed circuit for different CB-
PRNGs with randomness enhancement, full utilization of the bus width and suppression
of short-term predictability in each case.
34
Table 2.5
System Descriptions, NIST SP. 800-22 Results, FPGA Results and Oscilloscope Snapshots of the
Attractors for the Original output and Post Processed of Lorenz, Chen, Elwakil and Sprott Chaotic
Oscillators
System
Description
Lorenz [9] Chen [86] Elwakil [87] [20] Sprott [75] [73]
N. linearity Multiplication Signum, Modulus Piecewise Signum
(N,NI,NF,h) (32, 8, 24, 2-6
) (32, 5, 27, 2-6
) (32, 5, 27, 2-5
) (32, 5, 27, 2-6
)
(α , β) (9, 15) (11, 20) (12, 20) (6, 24)
NIST SP. 800-22 Results
Test Original Processed Original Processed Original Processed Original Processed
PV PP PV PP PV PP PV PP PV PP PV PP PV PP PV PP
M. bits X 0.81 0.98 X 0.67 1.00 X 0.64 0.99 X 0.72 0.96
B. Freq. X 0.75 0.96 X 0.60 1.00 X 0.63 0.99 X 0.64 0.96
C. Sums X 0.80 0.98 X 0.67 1.00 X 0.63 0.99 X 0.72 0.97
Runs X 0.64 0.99 X 0.46 0.97 X 0.54 0.96 X 0.51 0.98
L. Run X 0.61 0.97 X 0.25 1.00 X 0.43 1.00 X 0.30 0.96
Rank X 0.79 0.99 X 0.56 1.00 X 0.67 1.00 X 0.60 0.98
FFT X 0.71 0.99 X 0.56 0.96 X 0.63 0.98 X 0.62 0.97
N. O. T. X 0.64 0.99 X 0.19 0.98 X 0.08 0.98 X 0.40 0.98
O. Temp. X 0.63 0.97 X 0.22 0.99 X 0.40 0.99 X 0.28 0.98
Universal X 0.67 1.00 X 0.31 0.99 X 0.45 1.00 X 0.31 0.98
Ap. Entr. X 0.56 1.00 X 0.14 0.97 X 0.37 0.99 X 0.18 0.97
R. Exc. 0.96 0.98 X - 0.99 X - 0.99 0.90 0.99
R. E. V. 1.00 1.00 X - 0.99 X - 0.99 0.96 0.99
Serial X 0.57 0.99 X 0.49 0.98 X 0.38 0.99 X 0.23 0.97
L. Comp. X 0.89 0.98 0.99 0.97 0.96 0.99 X 0.72 0.98
Final Result Fail Pass Fail Pass Fail Pass Fail Pass
Experimental Results Using the XC4VSX35-10FF668 FPGA (30,720 LUTs and 30,720 FFs)
Total LUTs 2711 2783 315 409 215 311 185 275
Total FF 96 168 96 189 96 192 96 186
Freq. [MHz] 56.92 56.92 130.71 130.71 146.56 146.56 162.42 162.42
Out B/Cycle 96 96 96 96 96 96 96 96
T.put [Gb/s] 5.46 5.46 12.55 12.55 14.07 14.07 15.59 15.59
Attractors
(X-Z , U-W)
35
CHAPTER TWO (EVALUATION OF IMAGE ENCRYPTION)
This chapter discusses general framework in evaluating the security of the encryption
system. Cryptanalysis attacks presented in this chapter focus on the security of both: the
chaotic generator, as well as the encryption algorithm. The following two subsequent
chapters assume the methodology presented in this chapter to define the strength of each
system against cryptanalysis attacks and compare it with other reported systems.
I. Key Analysis
a. Key Space Analysis
The brute-force attack is defined as to systematically check all possible keys until the
correct key is found [88]. The key in chaotic encryption systems represents the initial
states of the generator’s registers. Good encryption algorithm key space should be large
enough to make the brute-force attack inefficient. Therefore, the bigger the width of the
output the bigger the initial key will be.
b. Key sensitivity Analysis
Another necessary condition for any chaotic system is to be sensitive to the secret
key. Varying only one bit in the decipher generator’s initial states should result in a
completely wrong decryption. This behavior is directly related to the encryption
algorithm adopted in the cipher as well as the divergence of the solution in the chaotic
36
oscillator resulting in a different chaotic stream. The higher the positive MLE, the higher
the divergence created by small changes in the initial conditions will be. The key
sensitivity can be measured through calculating either: 1) the correlation between the
wrong deciphered image and the original image, or 2) the distortion in the wrong
decrypted image through the Mean Square error (MSE) which is described as:
(3.1)
where and are the width and height of the image respectively, is original plain
image pixel and is the corresponding wrong deciphered image pixel.
II. Histogram Analysis
a. Visual Analysis
The histogram of any image depicts the statistical distribution of colors in this image
over whole scale or range. Images histogram before ciphering is characterized by unique
sharp rises followed by sharp declines and therefore is considered a footprint for each
image. To prevent any information leakage, the histogram of the ciphered image should
be evenly distributed over the whole scale to appear as a white noise. Visual inspection of
the ciphered image histogram should confirm the uniformity of the color distribution.
b. Chi-square Test
To quantitatively assess the uniformity of the histograms, Chi-square test is
conducted. The test is used to determine whether there is a significant difference between
37
the expected number of intensity counts for color levels and the observed counts in the
ciphered image assuming a uniform distribution and is described as [89]:
(3.2)
where is the expected occurrence of each color level asserted by the null hypothesis, L
is the color levels, and is the observed counts of each color level. The observed sample
statistics is called a Chi-square distribution if the null hypothesis is true. This means that
the distribution can be approximated to the Chi-square distribution when taking larger
sample.
III. Correlation Analysis
High correlation is a unique characteristics in image data in which it requires efficient
confusion and diffusion algorithm to maintain the correlation as minimal as possible. The
correlation coefficient between two pixels i and can be calculated as [4]:
(3.3a)
(3.3b)
(3.3c)
where is the covariance between the two pixels and is the total number of
pixels selected from the image for the calculation. The correlation analysis is conducted
for two levels:
38
a. Cross Correlation
This type of correlation analysis examines the divergence between the ciphered image
data and the original data. In other words, it measures the effectiveness of the encryption
algorithm analytically to determine how far the ciphered image data from the original one
and how immune the ciphered image from leaking any statistical information about the
original one. Thus, the correlation is studied between pixels i from the original image
and from the ciphered image.
b. Auto Correlation
This type of correlation analysis examines the effectiveness of the confusion and
diffusion techniques in suppressing the correlation in the original data image in all
orientations. Image data has a high correlation coefficient in the horizontal, vertical, and
diagonal directions [4]. On the other hand, ciphered image data should have a very low
correlation all orientations. Thus, the correlation is studied between pixels i from the
ciphered image in one position and from the same ciphered image in a neighboring
position.
IV. Entropy Analysis
The entropy is a measure of the predictability of a random source. Due to the high
correlation between adjacent pixels, image data is predictable and consequently has low
entropy. Ciphered image data on the other hand should appear as random noise to avoid
39
any information leakage. For a binary source producing 28 symbols of equal
probabilities and each symbol is 8 bits wide, the entropy of this source is defined as [4]:
(3.4)
where P(Si) is the probability of a the symbol Si. A source with entropy equals 8 is
considered truly random.
V. Differential analysis
In order to prevent revealing any meaningful statistical relationships between the
input and the output, small changes in the original image should result in significant
changes in the ciphered image. In general, this property is directly controlled by the
quality of diffusion and confusion adopted in the system. Quantitatively, the sensitivity of
the encryption algorithm to the input is evaluated through two tests [4]:
a. NCPR
The test represents the Number of Pixels Change Rate of the ciphered image
while one pixel of the original image has changed. Assume two ciphered images, and
, whose corresponding original images have only one pixel difference, the value
is expressed as:
(3.5a)
(3.5b)
40
where M, N are the dimensions of the image under test. Ideally, the change rate should be
100 % implying that all pixels have been changed completely.
b. UACI
The test represents the Unified Average Changing Intensity measuring the
average intensity difference of two ciphered images and , whose corresponding
original image has only one pixel difference. The test can be expressed as follows:
(3.6)
The average change of intensity is about 33.33 % implying that total amount of
change in ciphered image is large enough to reveal any relationship between the input
and the output image.
