Abstract—In this paper a dynamic Hash algorithm construction based on chaotic maps with controllable parameters is proposed and analyzed. Based on simplest 2-D chaotic maps, a new hash function has been proposed and analyzed in this paper. A chaos system also creates a random behavior subsequently, but at the same time a chaos system is wholly deterministic. Moreover in this paper, an algorithm for one way hash function construction based on chaos theory is introduced. . The proposed hash function operates on messages with arbitrary length to produce 128 bits hash value and can be easily implemented in both hardware and software. The two core characteristics of the recommended algorithm are chaotic behaviors and parallel processing mode. The proposed algorithm contains controllable parameters dynamically obtained from the position index of the corresponding message blocks. Theoretical analysis and computer simulation indicate that the algorithm can assure all performance conditions of hash function in an efficient and flexible style and secure against several attacks, which is good choice for data integrity or authentication.

Index Terms—Hash function; Circle Chord Method, Two-dimensional chaos map lattices; Spatiotemporal chaos; Chaotic nonlinear map; variable parameter

I. INTRODUCTION S one of the cores of cryptography, Hashing is a basic technique for information security. After the

conventional Hash function such as MD5, SHA was successfully attacked, the research on the design of secure and efficient Hash function stays a research hotspot.

With the rapid development of the Internet, security has become essential for modern communication [1,2]. Hash functions play an essential role in many areas of cryptographic applications, such as digital signatures, random number generation, data source authentication, key update and derivation, message authentication codes, integrity protection, and malicious code recognition. Many security protocols, such as SSL, TLS, and S/MIME, use hash functions as their basic component. The digital signature is an important component of e-commerce security, and the hash function, as the core technology of the digital signature, has become the major concern among researchers. The hash

function takes a message as input then produces an output, referred to as a hash value, or simply hash. More accurately, it maps bit strings of arbitrary finite length to strings of fixed length. Generally, hash functions can be classified into two categories [3,4]: unkeyed hash functions with a single input parameter (a message) for data integrity, and keyed hash functions, usually known as message authentication codes (MAC), with two distinct inputs. Conventional hash functions, such as MD5 and SHA, involve logical operations or multiround iterations of some available ciphers. Although each step of the former is simple, the number of processing rounds could be massive even if the message is very short. Following the successful attacks on conventional hash functions, such as MD5 and SHA, the design of secure and efficient hash functions remains a research hotspot. Recently, spatiotemporal chaos has been attracting more and more interest among researchers in the fields of mathematics, physics, and engineering. Compared with simple chaotic maps, spatiotemporal chaos has two additional advantages for cryptographic purposes. Due to the finite computing precision, chaotic orbits will eventually become periodic. Chaos is a kind of complex dynamic behavior. In particular, the period of chaotic orbits generated by a system with a large number of chaotic coupled oscillators is too long to be reached in practical communications. The period of spatiotemporal chaos is longer than that of simple chaotic maps [7]. Therefore, periodicity can be practically avoided in spatiotemporal chaotic systems [8].

Because of being some shortcomings in conventional Hash function constructions, the newly proposed chaos-based Hash functions reveal an attractive design direction [3–15]. In 2008, [9] proposed a one-way Hash function construction based on two dimensional coupled map lattices, which utilized a two dimensional coupled map lattices with features leading to the largest Lyapunov exponent. In the same year, Yang et al. [16] proposed a one-way Hash function construction based on chaotic map network. A novel combined cryptographic and Hash algorithm based on chaotic control character was utilized in 2011. However, all of the Hash algorithms declared above cannot be processed in a parallel mode, which can wholly progress the efficiency and speed of the Hash function.

Mahdi Nouri1, Ali Khezeli2 Alireza Ramezani3, Azita Ebrahimi4 Department of Electrical Engineering Department of Electrical Engineering

Ghiasodin Institute of Higher Education Ghiasodin3 & A.B.A4 Institute of Higher Education Abeyk, Iran Abeyk, Iran

mnouri@mtu.edu1, a.khezeli@gmail.com2 a.ramezani@gmail.com3, azita.ict@gmail.com4

A Dynamic Chaotic Hash Function Based upon

Circle Chord Methods

A

This paper is supported by Iranian Research Institute for ICT (ITRC).

