Professional Documents
Culture Documents
Parallel Chaotic Hash Function Construction Based On Cellular Neural Network
Parallel Chaotic Hash Function Construction Based On Cellular Neural Network
DOI 10.1007/s00521-011-0726-z
ORIGINAL ARTICLE
Received: 29 July 2010 / Accepted: 3 August 2011 / Published online: 20 August 2011
Springer-Verlag London Limited 2011
Abstract A new parallel chaotic Hash function, based on length message, which plays an important role in data
four-dimensional cellular neural network, is proposed in integrity protection [1], message authentication [2] and
this paper. The message is expanded by iterating chaotic digital signature [3]. The properties of Hash function
logistic map and then divided into blocks with a length of include one way, collision resistance, meet-in-middle-
512 bits each. All blocks are processed in a parallel mode, attack resistance and confusion and diffusion, etc. The
which is one of the significant characteristics of the conventional Hash function, such as MD5 [4] and SHA-1
proposed algorithm. Each 512-bit block is divided into four [5], is realized through the complicated method based on
128-bit sub-blocks, each of which is further separated into logical exclusive OR operation or multi-round iteration of
four 32-bit values and then the four values are mixed some available cipher. Since the security and efficiency of
into four new values generated by chaotic cat map. The conventional Hash function totally depend on the basic
obtained four new values are performed by the bit-wise cipher, more complicated computations are needed.
exclusive OR operation with four initial values or previ- Although each step of the former is simple, the process
ously generated four values, and then, they are used as the round will also be huge, even the message is very short.
inputs of cellular neural network. By iterating cellular Since Wang et al. [6] found an effective method to reduce
neural network, another four values as the middle Hash the complexity finding collisions of SHA-1, which was
value are generated. The generated values of all blocks are issued as a Federal Information Processing Standard by
inputted into the compression function to produce the final NIST [5], analysis and design of more secure Hash func-
128-bit Hash value. Theoretical analysis and computer tions have attracted great attention. Since chaos is a kind of
simulation indicate that the proposed algorithm satisfies the deterministic random-like process generated by nonlinear
requirements of a secure Hash function. dynamic systems, as a representative of chaos-based Hash
function, a combined encryption and hashing scheme based
Keywords Chaos Parallel mode Four-dimensional on chaotic maps presented by Wong [7] is firstly demon-
cellular neural network Four-dimensional cat map Hash strated that chaos is suitable for constructing new Hash
function functions. Since then, a series of chaos-based Hash func-
tions have been published [8–13]. It is found that the
confusion and diffusion properties of neural network have
1 Introduction been used to design encryption algorithms and its one-way
property is also suitable for new Hash function construction
As a basic module of modern cryptography, Hash function [14]. Since chaos has defects that the chaotic sequence
can map any message with arbitrary length into a fixed generated by chaos may degenerate cycle sequence, and
the neural network model may be too simple to defend
attacks, the combination of chaos and neural network is
Y. Li (&) D. Xiao H. Li S. Deng
promising to construct more complicated and secure Hash
College of Computer Science, Chongqing University,
Chongqing 400044, China functions [15–17]. However, the above algorithms have a
e-mail: yantaoli@foxmail.com; liyantao@live.com common weak point that their iterative hash structures are
123
1564 Neural Comput & Applic (2012) 21:1563–1573
2 3 2 3
all in a sequential mode, which greatly restricts the exec- x1 ðk þ 1Þ x1 ðkÞ
utive speed and efficiency. Moreover, the sensitivities of 6 x2 ðk þ 1Þ 7 6 x2 ðkÞ 7
6 7 6 7 mod 232
Hash value to the message units at different positions of 4 x3 ðk þ 1Þ 5 ¼ A4 x3 ðkÞ 5 ð3Þ
message are uneven. x4 ðk þ 1Þ x4 ðkÞ
In order to solve these problems, a new chaotic Hash
function processed in a parallel mode based on four- where A ¼ A12 A13 A14 A23 A24 A34 is a 4 9 4 matrix