41
CHAPTER THREE
(BLOCK CIPHER ENCRYPTION)
This chapter presents a novel hardware realization of chaotic based image encryption
using block ciphering. The system can be implemented for any block size maintaining the
same security level giving designers the flexibility to meet the storage and computational
limitations of the targeted devices. The effect of block size on the encryption security is
thoroughly discussed and results are compared with reported systems showing a superior
performance.
I. Encryption Algorithm
Chaotic generator used in this encryption system is based on Elwakil 3rd
order
differential chaotic system with piece-wise nonlinearity reported in [87] and implemented
digitally in [73]. Other fully digital chaos generators could be used in this systems like
[73] [72]. The main purpose of this generator is to produce chaotic sequences with
positive MLE to be used in the encryption. The generator equations are described as:
(4.1a)
(4.1b)
The output sequence from the generator is used to mask all pixels of the plain image
(confusion) and shuffle its location chaotically (diffusion) as shown in Fig. 4.1. The post
processing technique presented earlier in chapter one is used to remove the bias and
short-term predictability form the original chaotic output. Assume a consecutive
42
sequence of plain-image pixels forming an array of size S. Let denotes a plane
image pixel in the location and from to S. Similarly, let denotes a ciphered
image pixels array of the same size S and let be the ciphered pixel in the same
location. Assume the original chaotic outputs {X, Y, Z} are corrected to {U, V, W}. The
confusion and diffusion technique used in this system ensures the continuity of the
encryption in which each ciphered pixel has a direct effect on the following pixels.
Fig. 4.1 Block diagram of the encryption system.
a. Confusion
Each plain-image pixel is first rotated chaotically, XORed with a rotated version of
the previous ciphered pixel, and then XORed with the new chaotic sequence coming from
one of the branches. Mathematically the confusion process is expressed as:
(4.2)
where is initialized by zero at the beginning of the operation and then takes the value of
the last ciphered pixel in the previous array , and is a 3-bit integer from the
chaotic generator which represent the constant of the rotation. The is an 8-bit
chaotic output taken after the post processing stage according to a selection scheme that
will be discussed in the coming sections.
Decipher Process
Cipher Process
Chaos Generator Key
Confusion Diffusion
Block size (S)
bit) Confusion Diffusion
Image
Chaos Generator Key
Block size (S)
bit)
Image
43
b. Diffusion
The diffusion process is done to rearrange pixels’ locations and reduce the
correlation between them. Diffusion in this system is done as follows:
1. Sorting chaotic values: the new sequences {U, V, W} produced by the post
processor are stored in different arrays of size S and then sorted instantaneously
using insertion sort algorithm. The corresponding index arrays representing the
location transitions occurred on the chaotic sequences are be generated.
2. Pixel rearrangement: the ciphered pixels are then shuffled based on any of the index
arrays. Thus, the output is described as:
(4.2)
Each branch is alternatively selected for the confusion and diffusion. This selection is
done chaotically following the scheme shown in Fig. 4.2. Switch is a one bit chaotic
signal comes directly from the chaotic generator and selects between two branches only.
Whereas switch is a two bit chaotic signal that selects between three branches and is
produced through the relation:
(4.3a)
(4.3b)
Fig. 4.2 The selection scheme in the confusion and diffusion process.
Original Pixel
P(i)
Sel1 = 00
Sel1 = 01
Co
nfu
sion
Sel2 = 0 Sel2= 1
U
V W
Sel2 = 1 Sel2= 0
V
U W
Sel2 = 0 Sel2= 1
W
U V
Diffu
sion
Sel1 = 11
44
The decipher process is in the reverse order of the cipher according to Fig.4.1. The
decipher rearranges ciphered pixels to their original positions and then XOR them with
the appropriate mask in order to get the original pixel values. The operation in the
decipher can be expressed as:
(4.4a)
(4.4b)
II. Hardware Realization
Control Unit
Masking Unit
Mask 8-bit
DEMUX
RotationRotation
1 2 ... S
1 2 ... S
MU
X
Counter
-1
MUXSorting
Unit
Output
Array-1
Array-2
Input
Post
ProcessorV 32-bit
W 32-bit
U 32-bit
Chaotic
Sequence
32-bit
Chaos
GeneratorY 32-bitZ 32-bit
X 32-bit
Sel1
Sel2
rointroint
0 1 0 1 0 1
= S
Fig. 4.3 The hardware architecture of the cipher. The decipher will have the same architecture but
reversing the process.
45
Both the cipher and decipher hardware architecture are described in VHDL code. The
cipher’s architecture consists of the modules: chaotic generator, post processor, and the
control unit. The generator used is fully described in [73] and therefore, the hardware is
not discussed in details in this thesis. The same post processing techniques presented
earlier is adopted in this system. The control unit is an FSM contains two sub modules:
masking unit, and sorting unit. Each sub module is connected to all three chaotic outputs
through selection switches ( , and ) as shown in Fig. 4.3. The decipher
architecture is exactly the same as the cipher but performing the reverse operation.
a. Masking Unit
This sub module contains two arrays of registers of the same size . The first array
(Array-1) pipelines the input pixels after masking, then pass them to the second array
(Array-2). The input pixel coming from the original image is first rotated, XORed with a
rotated version of the previous ciphered pixel, and then the XORed with a chaotic
sequence coming from the generator. Then the masked pixel is stored temporary in the
first array (Array-1). This operation is repeated S times until Array-1 is filled completely.
At the next clock cycle, all S ciphered pixels are passed to the second array (Array-2)
while the new input pixel is masked and stored temporarily in Array-1 and the previous
steps are repeated again. The mask used in changing the values of the pixels is 8-bits
wide and contain the least significant 8-bits. The whole operation is governed by a
synchronous counter.
46
b. Sorting Unit
The insertion sort algorithm is implemented as Parallel Shift Sort architecture shown
in Fig. 4.4 in which the maximum delay is of order and calculated as:
(4.4)
In the hardware architecture number of comparators and the 32bits D-flip flops are
the same as block size S. At the beginning of operation, all flip flops are initialized by its
maximum logic value (32 ones). The first input value is passed to the first flip flop. Then
at each clock edge, a new chaotic input value is compared to the value stored in the flip
flop in the previous clock. If it is smaller it will be stored in the flip flop otherwise it will
be passed to the following comparator and the operation is repeated. All comparison and
storing operations are done concurrently each clock cycle. At the last clock edge the final
values in the flip flops are sorted. Then the index corresponding to the sorted chaotic
values are passed to a MUX at each clock cycle as shown in Fig. 4.4 to output the
ciphered pixels.
Fig. 4.4 Architecture of the insertion sort algorithm implemented as Parallel Shift Sort scheme.
The system is implemented using Xilinx ISE 12.3 and synthesized for FPGA Vertix
IV. Tables 4.1 and 4.2 show the synthesis report of both the cipher and decipher for
different block sizes after the place and route. The size of the system is directly
proportional to the block size as the memory requirements increases. Consequently the
Input_32bit
>
>
max
min
D1 32bit
> max
min
D2 32bit
> max
min
Ds 32bit
. . .
47
frequency of operation is decreasing with increasing the block size. In addition, Fig. 4.5
shows the output signals from the cipher and decipher for a block size equals to 4
simulated on Xilinx ISE Design Suite 11.1 software. The latency in the cipher equals to
the block size, whereas the latency in the decipher is twice the block size. Because the
decryption process is reversed encryption, the output is delayed by the block size until the
index array is ready to reorder the ciphered input pixels back and then XOR them with
the chaotic sequence. The delay incur an increase in the size of the decipher. Fig. 4.6 (a-
c) shows the output signals of the FPGA obtained from the oscilloscope after applying a
stair-case signal as an input test image.
Table 4.1
Synthesis Report for Different Block Sizes in the Cipher
Components Utilized Block Sizes
4 8 16 32 64 128
Slices 437 729 1307 2401 4714 9433
Slice Flip-Flops 345 571 1037 1999 3985 8084
4 input LUTs 814 1333 2382 4368 8571 17138
Frequency (MHz) 63.238 32.701 16.801 8.52 4.269 2.148
Throughput (Mbits/s) 505.9 261.6 134.4 68.16 34.15 17.18
Table 4.2
Synthesis Report for Different Block Sizes in the Decipher
Components Utilized Block Sizes
4 8 16 32 64 128
Slices 605 930 1594 2915 5568 10836
Slice Flip-Flops 591 890 1503 2725 5162 10030
4 input LUTs 1056 1524 2432 4255 7904 15189
Frequency (MHz) 63.222 32.937 16.847 8.52 4.285 2.148
Throughput (Mbits/s) 505.7 263.4 134.7 68.16 34.28 17.18
48
Fig. 4.5 Simulation results of the input image signal and output signals from cipher and decipher.