1044

6'th International Symposium on Telecommunications (IST'2012)

978-1-4673-2073-3/12/$31.00 ©2012 IEEE

Moreover, a spatiotemporal chaotic system is a high-dimensional chaotic system that guarantees complex dynamical behavior. Predicting the time series generated by spatiotemporal chaos is more complicated. Chaotic systems have the following characteristics [3]:

1) They are ergodic. Chaotic motion is ergodic, which means that the state space trajectory of a chaotic system will always return to the local region of a previous point in the trajectory, making the initial conditions very difficult to forecast;

2) They are mixed. The extreme irregularity of chaotic orbit and the expansion and compression of the local part of the system make the outputs of chaotic systems akin to random noise;

3) They are sensitive. Chaotic systems are extremely sensitive to initial conditions, since any perturbation, no matter how minute, forever alters the future of the chaotic system. In other words, chaotic systems with both mixed and diffused characteristics, which meet the prerequisites of cryptography, are a natural cryptosystem.

The construction of a hash function based on chaos has become a new research direction. Today some algorithms for a one-way hash function based on a chaotic map have already been brought forward [11,12]. Most algorithms for a chaos-based hash function as proposed by existing articles are based on dissipative chaotic systems. However, dissipative chaotic systems can lead to many hidden threats in the practical application for secure communication because of their potential warning. While the standard map, as a kind of conservative system in the emergence of chaotic behavior, has the good characteristics of chaotic systems, it does not have the so-called chaotic attractor. When dissipative chaotic systems are used in the application of encryption, if the attacker gets continuous plaintext-ciphertext pairs, and the length of the ciphertext meets certain conditions, the attacker cannot predict by reconstructing through the ciphertext without the attractor structure for the conservative chaotic systems [13,14]. Thus, conservative chaotic systems with high security are an ideal model in cryptography application. This paper aims to design an unkeyed hash function based on spatiotemporal chaos, which has high efficiency. In this algorithm, the entire message blocks perform some rounds of iteration through a standard map. One output of the iterations of each round determines one of the initial values of the next round, and the other output determines the steps of the next round. The other initial value of the next round is given by the corresponding message block. This design method enhances the diffusion of the hash function and overcomes the inherent defects of dissipative chaotic systems. Thus, the hash algorithm has higher security. Theoretical analysis and computer simulation show that this algorithm has good anti-conflict and avalanche effect. This algorithm is easy to express and can satisfy all the performance requirements of a hash function in an efficient and flexible manner.

II. ANALYSIS OF THE CHAOTIC NONLINEAR MAP The two-dimensional chaotic nonlinear map in the

algorithm is represented as (1): , 1 1 1 1 1

Where , 0,1 and k is the controlled variable

and belongs to (0,10). The map is nonlinear and the parameter k ensures that the map runs in a chaotic status when 0<k<10. It transforms an interval (0,10) onto itself and includes only one parameter k.

The chaotic nonlinear map also has the same belongings to proposed map that are fit for composing Hash function. The form of the map is complicated and the equation involved is nonlinear. Figure 1 shows the simulation of the chaotic nonlinear map iterating 64 times with the initial values , 0.5 and parameter k = 2. The map has some properties, which are appropriate for constructing the Hash function, such as initial value sensitivity and parameter sensitivity, with variable parameter k valued in the interval (0,1). Figure 1 displays the chaotic iteration property with variable parameter a valued in the interval (0,10), which initial values are , 0.5. The map has some properties, which are appropriate for constructing the Hash function, such as initial value sensitivity and parameter sensitivity, with variable parameter k valued in the interval (0,1). Figure 2 displays the chaotic iteration property with variable parameter a valued in the interval (0, 10), which initial values are , 0.5. Only after several iterations, the sensitivity of chaotic systems can be shown. Take a test data as an example to test the sensitivity, the difference between the two initial values of each group, which is denoted by e,

Fig. 1 Iteration property with changeable parameter a when , 0.5

1045

meets the condition |e|<=10-12. Choose 8, 16, 32 and 64 respectively as the number of Iterations. The difference of the final value can be shown in Table 1. In this experiment, iteration operation on 2000 homogeneously distributed interval data in [0, 1) is performed several times, also choose 8, 16, 32 and 64 respectively as the number of iterations, list the statistics of the final value in each region. As can be seen from Table I, II

Fig. 2 Iteration property with changeable parameter k when , 0.5

TABLE I

THE DATA OF SENSITIVITY TEST FOR N=8, 16 N 8 16

0.10000000000 0.953585271946239 0.151651625422085

0.10000000001 0.953585275641486 0.151717969326340 0.30000000000 0.690422342779915 0.521789230012578

0.30000000001 0.690422359899307 0.521834907935783 0.50000000000 0.312717379924095 0.302664392758495

