Upload
tao-xiang
View
212
Download
0
Embed Size (px)
Citation preview
Physics Letters A 364 (2007) 252–258
www.elsevier.com/locate/pla
A novel symmetrical cryptosystem based on discretized two-dimensionalchaotic map
Tao Xiang a,∗, Kwok-Wo Wong b, Xiaofeng Liao a
a College of Computer Science, Chongqing University, Chongqing 400044, Chinab Department of Electronic Engineering, City University of Hong Kong, Hong Kong
Received 5 September 2006; accepted 4 December 2006
Available online 14 December 2006
Communicated by A.R. Bishop
Abstract
A prevalent situation in existing digitized chaotic cryptosystems is that multi-dimensional chaotic maps are usually employed for image en-cryption as the elements of an image are managed in two-dimensional way. On the other hand, one-dimensional chaotic maps are widely adoptedin document encryption. In this Letter, a novel cryptosystem employing two-dimensional chaotic maps for document encryption is proposed.Several widely used two-dimensional chaotic maps are considered and their performance is investigated. Both theoretical analysis and numericalsimulation verify their feasibility and superiority for practical applications.© 2006 Elsevier B.V. All rights reserved.
PACS: 05.45.Ac
Keywords: Chaotic cryptography; Chaotic map; S-box
1. Introduction
Chaos has been introduced to cryptography as its ergod-icity, unpredictability, and sensitivity to parameter and initialcondition meet the analogous requirements of a good cryp-tosystem. The existing chaos-based cryptosystems can be di-vided into two categories: one corresponds to secure commu-nications based on chaotic synchronization of analog circuits[1–3], the other refers to the cryptosystems based on digi-tized chaos, including document encryption [4–10] and mul-timedia encryption [11–15]. An interesting phenomenon is thatdocument encryption schemes usually employ one-dimensionalchaotic maps [4–10] while image encryption schemes make useof multi-dimensional chaotic maps [11–15]. The reason may lieon the fact that when encrypting a document, the input/outputdata are treated as a one-dimensional stream. Therefore one-
* Corresponding author.E-mail addresses: [email protected] (T. Xiang),
[email protected] (K.-W. Wong), [email protected] (X. Liao).
0375-9601/$ – see front matter © 2006 Elsevier B.V. All rights reserved.doi:10.1016/j.physleta.2006.12.020
dimensional chaotic maps are naturally used. However, thepixel elements of an image are related to their geometrical co-ordinates which format least a two-dimensional vector. Multi-dimensional chaotic maps are then more suitable for imageencryption.
There are two main problems of most existing one-dimen-sional chaotic maps such as logistic map, skew tent map, sinemap, etc. used in cryptosystems. First, as chaotic variablesare defined over the real number field, their chaotic dynamicproperties may degrade in finite precision implementation [16],which may result in consequent degradation in security. Sec-ond, float-point number operations are involved in the chaoticmap iteration, which increases the computational complex-ity and decelerates the encryption/decryption speed. As multi-dimensional chaotic maps are often used in image encryptionwhose pixel values are represented in integer field, they arediscretized over finite set in bijective manner [11–15]. The orig-inal periodicity may also be changed during this discretization[11,12]. Fridrich gave a criterion in [11] for the discretized mapto become increasingly closer to the continuous map as thenumber of pixels tends to infinity.
T. Xiang et al. / Physics Letters A 364 (2007) 252–258 253
In this Letter, we propose a novel symmetrical cryptosystembased on discretized two-dimensional chaotic map (TDCM)which can be used to encrypt documents. Two identical S-boxes,generated by the same chaotic map, are employed to realize thenonlinear mapping. In order to enhance the security, the en-cryption/decryption procedures are carried out on a Feistel-likestructure. In simulation, several widely used TDCMs are usedand their performance is investigated. Both theoretical analysisand numerical simulation verify the feasibility and superiorityof the proposed chaotic cryptosystem for practical application.
