Neural Comput & Applic (2012) 21:1563–1573
DOI 10.1007/s00521-011-0726-z
ORIGINAL ARTICLE
Parallel chaotic Hash function construction based on cellular
neural network
Yantao Li • Di Xiao • Huaqing Li • Shaojiang Deng
Received: 29 July 2010 / Accepted: 3 August 2011 / Published online: 20 August 2011
 Springer-Verlag London Limited 2011
Abstract A new parallel chaotic Hash function, based on
four-dimensional cellular neural network, is proposed in
this paper. The message is expanded by iterating chaotic
logistic map and then divided into blocks with a length of
512 bits each. All blocks are processed in a parallel mode,
which is one of the significant characteristics of the
proposed algorithm. Each 512-bit block is divided into four
128-bit sub-blocks, each of which is further separated into
four 32-bit values and then the four values are mixed
into four new values generated by chaotic cat map. The
obtained four new values are performed by the bit-wise
exclusive OR operation with four initial values or previ-
ously generated four values, and then, they are used as the
inputs of cellular neural network. By iterating cellular
neural network, another four values as the middle Hash
value are generated. The generated values of all blocks are
inputted into the compression function to produce the final
128-bit Hash value. Theoretical analysis and computer
simulation indicate that the proposed algorithm satisfies the
requirements of a secure Hash function.
Keywords Chaos  Parallel mode  Four-dimensional
cellular neural network  Four-dimensional cat map  Hash
function
1 Introduction
As a basic module of modern cryptography, Hash function
can map any message with arbitrary length into a fixed
Y. Li (&)  D. Xiao  H. Li  S. Deng
College of Computer Science, Chongqing University,
Chongqing 400044, China
e-mail: yantaoli@foxmail.com; liyantao@live.com
length message, which plays an important role in data
integrity protection [1], message authentication [2] and
digital signature [3]. The properties of Hash function
include one way, collision resistance, meet-in-middle-
attack resistance and confusion and diffusion, etc. The
conventional Hash function, such as MD5 [4] and SHA-1
[5], is realized through the complicated method based on
logical exclusive OR operation or multi-round iteration of
some available cipher. Since the security and efficiency of
conventional Hash function totally depend on the basic
cipher, more complicated computations are needed.
Although each step of the former is simple, the process
round will also be huge, even the message is very short.
Since Wang et al. [6] found an effective method to reduce
the complexity finding collisions of SHA-1, which was
issued as a Federal Information Processing Standard by
NIST [5], analysis and design of more secure Hash func-
tions have attracted great attention. Since chaos is a kind of
deterministic random-like process generated by nonlinear
dynamic systems, as a representative of chaos-based Hash
function, a combined encryption and hashing scheme based
on chaotic maps presented by Wong [7] is firstly demon-
strated that chaos is suitable for constructing new Hash
functions. Since then, a series of chaos-based Hash func-
tions have been published [8–13]. It is found that the
confusion and diffusion properties of neural network have
been used to design encryption algorithms and its one-way
property is also suitable for new Hash function construction
[14]. Since chaos has defects that the chaotic sequence
generated by chaos may degenerate cycle sequence, and
the neural network model may be too simple to defend
attacks, the combination of chaos and neural network is
promising to construct more complicated and secure Hash
functions [15–17]. However, the above algorithms have a
common weak point that their iterative hash structures are
123
1564 Neural Comput & Applic (2012) 21:1563–1573

2 3 2 3
all in a sequential mode, which greatly restricts the exec- x1 ðk þ 1Þ x1 ðkÞ
utive speed and efficiency. Moreover, the sensitivities of 6 x2 ðk þ 1Þ 7 6 x2 ðkÞ 7
6 7 6 7 mod 232
Hash value to the message units at different positions of 4 x3 ðk þ 1Þ 5 ¼ A4 x3 ðkÞ 5 ð3Þ
message are uneven. x4 ðk þ 1Þ x4 ðkÞ
In order to solve these problems, a new chaotic Hash
function processed in a parallel mode based on four- where A ¼ A12 A13 A14 A23 A24 A34 is a 4 9 4 matrix
dimensional cellular neural network is proposed in this constructed by multiplying C24 matrices, which is described
paper. The procedure of generating Hash value involves as follows:
four processes, including message expansion, parameters 2 3 2 3
1 a12 0 0 1 0 a13 0
initialization, blocked messages parallel processing and
6 7 6 7
128-bit Hash value generation. Theoretical analysis and 6 b12 1 þ a12 b12 0 0 7 6 0 1 0 07
6
A ¼6 7 6 7
computer simulation indicate that the proposed algorithm 76 7
4 0 0 1 0 5 4 b13 0 1 þ a13 b13 0 5
satisfies the performance requirements of Hash function in
a reliable, secure and efficient manner. 0 0 0 1 0 0 0 1
2 3 2 3
The rest part of this paper is organized as follows: Sect. 1 0 0 a14 1 0 0 0
2 introduces the preliminaries about one-dimensional cha- 6 7 6 7
6 0 1 0 0 7 60 1 a23 07
otic logistic map, one-dimensional chaotic skew tent map, 6
6
76
7 6
7
7
four-dimensional chaotic cat map and four-dimensional 4 0 0 1 0 5 4 0 b23 1 þ a23 b23 0 5
cellular neural network. In Sect. 3, the parallel chaotic b14 0 0 1 þ a14 b14 0 0 0 1
Hash algorithm based on cellular neural network is 2 3 2 3
1 0 0 0 1 0 0 0
described in detail. Performance is analyzed in Sect. 4. 6 7 6 7
Conclusions are drawn in the last section. 60 1 0 a24 7 60 1 0 0 7
6
6
76
7 6
7
7
40 0 1 0 5 40 0 1 a34 5
0 b24 0 1 þ a24 b24 0 0 b34 1 þ a34 b34
2 Preliminaries
ð4Þ
2.1 The one-dimensional chaotic map where the parameters aij and bij are integers in ½0; 232  1.
The value of aij and bij can be calculated by the fol-
The well-known one-dimensional chaotic logistic map lowing equation:
chosen in the algorithm is expressed as follows:
    