dimensional cellular neural network is proposed in this constructed by multiplying C24 matrices, which is described
paper. The procedure of generating Hash value involves as follows:
four processes, including message expansion, parameters 2 3 2 3
1 a12 0 0 1 0 a13 0
initialization, blocked messages parallel processing and
6 7 6 7
128-bit Hash value generation. Theoretical analysis and 6 b12 1 þ a12 b12 0 0 7 6 0 1 0 07
6
A ¼6 7 6 7
computer simulation indicate that the proposed algorithm 76 7
4 0 0 1 0 5 4 b13 0 1 þ a13 b13 0 5
satisfies the performance requirements of Hash function in
a reliable, secure and efficient manner. 0 0 0 1 0 0 0 1
2 3 2 3
The rest part of this paper is organized as follows: Sect. 1 0 0 a14 1 0 0 0
2 introduces the preliminaries about one-dimensional cha- 6 7 6 7
6 0 1 0 0 7 60 1 a23 07
otic logistic map, one-dimensional chaotic skew tent map, 6
6
76
7 6
7
7
four-dimensional chaotic cat map and four-dimensional 4 0 0 1 0 5 4 0 b23 1 þ a23 b23 0 5
cellular neural network. In Sect. 3, the parallel chaotic b14 0 0 1 þ a14 b14 0 0 0 1
Hash algorithm based on cellular neural network is 2 3 2 3
1 0 0 0 1 0 0 0
described in detail. Performance is analyzed in Sect. 4. 6 7 6 7
Conclusions are drawn in the last section. 60 1 0 a24 7 60 1 0 0 7
6
6
76
7 6
7
7
40 0 1 0 5 40 0 1 a34 5
0 b24 0 1 þ a24 b24 0 0 b34 1 þ a34 b34
2 Preliminaries
ð4Þ
2.1 The one-dimensional chaotic map where the parameters aij and bij are integers in ½0; 232 1.
The value of aij and bij can be calculated by the fol-
The well-known one-dimensional chaotic logistic map lowing equation:
chosen in the algorithm is expressed as follows:
xiþ1 ¼ lxi ð1 xi Þ ð1Þ y1 ðk þ 1Þ 1 c y1 ðkÞ
¼ mod 232 ð5Þ
y2 ðk þ 1Þ d 1 þ cd y2 ðkÞ
where 0 \ xi \ 1 and l is the control parameter. Accord-
ing to simulation experiments, if 3.569946 \ l \ 4, the where y1 ð0Þ ¼ a and y2 ð0Þ ¼ b, and a; b; c and d can be
logistic map exhibits chaotic behavior. It is used to pad the obtained by iterating chaotic skew tent map, each with 32
message in the message preprocess of the algorithm. bits.
The one-dimensional chaotic skew tent map in the By iterating the cat map in (5), the parameters in (4) can
algorithm is represented as follows: be assigned as:
(
xi =a; if 0 xi a
xiþ1 ¼ ð2Þ aij ¼ y1 ðkÞ
ð1 xi Þ=ð1 aÞ; if a\xi 1 ð6Þ
bij ¼ y2 ðkÞ
where 0 \ xi \ 1 and 0 \ a \ 1. When the parameter a [
(0, 1), the one-dimensional chaotic skew tent map exhibits where i ¼ 1; 2; 3; 4; j ¼ 2; 3; 4; j [ i and k ¼ 1; 2; . . .; 6.
chaotic behavior. It is iterated 2l times to generate a 2l-bit
sequence rounded for the initial four buffers and four initial 2.3 The four-dimensional cellular neural network
values for generating the parameters of matrix A,
respectively. The four-dimensional cellular neural network (4-D CNN)
chosen in the algorithm is defined by ordinary differential
2.2 The four-dimensional chaotic cat map equation (7) as follows:
X
4
The extended four-dimensional chaotic cat map according x_ i ¼ ci xi þ wij vj i; j ¼ 1; 2; 3; 4
j¼1 ð7Þ
to Ref. [18] employed in the algorithm is expressed as
follows: vi ¼ fi ðxi Þ
123
Neural Comput & Applic (2012) 21:1563–1573 1565
0 1
where 1=3:75 1=3 1=5:6 0
8 B 1=3 1=3:75 0 0 C
< 1; if xi \ 1
> B
W ¼@ C ð8Þ
1 1=1:5 1=1:5 1=3 1=6 A
fi ðxi Þ ¼ ðjxi þ 1j jxi 1jÞ ¼ xi ; if 1\xi \1 1=3:5 1=1:5 1=2 1=p
2 >
:
1; if xi [ 1
and W = (wij) is a 4 9 4 weight matrix. A cursory observation of the matrix W shows that there is
A careful analysis of (7) reveals that supposing the an adjustable parameter p in the lower right corner of (8),
weight matrix W is symmetric, the trajectory of the 4-D whose different values show different trajectories. In order to
CNN does have complicated chaotic dynamics (even illustrate the chaotic dynamics of (7), the adjustable
nontrivial periodic solutions). However, it with asymmetric parameter p is chosen in the interval [0.01, 50] and
weight matrix W exhibits complicated chaotic dynamics. It Lyapunov exponents L1, L2, L3 and L4 are calculated with
follows that we need to consider and carefully choose the initial condition x0 = [0.1, 0.2, -0.2, 0.1]T by the QR-based
asymmetric weight matrix W, which is expressed in the algorithm proposed in Ref. [19] as shown in Fig. 1. For
following: parameter p = 20 and four Lyapunov exponents are 0.0092,
0, -0.5985 and -1.0587, and c1 = c2 = c3 = c4 = 1,
respectively, computer simulation shows that (7) has
one attractor as illustrated in Fig. 2 from every aspect of
the axes.