2. Proposed cryptosystem
Although TDCMs are rarely used in document encryption,its potential in this application area is obvious. We only needto reorganize the one-dimensional input stream to proper for-mat that meets the requirement of input argument format ofTDCMs. All the subsequent encryption operations are similarto traditional document encryption. In the decryption process,what we decode the output of TDCMs according to the estab-lished rule and revert it to one-dimensional output stream.
In order to facilitate discussion, some useful symbol defin-itions are listed. The plaintext (P ) and the ciphertext (C) areboth divided into 16-bit blocks, respectively represented in (1)and (2):
(1)P = P1P2P3 · · ·Pn,
(2)C = C1C2C3 · · ·Cn,
where the subscript i denotes the block index 1 � i � n andn is the block length. Each Pi and Ci can be further subdi-vided into 8-bit left part and 8-bit right part, and symbolizedthem as 〈P l
i ,Pri 〉 and 〈Cl
i ,Cri 〉, respectively (i.e. Pi = 〈P l
i ,Pri 〉
and Ci = 〈Cli ,C
ri 〉). In this way, the one-dimensional plain-
text/ciphertext sequence is converted to a two-tuple sequence,which can be used in TDCM iterations.
The procedures of encryption include the following steps:
(1) Parameter configuration. Select a discretized bijectiveTDCM and keep its system parameter (Kc) secret (the detailedTDCM type and its mathematic formula should be public).Choose an iteration number t , round number r , and a 16-bitsubkey seed Ks that will all be used later secretly. It should benoted that the selection of t is not independent of TDCM. Ac-tually, for different TDCMs, the suitable value of t should beconsidered for gaining higher security. Set plaintext block in-dex i = 1.
(2) Subkey seed updating. If Ks ⊕ Ci−1 is not equal to 0,use (3) to update the subkey seed Ks :
(3)Ks = Ks ⊕ Ci−1,
where ⊕ is bit-wise exclusive-OR (XOR) operation. C0 is a16-bit secret sequence.
(3) Subkey generation and masking. Use (4) to update Ks ,where ROL stands for the rotate left operation. Moreover, m isthe number of bits to be rotated. m is secretly pre-determinedand should be dependent on the selection of r which will be
discussed later. Kl and Kr is obtained by the left and right eightbits of Ks , respectively. Then mask the plaintext 〈P l
i ,Pri 〉 by Kl
and Kr in the way that described in (5) and (6):
(4)Ks = ROL(Ks,m),
(5)P li = P l
i ⊕ Kl,
(6)P ri = P r
i ⊕ Kr.
(4) S-box substitution. In order to have good confusionproperty, S-box is employed in the proposed scheme. Kocarevet al. proposed a method to generate one-to-one S-box by it-erating a chaotic map [5,6]. We employ two identical 16 × 16S-boxes generated by the logistic map used in [5] and [6], aslisted in the left part of Table 1, to substitute 〈P l
i ,Pri 〉 obtained
in step 3. This procedure can be formulized as (7) and (8):
(7)P li = S-box
(P l
i
),
(8)P ri = S-box
(P r
i
).
(5) Chaotic iteration and exchanging. Use 〈P li ,P
ri 〉 ob-
tained in step 4 as the initial condition of the selected dis-cretized bijective TDCM, and iterate the map for t times. Up-date 〈P l
i ,Pri 〉 to the latest status of chaotic variables, then ex-
change P li with P r
i . These operations are described by (9):
(9)〈P ri ,P l
i 〉 = TDCMt(P l
i ,Pri
).
(6) Round repetition. Repeat step 3 to step 6 for r times.(7) Ciphertext block output. Output the latest P l
i and P ri as
the corresponding ciphertext 〈Cli ,C
ri 〉.
(8) i = i + 1. Go to step 2 until the end of plaintext isreached.