xiþ1 ¼ lxi ð1  xi Þ ð1Þ y1 ðk þ 1Þ 1 c y1 ðkÞ
¼ mod 232 ð5Þ
y2 ðk þ 1Þ d 1 þ cd y2 ðkÞ
where 0 \ xi \ 1 and l is the control parameter. Accord-
ing to simulation experiments, if 3.569946 \ l \ 4, the where y1 ð0Þ ¼ a and y2 ð0Þ ¼ b, and a; b; c and d can be
logistic map exhibits chaotic behavior. It is used to pad the obtained by iterating chaotic skew tent map, each with 32
message in the message preprocess of the algorithm. bits.
The one-dimensional chaotic skew tent map in the By iterating the cat map in (5), the parameters in (4) can
algorithm is represented as follows: be assigned as:
 (
xi =a; if 0  xi  a
xiþ1 ¼ ð2Þ aij ¼ y1 ðkÞ
ð1  xi Þ=ð1  aÞ; if a\xi  1 ð6Þ
bij ¼ y2 ðkÞ
where 0 \ xi \ 1 and 0 \ a \ 1. When the parameter a [
(0, 1), the one-dimensional chaotic skew tent map exhibits where i ¼ 1; 2; 3; 4; j ¼ 2; 3; 4; j [ i and k ¼ 1; 2; . . .; 6.
chaotic behavior. It is iterated 2l times to generate a 2l-bit
sequence rounded for the initial four buffers and four initial 2.3 The four-dimensional cellular neural network
values for generating the parameters of matrix A,
respectively. The four-dimensional cellular neural network (4-D CNN)
chosen in the algorithm is defined by ordinary differential
2.2 The four-dimensional chaotic cat map equation (7) as follows:
X
4
The extended four-dimensional chaotic cat map according x_ i ¼ ci xi þ wij vj i; j ¼ 1; 2; 3; 4
j¼1 ð7Þ
to Ref. [18] employed in the algorithm is expressed as
follows: vi ¼ fi ðxi Þ

123
Neural Comput & Applic (2012) 21:1563–1573
where
8 B 1=3 1=3:75
< 1; if xi \  1
> B
1 1=1:5 1=1:5
fi ðxi Þ ¼ ðjxi þ 1j  jxi  1jÞ ¼ xi ; if  1\xi \1
2 >
:
1; if xi [ 1
and W = (wij) is a 4 9 4 weight matrix.
A careful analysis of (7) reveals that supposing the
weight matrix W is symmetric, the trajectory of the 4-D
CNN does have complicated chaotic dynamics (even
nontrivial periodic solutions). However, it with asymmetric
weight matrix W exhibits complicated chaotic dynamics. It
follows that we need to consider and carefully choose the
asymmetric weight matrix W, which is expressed in the
following:
Fig. 1 Layapunov exponents as adjust p with step 0.001
Fig. 2 The chaotic attractor of
(7) observed with p = 20
1565
0 1
1=3:75 1=3 1=5:6 0
0 0 C
W ¼@ C ð8Þ
1=3 1=6 A
1=3:5 1=1:5 1=2 1=p
A cursory observation of the matrix W shows that there is
an adjustable parameter p in the lower right corner of (8),
whose different values show different trajectories. In order to
illustrate the chaotic dynamics of (7), the adjustable
parameter p is chosen in the interval [0.01, 50] and
Lyapunov exponents L1, L2, L3 and L4 are calculated with
initial condition x0 = [0.1, 0.2, -0.2, 0.1]T by the QR-based
algorithm proposed in Ref. [19] as shown in Fig. 1. For
parameter p = 20 and four Lyapunov exponents are 0.0092,
0, -0.5985 and -1.0587, and c1 = c2 = c3 = c4 = 1,
respectively, computer simulation shows that (7) has
one attractor as illustrated in Fig. 2 from every aspect of
the axes.
3 Parallel chaotic Hash algorithm
In this section, a novel Hash function construction algo-
rithm is developed utilizing the high sensitivity to the
initial conditions of a four-dimensional chaotic cat map and
chaos of the four-dimensional cellular neural network.
3.1 Design of chaotic Hash algorithm
The basic objective of a Hash function is to generate a
fixed length Hash value from a message with arbitrary
length. Assuming that l = 128 is the bit length of Hash
value, the whole procedures of Hash value generation are
depicted in Fig. 3 and composed of the following four
processes: message expansion, parameters initialization,
123
1566 Neural Comput & Applic (2012) 21:1563–1573

