The one-way function based on computational uncertainty principle

The one-way function based on computational uncertainty principle P. F . W a n g 1 , J.P . Li S tate Key Laboratory of Numerical Mo deling for Atmospheric Sciences & Geophysical Fluid Dynamics (LASG), Institu te of Atmospheric Physics, Chinese Academy of Sciences, Beijing, 100029 ， China Abstract This paper presents how to make use of the advantage of round-of f error ef fect in some research ar eas. The float-point operati on complies with the reproduce theorem without the external random pe rturbation. The computation uncertainty principle and the high nonlinea r of chaotic system guarantee the num erical error is random and departure from the analytical result. Combining thes e two properties we can produce unilateral one-way function and provide a case of utilizing this function to construct encryption algorithm. The m ultip le-precision (MP) lib rary is used to analyze nonlinear dynamics systems and achieve the code. As an exam ple, we provide a scheme of encrypting a plaintext by em ploying the one-way function with Lorenz system. Since the numerical solution used in this scheme is beyond the maximum ef fective computation time (MECT) a nd it cannot satisfy the requirem ents of return-map analysis an d phase space rec onstruction, it can block some existin g attacks. Keywords computational uncertainty principle, MECT, one-way function, encryption 1 Introduction The late 1990s saw the boom of usi ng the dynamical properties of chaotic systems to encrypt a message, or a ‘chaotic encryption approach’ [1,2]. The stream cipher scheme based on the Lorenz equation was then brought forth, and its security caused another round of discussi on at the turn of the 21 st century[3–5]. It is 1 corresponding author: Pengfei Wang, LASG, P.O.Box 9804, Beijing 1 00029, P.R.China; Email:wpf@mail.iap.ac. cn; Fax:86-010-82995172 1 understood that the dynamical degradation will occur when chaotic system is used in digital cipher , and this degradation will th re aten the security of digital chaotic cipher[6]. The return-map attack method wa s first proposed by P´erez and Cerdeira[7] to attack chaotic switching and chaotic masking schem es based on the Lorenz syste m and it was restudied to br eak other chaotic based ci pher system. V aidya et al [8] found a quick way to identify the superkey (the three parameters of the equations) of the Lorenz equation, and claimed the message can th erefore be extracted easily . Li et al[9] also pointed out that som e of the previous chaotic encryptio n schemes are not secure when they are computerized with finite computing precision. In this study we combined our knowle dge of nonlinear equation round-of f error ef fect with chaotic cryptography and provided the concept of one-way code generator that can satisfy the requirements of cryptography and therefore can produce secure encryption of data. 2 The Computational Uncertainty Principle The study of round-off error in numerical computation can go all the way back to the time before the modem computer was invented. It was discussed by astronomers[10,11] then the pioneering importa nt work on the analysis of num erical error with round-off error can be found in the Neumann[12] and Tuing’s[13] paper soon after the first computer was invent ed. Later Wilkinson[ 14] and Henrici[15,16] published books on the round-off error in alge braic and difference process. The more comprehensive introduction of round-off study can be found in the book by Higham[17] and the reference cited therein. Most discus sion of round-off error is about how they cause the shortage of stability and convergence etc, and the behavior is still far beyond analytical analysis. But in the following work, we will present that the difficulty to determine the result of round-off error may have the surprising advantages in some research areas. The studies of the round-off error in nonlinear