(a)
(b)
(c)
(d)
(e)
(f)
Fig. 4.6 Experimentally obtained results of (a) input test image, (b) stair-case input signal, (c) FFT
of the input signal, (d) output signal from the cipher, (e) FFT of the ciphered signal,, and (f) output
signal from the decipher.
Input
Stream
49
III. Security analysis
All the analysis in this section is done on 512x512 Lena.bmp gray-scale standard
image and then generalized to another three gray-scale images from the miscellaneous
volume of USC-SIPI image database [90]. The system is implemented on FPGA Virtex
IV and output data is collected, processed and then analyzed using MATLAB. The
performance of the system is studied for block sizes of powers of 2 for simplicity but
system can work with any block size.
a. Key Analysis
The generator used has 3 output branches with 32-bit wide each. Therefore, the key
space in this system is 296. In addition, the generator is highly sensitive to the any
changes in the secret key. Assuming the same block size between the cipher and
decipher, varying only one bit in the decipher generator’s initial states results in the
correlation coefficient described in Table (4.3). Results depict that the system is highly
sensitive for any small changes in the initial states of the generator.
Table 4.3
Correlation Coefficient Between the Plain Image and Wrong Deciphered Image
Block Size Correlation
4 -0.001
8 -0.0032
16 0.0015
32 -0.0014
64 0.0028
128 -0.0031
50
b. Histogram Analysis
Visual inspection of the histograms of the original, ciphered, and wrong
deciphered images is shown in Fig. 4.7. The distribution of the gray scale in all images
confirms that the system achieves an even histogram. In addition, with a significance
level of 0.05, it is found that for the ciphered and wrong
deciphered histograms implying that the null hypothesis is not rejected and the histogram
distributions are uniform.
(a)
(d)
(b)
(e)
(c)
(f)
Fig. 4.7 Key sensitivity on analysis showing (a) original, (b) ciphered, and
(c) wrong deciphered images, in addition to the corresponding visual
histogram analysis (d)-(f) respectively.
51
c. Correlation Analysis
The cross correlation values between the original and the ciphered images are
calculated for all block sizes as shown in Table 4.4. The auto correlation coefficients of
the original image are 0.9719, 0.986, and 0.9593 for the horizontal, vertical, and diagonal
orientations respectively as shown in Fig. 4.8. Table 4.4 also shows the auto correlation
values of the ciphered image with respect to the block size. Low correlation coefficients
depicted reflects the high security achieved by the encryption system and proves that the
system do not reveal any statistical information about the image.
Table 4.4
Cross and Auto Correlation Coefficients of the Ciphered Image
Block Size Original and Ciphered
Cross Correlation
Auto Correlation
Horizontal Vertical Diagonal
4 0.0032 0.00068 0.00025 -0.001
8 0.00037 -0.0016 0.00091 -0.0014
16 -0.00064 0.0035 -0.00023 -0.00073
32 0.0045 -0.0044 -0.00042 0.00076
64 0.00057 -0.00077 0.00035 0.0012
128 0.003 -0.0015 0.00066 -0.0022
(a)
(b)
52
(c)
(d)
(e)
(f)
Fig. 4.8 Pixels correlation analysis (block size = 4) showing horizontal correlation of (a) original,
(b) ciphered, vertical correlation of (c) original, (d) ciphered, and diagonal correlation of (e)
original, (f) ciphered.
d. Entropy Analysis
The entropy of the original image is found to be 7.088. This value is expected from
image data which means that there is a high degree of predictability allowing the
adversaries to identify the image. Table 4.5 shows the entropy for the ciphered image
calculated for different block sizes. Ciphered pixels produced by this system are highly
random with an average entropy higher than 7.9914. This reflects the robustness of the
encryption algorithm and that the ciphered image is highly unpredictable.
53
Table 4.5
Entropy Values for the Ciphered Image
Block Size Entropy
4 7.9915
8 7.9914
16 7.9916
32 7.9914
64 7.9917
128 7.9915
e. Differential Analysis
After changing only one bit randomly for one pixel with an arbitrary location in the
original image, the NPCR and UACI tests are conducted on the ciphered image and
repeated 500 times. The calculated mean values are shown in Table 4.6. Results reflect
the outcome of using the chained confusion and diffusion algorithm implemented in this
system in which the effect of ciphering each pixel is distributed over a long continuous
chain of pixels. The average values obtained suggests that with any small change in the
input image, there is a high probability that the output image is completely different and
an average intensity changing is higher than 33.5%.
Table 4.6
Differential Analysis Tests
Block Size NPCR (%) UACI (%)
4 99.8013 34.2267
8 99.8010 34.0704
16 99.8012 34.1073
32 99.8099 33.5376
64 99.8016 33.5868
128 99.7907 33.5098
54
f. Comparison with Previous Work
The security of the proposed block cipher is further examined for three standard grey-
scale images obtained from the miscellaneous volume of USC-SIPI image database [90].
Table 4.7 depicts correlation, entropy, in addition to the means values of the differential
analysis values for all three images and for three block sizes {8, 32, 128}. Results imply
that the cipher maintains the same high security levels regardless of the input image.
Table 4.7
Correlation, Entropy and Differential Analysis Results for Gray-Scale Images
Image Original Image Corr.
Block
Size
Ciphered Image Corr. Cross
Corr.
Entropy NPCR
(%)
UACI
(%) Horiz. Vert. Diag. Horiz. Ver. Diag. Orig. Ciph.
Aer
ial
(5.2
.09
)
0.9008 0.8602 0.8031
8 -0.0005 -0.002 0.0022 0.002
6.994
7.9918 99.583 33.625
32 -0.0003 -0.0006 0.0024 -0.0011 7.9917 99.625 33.574
128 0.0013 -0.0022 0.0019 -0.002 7.9914 99.13 33.645
Fis
hin
g B
oa
t
0.9381 0.9713 0.9222
8 0.0036 0.002 0.0007 0.0027
7.1914
7.9918 99.688 33.599
32 0.0047 -0.0001 0.0013 -0.0023 7.9917 99.6295 33.683
128 -0.0028 -0.0009 0.0028 0.0005 7.9919 99.086 33.308
Gir
l (E
lain
e)
0.9757 0.973 0.9692
8 -0.0009 0.0024 0.0016 -0.0009
7.506
7.9919 99.535 33.645
32 0.0005 -0.001 0.0001 0.0015 7.9915 99.625 33.59
128 -0.0018 0.002 0.0017 0.0012 7.9915 99.089 33.326
The average security values achieved through the proposed block cipher is compared
with the values reported in the literature. Table 4.8 depicts a comparison between our
proposed system and other systems utilizing chaos for image encryption implemented on
software platforms. Results shown reflect a superior performance over other systems. In
addition, the hardware area and throughput results of the proposed block cipher are
compared in Table 4.9 with known non-chaos based block ciphers such as: Advanced
55
Encryption Standard (AES), Data Encryption Standard (DES), International Data
Encryption Algorithm (IDEA), and RC5. As this paper exhibits an FPGA
implementation, the gate count is expressed as 8 (LUT + FF) to facilitate a basic
area/throughput comparison. Results shown in Table 4.9 are based on block size of 4.
Area/throughput ratio achieved is relatively good and comparable with other systems.
Table 4.8
Comparison Between the Proposed System and Other Reported Block Ciphers
Analysis Xu 2010
[91]
Jolfaei 2011
[92]
Wang 2011
[93]
Shujiang 2009
[94]
This block
cipher
Horizontal Corr. 0.0151 0.0058 0.00071 0.0029 0.0019
Vertical Corr. 0.0092 0.0032 0.00216 0.0096 0.0011
Diagonal Corr. 0.0069 0.0348 0.01488 0.0054 0.0015
Entropy 7.9976 7.9902 7.9994 7.99714 7.9916
NPCR 99.6414 < 10-3
99.611 51.27 99.586
UACI 33.2414 < 10-3
33.463 33.033 33.669
Table 4.9
Comparison in the Hardware Performance Between the Proposed Cipher and Other Reported
Systems
System Area (Gc) Throughput (Mb/s) Throughput /Area Implementation Target
AES [95] 5398 311 0.057 ASIC
DES [96] 4536 974 0.214 FPGA
IDEA [97] 47555 64 0.00134 ASIC
RC-5 [98] 50899 1011.2 0.0198 FPGA
This Work 9272 505.9 0.0545 FPGA
56
CHAPTER FOUR
(STREAM CIPHER ENCRYPTION)
This chapter presents a novel hardware realization of chaos based color image
encryption using stream ciphering and 3rd
order differential chaotic generator. The
performance of the cipher is tested and compared to previously reported systems showing
superior security and higher hardware efficiency.