Fig. 3 The whole structure of

M1 M2 ... Mn
the parallel Hash algorithm

TUVW

T1,U1,V1,W1 T2,U2,V2,W2 Ti,Ui,Vi,Wi Tn,Un,Vn,Wn

F(*)

128 bits

H(M)

blocked messages parallel processing and Hash value (decimal value). Finally, all of the ASCII code values are
generation. assigned to mij (i = 1,2,…, n-1; j = 1,2,…, 15), consec-
utively and, respectively.
3.1.1 Process 1 (message expansion) The other two elements colj (j = 1,2,…,15) and rowi
(i = 1,2,…,n) in Mn916 are obtained in (11) and (12),
Message expansion is significant in the proposed Hash respectively:
algorithm, because it not only can improve the sensitivity n  
of each bit in original message to the final Hash value, but colj ¼  ðmi;j  lmi Þ þ lm j ðj ¼ 1; 2; . . .; 15Þ ð11Þ
i¼1
also can guarantee the most important characteristic par-
allel processing [20]. The expanded message is expressed where ‘‘’’ denotes bit-wise exclusive OR operation, ‘‘?’’
as a n 9 16 matrix M as shown in (9), each element with a represents addition modulo 232, lmi (i = 1,2,…, n) and lmj
size of 32 bits. (j = 1,2,…, 15) are assigned values by the (n ? 15) sequence
2 3 values multiplied by 232, which are obtained by iterating
m1;1 m1;2    m1;15 row2 chaotic logistic map (n ? 15) times with x0 = 0.433 and
6 m2;1 m2;2    m2;15 row3 7
6 7 l = 3.678, consecutively and, respectively. colj is a function
6
M ¼ 6      7 ð9Þ
7 operation on all the elements in the jth column of message
4 mn1;1 mn1;2    mn1;15 rown 5
matrix M0 with generated numbers lmi and lmj.
col15 col14    col1 row1 8
P15  
>
>
An observation of message matrix Mn916 shows that it is >
< ðmi;j þ lm j Þ  lmi if i ¼ 1; 2; . . .; n  1
0 j¼1
composed of matrix Mn1;15 , rowi (i = 1,2,…,n) and colj rowi ¼ 15 
>
> P 
(j = 1,2,…, 15). The generation of the above three parts >
: ðcolj þ lm j Þ  lmi ; if i ¼ n
j¼1
will be described in the following.
0
For the matrix Mn1;15 in Mn916, it is defined as ð12Þ
2 3 where ‘‘R’’ is summation modulo 232. rowi is a function
m1;1 m1;2    m1;15
0 6 m2;1 m2;2    m2;15 7 operation on all the elements in the ith row of the message
M ¼6 4 
7 ð10Þ matrix M0 with generated numbers lmi and lmj.
   5
mn1;1 mn1;2    mn1;15 For further convenient reference, set M = (M1, M2, …,
Mn) = (mij) (i = 1,2,…, n; j = 1,2,…, 16) where Mi
where M0 = (mij) (i = 1,2,…, n-1; j = 1,2,…, 15) is a denotes the ith row elements of message matrix M.
(n-1) 9 15 matrix composed of the original message with
padding. The generation of element values in matrix M0 3.1.2 Process 2 (parameters initialization)
(Eq. 10) is obtained as follows. First of all, the original
message with arbitrary length is padded with bits The 8 parameters utilized in the algorithm are the four
(1010…10)2 and left 64 bits denoting the length of the initial buffers T, U, V and W, which are used as initial
original message, such that the length of padded message is inputs of the compression function F(*) in Process 4 and
a multiple of 480 = 32 9 15. Then, it is divided into 32- the four parameters a, b, c and d, which are used for
bit blocks with a number of a multiple of 15, each of which generating element values of matrix A in the chaotic cat
is then translated into its corresponding ASCII code value map, each of which is with a length of 32 bits. They are