dynamical system integration[18,19] in the late 20 th century, showed that the Computational Uncertainty Principle (CUP) exists with certain precision (single and double precisions) in the 2 computation. We[20] extended this resear ch result by applyi ng multiple-precision (MP) method to do accurate exp eriments within the Lorenz system , and obtained new computational characteristics with and wit hout chaos condition. W e found that when dynamical system is in chaos status, the e ffective com putation time (ECT) exists in the numerical solution of nonlinear equati on. With certain com puting precision, the numerical result is indeterm inate and sensitiv e to step-size when time t is greater than the ECT and the different effective com putation precis ion (ECP) exists in the numerical solution of nonlinear equation corresponding to differe nt tim e. We can obtain the numerical so lution close to the real value only if the precision we use in the method is equal or greater than the ECP, Th e numerical result is determinate when the initial value, method, and step-size are constant while the precision is inf inite or finite, but the result may not be the real value. The classical Lorenz equations introd uced by Lorenz[21] are as follows: z xy dt dz xz y x dt dy y x dt dx β γ σ σ − = − − = + − = ( 1 ) where σ , γ , β are nondim ensional constants, a nd t is nondimensional time. Here, we consider Eq.1 with chaos, when γ =28.0, σ =10.0, and β =8/3. The initial value is set as (5,5,10). Before we start to discus one way func tion generated by float-point process, we shall put forward some m athematical and com putational principle. Theorem 1. (from Li et. al 2001) When using diff erence method to solve the ordinary dif ferent equations (1), the total numerical error (include round-of f e rror) satisfies the formula from statistical view: () () () () ,, , m tr Et h E t h E t h Ct C h Ch σ ⎛⎞ =+ + ⎜⎟ ⎝⎠   (2) 3 where ( , t ) E th is the discretization error , ( ) , r E th is the round-off error , ( ) Ct is a time function, C is constant depend on method, σ is constant depend on precision, is constant depend on ODEs, is the method order and the time step-size. C  m h The minimize absolute num erical error exists when the numerical dif ference methods are used to solve ODES in a finite precision computer when h satisfies ( ) 1/ 0. 5 2 m h mCC σ + ⎛⎞ = ⎜⎟ ⎝⎠  ( 3 ) More details and the proof of (2) and (3) can be found in Li et al. (2001). Theorem 2[19]. W ith the same numerical m ethod of order in two precision m 1 p and 2 p , then 21 1 0.5 21 2 ˆˆ ln ln 2 m pp m m H TTC m C m H − ⋅ + ⎛⎞ −= ⋅ ⋅ = ⋅ ⋅ ⎜⎟ ⎝⎠ ( 4 ) where and are the MECT corresponds to precision 1 T 2 T 1 p and 2 p . 1 H and 2 H are the OS corresponds to precision 1 p and 2 p , is constant depends on ODES. C  This formula can be convenient used to estimate MECT or precision. Lemma 1. In a certain float point system , the basic float-point operation , , ,  (corresponds to the +,-, *,/ which is the mathem atics operation within real numbers) in com puter can be regard as , and the result of two variable with basic operation is deterministic. ⊕  ⊗ op () ca o p b = This can be proved by the uniform expr ession of real numbers and the uniform round-of f method applied within the same float-point opera tion com putation system. Lemma 2. 4 The complex algebraic process can be broke n down into a set of basic operation. ( ) ( ) ( ) 12 3 n c a op a op a op a = " From lemma 1 we know that each of the single basic ope ration result is determinate. So the final result of the algebraic process is also deterministic. Theorem 3. (Special reproduce theorem of float-point computation) The numerical difference method to solve ODEs with the initial conditions will get a deterministic result when th ere is no external pertubation. This can be deduced by lemma 2 since the difference m ethod can be looked as a serial of algebraic computation process. This theorem guarantee tha t we will get the same result by using the same program and the same param eters in the same platforml. Theorem 4. In despite of the numerical difference method can get deterministic result but the result may be dif ferent from the mathem atical result because the num erical error exist in it. The previous work indicated that the ME CT of Eq.1 with single precision is about 17, and the MECT of double precision is about 35 (the 4-th order RK method). We can us formula (4) to measure the MECT time of 256 bits precision. 