I. Encryption Algorithm
The following set of three first order ODEs describe a 3rd order chaos generator of
signum nonlinearity [75] [99], with a single controllable parameter varied in time:
(5.1a)
(5.1b)
(5.1c)
where is an arbitrary constant which controls the size of the attractor in real-time and
has no impact on qualitative system dynamics [75]. The same system with different
constants and without controllability is previously implemented [73] using the Euler
approximation. The original chaotic outputs of the system {X, Y, Z} are processed using
the same post processing technique proposed earlier to mask image pixels. Since the
encryption system is designed for 24-bit colored pixels, the 96-bits original chaotic
output is divided into 4 24-bits processed outputs {T, U, V, W}.
Each input color pixel undergoes several stages of diffusion, pixel confusion, and bit
57
permutations. Assume a consecutive sequence of plain image pixels where denotes
the location index. Similarly, let denote a ciphered image pixel in the location and
encryption stage. Let , , , denote bit permutations in the cipher in which
bit locations are shuffled and , , , are the reverse permutations in the
decipher. The encryption algorithm is expressed as:
(5.2a)
(5.2b)
The proposed algorithm consists of four identical stages of encryption to prevent any
information leakage based on the values of the input pixels. This process is done on two
levels: 1) masking each color pixel values using the chaotic processed outputs, 2)
shuffling the bits between color layers {Red, Green, Blue} through the permutation ,
, , . The stream of ciphered pixels taken from the third stage is fedback to
the generator to control the attractor size dynamically creating a direct relationship
between the input image and the chaotic sequence.
Another stage of encryption is required to distribute the effect of each two
neighboring pixels on the following consecutive pixel to prevent any information leakage
regarding pixels’ correlation. In addition, pixels constitute this stage , are
chosen after applying bit permutation functions , respectively. For any random
input pixel if one bit flips, the following pixels experience an avalanche effect [100] with
a flipping rate depending on the permutation functions specified. Permutations , ,
58
, implement a simple reversible bit location shuffling statically by a fixed bit
reordering scheme or dynamically through a rotation function derived by pre-specified
key or a chaotic signal. Hardware efficiency motivates implementation of a static bit
reordering through a simple rewiring which can be re-configured for different designs to
produce completely different output. In addition, to reduce the hardware wiring
complexity, permutations applied in the system are done on the nibble level. Each color
component in the pixel [R, G, B] is divided into two yielding a total of six parts [R1, R2,
G1, G2, B1, B2]. Thus permutations , , , can be represented in terms of a
simple permutation matrices as follows:
(5.3a)
(5.3b)
These permutation matrices are chosen such that they do not cancel each other; each
permutation matrix is not the inverse (or the transpose) of any of the others. Another
condition for the permutation matrices is that the net effect results in each nibble ends up
in a location of a different its original color which guarantees an inter-layer confusion.
59
The decryption algorithm is exactly the reverse of the encryption and is expressed as:
(5.4a)
(5.4b)
Permutation matrices used are the inverse of the ones used in the cipher as follows:
(5.5)
II. Hardware Realization
As discussed earlier in chapter one, digital implementation of continuous chaotic
equations requires a discretization first. Therefore, the generator used is discretized with a
step size of h = 2-2
as follows:
(5.6a)
(5.6b)
(5.6c)
where is defined by (5.1c). The circuit schematic of the numerical
solution is shown in Fig. 5.1. A fixed point two’s complement format is used with 32-bits
60
representing each of {X, Y, Z}, 1-bit allocated to the sign and integer part and the
remaining 31-bits to the fractional part. The variable is added or subtracted from X
based on whether X is negative or positive, respectively and stored in a temporary
register T to reduce the critical path at the input of the Z-register. This implements the
signum nonlinearity and the controllable input. From the diagram, the total component
count for this chaotic oscillator is 3 32-bit adders, 2 32-bit subtractors, 1 32-bit
adder/subtractor and 4 32-bit registers. Since scalar multiplications reduce to arithmetic
shifts because they are powers of 2, they only rewire bits and do not require any
hardware. The controllable function is specified in terms of a 24-bit driving input
and is given by:
(5.5)
This guarantees that [0.25, 0.375) for all time t and simultaneously ensures that the
attractor stays within the bounds of the fixed point representation space [-1, 1), verified
through rigorous numerical simulation. Therefore, has an easy representation in binary
form in terms of t, given by to realize the function described
above. The resulting chaotic oscillator produces 3 32-bit outputs for a total of 96 bits.
Z Y
>> 2
+ X
>> 2
+∑+
_
+
∑+
_>> 2
∑
+
_>> 2
>> 2 Dt
+
T
MSB
Fig. 5.1 Circuit diagram of the chaos generator with signum nonlinearity and controllable size.
61
The cipher hardware architecture consists of four main pipeline registers dividing five
stages of encryption/decryption and including 2-input XOR gates and permutation units,
shown in Fig. 5.2. Chaotic outputs are delayed according to the stage they are applied in.
All registers in this design are initialized by zeros and permutation units in the encryption
P1, P2, P3, P4 in addition to the reverse ones in the decryption perform simple bit
shuffling as shown in Fig. 5.3. Table 5.1 summarizes area results of both the systems in
addition to the generator. The cipher and decipher architectures are able to achieve
frequencies up to 449.4 and 412.2 MHz respectively. However, the frequency of the
generator remains the controlling factor. Fig. 5.4 shows the output simulated signals from
the cipher and decipher using Xilinx ISE Design Suite 11.1 software. The latency in both
architectures is four clock cycles. Fig. 5.5 (a-c) shows the output signals of the FPGA
obtained from the oscilloscope after applying a stair-case signal as an input test image.
Table 5.1
Experimental Results on XC4VSX35-10FF668 FPGA for the Cipher and Decipher Systems
Components Utilized Generator with Post
Processing Encryption System Decryption System
Slices 224 164 236
Slice FF 222 291 411
4 input LUTs 415 169 218
Frequency (MHz) 150.985 449.438 412.218
Throughput (Mbps) 14494.56 10786.51 9893.232
Reg 1P1
Reg 3P2 P3
Input
(24-bits)
Output
(24-bits)
T
(24-bits)
U
(24-bits)V
(24-bits)
W
(24-bits)
Reg 2 Reg 4 P4
Ft
To the Generator
Fig. 5.2 Circuit diagram of the encryption system. The ciphering is divided into four main stages.
62
R1 G2B1B2 G1 R2
R1G2 B1B2G1R2
P1
P2
R1G2B1 B2 G1R2P3
R1G2 B1B2 G1 R2P4
R1 G2 B1 B2G1R2
Original Pixel
R1G2B1 B2G1 R2P1
R1G2 B1B2G1 R2P2
R1 G2 B1B2 G1R2P3
R1G2 B1 B2G1 R2P4
Fig. 5.3 Permutation scheme in both the cipher and decipher.
Fig. 5.4 Simulation results of the input image signals and output signals from cipher and decipher.
(a)
(b)
(c)
(d)
(e)
Input
Stream
63
(f)
Fig. 5.5 Experimentally obtained results of (a) input test image (RED component), (b) stair-case
input signal, (c) FFT of the input signal, (d) output signal from the cipher, (e) FFT of the ciphered
signal,, and (f) output signal from the decipher.
III. Security analysis
a. Key Analysis
Chaotic generator used has 3 output branches of 32 bit wide each; and thus, the key
space in this system is 296
. The generator’s sensitivity is measured through calculating the
distortion in the wrong decrypted image is using Mean Square error (MSE). Fig. 5.6
depicts the MSE values of the wrong deciphered image with respect to number of error
bits in the decryption key. The higher MSE value, the bigger the difference between the
two images is indicating high sensitivity to the input key.
Fig. 5.6 MSE values with respect to number of error bits in the decryption.
64
b. Histogram Analysis
Image histogram depicts statistical distribution of color intensities for each color
layer. Secure ciphered images are characterized by flat histograms for all color layers in
which intensities are evenly distributed over the whole color scales. Visual inspection of
the histograms in Fig. 5.7 confirms the uniform distribution of the RGB components.