123
1566 Neural Comput & Applic (2012) 21:1563–1573
TUVW
F(*)
128 bits
H(M)
blocked messages parallel processing and Hash value (decimal value). Finally, all of the ASCII code values are
generation. assigned to mij (i = 1,2,…, n-1; j = 1,2,…, 15), consec-
utively and, respectively.
3.1.1 Process 1 (message expansion) The other two elements colj (j = 1,2,…,15) and rowi
(i = 1,2,…,n) in Mn916 are obtained in (11) and (12),
Message expansion is significant in the proposed Hash respectively:
algorithm, because it not only can improve the sensitivity n
of each bit in original message to the final Hash value, but colj ¼ ðmi;j lmi Þ þ lm j ðj ¼ 1; 2; . . .; 15Þ ð11Þ
i¼1
also can guarantee the most important characteristic par-
allel processing [20]. The expanded message is expressed where ‘‘’’ denotes bit-wise exclusive OR operation, ‘‘?’’
as a n 9 16 matrix M as shown in (9), each element with a represents addition modulo 232, lmi (i = 1,2,…, n) and lmj
size of 32 bits. (j = 1,2,…, 15) are assigned values by the (n ? 15) sequence
2 3 values multiplied by 232, which are obtained by iterating
m1;1 m1;2 m1;15 row2 chaotic logistic map (n ? 15) times with x0 = 0.433 and
6 m2;1 m2;2 m2;15 row3 7
6 7 l = 3.678, consecutively and, respectively. colj is a function
6
M ¼ 6 7 ð9Þ
7 operation on all the elements in the jth column of message
4 mn1;1 mn1;2 mn1;15 rown 5
matrix M0 with generated numbers lmi and lmj.
col15 col14 col1 row1 8
P15
>
>
An observation of message matrix Mn916 shows that it is >
< ðmi;j þ lm j Þ lmi if i ¼ 1; 2; . . .; n 1
0 j¼1
composed of matrix Mn1;15 , rowi (i = 1,2,…,n) and colj rowi ¼ 15
>
> P
(j = 1,2,…, 15). The generation of the above three parts >
: ðcolj þ lm j Þ lmi ; if i ¼ n
j¼1
will be described in the following.
0
For the matrix Mn1;15 in Mn916, it is defined as ð12Þ
2 3 where ‘‘R’’ is summation modulo 232. rowi is a function
m1;1 m1;2 m1;15
0 6 m2;1 m2;2 m2;15 7 operation on all the elements in the ith row of the message
M ¼6 4
7 ð10Þ matrix M0 with generated numbers lmi and lmj.
5
mn1;1 mn1;2 mn1;15 For further convenient reference, set M = (M1, M2, …,
Mn) = (mij) (i = 1,2,…, n; j = 1,2,…, 16) where Mi
where M0 = (mij) (i = 1,2,…, n-1; j = 1,2,…, 15) is a denotes the ith row elements of message matrix M.
