Role of Symmetry and Geometry in a chaotic Pseudo-Random Bit Generator

Role of Symmetry a nd Geometry in a c haot ic Pseudo-Random Bit G enerator Carmen Pellicer-Lostao and Ricardo L´ op ez-Ruiz Department of Computer Science and BIFI, Universidad de Zarago za, 50009 - Zaragoza, Spain, carmen.pel licer@uni zar.es, rilopez@unizar.e s Abstract. In this work, Pseudo-R an d om Bit Generation (PRBG) based on 2D chao tic mappings of logistic type is considered. The sequences gen- erated with tw o Pseudorand om Bit Generators (PRBGs) of th is typ e are statistically tested and th e computational effectiv eness of the generators is estimated. The role play ed by the symmetry and the geometrical prop- erties of th e u nderlying chaotic attractors is also explored. Considering these PR BGs v alid for cryptography , th e size of th e av ailable k ey spaces are calculated. Additionally , a no vel mechanism called symmetr y-swap is introduced in order to enhance th e PR BG algorithm. It is shown that it can increase the degrees of freedom of th e key space, while maintaining the sp eed and p erformance in the PRBG. Key W ords: Chaotic Pseudorandom Bit Generation, Chaotic Cryptog- raphy , Securit y Engineering 1 In t ro duction Pseudo-Rando m B it (or Number) Generation is a sub ject of high in terest a nd broad applica tion in many scientific and engineering areas [1], [2], [3 ]. Pseudo- Random Bit Generators (PRBGs) a re implemen ted by deterministic n umeric algorithms and they should pass several statistical tests [4], [5], [6], to prov e themselves to be useful. The requir ement s of randomness in these generators v ary according to their application, realizing in cr y ptography their most stringent demands [4]. Over the last tw o decades, s everal works hav e implemen ted PRBGs for cryp- tography based on c hao tic systems (an extensive survey ca n be found in [7]). Chaotic systems have the pr op erty o f b e ing deterministic in the microscopic space and b ehav e rando mly , when o bserved in a c o arse-g rained state-space. Their sensitivity of chaotic maps to initial conditions ma ke them optimum candidates to rela te minimal critica l infor mation ab out the input in the o utput sequence [8]. Their iterative nature makes them fas t computable and a ble to pro duce binary sequences with extremely long cycle lengths [9]. In 2006 , Madhek ar Suneel prop oses in [10] a metho d fo r pseudo-r andom bi- nary sequence gener ation based on the tw o-dimensional H´ enon map. The pseu- dorandom sequences gener ated with this alg orithm show go o d random pro per ties when sub jected to differe n t statis tica l tests suites. The author also indica tes that the choice of the H ´ enon ma p is ra ther a rbitrary and that similar re s ults should also b e attainable with other 2D maps. The prese nt explores precisely this p ossibility , a nd presents a finite a utomata scheme as the k ey to achieve that. This comprehensive scheme is then applied to tw o par ticular chaotic maps pr esented in [11 ]. These 2D dyna mical s ystems are formed by tw o s ymmetrically coupled logistic maps. The refined knowledge of the chaotic systems under study (i.e., its geo metr y) makes po ssible to obta in the finite automata and to extent the method in [10] to this type o f chaotic mappings. The pseudo-random prop er ties of the g enerator s obtained that wa y are inv estigated. The ev a luation of the p otential rang e of input parameter s and the computatio nal cost of the a lgorithm makes them worth to b e considere d for cryptogr a phic applications . The c haotic PRBG algorithm here describ ed can b e used in different wa ys. F o cusing on cryptogra ph y , one of its applications and ma ybe the most imme- diate, could be the construction of pr a ctical s tream ciphers. In this wa y , the chaotic PRBG ca n expa nd a s hort key into a long keystream, w hich directly exclusive-or’ed with the clear text or message, gives the cipher text. The interest of PRBG based o n these mapping s of lo gistic type a r ises fro m the fact that they present in teresting geo metrical symmetries. These c o uld offer a d- ditional adv a ntages to the rando miza tion algorithm. In fact, a nov e l mechanism to enhance PRBG is prop osed in this pap er. This mech anism co uld b e applied to chaotic PRBGs based o n mappings with the s ame s y mmetry characteris tics. The pap er is str uc tur ed as follows: Section 2 introduces so me basic concepts ab out chaotic PRBG. Section 3 describ es statistical testing to asses PRBG ra n- domness. Section 4 e x plains the PRBG a lgorithm applied to the H ` enon map and infers the finite automata that des crib es its dynamics. In Section 5 the finite au- tomata scheme is used to o btain PRBG based on a tw o-dimensio nal symmetrical chaotic map of logistic type. Several sequences a re o btained and their ra ndo m- ness is tested. The computational co st and key space for cryptog raphic applica- tions are effectively ev aluated. Section 6 presents an enhancemen t of the PRBG algorithm, ba sed on t he symmetry prop erties of these chaotic maps. Section 7 exp oses the final co nclusions. 2 Chaotic Random B it Generation The inherent prop erties of c hao s, such as erg o dicity and s ensitivity to initial conditions a nd c o nt rol para meters, co nnect it directly with c r yptogra ph y char- acteristics of confusion and diffusion [12], [13 ]. Additionally c haotic dynamica l s y stems have the adv a ntage o f providing sim- ple c omputable deterministic pseudo- randomness. As a conseque nc e of these ob- serv ations, several works were pre s ent ed s inc e 19 9 0s implementing PRBGs based on different chaotic sys tems [8], [9], [10], [14], [15]. In some wa y , it could b e said that c haos has brought into b eing a nov el branch of PRBGs in cr yptogra phy , called c haotic PRBGs. An N-dimensional deterministic discrete-time dyna mical sy s tem is a n itera- tive map f : ℜ N → ℜ N of the form: X k +1 = f ( X k ) (1) where k = 0 , 1 . . . n . is the discrete time and X 0 , X 1 . . . X n , are the states o f the system a t different instants of time. In these sy stems, the evolution is p erfectly determined by the mapping f : ℜ N → ℜ N and the initial condition X 0 . Starting from X 0 , the initial state , the rep eated iter a tion of (1) gives rise to a fully deterministic ser ie s of states known as an orbit . Differen t mo dels of N − dimensional discrete-time mappings have been studied, and under certain circumstances complex b ehaviour in time ev o lutio n has b een shown. The one-dimensional case s hav e b een deeper analyze d [1 6], the cases with N=2 have also several w ell explored examples [1 7], but as N incr eases the co mplexit y grows and les s literatur e is found with a well do c umented analysis of the chaotic prop erties of the mapping [18]. T o build a chaotic PRBG is necessary to co nstruct a numerical algorithm that tra nsforms the s ta tes of the system in chaotic regime into binary num ber s . The existing designs o f c haotic PRBGs use different techniques to pa ss from the contin uum to the binary world [7]. The most imp ortant ar e: 1. Extracting one or more bits from each state a long chaotic orbits [8], [19]. 