0.50000000001 0.312717425838585 0.302797948128847

0.70000000000 0.547613280987791 0.733487200933088

0.70000000001 0.547613307788567 0.733537006543614

0.90000000000 0.703912822319106 0.293836589632238

0.90000000001 0.703912839754912 0.293891061238458

TABLE II

THE DATA OF SENSITIVITY TEST FOR N=32, 64 N 32 64

0.10000000000 0.807604920204249 0.069616762312453

0.10000000001 0.439807354993843 0.676225569091725 0.30000000000 0.514317274820386 0.245180491047975

0.30000000001 0.858467722762351 0.171344293042810 0.50000000000 0.793420964172318 0.265449981564812

0.50000000001 0.011091730191061 0.703895294281160

0.70000000000 0.528830105657481 0.808479816199454

0.70000000001 0.874130283588605 0.769349336615293

0.90000000000 0.494016261781210 0.996962527902671

0.90000000001 0.031917255574683 0.418831604596437

the sensitivity to initial values demonstrates obviously after 32 iterations. Therefore, in this algorithm, taking into account both the speed and security, we make the number of iterations range from 61 to 90.

III. HASH FUNCTION BASED ON STANDARD MAP The whole structure of the algorithm can be shown in

Figure 3.

Fig. 3 Whole algorithm structure

A. Message expansion Message expansion is significant and necessary; because it

greatly improves the sensitivity of each bit in original message to the final Hash value [16]. The plaintext is an arbitrary message that is conveyed in a matrix M, for simple enlightenment of the extended message. Assume that M is a N ×16 plain message matrix, each element with a size of 32 bits.

1) Padding the message: The purpose of padding is to

ensure the padded message being a multiple of 128 bits. Suppose the total length of message is W bytes, compute d = (W mod 64), 0 ≤ d ≤ 12. Pad as follows: if 12 ≤ d <16 then pad 12 − d bytes, otherwise pad 28 − d bytes, the bytes been padded come from the head of message. The last four bytes are padded with message length. This method ensure at least one byte head of message been padded.

2) Parsing the padded message: The padded message is

parsed into N 128-bit blocks, , , … , . (1≤ j ≤ N) is parsed into four 32-bit words

, , , , , , ,

3) Setting the initial values: The initial values IV is the following eight 32-bit words in hex same as SHA-256 [3]:

1046

2 6 09 66767 85 3 6 37254 53 2

B. Algorithm for generating the hash Input of the algorithm can have an input of arbitrary length output of the algorithm has a fixed length of 128 bits. Give a message M with length L. Take each letter of M as a plaintext block. Transform each plaintext block to the corresponding ASCII numbers; the ASCII numbers create the , which are the inputs of chaotic nonlinear map.

TABLE III

ALGORITHM FOR GENERATING THE HASH Step Operation

1

, , go to Step 2

2

/ , , , , , , ,

3

if go to Step 2

4

, , if go to Step 2

5

, ,

if ,

.

elseif ,

end

6

if 33 go to Step 5

7

ka1=101

8

, , , , , , , ,

Compression function inputs consider 16 lattice spaces. Let the initial iterative value of these inputs are:

, ,10 ,10 ,10 ,10, ,10 ,10 ,10 ,10 , ,10 ,10 ,10 ,10 , ,10 ,10 ,10 ,10 4

From { } and { }, 4 groups of ( ) can be reached.

Determine the 32-bits Hash value by the position of the coordinates ( ) falling into the region of [0, 1), then, finally, juxtaposes these bits from left to right to get a 128-bit hash value.

IV. PERFORMANCE ANALYSIS A. Hash results of messages: The uniform distribution of Hash value is one of the most important properties of Hash function, which is directly related to the security of Hash function. Simulation experiment has been done on the following paragraph of message:

Condition 1:”A hash function is a fundamental building

block of information security and plays an important role in modern cryptography. It takes a message as input and produces an output referred to as a hash value. Generally, hash functions can be classified into two categories: unkeyed hash functions for data integrity, and keyed hash functions, usually known as message authentication code (MAC).”

Condition 2: Change the first character A in the original message to D.

Condition 3: Change the word function in the original message to functions.

Condition 4: Change the full stop at the end of the original message to a comma.

Condition 5: adjoin a blank space to the end of the original message.

The corresponding hash values in hexadecimal format are provided as follows, followed by the equal number of different bits compared with the hash value achieved under Condition1:

Condition 1: E2114874875F8429FD4D82D260899C79 Condition 2: F4E4E10279D7152DB93C2E0C80910650 Condition 3: B57BAFB50C48FABD7D4ABA0F746A872 Condition 4: 6AF0343ABCD3BA64671C36E45EE769EA Condition 5: 53C456373FAF7A3DA2B370915E50170D The corresponding graphical display of binary sequences

is shown in Fig. 4. The simulation results designate that a little difference in the message causes vast changes in the final hash value.