(n-1) 9 15 matrix composed of the original message with
padding. The generation of element values in matrix M0 3.1.2 Process 2 (parameters initialization)
(Eq. 10) is obtained as follows. First of all, the original
message with arbitrary length is padded with bits The 8 parameters utilized in the algorithm are the four
(1010…10)2 and left 64 bits denoting the length of the initial buffers T, U, V and W, which are used as initial
original message, such that the length of padded message is inputs of the compression function F(*) in Process 4 and
a multiple of 480 = 32 9 15. Then, it is divided into 32- the four parameters a, b, c and d, which are used for
bit blocks with a number of a multiple of 15, each of which generating element values of matrix A in the chaotic cat
is then translated into its corresponding ASCII code value map, each of which is with a length of 32 bits. They are
123
Neural Comput & Applic (2012) 21:1563–1573 1567
123
1568 Neural Comput & Applic (2012) 21:1563–1573
4 Performance analysis
123
Neural Comput & Applic (2012) 21:1563–1573 1569
Fig. 6 Hash values under message and keys with the least difference
C1: The original message is the same the randomly 4.3 Statistical analysis of diffusion and confusion
chosen one;
C2: Change the first character ‘‘C’’ in the original Diffusion and confusion are the two essential elements in
message to ‘‘c’’; the encryption algorithms as well as Hash functions.
C3: Change the word ‘‘from’’ in the original message to Diffusion means spreading out of the influence of a
‘‘form’’; single plaintext bit over many cipher text bits so as to
C4: Change the full stop at the end of the original hide the statistical structure of the plaintext, and confu-
message to a comma; sion means the use of transformations that complicate
C5: Exchange the 1st message block M1: ‘‘Chongqing dependence of the statistics of cipher text on the statis-
University is a nationally famed comprehensive key un’’ tics of plaintext.
with the 2nd message block M2: ‘‘iversity in China, The following tasks are conducted for the characteristics
directly under the State Ministry of Educatio’’; of the diffusion and confusion: Hash value of the message
C6: Change the initial value of one-dimensional chaotic is generated, and then, a bit changed in the message is
logistic map x0 = 0.433 to 0.43300000000001; randomly selected and toggled, and a new Hash value is
C7: Change the parameter of one-dimensional chaotic obtained. Two Hash values are compared, and the number
skew tent map a = 0.324 to 0.3240000000000001. of changed bits is counted as Bi. This test is performed
123
1570 Neural Comput & Applic (2012) 21:1563–1573
maximum changed bit number Bmax = max fBi gN1 , mean
P
changed bit number B ¼ N1 Ni¼1 Bi , mean changed proba-
100%, standard deviation of the changed
bility P ¼ ðB=lÞ
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
PN ffi
1 2
bit number DB ¼ N1 i¼1 ðB i BÞ and standard devia-
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
PN ffi
1 2
tion DP ¼ N1 i¼1 ðBi =l PÞ 100%. Here, N is the
total number of tests, Bi denotes changed bit number in the
ith test and l is the bit length of Hash value. The same tests on
the algorithm with N = 256, 512, 1,024 and 2,048 have also
been performed, and the corresponding data are listed in
Table 1.
A careful analysis of the data in Table 1 reveals that the
mean changed bit number B = 63.97 and the mean chan-
ged probability p = 49.98% are very close to the ideal
value 64 and 50%, respectively. Obviously, DB and DP are
very little, which indicates the capability for diffusion and
confusion is very stable. The statistical effect guarantees
that attacker absolutely cannot forge or deduce linear and
differential attack.
123
Neural Comput & Applic (2012) 21:1563–1573 1571
Ti Ui Vi Wi
123
1572 Neural Comput & Applic (2012) 21:1563–1573
Table 2 The comparison of excellent algorithms in characteristics and performance with 1,024 random tests
Algorithms Characteristics Statistical performances of the schemes
B P ð%Þ DB DP ð%Þ
MD5 [4] Only shift and XOR operations in integer field 63.98 49.98 5.73 4.48
Xiao’s [9] 3|M|* iterations; simple structure 63.8398 49.87 5.7078 4.46
Guo’s [10] Chaotic dynamical S-Box 63.66 49.734 7.5857 5.9263
Wang’s [11] 2-D coupled map lattices 64.08 50.06 5.56 4.34
Akhavan’s [12] Piecewise nonlinear chaotic map 63.8037 49.8466 5.764 4.5031
Amin’s [13] Simple structure; high speed 63.43 49.55 5.72 4.41
Yang’s [16] Hyper-cellular neural network 63.53 49.66 0.21 1.54
Li’s [17] Two-layered chaotic neural network 63.5439 49.6437 5.7143 4.4643
This paper Parallel; 4-D cellular neural network 64.11 50.09 5.65 4.42
*
|M| is the bit length of padded message to be hashed
chaotic logistic map and x [ (0, 1) and a [ (0, 1) of one- algorithms. The B and Pð%Þ are both closer to the ideal
dimensional chaotic skew tent map, it can be derived that the value 64 bits and 50%, while smaller DB and DPð%Þ show
size of the secret key space is approximately larger than 2200. stable diffusion and confusion capability. In summary, our
Apparently, the key space is large enough to resist all kinds of algorithm has the parallel structure and absolutely high
brute-force attack. speed and better statistical performance.