2. Dividing the pha s e space in to m sub-spaces, and o utput a binary n umber i = 0 , 1 , , m − 1 if the chaotic orbit visits the i th subspace [9 ], [10]. 3. Com bining the outputs of tw o or more chaotic systems to generate the pseudo-rando m num b ers [14], [15]. A t that p oint an impor tant divergence app ears. W e have to rema rk that chaos implement ed on c omputers with finite precis ion is normally called“pseudo chaos”. In pseudo chaos dynamica l deg radation of the chaotic prop erties of the system may appear, for throughout iterations pseudo orbits may depart from the real ones in many different and uncont rolled manner s [7], [20]. Even so, the ab ove e xpo sed techniques a re capable of g enerating s equences of bits, which app ear rando m-like fro m many asp ects. O ne must only co nsider their implemen tation in a sensitive wa y to minimize dynamical degradatio n. Ther efore a detailed study is normally requir ed on the dynamics of the chaotic system. This will guarant ee that the PRBG passes the required statistica l tests and can be easily implement ed with simple and fas t softw are routines. As a fina l hint to help in this pro cess, one may consider as an a dv antage the idea of using high dimensional chaotic systems. While less known, these systems whirl man y v aria bles at any calculation. Therefor e the p erio dic patterns pro duced by the finite precision of the computer are mo re difficult to app ear than in the low dimensional case [21]. In this pap er the technique o f dividing the phase s pa ce is follow ed a nd applied on tw o s ymmetrical t wo-dimensional (2D) chaotic maps of logistic type. 3 Statistical T ests Sui tes In g eneral, randomness ca nnot b e mathematica lly proved. Alt ernatively , different statistical batteries of tests a r e used. E ach of these tests ev aluates a relev ant random prop erty ex pec ted in a true random generator. These proper ties may corres p o nd to sp ecific physical systems or to g iven statistical character is tics. T o test a certain randomness property , several output seque nc e s of the genera tor under test are taken. As one knows a prior i the sta tistical distribution of p os sible v alues that tr ue random sequences would b e likely to exhibit fo r that prop erty , a conclusio n can b e obtained up on the proba bilit y of the tested sequences to be random. Mathematically this is done a s follows [4]. F or each test, a statistic vari able X is sp ecified along with its corr esp ondent t he or etic al r andom distribution funct ion f ( x ). F or non-ra ndom sequences, the statistic ca n b e exp ected to take on larger v alues, t ypically far-out in the tails of f ( x ). A critic al value x α is defined for the theoretical distribution so that P ( X > x α ) = α , that is called the signific anc e level of the test. In the sa me wa y , theoretically other distr ibutio n functions a nd a β v a lue could be defined to assess no n-random pro per ties. But in practice, it is impo ssible to calculate all distributions that describ e non-ra ndo mness, for ther e are an infinite num ber of wa ys that a data stream can be no n-random. When a test is a pplied, the test statistic v a lue X s is computed on the sequence being tested. This test sta tistic v alue X s is co mpared to the critical v alue x α . If the test statistic v alue exceeds the critical v alue, the hyp o thesis for random- ness is rejected. The rejection is do ne with a (100 ∗ α )% pr obability o f having F ALSE P OSITIVE err o r. This is ca lled a TYPE I err or , whe r e the sequence was random and is rejected. Otherwise is not rejected (i.e., the h ypo thesis is accepted) with a probability o f (10 0 ∗ β )% of error. This is called TYPE II erro r or F ALSE NEGA TIVE, the sequence w as non-random and is accepted. As a consequence, passing the test merely provides a probabilistic evidence that the generator pr o duces sequence s which hav e c e rtain characteristics of r andomness. F or a given applica tion, the v alue of α must b e selected appro priately . This is because if α is too high, TYPE I errors may fre q uent ly occur (respectively , if α is to o low the sa me will happen for TYPE II error s). F or cryptogra phic applications t ypical v alue s o f α a re selected in the interv al αǫ [0 . 001 , 0 . 01], whic h is als o r e ferred as a confidence lev el for the test in the int erv al [99 . 9% , 99%]. Unlik e α, β is not fixed, for it depends on the non-randomness defects of the generator . Nevertheless α, β and the size ( n ) of the tested sequence are rela ted. Then for a given statistic, a critica l v alue and a minim um n sho uld b e selec ted to minimize the probability of a TYP E I I er ror ( β ). There exist different well-known s ources of test suites av ailable, such as those describ ed by Knuth [6], the Marsaglias Diehard tes t suite [5 ] or those of the National Ins titute of Standar ds and T echnology (NIST) [4]. But there a re ma ny more, p erhaps not so nicely pack a g ed as in the w orks men tio ne d ab ov e, but still useful ( [22], [23 ], etc.) . In these collections of tests, ea ch test tries a differen t random prop erty and gives a way of interpreting its results. In the present w ork, Marsaglia ’s Diehard test suite (in [5]) and NIST Sta- tistical T est Suite (in [4]) were selected, for they are very acces s ible and widely used. T able 1 lis ts the tests co mprised in these suites. Number Diehard test suite NIST test suite 1 Birthday spacings F requency (monobit) 2 Overlapping 5-p ermutation F requency test within a blo ck 3 Binary rank test Cumula tive sums 4 Bitstrea m Runs 5 OPSO Longest run of ones in a blo ck 6 OQSO Binary matrix rank 7 DNS Discrete fourier transform 8 C ount-the-1’s test Non-o verlapping template matc hing 9 A parking lot Overlapping template matching 10 Minim um distance Maurer’s universal statistica l 11 3D-spheres Approximate entropy 12 Squeeze Random excursions 13 Overlapping sums Random excursions v ariant 14 R uns Serial 15 Craps Linear complexity T able 1. List of tests comprised in the Diehard and NI ST test suites. In each test, the statistic v a lue X s is obtained and used to calcula te a p- v alue that s ummaries the strength of ev ide nce against the randomness of the tested sequence. In Marsaglia’s Diehard test suite, p-v a lues should lie within the interv al [0 , 1) to ac c ept the P RBG. In NIST Statistical T es t Suite, p-v a lues should b e g reater tha n α for a cceptance. 