123
Neural Comput & Applic (2012) 21:1563–1573
assigned values by the following calculations: firstly, iter-
ate chaotic skew tent map 2l times with x0 = 0.323233 and
a = 0.324 to obtain an array X with 2l elements. Then,
round each element of the array X into its nearest integer,
respectively, such that each of them belongs to 0 or 1, to
generate the 0–1 array X = [x1, x2, …, x128, x129, …, x256].
Moreover, assign binary numbers to the 32-bit parameters
as: T ¼ ðx1 ; x2 ; . . .; x32 Þ2 , U ¼ ðx33 ; x34 ; . . .; x64 Þ2 , V ¼
ðx65 ; x66 ; . . .; x96 Þ2 and W ¼ ðx97 ; x98 ; . . .; x128 Þ2 ; a ¼
ðx129 ; x130 ; . . .; x160 Þ2 , b ¼ ðx161 ; x162 ; . . .; x192 Þ2 , c ¼ ðx193 ;
x194 ; . . .; x224 Þ2 and d ¼ ðx225 ; x226 ; . . .; x256 Þ2 . Finally, trans-
late all the binary values into their decimal values. Set U0 = T,
V0 = U, W0 = V and T0 = W, which are initial values used in
Process 3 for generating Tx1,Ux2,Vx3 and Wx4.
3.1.3 Process 3 (blocked messages parallel processing)
Since message blocks are processed in a parallel mode, Mi
(i = 1,2,…,n) is chosen as a representative to illustrate the
generation process of the ith middle Hash value. For the
512-bit message block Mi, first of all, its 16 32-bit ele-
ments mi;1 ; mi;2 ; . . .; mi;15 ; rowðiþ1Þmod n are consecutively
divided into four groups, each composed of
mri;o ; mri;oþ1 ; mri;oþ2 ; mri;oþ3 ði ¼ 1; 2; . . .; n; o ¼ 1; 5; 9; 13;
r ¼ 1; 2; 3; 4Þ, which are processed in the order of
increasing group number r. Then, the four 32-bit elements
mri;o ; mri;oþ1 ; mri;oþ2 ; mri;oþ3 in group r assigned to the four
inputs x1 ðkÞ; x2 ðkÞ; x3 ðkÞ; x4 ðkÞ of the chaotic cat map are
calculated in (3) to generate x1 ðk þ 1Þ; x2 ðk þ 1Þ;
x3 ðk þ 1Þ; x4 ðk þ 1Þ, respectively. Then, we compute
Tx1 = x1(k ? 1)  T0 , Ux2 = x2(k ? 1)  U0 , Vx3 =
x3(k ? 1)  V0 and Wx4 = x4(k ? 1)  W0 . Moreover,
iterate the 4-D CNN (i ? j?r) times with the four inputs
Tx1,Ux2,Vx3 and Wx4 to generate T, U, V and W. Finally, set
U0 = T, V0 = U, W0 = V and T0 = W as the inputs of next
group in the message block Mi. After all the 16 elements in Mi
are processed, set Ti = T0 , Ui = U0 , Vi = V0 and Wi = W0 as
the outputs (the middle Hash value) of current message block
Mi. Process 3 can be simply described in (13):
2 03 2 r 3 2 3
T mi;o T
6 U0 7 6 mri;oþ1 7 6U7
6 0 7  A6 r 7 4  D 6 7
4V 5 4 mi;oþ2 5 ) CNN ) 4 V 5
W0 mri;oþ3 W
ði ¼ 1; 2; . . .; n; o ¼ 1; 5; 9; 13; r ¼ 1; 2; 3; 4Þ
where ‘‘)’’ denotes inputs or outputs of 4-D CNN.
3.1.4 Process 4 (Hash value generation)
The final Hash value is constructed by the outputs Ti, Ui, Vi
and Wi of each Mi(i = 1,2,…, n). First, a compression
function F(*) is defined as follows in (14).
1567
FðT; U; V; W; YÞ ¼ ðT þ YÞ  U þ V  W ð14Þ
where the variable Y denotes one of the four outputs Ti, Ui,
Vi and Wi of each Mi(i = 1,2,…, n).
Second, according to variable Y, (14) can be decom-
posed into the following four equations (15–18),which are
used for updating T, U, V and W, respectively.
T ¼ FðT; U; V; W; Ti Þ ð15Þ
where T, U, V and W as the inputs of F(*) are the initial
values obtained from Process 2. If and only if Ti is the
output of message block M1, otherwise, T, U, V and W will
be updated by (15–18), respectively. Equation 15 is used to
update T chosen as the input of (16–18), as well as (15)
for Ti?1.
U ¼ FðU; T; V; W; Ui Þ ð16Þ
Equation (16) is used to update U employed as the input
of (17) and (18), as well as (15) for Ti?1 and (16) for Ui?1.
V ¼ FðV; U; T; W; Vi Þ ð17Þ
Equation (17) is used to update V proposed as the input
of (18), as well as (15) for Ti?1, (16) for Ui?1 and (17)
for Vi?1.
W ¼ FðW; U; V; T; Wi Þ ð18Þ
Equation (18) is used to update W adopted as the input
of (15–18) for Mi?1.
Finally, after all message blocks are processed and T, U,
V and W are updated, the final 128-bit Hash value can be
obtained by cascading the final T, U, V and W.
3.2 Characteristics of the proposed algorithm
The proposed algorithm has three significant characteris-
tics: the parallel processing mode, the improved sensitivity
in message expansion and the combination structure of
arithmetic and logic operations.
(1) Parallel processing mode
Since the presented Hash algorithm is mainly based on
four-dimensional cellular neural network with inputs of the
ð13Þ
four constants T, U, V and W generated by one-dimensional
chaotic skew tent map and the corresponding message
blocks, the 4-D CNN can process the separated message in
the parallel mode. As we can see from Fig. 3, regardless of
the four constants, all message blocks Mi (i = 1,2,…, n)
are processed at the same time as the inputs of 4-D CNN. It
greatly improves the efficiency and speed.
(2) Sensitivity improvement in message expansion
Since the message matrix M consists of message
0
Mn1;15 , rowi (i = 1,2,…, n) and colj (j = 1,2,…, 15) as
123
1568 Neural Comput & Applic (2012) 21:1563–1573