Furthermore, a chi-square test is performed on the RGB histograms to analytically
examine the quality of the uniform distribution. The test is used to determine whether
there is a significant difference between the expected number of intensity counts for color
levels and the observed counts in the ciphered image assuming a uniform distribution and
is described as [89]:
(5.6)
where i is the expected occurrence of each color level asserted by the null hypothesis, L
is the color levels (256) and is the observed counts of each color level [0-255]. With a
significance level of 0.05, it is found that for the three histograms
implying that the null hypothesis is not rejected and the histogram distributions are
uniform.
(a)
(b)
(c)
65
(d)
(g)
(e)
(h)
(f)
(i)
Fig. 5.7 Visual analysis for the encryption quality. (a) Original image, (b) ciphered image, (c) wrong
deciphered image (1-bit error in the key), in addition to (d)-(f) histograms of the RGB components
for the original image and similarly (g)-(i) for the ciphered image.
c. Correlation Analysis
Table 5.2 summarizes the auto correlation values for horizontal, vertical, and diagonal
orientations of the original and ciphered image for all color components. Fig. 5.8 (a-f)
depicts the effect of encryption on the auto correlation in the horizontal dimension for all
colors. The same trend is also noticed on vertical and diagonal dimensions. Cross
correlation coefficient between the ciphered image and the original are found to be -
0.0041, 0.002, and 0.0032 for RGB colors respectively. Low coefficient values imply that
the stream cipher implements the robust confusion and diffusion algorithm implemented
66
in the proposed system which efficiently prevents any information leakage regarding
pixel correlations.
Table 5.2
Correlation Coefficients for the Horizontal, Vertical, and Diagonal Orientations for Both Original
and Ciphered Images
Axis Original Image Ciphered Image
Red Green Blue Red Green Blue
Horizontal 0.9753 0.9748 0.9532 -0.0010 -0.0014 0.0021
Vertical 0.9871 0.9872 0.9741 -0.0004 0.0030 -0.0004
Diagonal 0.9634 0.9630 0.9334 -0.0027 -0.0019 -0.0007
(a)
(d)
(b)
(e)
(c)
(f)
Fig. 5.8 Visual inspection for the horizontal correlation. (a)-(c) Original image RGB colors
respectively, and similarly (d)-(f) ciphered image RGB.
67
d. Entropy Analysis
Entropy values of the ciphered image compared to the original are shown in Table 5.3
for all color components. Low entropy values in the original image reflect the high
predictability in the image data. However, high entropy values in the ciphered image
imply the randomness levels achieved by the proposed stream cipher.
Table 5.3
Entropy Results for Original and Ciphered Images for All Color Components
Color
Entropy
Original Image Ciphered Image
Red 7.2634 7.9993
Green 7.5899 7.9993
Blue 6.9854 7.9992
e. Differential Analysis
Both NCPR and UACI tests are conducted 500 times with inputs having only one bit
change randomly in only pixel with an arbitrary location. Table 5.4 depicts the mean
values of the NCPR and UACI tests for all color components. Results reflect the effect of
using the chained confusion algorithm implemented in the system in which changing one
bit in the input affects the chaotic sequence from generator resulting in completely
different output.
Table 5.4
Differential Analysis Results for all Color Components
Color NPCR (%) UACI (%)
Red 99.603 33.463
Green 99.598 33.447
Blue 99.597 33.529
68
f. Comparison with Previous Work
The security of the proposed stream cipher is further examined for three standard
colored images obtained from the miscellaneous volume of USC-SIPI image database
[90]. Table 5.5 depicts correlation, entropy, in addition to the means values of the
differential analysis values for all three images and for all colors. Results imply that the
cipher maintains the same high security levels regardless of the input image.
Table 5.5
Correlation, Entropy and Differential Analysis Results for Colored Images Obtained from USC-SIPI
Image Database
Image
Original Image Corr. Ciphered Image Corr. Cross
Corr.
Entropy NPCR
(%)
UACI
(%) Horiz. Vert. Diag. Horiz. Vert. Diag. Orig. Ciph.
Sp
lash
(4
.2.0
1)
Red 0.9936 0.9951 0.9894 -0.0036 0.0018 0.0002 -0.0019 6.9481 7.9993 99.604 33.416
Green 0.9812 0.9871 0.9711 0.0028 -0.0015 0.0035 0.0014 6.8845 7.9993 99.597 33.443
Blue 0.9826 0.9789 0.9649 0.0009 0.0013 0.0008 -0.0006 6.1265 7.9992 99.598 33.364
Man
dri
ll (
4.2
.03)
Red 0.9231 0.8660 0.8519 -0.0011 -0.0022 0.0026 -0.0022 7.7067 7.9992 99.604 33.466
Green 0.8655 0.7650 0.7249 -0.0015 -0.0015 0.0019 0.0024 7.4744 7.9993 99.599 33.493
Blue 0.9073 0.8809 0.8424 0.0011 0.0009 -0.0016 -0.0024 7.7522 7.9993 99.600 33.501
Pep
per
s (4
.0.0
7)
Red 0.9635 0.9663 0.9564 0.0001 -0.0002 0.0013 0.0013 7.3388 7.9993 99.607 33.443
Green 0.9811 0.9818 0.9687 0.0028 0.0017 -0.0017 -0.0017 7.4963 7.9994 99.599 33.444
Blue 0.9665 0.9664 0.9478 0.0027 0.0006 -0.0047 -0.0047 7.0583 7.9993 99.598 33.393
The performance of the proposed stream cipher is evaluated against previously
reported chaos based image encryption systems. Table 5.6 shows the security analysis
results in this work compared with other systems reflecting the good randomness and
encryption levels achieved in the proposed system which outperform the others. In
addition, the hardware area and throughput results of the stream cipher are compared in
69
Table 5.7 with known stream and block cipher systems such as: RC4 used in 802.11 Wi-
Fi security protocol, E0 used in Bluetooth protocol, A5/1 used in GSM communications,
SNOW 3G used as a mobile cellular standard, and the Advanced Encryption Standard
(AES) adopted in many applications. To facilitate a basic area/throughput comparison,
the gate count is expressed as 8 (LUT + FF). As shown in Table 5.7, the proposed
system yields a higher area/throughput ratio than the other systems.
Table 5.6
Comparison in the Security Analysis Results Between the Proposed Cipher and Other Reported
Systems
Analysis [101] [102] [103] [104] [105] This
work
Horizontal Correlation -0.097 0.014 0.0493 -0.021 0.0965 0.002
Vertical Correlation 0.0484 -0.009 0.0393 -0.014 -0.031 0.0016
Diagonal Correlation -0.07 0.005 0.0426 -0.035 0.0362 0.002
Entropy --- 7.9939 7.9982 7.9998 7.9845 7.9993
NPCR 99.31 98.563 < 0.01 99.61 99.606 99.601
UACI 33.46 33.081 < 0.01 33.41 33.393 33.462
Table 5.7
Comparison in the Hardware Performance Between the Proposed Cipher and Other Reported
Systems
System Area
(Gc)
Throughput
(Mb/s) Throughput/Area
Implementation
Target
Mickey128 [106] 5039 413.2 0.082 ASIC
Trivium [106] 2580 327.9 0.127 ASIC
Moustique [107] 7264 369 0.05 FPGA
Salsa20 [95] 12126 121 0.009 ASIC
RC4 [49] 10653 135.52 0.013 FPGA
E0 [50] 1902 93.36 0.049 FPGA
A5/1 [50] 932 90.85 0.097 FPGA
SNOW 3G [51] 25016 7968 0.318 ASIC
This work 8776 3623.64 0.413 FPGA
70
CONCLUSION
This repot discusses hardware based symmetric image encryption utilizing digital
continuous chaotic systems as pseudo random number generators. Chaotic systems
implemented in digital platforms suffer from dynamical degradations such as: loss of
ergodicity, shorter pseudo-orbits, un-even distribution of randomness among output bits,
non-uniform histogram, in addition to the short term predictability. Such flows in chaos-
based pseudo random number generators (CB-PRNGs) reduce the security in the
encryption systems. Therefore, a post processing stage is required after the chaotic
generator to resolve the problems in the chaotic output. This thesis presents a novel
generalized post processing technique with a very low hardware coat and based on
XORing and rotation.