4 Pseudo-Random B it Generation based on t he H` enon Map In [10], an algorithm is pres en ted to obtain a chaotic PRBG using the H´ enon map. The H ´ enon map [24] is a 2D discrete-time no n linear dynamical system represented b y the state equations: x k +1 = ax 2 k + y k + 1 , y k +1 = bx k . (2) This sys tem dep ends on tw o par a meters, a and b. Dep ending on the v alues of these parameters the system may b e c haotic, intermitten t, or converge to a per io dic orbit. The map has a so called cano nical form for the parameter v alues a = 1 . 4 and b = 0 . 3 which is depicted in Fig. 2 . F or the canonical v alues the H ´ enon map presents a chaotic attractor. This mea ns that an initial p oint of the plane will e ither a pproach a set o f p oints kno wn a s the H ´ enon str ange attractor, or diverge to infinity . In Fig. 1 the functional blo ck structure of algo r ithm [10] is repre s ent ed and it is explained in the following paragra phs. b a 1 Henon System x y i-1 i-1 > τ x > τ y y i x i -1 -1 b x b y b x i i P*i b y delay delay Sub-space decision P*i O (j) Binary Mixing Fig. 1. F unctional structure of M. Su neel’s numerica l algorithm. In this ca se, the technique of dividing the pha s e space in four s ub-spaces is used. This is done in the blo ck named as Sub-sp ac e de cision in which the threshold v alues, τ x and τ y , are employ ed to conv er t the po int s in to a binary sequence, b y mea ns of the following equations: b x =  0 if x ≤ τ x 1 if x > τ x ; b y =  0 if y ≤ τ y 1 if y > τ y . (3) A purely statistical pro cedure is pro po sed in [10] to obtain τ x and τ y . They are ca lculated as the medians of a large T set o f x v alues (for τ x ) and y v alues (for τ y ). Mor e precisely , the v a lue of τ x and τ y are the media ns of the fir st T = 1 0 00 iterations of the system. Fig. 2(a) shows, a s an example, o ne orbit o f the H´ enon map with the τ v a lues a nd subspaces co nsidered for that case. After obtaining S x = { b i x } ∞ i =1 and S y = { b i y } ∞ i =1 , they are sampled with a frequency of 1 / P (each P iter a tions) and B x = { b P ∗ i x } ∞ i =1 and B y = { b P ∗ i y } ∞ i =1 are obtained. The effect o f skipping P consecutive v a lues of the or bit is necessary to get a r andom macros copic b ehaviour. With this op eratio n, the co rrelation ex - isting betw een cons ecutive v alues generated b y the c haotic s ystem is elimina ted, in a w ay such that ov er a P min , sequences generated with P > P min will app ear macrosco pically random. Although P is nor mally in tro duced as an a dditional key parameter in pseudo-ra ndom s equences generation [25], it strongly deter- mines the sp eed o f the generation algorithm. Consequently it is reco mmended to b e kept as s ma ll as p ossible. The output binary pseudorandom seq ue nc e O ( j ) is obtained in the block named Binary mixing in Fig. 1. Here a mixing op era tion is p er formed with the current and previo us v alues of the s equence B ( j ) = [ B x ( j ) , B y ( j )]. The op era tio n is given b y the truth table sketched in T a ble 2 . B y ( j − 1) B y ( j − 2) 0 1 0 B x ( j ) Not( B x ( j )) 1 B y ( j ) Not( B y ( j )) T able 2. T ru th table generating the binary sequen ce. In the exp osed algorithm the selection of the τ v alues is the determinant factor for a un iform distribution o f each of the c o ordinates of the phase states within different sub-spaces. According to [10], these v alues should b e chosen in a w ay that approximately half of the x (or y v alues) obtained o v er the iterations of the system lay at ea ch side of the thresho ld. This fact leads us to co nsider the interest o f ana lyzing in detail the op erations per formed in the H ` enon system and Sub-sp ac e de cision blo cks of Fig. 1 . The ob jective is to trace the visits of the orbit states into each sub-space, c onsequently gaining knowledge of how to obtain the binar y seq uence [ b i x , b i y ]. Fig. 2(a) pr esents the e volution of the H` enon system in the phase spac e for a giv en s et pa rameters and initial conditions. The phase space is divided in 4 sub-spaces, which are named as 1,2,3 and 4 according with the differen t outputs [ b i x , b i y ] of the S ub-sp ac e de cision blo ck. The output v alues [0 , 0 ], [1 , 0], [0 , 1] and [1 , 1] cor r esp ond to sub-spaces names 1,2,3 and 4 resp ectively . −1 −0.5 0 0.5 1 −0.4 −0.3 −0.2 −0.1 0 0.1 0.2 0.3 0.4 4 [1 1] 3 [0 1] 1 [0 0] 2 [1 0] τ y τ x 4 [1,1] 1 [0,0] 3 [0,1] 2 [1,0] (10%) (10%) (40%) (40%) 20% 80% 50% 50% (a) (b) Fig. 2. (a) Representation of the canonical H` enon map with parameters v alues a = 1 . 4 and b = 0 . 3. The picture shows 3000 iterations from the initial state X 0 = [ − 0 . 75 , − 0 . 02]. The τ v alues ca lculated after the first T = 10 00 iterations are τ x = 0 . 4046 59 and τ y = 0 . 121397. (b) Finite state automaton summarizing t he distri- bution of visit of each sub-space. According to Fig. 2(a), at one instant of time i , o ne sub-space is visited and this give the corresp onding v alues [ b i x , b i y ]. As the sys tem evolv e s, the mo v ement betw een the different sub-spa ces can b e re s umed in the finit e state automaton represented o f Fig. 2(b). This automata summar iz es the complete b ehaviour of the blo cks under s tudy and can be des crib ed a s follows: (a) The 8 0% of the time, there is a bi-directional oscillation b etw een sub-spaces 2 and 3 (equally balanced with a 50%). Apparen tly ther e are no consecutive visits o f the same sub-space. This leads to an oscillatio n of [1 , 0 ] and [0 , 1] betw een the binary states of the seq uence [ b i x , b i y ]. (b) The rest 2 0% of the v isits ar e equally distributed in to sub-s paces 1 and 4 (with a 50% each). It may make s mall r uns in 1 or 4 , but normally the system mainly spins in counter clo ck direc tio n around the cen ter of the subspace s division. It circles around 3-1 -2, o r 2-4 -3 to fall in the 3-2 oscilla tion, or it makes a c o mplete round along 1-2-4-3 . This leads to a n oscilla tion b etw een the binary states o f the sequence b i y (en try v alue in binary mixing equatio n of T able 2, a s B y ( j − 1) and B y ( j − 2 )). Although the four sub- spaces are not visited eq ually , there exists a symmetry of mo vements b etw een sub-spaces 1 -3 a nd 2-4, whic h has a characteristic mixing of 50% and 50%, as long as a predomina n t (80%) and constant tra nsition b etw ee n 3 and 2. This leads to a highly v a riation of binary v alues in sequence s S x , S y . In the end, these conditions give the final result of an output sequence O ( j ) with a prop er balance of ze ros and ones, o r put it in a nother wa y , with pseudo -random prop erties. 