shown in (9), each element of rowi is closely related to the

0
ith row of Mn1;15 and each element of colj is closely
0
related to the jth column of Mn1;15 as well, according to
(11) and (12). Although the four initial parameters T, U,
V and W are constants as the input of 4-D CNN, the
message in rowi and colj correlated with each message
block greatly improves the sensitivity of the whole mes-
sage M.
(3) Combination structure of arithmetic and logic
operations
The combination structure of arithmetic and logic
operations yields strong bit confusion and diffusion rates
between the message blocks Mi (i = 1,2,…, n) and the four
constants T, U, V and W processed in 4-D CNN, as well
as the outputs Ti, Ui, Vi and Wi of each Mi processed in
(15–18).

4 Performance analysis

We implement the proposed algorithm for performance

analysis through utilizing one-dimensional chaotic logistic
map with x0 = 0.433 and l = 3.678 for padding the message
and one-dimensional chaotic skew tent map with
x0 = 0.323233 and a = 0.324 for generating the parameters
of matrix A. The paragraph of the message applied in the
following simulation experiments is randomly chosen as:
Chongqing University is a nationally famed com-
prehensive key university in China, directly under the
State Ministry of Education, also a university listed Fig. 4 Spread of message and its Hash value: a distribution of the
among the first group of ‘‘211 Project’’ universities message in ASCII; b distribution of the corresponding Hash value in
gaining preferential support in their construction and hexadecimal format
development from the Central Government of China.
Currently, Chongqing University runs a graduate
school and offers a wide range of undergraduate For comparison, the same experiment has been done with
programs covering diverse branches of learning such an extreme condition, a ‘‘blank space’’ character message
as sciences, engineering, liberal arts, economics, with 1 byte. The contrast between message and its Hash
management, law and education. value is demonstrated in Fig. 5. Even under this very
extreme condition, the contrast is still distinct, and the
4.1 Distribution of Hash value distribution of corresponding Hash value is irregular. The
simulation results indicate that no information (including
The uniform distribution of Hash value is one of the most the statistic information) of the message can be left after
important properties of Hash function, which is directly the diffusion and confusion.
related to the security of Hash function. Simulation
experiment has been done on the proposed message. 4.2 Sensitivity of Hash value to the message
Two two-dimensional graphs are used to demonstrate and secret keys
the differences between the message and the corresponding
final Hash value. In Fig. 4a, the ASCII codes of the mes- In order to evaluate the sensitivity of Hash value to the
sage are localized within a small area, while in Fig. 4b, the message and secret keys, simulation experiments have been
hexadecimal Hash value spreads around very irregularly. conducted under the following different seven conditions:

123
Neural Comput & Applic (2012) 21:1563–1573
Fig. 5 Spread of a ‘‘blank space’’ character message and its Hash
value: a distribution of a ‘‘blank space’’ character message; b distri-
bution of the corresponding Hash value in hexadecimal format
C1: The original message is the same the randomly
chosen one;
C2: Change the first character ‘‘C’’ in the original
message to ‘‘c’’;
C3: Change the word ‘‘from’’ in the original message to
‘‘form’’;
C4: Change the full stop at the end of the original
message to a comma;
C5: Exchange the 1st message block M1: ‘‘Chongqing
University is a nationally famed comprehensive key un’’
with the 2nd message block M2: ‘‘iversity in China,
directly under the State Ministry of Educatio’’;
C6: Change the initial value of one-dimensional chaotic
logistic map x0 = 0.433 to 0.43300000000001;
C7: Change the parameter of one-dimensional chaotic
skew tent map a = 0.324 to 0.3240000000000001.
1569
Fig. 6 Hash values under message and keys with the least difference
The corresponding Hash values in hexadecimal formats
are gotten from simulation experiments, followed by the
corresponding number of different bits compared with the
Hash value obtained under Condition 1 as following:
C1: C1B46EE8F28C68C8F3ABDCC7170432EA
C2: 544D998B9DC54E78FEB05740C0A4D10E (68)
C3: D1794E46E67B96B981C3720B493E550B (66)
C4: C6BF027FF28C68C8884D69644381FC2C (50)
C5: BE465688CA684AA3661A8B4DEDCB6899 (68)
C6: C3FC2066F28C7477F3AAD4B9178BBB30 (42)
C7: B318B87FFF7EC7584190ED54F3F6E79E (68)
The graphical display of binary sequences is shown in
Fig. 6:
The simulation result indicates that the one-way and
sensitivity property of the proposed algorithm is so perfect
that any least difference of the message or keys will cause
huge changes in the final Hash value.
4.3 Statistical analysis of diffusion and confusion
Diffusion and confusion are the two essential elements in
the encryption algorithms as well as Hash functions.
Diffusion means spreading out of the influence of a
single plaintext bit over many cipher text bits so as to
hide the statistical structure of the plaintext, and confu-
sion means the use of transformations that complicate
dependence of the statistics of cipher text on the statis-
tics of plaintext.
The following tasks are conducted for the characteristics
of the diffusion and confusion: Hash value of the message
is generated, and then, a bit changed in the message is
randomly selected and toggled, and a new Hash value is
obtained. Two Hash values are compared, and the number
of changed bits is counted as Bi. This test is performed
123
1570 Neural Comput & Applic (2012) 21:1563–1573

