How and Why Do I Choose Chaotic Cryptography as the Topic of My Dissertation

1. How and Why Do I Choose Chaotic Cryptography as the Topic of My Dissertation Shujun LiVisiting Student at VC Group, Microsoft Research Asia Institute of Image ProcessingXi’an Jiaotong UniversityApril, 2002

2. Table of Contents • Background • Chaotic Cryptography • Something about My Research • A Brief Introduction of Our Research • Statistical Properties of Digital Chaos • Analysis of Presented Chaotic Ciphers • Design of New Chaotic Ciphers • Analysis of Image Encryption Methods • Digital Watermarking Shujun Li, VS at VC Group of Microsoft Research Asia

3. 1. Background Since 1970s, modern cryptology has been developed and the following two milestones are well-known: the proposal and establishment of DES as a commercial encryption standard, the proposal of public-key encryption scheme and the emergence of RSA system. From my viewpoint, modern cryptology is a cross-discipline involving mathematics, information theory, communications technology, networking, etc. As the rapid progress of networking technology, the security of encryption systems have been confronted with effective challenges. It has been reported that DES and RSA were successfully attacked based on distributed computing. Today, the key size of 128~256 bits are required to provide higher security (AES). Shujun Li, VS at VC Group of Microsoft Research Asia

4. Background – Recent Progress In Recent years, many new sub-disciplines of pure cryptology has been emerged: Biometrics,Network Security, E-Commerce, Information Hiding,etc. As a cross-discipline of cryptology and image/video processing, image/video security has also attracted much attention recently. The following two topics are chiefly focused: digital watermarking of image and video, image/video encryption. The former corresponds to information hiding in cryptology, and the latter is an application of pure cryptology to protect multimedia contents. The fundamental requirements of an image/video encryption method include: fast encryption speed, simple implementation together with compression algorithms, and extended avalanche property. Shujun Li, VS at VC Group of Microsoft Research Asia

5. Background – Why Use Chaos? The idea of using chaos to construct encryption systems has been developed since 1989. Some works are made on analog circuits with chaotic phenomena, and others on digital circuits or computers with finite precision effects. The significance of introducing chaos into conventional cryptology can be explained with the following facts: 1) some progresses in cryptology are promoted by newly introduced theories (two examples are Elliptic Curve Theory and Quantum Mechanics); 2) chaos can also be used to enhance the design of traditional ciphers, such as using chaos to obtain S-Boxes without trapdoors; 3) well-established chaos theory will be useful to analyze some essentially properties of traditional ciphers; 4) considerations on patents, laws and national security. Shujun Li, VS at VC Group of Microsoft Research Asia

6. 2. Chaotic Cryptography Chaotic systems has many perfect dynamical properties, which can be connected with some requirements of a good cipher. Such properties include exponential sensitivity dependent on the initial conditions/control parameters, ergodicity and mixing property, etc. The first paper about chaotic cryptography is published in Cryptologia (1989), and an early milestone paper about chaotic secure communications occurred in Physical Review Letters (1990).From the middle of 1990s, cryptanalytic works has also been developed and many presented chaotic ciphers (especially the ones using chaotic synchronization techniques)have been known insecure. Shujun Li, VS at VC Group of Microsoft Research Asia

7. Chaotic Cryptography • Generally speaking, there are two chief kinds of chaotic ciphers: • Secure communications or cryptosystems based on chaos synchronization technique of analog circuits; • Chaos-based ciphers realized on digital circuits or computers with finite precision effect. • In addition, the use of chaos in some other areas can enrich the knowledge about the design and the performance analysis of chaotic ciphers: chaotic communications (especially chaotic spread spectrum communications), chaotic pseudo-random number generations, chaotic signal estimation and detection, chaotic digital watermarking. Shujun Li, VS at VC Group of Microsoft Research Asia

8. Chaotic Cryptography – Diagrammatic View of Related Disciplines Shujun Li, VS at VC Group of Microsoft Research Asia

9. 3. Something about My Research • Why I choose Chaotic Cryptography as the topic of my dissertation? It is due to the following facts: • I became strongly interested in Chaos and Fractals since 1997. • Because of some specific reasons, I had to cease my previous research topic about Intelligent Transportation Systems (ITS) in 2000. • I found another interest applied cryptography in 2000, and started to read some papers about chaotic cryptography. • I noticed that some image encryption methods involve the use of discrete-time chaotic systems (especially 2-D ones). Shujun Li, VS at VC Group of Microsoft Research Asia