5 Pseudo-Random B it Generation based on t w o-dimensional c haotic ma ps of logist ic t yp e As it has b een exp osed the c hoice of the H´ enon in Fig. 1 was rather arbitrar y and similar results should also b e attainable with o ther 2D maps [10]. This means that a substitution o f the H` enon system block by a ny other 2D chaotic s ystem would po ten tially pro duce O ( j ) sequences with pseudo-random prop er ties. T o pr ov e the generality of the algor ithm, the pres e n t pap er explor es the application of Fig . 1 to a specific family o f 2D chaotic maps, q uite different in nature and geometrica l prop erties to the H ` enon map. 5.1 Pseudo-Random Bit Gene rator In [11 ], L´ op ez-Ruiz and P´ erez-Gar c ´ ıa analyze a family of three chaotic s y stems obtained b y co upling tw o logistic maps. The fo cus her e will b e made on mo dels (a) and (b), whic h will b e called Logis tic Bimap system A and B: S Y S T E M A : T A : [0 , 1] × [0 , 1 ] − → [0 , 1] × [0 , 1] x n +1 = λ (3 y n + 1) x n (1 − x n ) y n +1 = λ (3 x n + 1) y n (1 − y n ) S Y S T E M B : T B : [0 , 1] × [0 , 1 ] − → [0 , 1] × [0 , 1] x n +1 = λ (3 x n + 1) y n (1 − y n ) y n +1 = λ (3 y n + 1) x n (1 − x n ) (4) Amazingly , these systems show the following symmetry T A ( x, y ) = T B ( y , x ), which implies that T 2 A ( x, y ) = T 2 B ( x, y ). F r o m a g eometrical po int of view, b oth present the same chaotic attractor in the in terv a l λ ∈ [1 . 032 , 1 . 08 43]. The dy- namics in this regime is par ticularly in terla ced ar ound the saddle po in t P 4, that plays an impo r tant role for o ur prop oses: P 4 = [ P 4 x , P 4 y ] , whe re P 4 x = P 4 y = 1 3 1 + r 4 − 3 λ ! . (5) On the other hand, their dynamics hav e some differences. In Fig. 3 one can see one orbit and the spectr um for both systems with a given set of eq ual initial conditions. 0 100 200 300 400 500 0 0.2 0.4 0.6 0.8 1 n x(n) 0 0.1 0.2 0.3 0.4 0.5 0 500 1000 1500 w S(w) 0 0.2 0.4 0.6 0.8 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 (a) (b) 0 100 200 300 400 500 0 0.2 0.4 0.6 0.8 1 n x(n) 0 0.1 0.2 0.3 0.4 0.5 0 500 1000 1500 w S(w) 0 0.2 0.4 0.6 0.8 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 (c) (d) Fig. 3. Chaotic attractor, temp oral iterations and sp ectrum with λ = 1 . 07 and X 0 = [0 . 737 , 0 . 747] for System A ((a),(b) resp ectively) and System B ((c),(d) resp ectively). It ca n b e seen in Fig. 3 (a) and (c), that the mov ements in the or bits have tw o lobules at each side of the diag onal a xis, folding in P 4, where the dynamics of the systems turns out to b ecome err a tic. The spectrum of this movemen t is also shown in Fig . 3 (b) and (d), where the differences ca n b e appreciated. Sy stem A pro duces an o s cillation of p erio d tw o, that makes it jump over the diagonal axis alternatively b et ween p oints consecutive in time. T o obtain the Symmetric Coupled Logistic Map PRBG, the algor ithm pre - sented in [1 0] is applied o n System A. Its functional blo ck structur e is repre- sented in Fig. 4. The thresho ld v a lues τ x and τ y are calculated as the medians of x i and y i v alues calculated for a la rge set o f T = 1000 initial itera tions. λ 1 Logistic Bimap (System A) x y i-1 i-1 y i x i -1 -1 b x b y b x i i P*i b y P*i Binary Mixing O (j) delay delay Sub-space decision 1 -1 3 3 1 -1 λ 1 > τ x > τ y Fig. 4. F unctional blo ck structure of the prop osed algorithm in [10] for Sy stem A. Different O ( j ) binary sequences are created with Fig. 4 and submitted to sta - tistical tes ting as des c rib ed in section 3 . Unfortunately the sequenc e s so for med do not pass the minim um requirements of rando mness assessed b y Diehar d T es t Suite. The res ults ar e found to ge t worse for lar ger shift v alues P or longer se- quences. Similar results were obtained for System B. Therefo r e algor ithm in Fig. 1 it is no directly a pplicable to other 2 D chaotic maps. Something else must b e taken int o c o nsideration in this approach. A t this p oint, it was f ound that the merely equal-statistica l division of x i and y i comp onents by median threshold v alues for a num b er of initial iter ations do es not w ork . Moreo ver it was fo und that, one m ust select the div ision lines betw een sub-spac e s so tha t the new 2 D chaotic system follows a finite state automata similar to the one depicted in Fig. 2(b). Consequently , the geometrical characteristics of the system m ust be ta ken in to ac count. That means that the substitution of the H` enon syst em blo ck is no t eno ugh to extend the alg o rithm to other 2D chaotic systems. One needs also r eplace the sub-sp ac e d e cision blo ck. Therefore a refined k nowledge of the geometrical prop erties o f the chaotic system is a priory required to build the PRBG. This makes the extensio n of the algorithm p ossible in fact, but not so stra ig ht forward. The kno wledg e of the nec e ssary finite automata can help to ma ke the pr o cess systematic. Let us apply the finite a uto mata scheme to the symmetric coupled logis tic maps Systems A and B. T o get this a utomata one should chose the diagonal axis, as the first divis ion line. This is beca use, this axis divides pha se space in tw o parts each of which is equally visited (50%). And additional statis tica l calculus is requir e d to divide these tw o sub-spaces, in ano ther tw o with a visiting rate of 40%-10 % each one. When this is done, one can o bserve that this is got b y mer ely selecting P4 a nd the line p er p endicula r to the diago na l axis in P4 as the other division line. This gives the final sub-space division indep endence of the initial point o r iterations and a differen t geometrica l division from the initial ca rtesian propo s al. As a last step, the sub-spa c es are fina lly lab eled (1,2,3 or 4) acc ording with their po sition in the finite a utomata to ma tch 2(b). The final s ub- space division for e ach system is presented in Fig. 5(b) and 5(d), along with the indications of the e volution of the visits to each sub-space. 4 [1,1] 1 [0,0] 3 [0,1] 2 [1,0] (10%) (10%) (40%) (40%) 20% 80% 50% 50% 0 0.2 0.4 0.6 0.8 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 2 [1 0] 4 [1 1] 3 [0 1] 1 [0 0] (a) (b) 4 [1,1] 1 [0,0] 3 [0,1] 2 [1,0] (10%) (10%) (40%) (40%) 20% 80% 50% 50% 0 0.2 0.4 0.6 0.8 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 2 [1 0] 3 [0 1] 1 [0 0] 4 [1 1] (c) (d) Fig. 5. (a) Finite automata and (b) final sub-space division for System A. (c) Finite automata and (d) final sub -space division for System B. (In b oth cases, λ = 1 . 