The detail flow chart of the encryption process is depicted inFig. 1. As every step is invertible, the decryption procedures aresimilar to that of encryption, except that the execution sequenceof step 3 to step 6 is reversed. Moreover, the inverse S-box listedon the right side of Table 1 and the inverse TDCM should beused respectively in step 4 and step 5 of the decryption process.
As mentioned above, the selection of m is dependent on r .Detail relationship between them is given by (10). In this man-
Fig. 1. A flow chart of the proposed cryptosystem.
254 T. Xiang et al. / Physics Letters A 364 (2007) 252–258
Tabl
e1
A16
×16
S-bo
x(l
eft)
and
itsin
vers
e(r
ight
)ge
nera
ted
bylo
gist
icm
ap(a
llva
lues
are
inhe
xfo
rmat
)0
12
34
56
78
9a
bc
de
f
060
c456
5288
1782
ac28
964f
4aff
20b5
6a1
9283
bca7
b29a
ee70
35e1
2561
9da4
9c47
2b7
7d2f
24c7
7ec5
c877
148d
ccfd
8aef
363
762c
1211
2a29
a8b8
2284
c3e9
e6e2
1557
4e0
3c69
ce05
d4cd
fa30
f8dd
75cf
a00c
555
9f41
f36f
ead2
a265
2389
8139
e493
ba6b
6a9
b01f
f734
431b
0804
fc0b
aa73
94eb
8e7
c2d6
5348
1827
8f5b
5dd0
ecf4
f531
4bab
84e
9779
bb13
b65e
8b10
5049
1df6
9900
689
3f95
ade7
e887
8c51
641e
d9e5
5ada
def0
a0f
46f1
1c71
e309
a5dc
9ebf
4080
3b45
02b
a642
d1ed
d7fe
169b
6372
c078
b467
2603
c01
5407
9038
2162
3dd8
ca7f
b10a
d544
a1d
0dc9
f22e
b959
6c66
b374
32bd
df58
6d37
e3a
2ddb
6ef9
1ac6
065f
a32b
197c
fb7b
aff
be0e
855c
337a
c14d
cb86
914c
d3ae
3e98
01
23
45
67
89
ab
cd
ef
08e
c0af
bf68
44e7
c267
a6cc
6a4e
d0f1
a01
8833
3284
293e
b605
74eb
e566
a38b
9962
20d
c538
5823
1abe
7508
3534
ea31
e1d3
223
487d
daf4
6418
2fdf
c45b
e0ad
41c7
fe90
4ab
51b1
65ce
aea1
1f73
8a0b
7efb
f780
0a5
8997
0372
c14f
023f
ddd5
9c77
f378
86e8
600
1bc6
b898
57d7
bd8f
420f
5fd6
dee3
537
17a4
b96c
d94b
3028
bb82
f5ee
ec21
25ca
8ac
5a06
1139
f2f9
9504
592d
8796
2a6f
769
c3fa
105d
6d91
0981
ff8d
15b7
1e1c
a950
a4d
cf56
e91d
a7b0
1336
606b
7f07
92fd
efb
61cb
14d8
bc0e
8520
37d4
5e83
12db
f0aa
cba
f670
3a01
26e6
2427
d1c9
f82b
4643
4cd
79b2
55fc
45cd
71b4
c89a
9de2
a84a
9edc
e40
193d
a55c
9b3c
9394
3b54
6e7a
b316
2ef
9fa2
d252
7b7c
8c63
49e4
47ed
692c
b50c
Fig. 2. An external key representation.
ner, we can fully use the cycle of rotate left operation on thekey
(10)m ={ �16/r�, r � 16,
1, otherwise.
During the procedures of encryption, all pre-determined se-cret parameters compose the secret key. They include the it-eration number t , round number r , rotate number m, subkeyseed Ks , initial two-tuple C0, and the parameter of TDCMKc . For convenience in key maintenance and manipulation, anappropriate method should be adopted to organize them. As in-spired by [8,9], we use the concept of external key, i.e. a bitsequence whose segment at different positions denotes the el-ement of the key. An example is that we can use the externalkey format depicted in Fig. 2. The first three bytes are used tostore the values of t , r , and m. The two subsequent 16-bit se-quences are reserved for Ks and C0. The last part of the externalkey is Kc . Its length and format are TDCM dependent becausedifferent TDCMs have different parameters.