10. Something about My Research – Directions • Statistical Properties of Digital Chaotic Systems • Analysis and Enhancements of Presented Chaotic Ciphers and Related Cryptanalytic Methods • Some New Encryption Schemes Based on Digital Chaotic Systems • Chaotic Stream Ciphers Based on CCS-PRBG (PRBG Based on Couple Chaotic Systems) • A Very-Fast Chaotic Product Cipher Based on Multiple Chaotic Systems • Image Encryption Methods • Cryptanalysis of Chaotic Image Encryption Methods • Digital Watermarking Shujun Li, VS at VC Group of Microsoft Research Asia

11. Something about My Research – Related Publications Journal Paper(s): • “Improving Security of a Chaotic Encryption Approach,”Physics Letters A, 290(¾): 127-133, 2001 Reviewed Conference Papers: • “On the Security of Bit Recirculation Image Encryption Method,” Just accepted by IEEE ICIP 2002 • “Cryptanalysis of a Chaotic Image Encryption Methods,”Proc. IEEE ISCAS 2002, to be published • “Statistical Properties of Digital Piecewise Linear Chaotic Maps and their Roles in Cryptography and Pseudo-Random Coding,”Cryptography & Coding – the 8th IMA Int. Conf. Proc., Lecture Notes in Computer Science, vol. 2260, pp. 205-221 • “Pseudo-Random Bit Generator Based on Couple Chaotic Systems and its Applications in Stream-Cipher Cryptography, Progress in Cryptology – INDOCRYPT 2001, Lecture Notes in Computer Science, vol. 2247, pp. 316-329 • “Chaotic Encryption Scheme for Real-Time Digital Video,”Real-Time Imaging VI, Proceedings of SPIE, vol. 4666, 2002 Shujun Li, VS at VC Group of Microsoft Research Asia

12. 4a. Statistical Properties of Digital Chaotic Systems When a chaotic system is realized in digital computers with finite computing precision, its dynamical properties will be far different from the ones of continuous-value systems. Typical problems include: short cycle length, degraded distribution and correlation. Although some researchers have noticed such a problem, there are not yet an established theory to measure the dynamical degradation of digital chaotic systems. In many applications of digital chaos, no special attention is paid on potential defects that may be induced by the dynamical degradation. Some remedies have been proposed to improve the dynamical degradation. Since no theoretical tool exist, experimental tests are widely used. Shujun Li, VS at VC Group of Microsoft Research Asia

13. Statistical Properties of Digital Chaotic Systems • We focus this problem from two sides: • For different chaotic systems, whether or not can we exactly (mathematically) measure the dynamical degradation of their digital versions in finite precision? • Now we have obtained some useful results for piecewise linear chaotic maps (PWLCM) which are widely-used in many applications of digital chaos [4]. • How to estimate the performance of the improvement of a remedy to the dynamical degradation? • We have made some qualitative analysis on digital piecewise linear chaotic maps and three known remedies, based on the results obtained in [4]. Shujun Li, VS at VC Group of Microsoft Research Asia

14. 4b. Analysis of Presented Chaotic Ciphers and Cryptanalytic Methods It is well-acknowledged that “only cryptanalysts can judge the real security of a cryptosystem”. I have made some cryptanalyses of some presented chaotic ciphers, and given some suggestions to improve some chaotic ciphers. In addition, I have also found problems in some cryptanalytic works proposed by other researchers. Here, we list the ideas I have made and will make in the future. Shujun Li, VS at VC Group of Microsoft Research Asia

15. Cryptanalysis I • Cryptanalysis of a class of chaotic stream ciphers proposed by Hong Zhou & Xie-Ting Ling (two manuscripts are under review) • Problems with the chaotic probabilistic cipher proposed by S. Papadimitrious et al. (one manuscript is under review) • Cryptanalysis of three image encryption methods based on chaotic systems proposed by J.-C. Yen & J.-I. Guo at Taiwan (two manuscripts have been accepted [2,3] and another one has not yet been ready) Shujun Li, VS at VC Group of Microsoft Research Asia