07). Both systems p osses s imilar statistical pro per ties with different mov ement across the diagona l axis. The automata represented in Fig. 5 (a) and (c), and that of Fig. 2(b) are similar in many asp ects. The only differenc e b e tween them is the pace of consecutive v isits take place , but the mixing prop ortions of 50%- 50% and 80 %- 20% are maintained. F r om this finite automata is p ossible to build the required Sub-sp ac e de cision blo ck. Finally the initial algorithm in Fig. 1 applied to System A, is mo dified with the appropria te Sub-sp ac e de cision blo ck. The final PRBG functional s cheme is represented in Fig. 6. λ 1 Logistic Bimap (System A) x y i-1 i-1 y >x y i x i -1 -1 b x b y b x i i P*i b y P*i Binary Mixing O (j) delay delay Sub-space decision 1 -1 3 3 i i y >-x+ 2P4 i i x 1 -1 λ 1 Fig. 6. F unctional b lock structure of th e PRBG app lied to the symmetric coupled logistic map PRBG with System A. Different sequences a r e obtained with the sy s tem of Fig. 6 in next sub-s ection. Their r andomness is assessed and it demonstra tes them statistically v alid for cryptogr a phic applica tions. This ma y indicate that the automata scheme de- scrib ed here represents a sufficient condition to o btain pseudo-ra ndomness. Consequently , it may r epresent a systematic scheme to extend the algorithm in [10] to get PRBG o n other c haotic maps. The co st of this algorithm and its hypothetical achiev a ble k ey-space for cryptog raphic applications are also es ti- mated in subsection 5.3. 5.2 Pseudo-Random Sequences and Statistical testi ng T o assess the rando mness o f the PRBG o btained in the previous section with systems A and B, several sequences a re o btained and submitted to the Diehar d [5] a nd NIST [4] test suites descr ibe d in section 3. The significance level of the tests was set to a v a lue appro piate for cryptog raphic applica tions ( α = 0 . 01 ). Similar r esults were found for b oth systems and for s implicit y , only those ob- tained with system A w ill b e presen ted here after. T en se q uences were genera ted with six different sets of initia l conditions. Their characteristics are describ ed in T able 3. Sequence S1 S2 S3 S4 S5 S6 x 0 0 . 98912 5 0 . 49133 5 0 . 672757 0 . 72 6874 0 . 39 565 0 . 9998 51 y 0 0 . 68912 5 0 . 69133 5 0 . 497757 0 . 90 1874 0 . 49 565 0 . 6498 51 λ 1 . 04869 1 . 05392 1 . 06961 1 . 08007 1 . 06438 1 . 07489 P D min 55 45 35 47 n.a. n.a. P N min 83 105 83 83 100 85 T able 3. Parameters P D min and P N min for different sequences S i , i = 1 , .., 6, with different initial conditions ( x 0 , y 0 ) and map parameter λ . Six of them (S1,S2,S3,S4,S5 a nd S6) were tested with Nist tests suite with 200 Mill. of bits and four of them (S1,S2,S3 and S4) were tested with Dieha rd tests suite with 8 0 Mill. of bits. Here, the par ameters P Dmin and P N min are the minim um sampling ra te or shift fa ctor, P min , over which, a ll s equences ge ne r ated with the same initial conditions a nd P > P min pass Diehard or Nist tests suites, resp ectively . It is observed here, that the Nist tests s uite requires a higher v alue of P min and that S5 and S6 were not tested with Diehard battery of tests. In the Diehard tests suite, each o f the tes ts returns one or several p-v a lues which should b e uniform in the interv a l [0,1) w he n the input sequence contains truly independent random bits. The soft ware av ailable in [5] provides a total of 218 p-v alues for 15 tests, and the uniformity r equirement can b e asses sed graphically , when plotting them in the interv al [0,1). F or example Fig. 7 shows the p-v a lues obtained for three sequences (a),(b) and (c) with the s ame initial c o nditions S1 , and different sa mpling facto r P . 20 40 60 80 100 120 140 160 180 200 220 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Number of p−Value p−Value 20 40 60 80 100 120 140 160 180 200 220 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Number of p−Value p−Value (a) (b) 20 40 60 80 100 120 140 160 180 200 220 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Number of p−Value p−Value 20 40 60 80 100 120 140 160 180 200 220 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Number of p−Value p−Value (c) (d) Fig. 7. Diehard test suite p-v alues obtained with all tests for initial conditions S1 with (a) P = 20 , (b) P = P D min = 55 and (c) P = 110 . In (d), p-v alues obtained for initial conditions S1,S2,S3 and S4 with P = P D min of T able 3. The first one, Fig. 7(a), demonstrates graphically the failur e of the tests, for there is a non- unifo r m c lus tering of p-v a lues around o ne. Fig. 7(b) shows the uniformity obtained with P Dmin = 55 ov e r the interv al [0,1). A b etter uniformity can b e a ppreciated when P > P Dmin in Fig. 7 (c). Sequences S1 to S4 where proved to pa ss the Diehard battery of tests with significance lev el α = 0 . 01. Fig.7(d) presents a graphical repres en tation o f the p-v alues obta ined for each se q uence with sampling facto r P = P Dmin of T able 3. It ca n b e observed that some p-v alues a re o ccasionally near 0 or 1. Although it can not b e well apprecia ted in the figure, it has to be said that those nev er really reach these v alues. In the Nist tes ts suite [4], one or more p- v alues ar e also returned for each sequence under test. These v alues should b e gre ater than the sig nificance level α , which was selected to α = 0 . 01 as in the Diehard case . These tests also req uir e a sufficiently high leng th of seq ue nce s and to prov e randomness in one test, tw o conditions should b e verified. First, a minimum p er cent age of sequences should pass the test and se c ond, the p-v a lues o f all se q uences should als o b e uniformly distributed in the int erv al (0 , 1). F or this ca s e, e ach of the s ix sequences with initia l conditions S1 to S6 ar e arrang ed in 2 00 s ub-sequences of 1Mill. bits each a nd submitted to the Nist battery of tests. Sequences S proved to pass all tests ov er a minimum v a lue P N min , shown in T a ble 3. In Fig.8(a) and 8(b), the results obtained for S 1 and S 4 respec tiv ely are graphically presented, as a n exa mple of what was obtained for each S . The tests in the suite are n um ber e d a ccording to T a ble 1. Fig. 8(a) represent s the per centage of the 200 sub-sequences of S1, that pass each of the 1 5 tests of the suite. These p ercentages are over the minimum pa ss rate required of 96 . 