With randomness characteristics same as ideal PRNGs, the proposed chaotic output is
utilized in two digital image encryption systems. The first system represents a block
cipher with variable block size providing the flexibility to meet the computational and
memory limitations of the target device. The confusion in the proposed system depends
on rotation and XORing principles between the input pixel, the chaotic sequence, and the
previous ciphered pixel. The diffusion in the encryption algorithm is done through
shuffling of pixels’ location. The system passes successfully all statistical tests and
proves to be secure for all block sizes.
The second system represents a chaos based stream cipher designed for image
encryption applications. The encryption system utilizes a 3rd
order jerk chaotic generator
71
with signum nonlinearity and a controllable attractor size. The ciphering algorithm masks
and permutes the original pixels creating a feedback loop between the ciphered image
and the chaotic generator to increase the output sensitivity to small changes in the input.
The security analysis has been done for several images and the results are compared with
previously reported systems which confirm the superior performance of the proposed
system.
Future work on this thesis can be directed to the ASIC design of the proposed ciphers
with the focus on further hardware optimization in the on-chip area. ASIC design will
provide a significant increase in the throughput and gives a real evaluation of the chip
size. Moreover, power consumption analysis should also be conducted on the design to
make sure that it is suitable for power saving devices.
Another area of the future work is video ciphering applications. The proposed stream
cipher would be a good base to build a secure video cipher. In addition, the system
requires a data compression circuit at the front-end as the size of the data sent is huge.
Finally, it is important to study the cross correlation between the frames in the ciphered
video stream as they have a high correlation in the original video stream.
72
REFERENCES
[1] Josef Pieprzyk, Thomas Hardjono, and Jennifer Seberry, Fundamentals of
Computer Security.: Springer, 2003.
[2] I. A. Al-Kadit, "Origins of cryptology: the Arab contributions," Cryptologia, vol.
16, no. 2, pp. 97-126, 1992.
[3] B. Schneier, Applied Cryptography.: John Wiley and Sons, 1996.
[4] E. B. Corrochano, Y. Mao, and G. Chen, "Chaos-based image encryption," in
Handbook of Geometric Computing.: Springer Berlin Heidelberg, 2005, pp. 231-
265.
[5] C. E. Shannon, "Communication theory of secrecy systems," Bell Syst. tech. J., vol.
28, no. 4, pp. 656-715, 1949.
[6] T.S. Parker and L.O. Chua, "Chaos: A tutorial for engineers," Proceedings of the
IEEE, vol. 75, no. 8, pp. 982-1008, 1987.
[7] C. Werndl, "What are the new implications of chaos for unpredictability?," British
J. for the Philosophy of Sci., vol. 60, no. 1, pp. 195-220, 2009.
[8] Q. V. Lawande, B. R. Ivan, and S. D. Dhodapkar, "Chaos based cryptography: A
new approach to secure communications," BARC Newsletter, vol. 258, pp. 1-11,
2005.
[9] E. N. Lorenz, "Deterministic nonperiodic flow," J. Atmos. Sci., vol. 20, no. 2, pp.
130-148, 1963.
[10] A. A. Tsonis and J. B. Elsner, "Chaos, strange attractors, and weather," Bulletin of
the American Meteorological Society, vol. 70, no. 1, pp. 14-23, 1989.
[11] A. Hastings, C. L. Hom, S. Ellner, P. Turchin, and H. C. Godfray, "Chaos in
ecology: Is mother nature a strange attractor?," Annu. Rev. Ecol. and Syst., vol. 24,
pp. 1-33, 1993.
[12] H.-J. Stöckmann, "Quantum chaos: An introduction," American J. of Phys., vol. 68,
73
no. 8, pp. 777-778, 2000.
[13] J. Laskar, "Large-scale chaos in the solar system," Astronomy and Astrophysics,
vol. 287, no. 1, pp. L9-L12, 1994.
[14] P. Berg, Y. Pomeau, and C. Vidal, Order within chaos: Towards a deterministic
approach to turbulence.: Wiley (New York and Paris), 1986.
[15] C. O. Weiss and J. Brock, "Evidence for Lorenz-type chaos in a laser," Phys. Rev.
Lett., vol. 57, no. 22, pp. 2804-2806, 1986.
[16] J. Cascais, R. Dilão, and A. Noronha da Costa, "Chaos and reverse bifurcations in a
RCL circuit," Phys. Lett. A, vol. 93, no. 5, pp. 213-216, 1983.
[17] H. G. Schuster and W. Just, Deterministic Chaos: An Introduction.: Wiley-VCH
Verlag GmbH & Co. KGaA, 2005.
[18] G. Cicogna and L. Fronzoni, "Effects of parametric perturbations on the onset of
chaos in the Josephson-junction model: Theory and analog experiments," Phys.
Rev. A, vol. 42, no. 4, pp. 1901-1906, 1990.
[19] K. M. Cuomo and A. V. Oppenheim, "Circuit implementation of synchronized
chaos with applications to communications," Phys. Rev. Lett., vol. 71, no. 1, pp. 65-
68, 1993.
[20] M. A. Zidan, A. G. Radwan, and K. N. Salama, "The Effect of Numerical
Techniques on Differential Equation Based Chaotic Generators," in IEEE Int. Conf.
on Microelectronics, 2011, pp. 1-4.
[21] M.A. Zidan, A.G. Radwan, and and K.N. Salama, "Controllable v-shape multi-
scroll butterfly attractor: System and circuit implementation," Int. J. of Bifurcation
and Chaos, 2012 (in press).
[22] S. T. Cowan, "An introduction to chaos, or the classification of Micococci and
Staphylococci," J. of Applied Microbiology, vol. 25, no. 3, pp. 324-340, 1962.
[23] D. L. Turcotte, Fractals and Chaos in Geology and Geophysics.: Cambridge
University Press , 1997.
[24] C. Kyrtsou and C. E. Vorlow, "Complex dynamics in macroeconomics: A novel
approach," in New Trends in Macrockonomics.: Springer Berlin-Heidelberg, 2005,
74
pp. 223–238.
[25] J. M. Amigó, "Chaos-based cryptography," in Intelligent Computing Based on
Chaos, L., Galias, Z., Lian, S. Kocarev, Ed.: Springer Berlin / Heidelberg, 2009,
pp. 291–314.
[26] L. Kocarev, K. S. Halle, K. Eckert, L. O. Chua, and U. Parlitz, "Experimental
demonstration of secure communications via chaotic synchronisation," Int. J.
Bifurc. Chaos, vol. 2, no. 3, pp. 709-713, 1992.
[27] K.M. Cuomo, A.V. Oppenheim, and S.H. Strogatz, "Synchronization of Lorenz-
based chaotic circuits with applications to communications," IEEE Trans. Circ.
Syst. II, vol. 40, no. 10, pp. 626-633, 1993.
[28] U. Parlitz, L. O. Chua, L. Kocarev, K. S. Halle, and A. Shang, "Transmission of
digital signals by chaotic synchronization," Int. J. Bifurc. Chaos, vol. 2, no. 4, pp.
973-977, 1992.
[29] H. Dedieu, M. P. Kennedy, and M. Hasler, "Chaos shift keying: Modulation and
demodulation of a chaotic carrier using self-synchronizing Chua's circuits," IEEE
Trans. Circ. Syst. II, vol. 40, no. 10, pp. 634-642, 1993.
[30] U. Feldmann, M. Hasler, and W. Schwarz, "Communication by chaotic signals: the
inverse system approach," Int. J. Circ. Theory Appl., vol. 24, no. 2, pp. 551-579,
1996.
[31] E. Inoue and T. Ushio, "Chaos communication using unknown input observers,"
Electro. Comm. Japan III, vol. 84, no. 12, pp. 21-27, 2001.
[32] L. Kocarev, "Chaos-based cryptography: a brief overview," IEEE Circuits and
Systems Magazine, vol. 1, no. 3, pp. 6-21, 2001.
[33] G. Alvarez and S. Li, "Some basic cryptographic requirements for chaos based
cryptosystems," Int. J. Bifurcation and Chaos, vol. 16, no. 8, pp. 2129-2151, 2006.
[34] I. Mishkovski and L. Kocarev, "Chaos-Based Public-Key Cryptography," in
Chaos-Based Cryptography: Theory, Algorithms and Applications, L. Kocarev and
S. Lian, Eds.: Springer, 2011, pp. 27-65.
[35] N. K. Pareek, V. Patidar, and K. K. Sud, "Image encryption using chaotic logistic
map," Image and Vision Computing, vol. 24, no. 9, pp. 926-934, 2006.