53 24 4 40 . 5 256 24 4 40 . 5 256 ˆ 35 17 4 ln 2 ˆ 17 4 ln 2 C TC − ⋅ + − ⋅ + −= ⋅ ⋅ −= ⋅ ⋅ ( 5 ) The analytical solution of (5) is , and it is less than 200. The MP experiment showed that with 256-bit precision the MECT is the sam e as above. Thus when t >=200, we can’t obtain the right solution close to the real va lue. Moreover, the numerical result is different wh en time-steps size h varies. T he reason is that with the selected precision, a long enough time t can lead to unpredictabl e numerical results which only depend on the coefficients 256 162 T  σ , γ , β , the initial value , , and 0 x 0 y 0 z 5 step-size. All previous return -map and phase space reconstruction analyses have a common premise that th e value series is the true value from the original equation, so when we choose the numerical result beyond the MECT, the value is not the true value and therefore it cannot f it this premise. For exam ple the study of Li et al[22] showed that when the numerical soluti on is beyond MECT, the fractal dimension estimating result is sensitiv e to the time intervals, and the one-dimension time series result is different from the three-dimension time series. 3 One-way mapping based on CUP Since the variables σ , γ , β , , , , , 0 x 0 y 0 z h p , can determine the numerical results, where is step-size, is the computation precisi on, we can define the algorithm as: t h p () ( ) 00 0 ,, , , , , , , , , x yz L h p tx y z σγ β = , where ( ,, ) x yz can be regard as a vector A , and L can be any numerical integrating method. In this paper the 4 th Runge-Kutta (RK) method is used, σ , γ , β , , , , h , 0 x 0 y 0 z p , are input variable, and t A is output. From the algorithm: ( ) 00 0 ,, , , , , , , A Lh p t x y σγ β = z , in the integration of A , the process can be devided into n steps, and in each step ( ) ( ) 11 1 ,, , , , , , , , , ii i i i i x yz L h p t x y z σγ β −− − = . We assume ⎥ ⎦ ⎤ ⎢ ⎣ ⎡ = h t n and if can’t be evenly divided by h, the last step t h n t h * − = ′ . Since both and L σ , γ , β , , , , , 0 x 0 y 0 z h p , are determinate, from the theorem 1 we know that the t A is therefore also determinate. The choice of σ , γ , β , , , , , 0 x 0 y 0 z h p , is infinite while the output vector t A is finite, therefore is a multi-to-one m apping and collision maybe occur . W e can choose 256-bit or higher L A , and then the probability of collision is v ery small in practice. The inverse function of L does not exist and therefore even if A is known, 6 the unique variable sets σ , γ , β , , , , , 0 x 0 y 0 z h p , can still not be obtained. t The algorithm ( 00 0 ,, , , , , , , ) A Lh p t x y σγ β = z is a one-way or irreversible mapping. W e can then define a hash function based on CUP and furthermore a CUP-based chaotic stream cipher . We call the encryption method based on this function the “Lorenz Code”. One of the cipher code generating pro cedures is convert message to input variables. When we conve rt a certain string to σ , γ , β , , , , , 0 x 0 y 0 z h p , this convert routine is one to one correspondence. In order to keep the chaotic behavior of the Lorenz system , we must m aintain t γ >28.0. If the output message is required to be 256 bits, the precision p must be large or e qual to 256 bits. The tim e t should be larger than 200. Considering the encryption speed, if p is chosen as 256 bits, it’ s more convenient to have t less than 1000. The other variable should be converted within a certain range, neither to o big nor too sm all, and h is at about magnitude 0.001. As an example, we assign the following nine basic parameters with different values: γ =28.0, σ =10.0, β =8/3, ( ) 0 0 0 , , z y x =(5,5,10), h =0.01, p =256, t =200. W e keep p =256, and set the input message as 8 ASCII code: . The one variable such as x of the three output results is used as encrypted value to resist the return-map attack and phase space reconstruction. 