8 893% for a s ample s iz e = 2 00 binar y sub-sequences . Fig. 8(b) describ es the uniformity of the distribution of p-v alues obtained for the 15 tests of the suite. Here, uniformity 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0.96 0.965 0.97 0.975 0.98 0.985 0.99 0.995 1 Test number Proportion of sub−secuences that pass 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 0 10 20 30 40 Test number Uniformity of p−values for S4 P−values interval (a) (b) Fig. 8. In (a), t he prop ortion of sub-sequen ces of S1 that passes eac h test is displa yed. In (b) The d istribution of p-v alues of S4 is examined for eac h t est to ensure uniformit y . The in terv al b etw een 0 and 1 is divided in ten sub-interv als ( C 1 , C 2 , ..., C 10), and the p-v alues t h at lie within each subin terv al are counted and p lotted. is assesse d. The in terv al (0,1) is divided in ten subinterv a ls ( C 1 , C 2 , ..., C 10) and the num ber o f p-v alues that lay in eac h sub-interv al, among a total of 2 00, a re counted and prov ed to b e unifor m. 5.3 Key space si ze and com putational cost T o establish the complexity , and conseq ue ntly the sp eed of the PRBG describ ed in Fig. 6, the princ iple of inv arianc e is obser ved. This says that the efficiency of one alg orithm in different execution environments differs only in a m ultiplicative constant, when the v alues of the pa r ameters o f cost a re sufficient ly hig h. In this s e nse, the asymptotic b ehaviour of the computatio nal cost o f the PRBG is governed by the calculus perfor med in the chaotic blo ck. This blo ck per forms P iterations to o btain an o utput bit, O ( j ). The capital theta notation ( Θ ) can b e use d to descr ibe an asymptotic tig ht bo und for the magnitude of cost of the P RBG. And co nsequently , the 2D s ym- metric coupled logistic maps hav e a computational cost or complexity of order Θ ( P ∗ n ). Let us determine the op erative range of initial conditions and para meters v alues that can be applied to the PRBG in Fig. 6 . This range, when the PRBG is used in c r yptogra phy applications is known as the key-space. Then, this range or the key space is determined by the interv a l of the pa rameter λ and the initial conditions that keep the dynamical system in the chaotic regime. These a re λ ∈ [1 . 032 , 1 . 0843] , x 0 ∈ (0 , 1) and y 0 ∈ (0 , 1 ). The sampling parameter ca n also be considered as another parameter of the k ey space. O ne must observe that P should b e k ept in a suitable r ange, so that the PRBG is f ast eno ugh for its desired application. These in ter v als can b e denoted with brack ets and calculated as [ λ ] = 0 . 0523, [ x 0 ] = 1, [ y 0 ] = 1 and [ P ] = 8890 , when taking [ P ] ∈ [110 , 9 0 00] as the range of the sampling factor. Let us co nsider ǫ 32 ≈ 1 . 1921 × 10 − 7 as the smallest av a ilable pr ecision for fixed-p oint representation with 32 bits and its co rresp ondent magnitude ǫ 64 ≈ 2 . 2204 × 10 − 16 for floa ting -p o int num b ers with 64 bits. These quantities give us the m aximum n um ber of p o s sible v a lues of every parameter in any of the tw o representations. This is easily co mputed dividing the in ter v als b y ǫ , a s K λ = [ λ ] /ǫ , K x 0 = [ x 0 ] /ǫ , K y 0 = [ y 0 ] /ǫ and K P = [ P ] /ǫ . The total size of representable parameter v a lues is given by K , calcula ted as K = K λ × K x 0 × K y 0 × K P . K is the size of the av ailable key-space and its logar ithm in bas e 2 g ives us the av ailable length of binar y keys or entries to pro duce pseudo-rando m sequences in the generator . The v alues obtained for each num b er precision, are K 32 = 2 . 3 2 × 10 30 with a key length of 10 0 bits for sing le pr ecision a nd K 64 = 1 . 91 × 10 65 , with a key le ng th of 21 6 bits for do uble precision. These results are encouraging for r ecommending the use of the P RBG in Fig . 6 for cryptogr a phic applications, where a length of keys g reater tha n 100 is considered strong eno ugh aga inst brute force attacks, [12]. Nevertheless, it has to be said in the sake o f accura cy that the calculus of the key space is a coa rse e stimation and that a deeper s tudy is r e quired for an exact ev aluation [12]. One m ust keep in mind that c haotic systems a re highly sensitive to the parameter v alues a s w ell as to the initial conditions and a slightly c hange in its v a lues can pro duce very different evolutions, even taking the system from a qua s i-random b ehaviour to a p e r io dic or bit. This can b e eas ily understo o d if one thinks of the chaotic attractor as an infinite conglo merate of orbits which are per io dic and uns table. This mea ns that the system jumps from one to ano ther without stabilizing in any of them. This is the origin of its insta bility and of its appare nt mac roscopic random behaviour. With a minimu m c hange in the parameter s or initia l conditions an immense quantit y of bifurcations ar e taking place. This mea ns that many per i- o dic orbits ar e b eing created and others ar e dis a ppe a ring. So it is p oss ible that apparently v alid cont iguous v alues in the key-space lea d to per io dic and rando m behaviour resp ectively in each case. These phenomena is even more exa ggera ted when c omputational pr ecision is taken into account. The con tin uum chaotic tra - jectories ar e truncated and p erio dicit y is prone to app e a r with mo re intensit y . Another possibility is that the dynamics ca n diverge tow ards infinity . In the sys- tems presented here an initia l calculus of 100 iter ations is eno ugh to ensure the bo undless o r go o dness of the initial co nditions. 6 A new P RBG based on c haotic v ariables sw apping The PRBG obtained in Fig.6 on the Symmetric Coupled Logistic Maps Systems A and B demonstrate to hav e suitable b ehaviour for most string en t applications, such as crypto. Although this could seem pro mising enough for the algorithm, a further improv ement could b e achiev ed if one takes a dv antage of the sp e cific symmetry characteristics of these chaotic systems. Let us observe that the systems under conside r ation present a symmetry with resp ect to the diag onal ax is. Co nsider now a simple interc hange (or swap) of co ordinates x and y in an or bit state. This pr o duces a jump to a conjugated orbit (see Fig. 9 ) but the a ttractor a nd the chaotic r egime are not affected. In these circumstances, a swapping of co o rdinates c o uld b e in tr o duced in the algorithm of Fig. 6, without altering its pseudora ndo m pr op erties. In pra ctice, the sw apping ca n b e an additional step at the input of the sys tem, which is applied at specific instants i − 1 as desired. When th e swapping is applied at a constant r ate S, a sw ap of coo rdinates is in tr o duced every S itera tions, or instants o f time. This means t he following p erfo r mance: either of the systems evolv e s alo ng one sp ecific o rbit during a n umber o f S iteratio ns , then a swap in the co o rdinates is intro duced (swapping x ↔ y ) a nd a jump to a co njugated orbit is pro duced. Let us call S the r ate of swapping or the swapping factor. In Fig. 9 a schematic diagram is pr esented to depicter more clea rly the swapping pro ce dur e in Systems A and B. When starting with the sa me initial conditions, one orbit and its conjugated ar e presented, jumping fro m one to the other is p ossible thanks to the swapping factor. 