75
[36] L. Kocarev and G. Jakimoski, "Logistic map as a block encryption algorithm,"
Physics Letters A, vol. 289, no. 4-5, pp. 199-206, 2001.
[37] K.-W. Wong, B. S.-H. Kwok, and W.-S. Law, "A fast image encryption scheme
based on chaotic standard map," Physics Letters A, vol. 372, no. 15, pp. 2645-2652,
2008.
[38] K. Wanga, Pei, L. Zou, A. Song, and Z. He, "On the security of 3D Cat map based
symmetric image encryption scheme," Physics Letters A, vol. 343, no. 6, pp. 432-
439, 2005.
[39] T. Gao and Z. Chen, "Image encryption based on a new total shuffling algorithm,"
Chaos, Solitons and Fractals, vol. 38, no. 1, pp. 213-220, 2008.
[40] C.K. Huang and H.H. Nienb, "Multi chaotic systems based pixel shuffle for image
encryption," Optics Communications, vol. 282, no. 11, pp. 2123–2127, 2009.
[41] Z.-H. Guan, F. Huang, and W. Guan, "Chaos-based imageencryption algorithm,"
Physics Letters A, vol. 346, no. 1-3, pp. 153-157, 2005.
[42] S. Fu-Yan, L. Shu-Tang, and L. Zong-Wang, "Image encryption using high-
dimension chaotic system," Chinese Physics, vol. 16, no. 12, pp. 3616-3623, 2007.
[43] P. Dabal and R. Pelka, "FPGA-based cryptosystem with combined stream-block
cipher and digital chaos generator," in International Conference on Signals and
Electronic Systems (ICSES), 2010, pp. 315 - 318.
[44] Shubo Liu, Jing Sun, Zhengquan Xu, and Zhaohui Cai, "An Improved Chaos-based
Stream Cipher Algorithm and Its VLSI Implementation," in Fourth International
Conference on Networked Computing and Advanced Information Management,
2008, pp. 191 - 197.
[45] M.S. Azzaz, C. Tanougast, S. Sadoudi, A. Bouridane, and and A. Dandache,
"FPGA implementation of new Real-time Image Encryption based switching
chaotic systems," in Signals and Systems Conference (ISSC), 2009, pp. 1-6.
[46] M.S. Azzaz, C. Tanougast, S. Sadoudi, A. Dandache, and F. Monteiro, "Real-time
image encryption based chaotic synchronized embedded cryptosystems," in
NEWCAS Conference, 2010, pp. 61-64.
[47] M. L. Barakat, A. G. Radwan, and K. N. Salama, "Hardware realization of chaos-
76
based block cipher for image encryption," in Proc. Int. Conf. Microelectronics
(ICM), 2011, pp. 1-5.
[48] G. Millérioux and P. Guillot, "Self-synchronizing stream ciphers and dynamical
systems: state of the art and open issues," Int. J. Bifurcation and Chaos, vol. 20, no.
9, pp. 2979-2991, 2010.
[49] P. Hamalainen, M. Hannikainen, T. Hamalainen, and J. Saarinen, "Hardware
implementation of the improved WEP and RC4 encryption algorithms for wireless
terminals," in Proc. Eur. Signal Processing Conf., 2000, pp. 2289-2292.
[50] L. Batina, J. Lano, N. Mentens, S. B. Örs, and B., Verbauwhede, I. Preneel,
"Energy, Performance, Area Versus Security Trade-offs for Stream Ciphers," In
The State of the Art of Stream Ciphers, Workshop Record, ECRYPT, 2004.
[51] P. Kitsos, G. Selimis, and O. Koufopavlou, "High performance ASIC
implementation of the SNOW 3G stream cipher," in Int. Conf. Very Large Scale
Integration, 2008.
[52] G. Alvarez, J. M. Amigó, D. Arroyo, and S. Li, "Lessons learnt from the
cryptanalysis of chaos-based ciphers," in Chaos-Based Cryptography.: Springer
Berlin / Heidelberg, 2011, vol. 2011, pp. 257-295.
[53] J. Giesl, L. Behal, and K. Vlcek, "Improving chaos image encryption speed," Int. J.
of Future Generation Communication and Networking, vol. 2, no. 3, pp. 23-36,
2009.
[54] I. A. Ismail, M. Ismail, and H. Diab, "A digital image encryption algorithm based
A composition of two chaotic logistic maps," Int. J. of Network Security, vol. 11,
no. 1, pp. 1-9, 2010.
[55] S. Liu, J. Sun, Z. Xu, and Z. Cai, "An improved chaos-based stream cipher
algorithm and its VLSI implementation," in International Conference on
Networked Computing and Advanced Information Management, 2008, pp. 191-197.
[56] A. Pande and J. Zambreno, "Design and hardware implementation of a chaotic
encryption scheme for real-time embedded systems," in International Conference
on Signal Processing and Communications (SPCOM), 2010, pp. 1-5.
[57] C. Tanougast, S. Weber, G. Millerioux, J. Daafouz, and A. Bouridane, "VLSI
architecture and FPGA implementation of a hybrid message-embedded self-
77
synchronizing stream cipher," in International Symposium on Electronic Design,
Test and Applications, 2008, pp. 386-389.
[58] A. Rodriguez-Vazquez, J. Huertas, and L. Chua, "Chaos in switched-capacitor
circuit," IEEE Trans. Circuits Sys., vol. 32, no. 10 , pp. 1083-1085, 1985.
[59] H. Tanaka, S. Sato, and K. Nakajima, "Integrated circuits of map chaos
generators," Analog Integrated Circuits and Signal Processing, vol. 25, no. 3, pp.
329-335, 2000.
[60] K. Eguchi, F. Ueno, and T. Tabata, "Simple design of a discrete-time chaos circuit
realizing a tent map," IEICE Trans. Elec., vol. 83, no. 5, pp. 777-778, 2000.
[61] A. Rodriguez-Vazquez, J. L. Huertas, A. Rueda, B. Perez-Verdu, and L. O. Chua,
"Chaos from switched-capacitor circuits: Discrete maps," Proc. of the IEEE, vol.
75, no. 8, pp. 1090-1106, 1987.
[62] A. S. Elwakil, S. Ozoguz, and M. P. Kennedy, "Creation of a complex butterfly
attractor using a novel Lorenz-Type system," IEEE Trans. Circuits and Sys. I:
Fund. Theory App., vol. 49, no. 4, pp. 527-530, 2002.
[63] R. Tokunaga, M. Komuro, T. Matsumoto, and L. O. Chua, "‘Lorenz attractor’ from
an electrical circuit with uncoupled continuous piecewise-linear resistor," Int. J.
Circuit Theory App., vol. 17, no. 1, pp. 71-85, 1989.
[64] T. Matsumoto, "A chaotic attractor from Chua's circuit," IEEE Trans. Circuits Sys.,
vol. 31 , no. 12, pp. 1055-1058, 1984.
[65] W. K. S. Tang, G. Q. Zhong, G. Chen, and K. F. Man, "Generation of n-scroll
attractors via sine function," IEEE Tran. Circuits and Sys. I: Fund. Theory App.,
vol. 48, no. 11, pp. 1369-1372, 2001.
[66] G. Q. Zhong and W. K. S. Tang, "Circuitry implementation and synchronization of
Chen's attractor," Int. J. Bifurcation Chaos, vol. 12, no. 6, pp. 1423-1427, 2002.
[67] S. Yu, J. Lu, H. Leung, and G. Chen, "Design and implementation of n-scroll
chaotic attractors from a general jerk circuit," IEEE Trans. Circuits Sys. I: Regular
Papers, vol. 52, no. 7 , pp. 1459-1476, 2005.
[68] G. Taylor and G. Cox, "Digital randomness," IEEE Spectrum, vol. 48, no. 9, pp.
32-58, 2011.
78
[69] N. K. Pareek, V. Patidara, and K. K. Sud, "Discrete chaotic cryptography using
external key," Phys. Lett. A, vol. 1, no. 309, pp. 75-82, 2003.
[70] J. Černák, "Digital generators of chaos," Phys. Lett. A, vol. 214, no. 3, pp. 151–160,
1996.
[71] M.A. Zidan, A.G. Radwan, and K.N. Salama, "Random Number Generation Based
on Digital Differential Chaos," in Int. Midwest Symposium on Circuits and Sys.,
2011, pp. 1-4.