123
Neural Comput & Applic (2012) 21:1563–1573 1573
Foundation of China (Grant Nos. 61070246, 61003247, 60873201), 10. Guo XF, Zhang JS (2006) Keyed one-way Hash function con-
the Program for New Century Excellent Talents in University of struction based on the chaotic dynamic S-Box. Acta Phys Sin
China (NCET-09-0838, NCET-08-0603), the Natural Science Foun- 55:4442–4449
dation Project of CQ CSTC (Grant Nos. 2010BB2047, 2009BB2211). 11. Wang Y, Liao XF, Xiao D et al (2008) One-way hash function
construction based on 2D coupled map lattices. Inf Sci
178:1391–1406
12. Akhavan A, Samsudin A, Akhshani A (2009) Hash function
References
based on piecewise nonlinear chaotic map. Chaos Solitons
Fractals 42:1046–1053
1. Sklavos N, Alexopoulos E, Koufopavlou O (2003) Networking 13. Amin M, Faragallah OS, El-latif AAA (2009) Chaos-based hash
data integrity: high speed architectures and hardware imple- function (CBHF) for cryptographic applications. Chaos Solitons
mentations. Int Arab J Inf Technol 1:54–59 Fractals 42:767–772
2. Tsudik G (1992) Message authentication with one-way hash 14. Lian SG, Sun JS, Wang ZQ (2006) Secure hash function based on
functions. ACM SIGCOMM Comput Commun Rev 22:29–38 neural network. Neurocomputing 69:2346–2350
3. Rompel J (1990) One-way functions are necessary and sufficient for 15. Liu GJ, Shan L, Dai YW et al (2006) One-way Hash function
secure signatures. In: Proceedings of the 22th annual ACM sympo- based on chaotic neural network. Acta Phys Sin 55:5688–5693
sium on Theory of computing. ACM, Baltimore, pp 387–394 16. Yang QT, Gao TG (2008) One-way hash function based on
4. Rivest R (1992) The MD5 Message-Digest Algorithm, RFC hyper-chaotic cellular neural network. Chin Phys B
1321, MIT LCS and RSA Data Security Inc 17:2388–2393
5. SHA-1 Standard, National Institute of Standards and Technology 17. Li YT, Deng SJ, Xiao D (2011) A novel Hash algorithm con-
(NIST), Secure Hash Standard, FIPS PUB 180-1 (1993) Avail- struction based on chaotic neural network. Neural Comput Appl
able: http://www.itl.nist.gov/fipspubs/fip180-1.htm 20:133–141
6. Wang XY, Yin YQ, Yu HB (2005) Finding collisions in the full 18. Chen GR, Mao YB, Chui CK (2004) A symmetric image
SHA-1, advances in cryptology-crypto 05. LNCS 3621:17–36 encryption scheme based on 3D chaotic cat maps. Chaos Solitons
7. Wong KW (2003) A combined chaotic cryptographic and hashing Fractals 21:749–761
scheme. Phy Lett A 307:292–298 19. Eckmann JP, Ruelle D (1985) Ergodic theory of chaos and
8. Kwok HS, Tang WKS (2005) A chaos-based cryptographic hash strange attractors. Rev Mod Phys 57:617–656
function for message authentication. Int J Bifurcation Chaos 20. Zhang CN, Lai CR (2004) A systematic approach for encryption
15:4043–4050 and authentication with fault tolerance. Comput Netw
9. Xiao D, Liao XF, Deng SJ (2005) One-way Hash function con- 45:143–154
struction based on the chaotic map with changeable parameter.
Chaos Solitons Fractals 24:65–71
123