0 0.2 0.4 0.6 0.8 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0 1 1 2 2 3 3 4 4 5 5 0 0.2 0.4 0.6 0.8 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 1 2 3 4 5 0 1 2 3 4 5 (a) (b) Fig. 9. Five p oints in the ev olution of tra jectories for system A ( a) or system B (b) when starting wi th λ = 1 . 07 and th e same initial cond itions [ x 0 , y 0 ] (p oint 0 with star mark er) and its co ordinate conjugated [ y 0 , x 0 ] (p oint 0 with circle marker). It can b e observed th e symmetry of t h e conjugated tra jectories and th e difference b etw een systems A and B. In system A th ere is a jump a long the diagonal axis with every iteration. This no vel mechanism of sw apping is named b y the authors as symmetry- swap , for it consists o f a sw ap b etw een c o ordinates in mappings with par ticu- lar symmetry characteristics . The interesting thing ab out it, is that no m atter what num b er of co ns ecutive iter ations and sw aps are pe rformed to the sys tem, the c haotic behaviour a lwa ys prev ails. Logically , this particular fact w ill make pseudo-rando mness to prev ail to o. The authors explor ed the construction of a s wapped PRBG following algo- rithm in Fig . 6 with system A as desc rib ed in section 5, and adding a constant swapping factor of v alue S in the input. T en pseudo-random binary sequences were gener a ted with the sa me characteristics (initial conditions and length) a s the ones descr ibed in T able 3. A swapping factor of S = 90 w as a pplied for sequences to b e tested with Diehard test suite. T o illustrate a different v a lue, a swapping factor of S = 50 was c hosen with NIST’s suite. The sequences o f the swapped PRBGs de mo nstrated similar random results when submitted to the tests. V er y similar P min v alues to those in T a ble 3, or even the sa me, were ob- tained in a ll cases. Fig. 1 0 shows gr aphically the r e sults obtained and illustrated the s uc c ess of the tests. Unsurprisingly , this demonstra tes that in this ca s e the symmetry-swap main ta ins pseudo -randomness . 20 40 60 80 100 120 140 160 180 200 220 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Number of p−Value p−Value 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0.96 0.965 0.97 0.975 0.98 0.985 0.99 0.995 1 Test number Proportion of sub−secuences that pass (a) (b) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 C1 C2 C3 C4 C5 C6 C7 C8 C9 C10 0 10 20 30 40 Test number Uniformity of p−values for S1 P−values interval (c) Fig. 10 . In (a), p- v alues obtained with all tests of Diehard test suite for initial condi- tions S1,S2,S3 and S4 with P = P D min and S = 50. In (b), it is displa yed the prop ortion of sub- sequences that pass NIST tests suite with initial conditions S1, P = P N min and S = 50. I n (c), th e distribution of p -v alues for each test with t h e same conditions of (b) demonstrates the requ ired un iformit y . It is imp ortant to observe at this p oint, that the intro duction of a swapping factor S do es not p enalizes the computational cost of the r e sulting PRBG. Its asymptotic b ehaviour is again dominated by the chaotic blo ck. As a result, the swapped 2D symmetric coupled logistic maps P RBGs hav e an asymptotic tight bo und of order Θ ( P ∗ n ). Another v aluable asp ect to rema rk is, that the swapping fa ctor S can offer an improv emen t in the ra nge of input v a lues of the initial PRBG a lg orithm. In cryptogr a phy , this means an enhancement in secur it y and it can be o bta ined straight from the fact that S , cons ider ed as a constant v alue, ma y represent a new free parameter in the key-space. Let us co nsider that the useful v a lues of S could range in the in terv al S = [1 , n ], wher e n is the num ber of bits generated. T aking n for a typical v alue of 1 Mill. of bits, this would enlarge the key space calculated in subsection 5.3. F ollowing analogous calculations, with [ S ] = 100 0000 and K S = [ S ] /ǫ , then K = K λ × K x 0 × K y 0 × K P × K S will b e increa sed to 143 for single precis io n and to 288 for double precision. The enlargement of the key space mak es the swapped algo rithm stronger a gainst brute for ce attack than the non-swapp ed one. Even more, o ne may think that the intro duction o f a swapping factor S ca n be applied in m ultiple w ays. Consider, for example, different v alues o f S used al- ternatively in the pro cess, this may make the swapping factor many dimensional. Another w ay c o uld be to consider a n S v a lue v ar iable in time. The sw apping factor ca n a lso offer an easy feedback mechanism, when mak ing its v alue dep end- able o f the o utput. Ther efore the symmetry-swap mechanism is a v ery flexible to ol. In the end, it ca n be observed that the symmetry-swap offers a remark able adv antage, while maintaining sp eed and simplicit y of the initial PRBG algo - rithm. 7 Conclusions In the presen t work, a refinement of the algorithm expo sed in [1 0] b y M. Suneel is presented. It consis ts of the introductio n of a finite auto mata that makes po ssible its application to o ther chaotic ma ps. In some way , this finite a utomata could b e said to extend the range o f a pplica tion of this a lgorithm fo r other 2D chaotic systems. This is r eferred in [7] as ma king the PRBG chaotic-system-free. The fact is that, while sy s tematic, the scheme presented in this pap er is no t straightforward. This is beca us e building the finite automata requir es necessa rily a deta iled study of the geo metrical pro per ties of the dynamica l evolution of the chaotic system. The author s apply this technique to build tw o new PRBG using tw o particu- lar 2D dynamica l sy s tems formed by tw o symmetrically coupled log is tic maps. A set of different pseudo-ra ndom s e quences are genera ted with one of the PRBG. Statistical testing of these s equences shows fine results of ra ndom prop erties for the PRBG. The estimation of the P RBG