 
maximum changed bit number Bmax = max fBi gN1 , mean
P
changed bit number B ¼ N1 Ni¼1 Bi , mean changed proba-
  100%, standard deviation of the changed
bility P ¼ ðB=lÞ
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
PN ffi
1 2
bit number DB ¼ N1 i¼1 ðB i  BÞ and standard devia-
qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
PN ffi
1 2
tion DP ¼ N1 i¼1 ðBi =l  PÞ  100%. Here, N is the
total number of tests, Bi denotes changed bit number in the
ith test and l is the bit length of Hash value. The same tests on
the algorithm with N = 256, 512, 1,024 and 2,048 have also
been performed, and the corresponding data are listed in
Table 1.
A careful analysis of the data in Table 1 reveals that the
mean changed bit number B = 63.97 and the mean chan-
ged probability p = 49.98% are very close to the ideal
value 64 and 50%, respectively. Obviously, DB and DP are
very little, which indicates the capability for diffusion and
confusion is very stable. The statistical effect guarantees
that attacker absolutely cannot forge or deduce linear and
differential attack.

4.4 Analysis of collision resistance and birthday

resistance

Collision resistance and birthday resistance are related to

each other, both of which are originated from the proba-
bility problem that two random input data are found to hash
to the same value. In the proposed algorithm, the state of
4-D CNN is related to each message bit. And control
parameter and four-dimensional chaotic cat map are fully
affected by the message bits so that even a bit change in the
message would lead to a greatly different Hash value.
Fig. 7 Distribution of changed bit number: a plot of Bi, b histogram The following test of quantitative analysis on collision
of Bi
resistance is conducted. The Hash value of the message is
generated and stored in ASCII format, and then, a bit in the
Table 1 Statistics of number of changed bit
N 256 512 1,024 2,048 Mean

B 63.70 63.99 64.11 64.07 63.97

P ð%Þ 49.77 49.99 50.09 50.06 49.98
DB 5.93 6.01 5.65 5.74 5.83
DP ð%Þ 4.63 4.69 4.42 4.48 4.55
Bmin 48 47 49 45 47.25
Bmax 81 85 83 84 83.25

2,048 times, and the corresponding distribution of changed

bit number is illustrated as Fig. 7.
It can be seen from Fig. 7 that the maximum changed bit
number is 84 and the minimum is 45. It shows a good
diffusion effect of the proposed Hash algorithm.
There are six statistics defined for quantitative measure-
  Fig. 8 Distribution of the number of ASCII characters with the same
ment: minimum changed bit number Bmin = min fBi gN1 , value at the same location in the Hash value