1047

Fig. 4 Hash values under different conditions

B. Statistical analysis of diffusion and confusion

Confusion and diffusion are two essential design criteria for encryption algorithms, including hash functions. Shannon initiated diffusion and confusion in order to conceal message redundancy [18,19]. Hash function, like encryption system, requires the plaintext to diffuse its effects into the whole Hash space. This means that the correlation between the message and the corresponding Hash value should be as small as possible. In the hash value in binary format each bit can be only 0 or 1. Therefore, the perfect diffusion effect should be that any minute change in the initial condition leads to a 50% changes, probability of each bit. Regularly six statistics are defined as follows:

Minimum changed bit number: min 5 Maximum changed bit number:

6 Mean changed bit number: ∑ 7 Mean changed probability:

100 8 Standard variance of the changed bit number:

∆ ∑ 9

Standard variance: ∆ 1 1 128 100 10

This kind of test is performed N times, and the corresponding distribution of changed bit number is plotted in Fig. 5, where N = 10,000. clearly the changed bit number corresponding to 1 bit changed message concentrates around the perfect changed bit number, i.e., 64 bits. It indicates that the algorithm has very strong capability for diffusion and confusion. The test results in various amount of N are listed in Table IV respectively. The following conclusion was found that, the mean changed bit number and the mean changed probability P are both very close to the ideal value 64 bits and 50%, based on the results. While △B and △P are extremely small, which indicate the diffusion and confusion capability are very constant.

Fig. 5 Distribution of changed bit number histogram of Bi

TABLE IV

STATISTICAL PERFORMANCE OF THE PROPOSED ALGORITHM

10,000 5000 2048 1024 512 256 128 N

64.07 64.09 64.08 63.91 63.94 64.09 64.12

5.70 5.69 5.72 5.82 5.92 6.02 5.70 ΔB

50.05 50.07 50.06 49.93 49.95 50.07 50.09 P

4.45 4.45 4.72 4.55 4.63 4.70 4.45 ΔP

C. Analysis of collision resistance

The following test is performed to conduct quantitative analysis on collision resistance [14, 15]: first, the Hash value for a paragraph of message randomly chosen is generated and stored in ASCII format. Then a bit in the paragraph is selected randomly and toggled, and thus a new Hash value is then generated and stored in the same format. Two Hash values are compared, and the number of ASCII characters with the same value at the same location in the Hash values, namely, the number of hits, is counted. A plot of the distribution of the number of hits is given in Fig. 6, and we can see there are 26 tests hit twice and 432 tests hit once, while in 9,542 tests, no hit occurs. It is noticed that the maximum number of equal character is only 2 and the collision is very low.

Fig. 6. Distribution of the number of ASCII characters with the same value

at the same location in the Hash value

1048

D. Analysis of meet-in-the-middle resistance

Collision resistance and birthday attacks lie in each other’s roots. Both are derived from the probability problem that two random input data are found to hash to the same value. Table 2 shows the results of the proposed algorithm. Given a function f, the goal of the attack is to find two different inputs f(x) such that f(x1)=f(x2). Such a pair x1, x2 is called a collision. The method used to find a collision is simply to evaluate the function f for different input values that may be chosen randomly or pseudorandomly until the same result is found more than once. From a set of H values, we choose n values uniformly at random, thereby allowing repetitions. Let p(n; H) be the probability that during this experiment at least one value is chosen more than once. This probability can be approximated as ; 1 1 10 Let n(p; H) be the smallest number of values we have to choose, such that the probability of finding a collision is at least p. By inverting the expression above, we find the following approximation: n p; H 2 11 11

Assigning a 0.5 probability of collision, it can be arrived at n 0.5; H 1.1774√ 12 Let Q(H) be the expected number of values that must be chosen before finding the first collision. This number can be approximated by Q H 2 13

As an example, if a 64-bit hash is used, there are approximately 1.8 × 1019 different outputs. If these are all equally probable, then it would take only approximately 5.1 × 109 attempts to generate a collision using brute force. This value is called birthday bound [4] and for n-bit codes. It can be computed as 2n-1 [3]. Table V shows the number of hashes n(p) needed to achieve the given probability of success, assuming that all hashes are equally likely.