[72] A. S. Mansingka, A. G. Radwan, and and K. N. Salama, "Design, Implementation
and Analysis of Fully Digital 1-D Controllable Multiscroll Chaos," in IEEE Int.
Conf. on Microelectronics, 2011, pp. 1-5.
[73] A. S. Mansingka, A. G. Radwan, M. A. Zidan, and and K. N. Salama, "Analysis of
bus width and delay on a fully digital signum nonlinearity chaotic oscillator," in
Int. Midwest Symposium on Circuits and Sys., 2011, pp. 1-4.
[74] S. Li, G. Chen, and X. Mou, "On the dynamical degradation of piecewise linear
chaotic maps," Int. J. Bifurcation Chaos, vol. 15, no. 10, pp. 3119-3152, 2005.
[75] J. C. Sprott, "A new class of chaotic circuit," Physics Lett. A, vol. 266, no. 1, pp.
19–23, 2000.
[76] S. Kodba, M. Perc, and and M. Marhl, "Detecting Chaos from a Time Series,"
European Journal of Physics, vol. 26, no. 1, pp. 205–215, 2005.
[77] M.E. Yalcin, J.A.K. Suykens, and J. Vandewalle, "True Random Bit Generation
From a Double-Scroll Attractor," Transactions on Circuits and Systems I: Regular
Papers, vol. 51, no. 7 , pp. 1395 - 1404, July 2004.
[78] J. V. Neumann, "Various Techniques Used in Connection With Random Digits,"
National Bureau of Standards Applied Mathematics Series 12, pp. 36-38, 1951.
[79] T. Stojanovski, J. Pihl, and L. Kocarev, "Chaos-Based Random Number
Generators. Part II: Practical Realization," IEEE Transactions on Circuits and
Systems I: Fundamental Theory and Applications, vol. 48, no. 3, pp. 382-385,
2001.
[80] V. Fischer and M. Drutarovský, "True Random Number Generator Embedded in
Reconfigurable Hardware," in Lecture Notes in Computer Science. Berlin-
79
Heidelberg: Springer, 2003.
[81] P. Lacharme, "Analysis and Construction of Correctors," IEEE Transactions on
Information Theory, vol. 55, no. 10, pp. 4742-4748, 2009.
[82] Y.-S. Kim, J.-W. Jang, and D.-W. Lim, "Linear Corrector Overcoming Minimum
Distance Limitation for Secure TRNG from (17, 9, 5) Quadratic Residue Code,"
ETRI Journal, vol. 32, no. 1, pp. 93-101, 2010.
[83] S. Ergun, "IC postprocessing stage for random number generators and an
alternative design methodology," in Proc. 7th. Int. Conf. Intelligent Inform. Hiding
Mutlimedia Signal Process. (IIH-MSP), 2007, pp. 213-217.
[84] R. B. Davies. (2002, February) Exclusive OR (XOR) and Hardware Random
Number Generators. [Online]. HYPERLINK
"http://www.robertnz.net/pdf/xor2.pdf" http://www.robertnz.net/pdf/xor2.pdf
[85] A. Rukhin et al., "A Statistical Test Suite for Random and Pseudorandom Number
generators for Cryptographic Applications," NIST Special Publication 800-22,
2001.
[86] G. R. Chen and J. H. Lu, "Dynamics of the lorenz system family: Analysis, control
and synchronization," Beijing: Science Press, 2003.
[87] A. Elwakil and M. Kennedy, "Construction of Classes of Circuit Independent
Chaotic Oscillators Using Passive-Only Nonlinear Devices," IEEE Transactions on
Circuits and Systems I: Fundamental Theory and Applications, vol. 48, no. 3, pp.
289–307, 2001.
[88] Yaobin Mao and Guanrong Chen, "Chaos-Based Image Encryption," in Handbook
of Geometric Computing.: Springer Berlin Heidelberg, 2005, pp. 231-265.
[89] P. L'Ecuyer and R. Simard, "TestU01: A C library for empirical testing of random
number generators," ACM Transactions on Mathematical Software, vol. 33, no. 4,
pp. 22-40, 2007.
[90] A. G. Weber. (1997) The USC-SIPI image database version 5. USC-SIPI Rep. no.
315. [Online]. HYPERLINK
"http://sipi.usc.edu/services/database.php?volume=misc&image=23" \l "top"
http://sipi.usc.edu/services/database.php?volume=misc&image=23#top
80
[91] Shujiang Xu, Yinglong Wang, Jizhi Wang, and Yucui Guo, "A Fast Image
Encryption Scheme Based on a Nonlinear Chaotic Map," in International
Conference on Signal Processing Systems, July 2010, pp. vol.2, no., pp.V2-326-
V2-330.
[92] Alireza Jolfaei and Abdolrasoul Mirghadri, "Image Encryption Using Chaos and
Block Cipher," Computer and Information Science, vol. 4, no. 1, pp. 172 - 185,
January 2011.
[93] Y. Wang, K.-W. Wong, X. Liao, and G. Chen, "A new chaos-based fast image
encryption algorithm," Applied Soft Computing, vol. 11, no. 1, pp. 514-522,
December 2011.
[94] Xu Shujiang and and Wang Yinglong, "A Novel Chaos-based Image Encryption
Scheme," in International Conference on Information Engineering and Computer
Science, 2009, pp. 1 - 4.
[95] T. Good and M. Benaissa, "Hardware results for selected stream cipher candidates
," in Workshop Record of Stream Ciphers (SASC 2007), 2007, pp. 191-204.
[96] G. Rouvroy, F.-X. Standaert, J.-J. Quisquater, and J.-D. Legat, "Design strategies
and modified descriptions to optimize cipher FPGA implementations: fast and
compact results for DES and triple-DES," in The ACM/SIGDA eleventh
international symposium on Field programmable gate arrays, 2003, pp. 247 - 247.
[97] N. Sklavos, A. Papakonstantinou, S. Theoharis, and O. Koufopavlou, "Low-power
implementation of an encryption/decryption system with Asynchronous
techniques," VLSI Design, vol. 15, no. 1, pp. 455-468, 2002.
[98] E. Chitalwala, T. El-Ghazawi, N. Alexandridis, and K. Gaj, "Efficient synthesis
approaches over reconfigurable computers," in Proceedings of Mil/Aero
Applications of Programmable Logic Devices (MAPLD) Conference, 2003.
[99] A. S. Elwakil, K. N. Salama, and M. P. Kennedy, "A system for chaos generation
and its implementation in monolithic form," in Proc. IEEE Int. Symp. Circuits Syst.
(ISCAS), 2000, pp. 217-220.
[100] A. Webster and S. Tavares, "On the design of S-boxes," in Advances in Cryptology,
H. Williams, Ed.: Springer Berlin / Heidelberg, 1986, pp. 523-534.
[101] X. Huang, "Image encryption algorithm using chaotic Chebyshev generator,"
81
Nonlinear Dynamics, vol. 67, no. 4, pp. 2411-2417, 2012.
[102] X. Wang, X. Wang, J. Zhao, and Z. Zhang, "Chaotic encryption algorithm based on
alternant of stream cipher and block cipher," Nonlinear Dynamics, vol. 63, no. 4,
pp. 587-597, 2011.
[103] A. Jolfaei, A. Vizandan, and A. Mirghadri, "Image encryption using HC-128 and
HC-256 stream," Int. J. Electronic Security and Digital Forensics, vol. 4, no. 1, pp.
19-42, 2012.
[104] M. Amin, O. S. Faragallah, and A. A. Abd El-Latif, "A chaotic block cipher
algorithm for image cryptosystems," Commun Nonlinear Sci Numer Simulat, vol.
15, no. 11, pp. 3484-3497, 2010.
[105] H. Liua and X. Wanga, "Color image encryption based on one-time keys and robust
chaotic maps," Computers and Mathematics with Applications, vol. 59, no. 10, pp.
3320-3327, 2010.
[106] T. Good and M. Benaissa, "ASIC hardware performance," in New Stream Cipher
Designs, M. Robshaw and O. Billet, Eds.: Springer Berlin / Heidelberg, 2008, pp.
267-293.
[107] J. Daemen and P. Kitsos, "The self-synchronizing stream cipher Moustique," in
New Stream Cipher Designs, M. Robshaw and O. Billet, Eds.: Springer Berlin /
Heidelberg, 2008, pp. 210-223.
[108] P. Collet and J.- P. Eckmann, Iterated Maps on the Interval as Dynamical Systems.:
Birkhäuser Boston, 1980.