123
Neural Comput & Applic (2012) 21:1563–1573
Fig. 9 The process of message
block Mi Mi
4l bits
T
U l bits
V
W l bits
Ti Ui Vi Wi
message is randomly selected and toggled. Thus, a new
Hash value is then generated and stored in the same format.
Two Hash values are compared, and the number of ASCII
character with the same value at the same location in Hash
value, namely, the number of hits, is counted. This kind of
test is also performed 2,048 times. A plot of the distribution
of the number of hits is demonstrated in Fig. 8, and a
careful examination of Fig. 8 shows that there are 6 tests
hit twice and 122 tests hit once, while in 1,920 tests, no hit
occurs.
4.5 Analysis of meet-in-the-middle resistance
Meet-in-the-middle attack means to find a contradiction
through looking for a suitable substitution of the last
plaintext block. For instance, M = (M1, M2, …, Mn-1, Mn),
0 the attack.
the expected contradicted one is M ¼ ðM1 ; M2 ; . . .;
0
Mn1 ; Mn Þ. That is, the attack process is just to replace Mn
0
with Mn and keep the final Hash value H(M) unchanged.
Qualitative and quantitative analyses on meet-in-the-mid-
dle resistance are described as follows, respectively.
As a qualitative analysis, a careful observation of Fig. 9
illustrating the structure of a randomly selected message
block Mi (i = 1,2,…,n)processed in the parallel algorithm
reveals that: first of all, four buffers T, U, V and W have
close relation with the secret keys of chaotic skew tent map
in the algorithm. Second, the matrix A for combining the
four 32-bit input messages of the message block Mi in
chaotic cat map is generated by iterating chaotic skew tent
map with secret keys. Finally, the iteration of 4-D CNN
depends on the order ‘‘i, j,r’’ of the message block Mi, since
the attacker does not know the secret keys and the order of
message block. Thus, qualitative analysis shows that the
algorithm is secure and against the attack.
The corresponding simulation experiment is imple-
mented as a quantitative analysis: replace the last message
block Mn: ‘‘eering, liberal arts, economics, management,
0
law and education.’’ by the random message block Mn :
‘‘PHF construction based on 4-dimensional cellular neural
network’’. The associated Hash values of the original
message and replaced message in hexadecimal formats
1571
Fig. 10 Hash values under meet-in-the-middle resistance
from the experiments are described in the following, fol-
lowed by the number of different bits between original and
replaced message and corresponding binary sequences
depicted in Fig. 10.
Hash value of original message: C1B46EE8F28C68C8
F3ABDCC7170432EA
Hash value of replaced message: E95292EBF2857C5
CDD79089F395119D7 (54)
It follows from Fig. 10 that the Hash value of replaced
message is obviously different from that of original mes-
sage. In particular, there is 54-bit difference between the
Hash values of original and replaced message. Thus, from
the aspect of quantitative analysis, the algorithm is against
Therefore, the proposed algorithm is immune from
meet-in-the-middle attack.
4.6 Analysis of secret keys
In the proposed algorithm, the chaotic sensitivity to tiny
changes in initial conditions and parameters is fully uti-
lized. There exists complicated and sensitive dependence
among messages, Hash value and secret keys. Therefore, it
is immune from key recovery attack.
To investigate the key space size, the following evalu-
ation experiments are conducted. For initial value x0 of
one-dimensional chaotic logistic map, if it is changed from
0.433 to 0.43300000000001, the corresponding changed bit
number of the Hash value will be around 64. However, if
the tiny change of x0 is set to be 10-15 or less than 10-15,
the hexadecimal format of Hash value is permanently
shown as ‘‘E95292EBF2857C5CDD79089F395119D7’’,
which means no corresponding hash bit changes. There-
fore, the sensitivity to x0 is considered to be 10-15. Similarly,
the sensitivities to control parameter l of one-dimensional
chaotic logistic map can be considered as 10-13, and both
initial value x0 and the parameter a of one-dimensional chaotic
skew tent map can be considered as 10-16 as well. Consid-
ering x [ (0, 1) and l [ (3.569946, 4) of one-dimensional
123
1572 Neural Comput & Applic (2012) 21:1563–1573

Table 2 The comparison of excellent algorithms in characteristics and performance with 1,024 random tests
Algorithms Characteristics Statistical performances of the schemes

B P ð%Þ DB DP ð%Þ

MD5 [4] Only shift and XOR operations in integer field 63.98 49.98 5.73 4.48
Xiao’s [9] 3|M|* iterations; simple structure 63.8398 49.87 5.7078 4.46
Guo’s [10] Chaotic dynamical S-Box 63.66 49.734 7.5857 5.9263
Wang’s [11] 2-D coupled map lattices 64.08 50.06 5.56 4.34
Akhavan’s [12] Piecewise nonlinear chaotic map 63.8037 49.8466 5.764 4.5031
Amin’s [13] Simple structure; high speed 63.43 49.55 5.72 4.41
Yang’s [16] Hyper-cellular neural network 63.53 49.66 0.21 1.54
Li’s [17] Two-layered chaotic neural network 63.5439 49.6437 5.7143 4.4643
This paper Parallel; 4-D cellular neural network 64.11 50.09 5.65 4.42
*
|M| is the bit length of padded message to be hashed

chaotic logistic map and x [ (0, 1) and a [ (0, 1) of one-
dimensional chaotic skew tent map, it can be derived that the
size of the secret key space is approximately larger than 2200.
Apparently, the key space is large enough to resist all kinds of
brute-force attack.
algorithms. The B and Pð%Þ are both closer to the ideal
value 64 bits and 50%, while smaller DB and DPð%Þ show
stable diffusion and confusion capability. In summary, our
algorithm has the parallel structure and absolutely high
speed and better statistical performance.