8 7 6 5 4 3 2 1 m m m m m m m m Because ranges from 0 to 255, we can use as th e perturbat ion of 1 m 1000 / 1 m γ , and set 1000 / 1 m + = ′ γ γ . The other parameters are converted as follows: 1000 / 2 m + = ′ σ σ , 1000 / 3 m + = ′ β β , 1000 / 4 m x x + = ′ , , , 1000 / 5 m y y + = ′ 1000 / 6 m z z + = ′ 1000 / 7 m h h + = ′ , . The numerical integration result is corresponding to the message . The output message is 256 bits. It can be converted to a 32-byte ASCII string, after the radix point is removed. 8 m t t + = ′ 8 7 6 5 4 3 2 1 m m m m m m m m When the above approach is used as hash function, σ , γ , β , , , , h , are 0 x 0 y 0 z t 7 parameters and is input message. W e can use this hash function to compute the hash string of an y 8 bytes m essages. No collision is found with about 8 million dif ferent input message s, which proves that the hash function works well. W e also did random number te st of the output messages by applying diehard 8 7 6 5 4 3 2 1 m m m m m m m m [23] software, and the result w as acceptable. 4 Chaotic stream cipher method based on Lorenz Code When this approach is used as chao tic stream cipher generator , is secure key and 8 7 6 5 4 3 2 1 m m m m m m m m σ , γ , β , , , , , are parameters. W e can encrypt the plaintext into ciphered m essages. For example, the plaintext is known as: . It can be divided into so me 32 bytes string groups and the zero is added if the last group has less than 32 byt es. For the first group , we use to generate a sec ure string and use it to operate with to generate . Then we send the 32 bytes string as the first ciphered message. W e use and as the feedback message to operate with and get another string to encrypt the second group of plaintext. We repeat this encrypti on operation until all plaintext groups are done. 0 x 0 y 0 z h t k M M M M ... 3 2 1 32 3 2 1 ... M M M M 8 7 6 5 4 3 2 1 m m m m m m m m 32 3 2 1 ... K K K K 32 3 2 1 ... M M M M 32 3 2 1 ... C C C C 32 3 2 1 ... C C C C 32 3 2 1 ... M M M M 32 3 2 1 ... C C C C 8 7 6 5 4 3 2 1 m m m m m m m m 8 7 6 5 4 3 2 1 n n n n n n n n When the ciphertext is received, th e receiv er can divide the message into some 32 bytes message groups and use the encryption method L to encryp t the secure key to obtain , which can be operated with to regenerate the plaintext . Then the receiver can use the and as the feedback message to operate with and get another string to decrypt the 8 7 6 5 4 3 2 1 m m m m m m m m 32 3 2 1 ... K K K K 32 3 2 1 ... C C C C k M M M M ... 3 2 1 32 3 2 1 ... M M M M 32 3 2 1 ... C C C C 8 7 6 5 4 3 2 1 m m m m m m m m 8 7 6 5 4 3 2 1 n n n n n n n n 8 second ciphertext. The receiver repeats the above procedures, an d the whole ciphertext can be decrypted. 5 Conclusion The studies of nonlinear dynamical system, especially the round-of f error effect in computation, have influenced many scientif ic fields. In this res earch, we use it in encryption study and propose the encrypt sche me based on CUP-MP , or a MP based Lorenz encryption scheme employing the CUP theory . The reproduced theorem in the float-point system can guarantee the deter ministic numerical result. The computation u ncertain ty principle and high nonlinear chaotic of Lorenz system guarantee that the numerical error is random and departure from the analytical result. Combining these two fact s together we get the numerical one-way function. W e also present the method to use num