computational cost g ives an asymptotic tight bo und of Θ ( P ∗ n ). The av ailable size of input v alues or the key s pace is also calculated and a minim um length of binar y k eys of 100 a nd 216 bits is obta ined for simple and double precis ion resp ectively . These pr e limina ry results indicate a pr omising quality of the P RBG for cryptogra phic applications. Finally , a n enhancement of the previous PRBGs is obtained exploiting the symmetry characteristic of the Coupled 2 D Logis tic maps. This is done by a new mechanism named as symmetry-swap , that consists of a co or dinate swapping op eration in the input v ar iables o f the ch aotic s ystems. This gadget in tro duces an arbitra ry change of orbit in the evolution of the chaotic system. This novel strategy is o nly p ossible due to the symmetry inher ent and characteristic of the Coupled 2D mappings. It is observed that the symmetry-swap gives an additional degree of freedom to the chaotic P RB G algor ithm without additional computational p enalties. Af- ter obtaining this enhanced o r swapped PRBG, it is s hown that the c omputa- tional cost and pseudo-random prop er ties are similar to the previo us PRBGs obtained with the non-swapped algor ithm. The input v alues o r k e y spa ce is, how ever, largely increased. Swapping repr esents a nov el strategy for finding ad- ditional degrees o f freedom in the k ey space o f a chaotic P RB G. Introducing the sampling factor P a s an additional degree of freedom forces the designer to con- sider a tra de-off b etw een the rang e of P v alues and the sp eed of the a lgorithm. On the contrary , in tro ducing the sw apping facto r S implies no ex tra computa- tional cost. Moreover this degr ee of freedom can b e int ro duced in multiple wa y s. Some examples ar e to consider it as a consta n t v alue, as a time v arying one or as a feedback mechanism. There fo re the swapping facto r S can increase the security of the s ystem with great fle x ibilit y . The role of geometry a nd symmetry prop erties in the chaotic PRBG algo- rithm prese nted here has been prov ed noteworthy . This has been so, to the point that v aluable achiev emen ts ha ve b een o btained from them. The authors hop e that s imilar consider ations on other PRBGs may b e useful and help in achieving comparable results. Ac knowledgemen ts The authors acknowledge so me financial support by spanish grant DGICYT-FIS200612 7 81-C02 -01. References 1. H.N iederreiter, R andom Number Generation and Quasi-Mon te Carl o Metho ds. Philadelphia, P A: SIA M, 199 2 2. An derson, R.: Securit y Engineering, A Guide to Build Dependable Distribu ted Systems, John Wiley and Sons Inc., N ew Y ork (2001) 3. Menezes, A., v an Oorsc h ot, P ., V anstone, S.: Handbo ok of Applied Cryp t ograph y . CRC Press, Florida (1997) 4. NI ST Special Pu blication 800-22: A Statistical T est S u ite for the V alidation of Random Number Generators and Pseud o R andom Nu mber Generators for Cryp- tographic Applications, (2001) 5. Marsaglia, G.: The diehard test suite, 1995. http://stat.fsu. edu / geo/diehard.html 6. Knuth, D. E.: The Art of Computer Programming, V olume 2 ( 3rd Ed.): Seminu- merical Algorithms. Addison-W esley Longman Publishing Co., Massach usetts: Addison-W esley , 1997 . ISBN 0-201-89684- 2. 7. Li, S.: Analyses and New Designs of Digital Chaotic Ciphers. PhD t hesis, School of Electronic and Information Engineering, X i’an Jiaotong Universit y (2003) 8. Protop op escu, V.A., Santoro, R .T., T ollov er, J.S.: F ast secure encryption- decryption metho d based on chaotic dynamics. US Pa tent No. 5479513 (1995) 9. St o jano vski, T., Ko carev, L. : Chaos based R andom Number Generators. Part I: Analysis. IEEE T ransactions on Circuits and Systems I: F und amenta l Theory and Applications, V ol.43, pp 281-288 (2001) 10. Madhek ar, S.: Cryptographic Pseudo-Random Sequences from the Chaotic H´ enon Map. http://a rxiv.org/abs/cs/06 04018 (2006) 11. Lop ez-Ru iz, R., P´ erez-Garcia, C.: Dynamics of Maps with a Global Multiplicative Coupling. Chaos, Solitons and F ractals, V ol.1, pp 511-528, (1991) ; Lop ez-Ruiz, R ., F ournier-Prunaret, D.: Complex P atterns on the Plane: Different Typ es of Basin F ractalization in a Tw o-Dimensional Mapping, International Journal of Bifurcation and Chaos, V ol. 13, 287-310 (2003) 12. Alv arez G., Li, S.: S ome Basic Cryptographic R eq uirements for Chaos-Based Cryp- tosystems. International Journal of Bifurcation and Chaos, V ol.16, p p 2129-2151 (2006) 13. Li, S., Chen,G., Mou, X.: On the dyn amical degradation of digital piecewise linear chao tic maps. International Journal of Bifurcation and Chaos, V ol.15, pp 3119-3151 (2005) 14. Po-Han, L., Soo-Chang, P ., Yih-Y uh, C.: Generating chao tic stream ciphers using chao tic systems. Chinese Journal of Physics, V ol.41, pp 559-581 (2003) 15. Li, S., Mou, X., Cai, Y.: Pseudo-random bit generator based on couple c h aotic systems and its application in stream-ciphers cryptography . I NDOCR YPT 2001, LNCS, V ol. 2247, pp 316-329, Springer, Heidelberg (2001) 16. Collet, P ., Eckmann, J.-P .: Iterated Maps on the I nterv al as Dynamical Systems. Progress in Physics, Birkh auser. Cam b ridge (1980) 17. Mira, C., Gardini, L., Ba rugola, A., Cathala, J.-C. : Chaotic Dynamics in T w o- Dimensional Noninv ertible Maps. W orld Scientific Series on Nonlinear Science. Series A, vo l. 20. Singap ore (1996) 18. F ournier-Prunaret, D., Lopez-Ru iz, R., T aha, A.K.: Route to Chaos in Three- Dimensional Maps of Logistic Type. Grazer Mathematisc he Beric hte, 350, pp 82-95 (2006) 19. Bogdan, C., Charg ´ e, P ., F ournier-Purnaret, D .: Behaviour of chaotic sequ ences under a finite representatio n and its cryptographic applications. IEEE W orksh op on Nonlinear Maps and App lications (NOMA), T oulouse (2007) 20. Guck enheimer, J.M., H olmes, P .: Nonlinear Oscillations, Dyn amical S ystems and Bifurcation of V ector Fields. Springer-V erlag, 1983. 21. F alcioni, M., Palatell a, L., Pigolotti, S., V ulpiani, A . : Prop erties making a c h aotic system a go o d pseudo random number generator. Physical Review E, 016220 (2005) 22. R ¨ ut ti, M., T roy er, M., P et ersen, W.P .: A Generic Random Number Generator T est Suite. arXiv:math/041038 5v1 [math.ST] 18 Oct 2004 23. M. Mascagni. The scalable parallel random number generators library (sprng) for ASCI Monte Carlo computations. http://s prng.cs.fsu.edu/ (1999) 24. H´ en on, M.: A tw o-dimensional mapp ing with a strange attractor. Communications in Mathematical Physics, v ol 50, pp 69-77 (1976) 25. Ko carev, L.: Chaos-based Cryptography: a brief o verview. IEEE Circuits and Sys- tems Magazine, V ol.1, pp 6-21 (2001)