TABLE V NUMBER OF HASHES N(P) NEEDED TO ACHIEVE THE GIVEN PROBABILITY OF

SUCCESS Bits Possible

outputs (rounded)(H)

Desired probability of random collision (rounded) (p) 10−15 10−9 1% 50% 75%

64 1.8 × 1019 1.88 × 102

1.9 × 105

6.4 × 108

5.7× 109

7.4 × 109

128 3.4 × 1038 7.9 × 1011

8.2 × 1014

3.1 × 1018

3.2 × 1019

3.1 × 1019

256 1.2 × 1077 1.8 × 1031

1.2 × 1034

4.8 × 1037

1.7 × 1038

4.7 × 1038

512 1.3 × 10154 6.1 × 1069

5.2 × 1072

2.6 × 1076

1.6 × 1077

1.8 × 1077

1024 1.8 × 10308 5.9 × 10130

4.4 × 10142

3.6 × 10152

1.7 × 10154

1.1 × 10154

V. CONCLUSION Based on the two-dimensional chaotic nonlinear map with

variable parameter, a dynamic chaos Hash algorithm

structure is proposed and analyzed. The algorithm converts the expanded message blocks into the equivalent ASCII code values. The two initial inputs and steps of iterations are generated by last round of iteration, which iterates the chaotic nonlinear map and wholly increases the rise influence of Hash function, and makes the final Hash value has high sensitivity to the initial values, increase the security of Hash function. The analysis designates that the algorithm can meet all the requisites of the Hash function efficiently. And the algorithm is easy to realize a swift and practical program to Hash function structure. The length of the final Hash value generated by this algorithm is 128 bits. Theoretical analysis and computer simulation signify that the proposed algorithm presents several interesting features, such as high message, good statistical properties, collision resistance that can satisfy the performance requirements of Hash function. Furthermore the proposed algorithm can give some extra advantages for having controllable regulator by the variable parameters.

REFERENCES [1] Boris S. Verkhovsky, “Information Assurance Protocols: Efficiency

Analysis and Implementation for Secure Communication”, Journal of Information Assurance and Security, 3(4), pp. 263-269, 2008.

[2] B. Surekha G.N. Swamy, K. SrinivasaRao, A. Ravi Kumar, “A Watermarking Technique based on Visual Cryptography Information Assurance Protocols”, Journal of Information Assurance and Security, 4(6), pp. 470-473, 2009.

[3] W. Luo, Hashing via finite field, Information Sciences 176. 2553–2566.2006

[4] A. Menezes, P. van Oorschot, S. Vanstone, Handbook of applied cryptography, CRC Press, 1996.

[5] X. Wang, D. Feng, X. Lai, H. Yu, Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD, Rump Session ofCrypto’04 E-print, 2004.

[6] X. Wang, H. Yu, How to break MD5 and other hash functions, in: Proceedings of Eurocrypt’05, Aarhus, Denmark, pp. 19–35, 2005.

[7] S. Wang, W. Liu, H. Lu, et al., Periodicity of chaotic trajectories in realizations of finite computer precisions and its implication in chaos communications, International Journal of Modern Physics B 18 (2005) 2617–2622.

[8] P. Li, Z. Li, W.A. Halang, G. Chen, A multiple pseudorandom-bit generator based on a spatiotemporal chaotic map, Physics Letters A 349 . 467–473, 2006

[9] PengFei, QiuShui-Sheng. One-way hash functions based on iterated chaotic systems. In: IEEE conference proceedings: communications, circuits and systems, 2007. ICCCAS 2007. International conference on 11–13 July; p. 1070–74 , 2007.

[10] Schmitz R, “Use of chaotic dynamical systems in cryptography”, Journal of the Franklin Institute, vol.38, no.9, pp.429-441, 2002.

[11] Deng S, Liao X F, Xiao D, “A Parallel Hash Function Based on Chaos Computer Science.”, 35(6), pp. 217- 219, 2008.

[12] Wang X M, Zhang J S and Zhang W F, “One way Hash function construction based on the extended chaotic map s switch”, Chin. Phys. Sin, 52(11), pp.2737-2742, 2003.

[13] Gao J S, Sun B Y, Han W, “Construction of the control orbit function based on the chaos theory”, Electric machines and control, no.2, pp.150-155, 2002.

[14] Parliz U, Junge L, Kocarev L, “Synchronization-based parameter estimation from time series”, PhsRevE, vol.4, no.6, pp.6253-6259, 1996.

[15] A.M. Ostrowski, Solution of Equations in Eucilidean and Banach Space, third ed., Academic Press, New York, 1973.

[16] M.Nouri ,S.AbazariAghdam , P.Pourmahdi and M.Safarinia , “Analysis of a Novel Hash Function Based upon Chaotic Nonlinear Map with Variable Parameter” , Journal of Computer Science and Information Security (IJCSIS) , pp. 221-228 , 2011.

1049