eri cal one-way function to construct ‘The Lorenz Code’ encrypt method, which is feasible , secure and its output bits are easy to control. It is easy to produ ce a key of 256 bits or even hi gher . Since the algorithm is irreversible the common enumerate attacks canno t easily break it. The connection between round-of f error of chaotic nonlinear sy stem computation and cryptography is established, and the idea and scheme can be easily adapted to any other chaotic systems. Origination fr om this new idea, thousands of new encryption-with-chaos systems could be produc ed and therefore it is no t necessary to make special secure analysis to each system. Acknowledgements We would like to thank Dr. Shujun Li for hi s valuable suggestions on the secure test. References [1] Baptista M S. Cryptography with chaos. Phys. Lett. A. 1998; 240: 50. [2] Jakimoski G , Kocarev L. Analysis of some recently proposed ch aos-based encryption algorithms, Phys. Lett. A. 2001; 291: 381. 9 [3] Pecora L M, Carroll T L. Sync hronization in chaotic system s. Physical Review Letters. 1990; 64:821. [4] Bu S L, W ang B H. Improving the securi ty of chaotic encryption by using a simple m odulating method. Chaos, Solitons & Fractals . 2004; 19: 919. [5] W u X G ., Hu H P , Zhang B L. Anal yz ing and improving a chaotic encryption method. Chaos, Solitons & Fractals. 2004; 22: 367. [6] Li S J, Chen G R, Mou X Q. On the dynamical degradation of digital piecewise linear chaotic maps. International Journal of Bifur cation and Chaos . 2005; 15: 31 19. [7] Pérez G ., Cerdeira H A. Extrac ting messages masked by chaos. Physical Review Letters. 1995; 74:1970. [8] V a idya P G , Angadi S. Decoding chao tic cryptography without access to the superkey . Chaos, Solitons & Fractals . 2003; 17: 379. [9] Li S J, Mou X Q, Cai Y L, Ji Z, Zhang J H. On the security of a chaotic encryption scheme: problems with com put erized chaos in finite computing precision. Computer Physics Communications . 2003; 153: 52. [10] Dirk Brouwer. On the accumulation of errors in numeric al in tegration. Astronomical Journal. 1937,46:149 [11] Rademacher H A. On the accumulation of errors in processes of integration on high speed calculating machines. The anna ls of the Computation Laboratory of Harvard University . Harvard University Press, Cambridge.1948, [12] Neu mann J V, Goldstine H H. Numerical inve rting of matrices of high order. Bull. Amer. Math. Soc., 1947, 53:1021 [13] Turing A. M.. Rounding-off errors in matr ix processes. Quart. J. Mech. Appl. Math., 1948. 1:287 [14] Wilkinson J. H.. Rounding Errors in Algebraic Processes. Notes on Applied Science No. 32, Her Majesty's Stationery Office, London, 1963.688pp [15] Henrici, P ., Discr ete V ariable Methods in Or dinary Differ ential Equations . John W iley , New Y ork, 1962: 187pp. [16] Henrici, P ., Err or Propagation for Dif fer ence Methods . John W ile y , New Y ork, 10 1963: 73pp. [17] Higham N. J.. Accuracy and Stability of Numerical Algorithms, SIAM, Philadelphia, 1996 [18] Li J P , Zen g Q C, Chou J F . Computat ional uncertainty principle in nonlinear ordinary dif ferential equations － I. Numerical Re sults. Science in China. E, 2000; 43: 449. [19] Li J P , Zen g Q C, Chou J F . Computat ional uncertainty principle in nonlinear ordinary dif ferential equations － II. Theoretical analysis. Science in China. E, 2001; 44:55. [20] W ang P F , Huang G , W ang Z Z. Analysis and Application of Multiple-Precision Computation and Round-of f Error for Nonlinear Dynamic Systems. Advances in Atmospheric Sciences , 2006; 23(5):758 [21] Lorenz E N. Deterministic nonperiodic flow J. Atmos. Sci . 1963; 20: 130. [22] Li J P , Chou J F . Some problems exis ted in estim ating fractal dimension of attractor with one-dimensional time series. Acta Meteo r ologica sinica . 1996; 54: 312. [23] Marsaglia G ., T sang W W . Some difficult-to-pass tests of random ness. Journal of S tatistical Softwar e , 2002; 7: 1. 11