4.7 Analysis of speed

First of all, as one of the significant characteristics of the
proposed algorithm, parallel property greatly improves the
speed. Since the blocked messages as the inputs of four-
dimensional cellular neural network are processed at the
same time, the time all the padded message consuming is
the same as that of 512-bit message block. So the executive
speed of the proposed algorithm is not proportional to the
length of the padded message, but the 512-bit message
block.
Moreover, since F(*) compression function includes
only logical and arithmetic operations, which reduces the
algorithm complexity and guarantees the high efficiency,
the final 128-bit Hash value is generated by F(*).
4.8 Comparison with other schemes
There have been many chaos-based Hash algorithms pub-
lished recently. Some excellent algorithms in Refs. [4, 9–
13, 16, 17] are chosen as representatives to be compared
with the proposed algorithm in characteristics and perfor-
mances with 1,024 random tests listed in Table 2. (Note:
the random test time 1,024 is based on data commonly
provided by Refs. [4, 9–13, 16, 17].)
A careful analysis of Table 2 reveals that, for charac-
teristics of excellent algorithms, although all of them have
their own characteristics, the presented algorithm has
superiorities in the parallel structure and absolutely high
speed, while in statistical performances, our algorithm is as
good as MD5 [4] and Wang’s [11] and better than the rest
5 Conclusions
In this paper, a method of one-way chaotic Hash function
processed in a parallel mode based on four-dimensional
cellular neural network is proposed. The procedure of
generating Hash value involves four processes: message
expansion, parameters initialization, blocked messages
parallel processing and 128-bit Hash value generation. The
message is expanded by iterating chaotic logistic map and
then divided into blocks with a length of 512 bits each. All
the blocks are processed in a parallel mode, which is one of
the significant characteristics of the algorithm. Each block
is then separated into four 128-bit sub-blocks, each of
which is further divided into four 32-bit values and then the
four values are mixed into four new values by chaotic cat
map. The obtained four new values are performed by the
bit-wise exclusive OR operation with four initial values or
previously generated four values, and then, they are used as
the inputs of cellular neural network. By iterating cellular
neural network, another four values as the middle Hash
value are generated. The generated values of all blocks are
inputted into the compression function to produce the final
128-bit Hash value. Theoretical analysis and computer
simulation indicate that the proposed algorithm can satisfy
performance requirements of Hash function with a reliable,
secure and efficient manner.
Acknowledgments Our sincere thanks go to the anonymous
reviewers for their valuable comments. The work described here was
supported by the Fundamental Research Funds for the Central Uni-
versities (Grant No. CDJXS10182215), the National Natural Science

123
Neural Comput & Applic (2012) 21:1563–1573
Foundation of China (Grant Nos. 61070246, 61003247, 60873201),
the Program for New Century Excellent Talents in University of
China (NCET-09-0838, NCET-08-0603), the Natural Science Foun-
dation Project of CQ CSTC (Grant Nos. 2010BB2047, 2009BB2211).
References
1. Sklavos N, Alexopoulos E, Koufopavlou O (2003) Networking
data integrity: high speed architectures and hardware imple-
mentations. Int Arab J Inf Technol 1:54–59
2. Tsudik G (1992) Message authentication with one-way hash
functions. ACM SIGCOMM Comput Commun Rev 22:29–38
3. Rompel J (1990) One-way functions are necessary and sufficient for
secure signatures. In: Proceedings of the 22th annual ACM sympo-
sium on Theory of computing. ACM, Baltimore, pp 387–394
4. Rivest R (1992) The MD5 Message-Digest Algorithm, RFC
1321, MIT LCS and RSA Data Security Inc
5. SHA-1 Standard, National Institute of Standards and Technology
(NIST), Secure Hash Standard, FIPS PUB 180-1 (1993) Avail-
able: http://www.itl.nist.gov/fipspubs/fip180-1.htm
6. Wang XY, Yin YQ, Yu HB (2005) Finding collisions in the full
SHA-1, advances in cryptology-crypto 05. LNCS 3621:17–36
7. Wong KW (2003) A combined chaotic cryptographic and hashing
scheme. Phy Lett A 307:292–298
8. Kwok HS, Tang WKS (2005) A chaos-based cryptographic hash
function for message authentication. Int J Bifurcation Chaos
15:4043–4050
9. Xiao D, Liao XF, Deng SJ (2005) One-way Hash function con-
struction based on the chaotic map with changeable parameter.
Chaos Solitons Fractals 24:65–71
1573
10. Guo XF, Zhang JS (2006) Keyed one-way Hash function con-
struction based on the chaotic dynamic S-Box. Acta Phys Sin
55:4442–4449
11. Wang Y, Liao XF, Xiao D et al (2008) One-way hash function
construction based on 2D coupled map lattices. Inf Sci
178:1391–1406
12. Akhavan A, Samsudin A, Akhshani A (2009) Hash function
based on piecewise nonlinear chaotic map. Chaos Solitons
Fractals 42:1046–1053
13. Amin M, Faragallah OS, El-latif AAA (2009) Chaos-based hash
function (CBHF) for cryptographic applications. Chaos Solitons
Fractals 42:767–772
14. Lian SG, Sun JS, Wang ZQ (2006) Secure hash function based on
neural network. Neurocomputing 69:2346–2350
15. Liu GJ, Shan L, Dai YW et al (2006) One-way Hash function
based on chaotic neural network. Acta Phys Sin 55:5688–5693
16. Yang QT, Gao TG (2008) One-way hash function based on
hyper-chaotic cellular neural network. Chin Phys B
17:2388–2393
17. Li YT, Deng SJ, Xiao D (2011) A novel Hash algorithm con-
struction based on chaotic neural network. Neural Comput Appl
20:133–141
18. Chen GR, Mao YB, Chui CK (2004) A symmetric image
encryption scheme based on 3D chaotic cat maps. Chaos Solitons
Fractals 21:749–761
19. Eckmann JP, Ruelle D (1985) Ergodic theory of chaos and
strange attractors. Rev Mod Phys 57:617–656
20. Zhang CN, Lai CR (2004) A systematic approach for encryption
and authentication with fault tolerance. Comput Netw
45:143–154
123