16. Cryptanalysis II & Improvements • Improving the security of the chaotic cipher proposed by E. Alvarez et al. in 1999 (based on the analysis of the four cryptanalyses presented by G. Alvarez et al. in 2000) [1] • Re-visiting the security of the chaotic block cipher suggested at EuroCrypt’91 and the feasibility of Biham’s attacks (one manuscript is under review) • Performance analysis of Jakimoski-Kocarev’s attack (2001) to Baptista’s chaotic cipher (1998) (manuscript has not yet been ready) Shujun Li, VS at VC Group of Microsoft Research Asia

17. 4c. Design of New Chaotic Ciphers • Based on our above works, we can give some useful suggestions for the design of digital chaotic ciphers: • Some remedy SHOULD be adopted to avoid the defects induced by the dynamical degradation of digital chaotic systems; • To avoid the known/chosen-plaintext attack, minimize information leaking about the digital chaotic orbits as possible as you can; • Use multiple chaotic systems to make the ciphertexts more complicated; • Use simpler chaotic systems to obtain higher speed, easier implementation and lower cost. Shujun Li, VS at VC Group of Microsoft Research Asia

18. Design of New Chaotic Ciphers • Following the above criteria, we have proposed two new encryption schemes based on digital chaotic systems (papers have been published). • Chaotic stream ciphers based on CCS-PRBG (Pseudo-random bits generator based on couple chaotic systems) [5] • A very-fast chaotic product cipher based on multiple chaotic systems [6] • Both the above two schemes use multiple chaotic systems to realize more efficient performance of concealing the information about digital chaotic orbits, and PWLCMs to increase the encryption speed and reduce the system implementation. Shujun Li, VS at VC Group of Microsoft Research Asia

19. 4d. Analysis of Image Encryption Methods We have mentioned that many image encryption methods involve the use of digital chaotic systems, especially 2-D chaotic maps. The image encryption schemes using chaos can be divided two classes: Scharinger-Fridrich scheme and Yen-Guo scheme. Generally speaking, the former is more secure but slower, and the latter is faster but insecure. In regards to the insecurity of Yen-Guo scheme, we have published two papers [2,3]. Shujun Li, VS at VC Group of Microsoft Research Asia

20. Problems with Other Image Encryption Methods • We have also found security defects of other image encryption schemes without using chaos. • SCAN-based image encryption scheme proposed by N. G. Bourbakisand C. Alexopoulos (joint encryption/compression algorithm) • Related paper are published in Pattern Recognition (1992, 2001), J. Electronic Imaging (1995) and some conferences: IEEE ICIIS’99, Proc. SPIE vol. 2914 (1995) and IEEE ICSMC’97. In fact, in Information Processing Letters (1996), J. K. Jan and Y. M. Tseng have pointed out that SCAN-based encryption scheme is not secure enough and can be broken by the known-plaintext attack with only a pair of plain-image/cipher-image. Shujun Li, VS at VC Group of Microsoft Research Asia

21. Problems with Other Image Encryption Methods • Image encryption scheme based on BS compression algorithm proposed by T. J. Chuang & J. C. Lin • Related paper is published in J. Electronic Imaging (1998). No cryptanalysis has been reported. But such a scheme cannot resist known/chosen-plaintext attack, and the base is too small to ensure high security. • Quadtree-based joint encryption/compression algorithm proposed by H. K. C. Chang & J. L. Liu and enhanced by K. L. Chung & L. C. Chang • Related papers are published in Signal Processing: Image Communication (1997) and Pattern Recognition Letters (1998). Neither schemes can resist known-plaintext attack. Some analysis has been reported by H. Cheng & X. Li. Shujun Li, VS at VC Group of Microsoft Research Asia

22. 4e. Digital Watermarking References have been collected and some ones have been read. To tell the truth, I have not been in the hall of watermarking till now. Some researchers have suggested using chaos to construct digital watermarking, such as the one presented by G. Voyatzisand I. Pitas (Computers & Graphics - UK, 1998). Two basic ideas are employed: a) using chaos to generate pseudo-random watermarking; b) using chaos to realize pseudo-random embedding of the watermarking. Shujun Li, VS at VC Group of Microsoft Research Asia

23. Thanks For your watching and advice! Shujun Li, VS at VC Group of Microsoft Research Asia