3. Simulation results
In general, any TDCMs that can be discretized over integerfield in bijective manner can be adopted in the proposed cryp-tosystem. In this Letter, three TDCMs widely used in existingimage encryption schemes are considered. They are standardmap, generalized cat map, and generalized baker map [11].Their discretized versions are described in (11), (12), and (13),respectively.
(11)
{xi+1 = (xi + yi) mod N
yi+1 = (yi + k sin 2πxi+1
N
)mod N
, with k > 0,
[xi+1yi+1
]=
[a11 a12
a21 a22
][xi
yi
](mod N),
(12)with a11 ∗ a22 − a12 ∗ a21 = 1,⎧⎨⎩
xi+1 = Nkj
(xi − Nj) + yi mod Nkj
,
yi+1 = kj
N
(yi − yi mod N
kj
) + Nj ,
(13)with
⎧⎪⎪⎪⎪⎪⎪⎪⎪⎨⎪⎪⎪⎪⎪⎪⎪⎪⎩
k0 + k1 + · · · + kt = N,
Nj = k0 + k1 + · · · + kj ,
0 � yi � N,
Nj � xi � Nj + kj+1,
0 � j � t − 1,
k0 = 0,
where x and y are variables in each TDCM, and other symbolsdenote the system parameters. N is set to 256 in all TDCMssince the minimum unit of plaintext/ciphertext in the proposedscheme is a byte. Meanwhile, as discussed in [17], different
T. Xiang et al. / Physics Letters A 364 (2007) 252–258 255
Fig. 3. Plot of plaintext and the corresponding ciphertext using different TDCMs where x-coordinate denotes the sequence index of plaintext or ciphertext andy-coordinate its 8-bit value.
Fig. 4. The distribution of plaintext and ciphertext using different TDCMs where x-coordinate denotes the 8-bit value of plaintext or ciphertext and y-coordinatethe number of occurrence. (a) Plaintext distribution of a 28 kB pdf file. (b), (c), (d) distribution of the corresponding ciphertext of the pdf file using standard map,cat map, and baker map, respectively. (e) Plaintext distribution of a 29.7 kB wav file. (f), (g), (h) Distribution of the corresponding ciphertext of the wav file usingstandard map, cat map, and baker map, respectively.
chaotic maps have different confusion properties that are re-lated to the iteration time. Sufficient number of iterations shouldbe made in order to maintain high security against statisti-cal or differential attack. t is set to 12 as suggested in [17].Throughout the experiments, the system parameters of TDCMsare configured as follows. For standard map, k = 53246 whilea11 = 1, a12 = 1, a21 = 1, a22 = 2 for cat map. In baker map,k1 = k2 = k3 = k4 = 64.
The values of other parts of the key are selected ran-domly. For example, r = 8, m = 2, Ks = (8F4C)16, andC0 = (4ED3)16.
The proposed cryptosystem is realized using C++ program-ming language and executed on a Celeron-M 1.5 GHz PC with512 MB RAM.
Firstly, the title of this Letter “A novel symmetrical cryp-tosystem based on discretized two-dimensional chaotic map” isused as the plaintext. The corresponding ciphertext obtained us-
ing standard map, generalized cat map, and generalized bakermap is plotted in Figs. 3(a), (b) and (c), respectively. It is easilyfound that for the all above-mentioned TDCMs, the plaintextand the corresponding ciphertext are totally different both intheir 8-bit value and trendline.
The distribution of ciphertext content is of much importancebecause it should hide the redundancy of plaintext and shouldnot leak any information about plaintext or the relationship be-tween plaintext and ciphertext. In other words, the distributionof ciphertext should be sufficiently flat. We arbitrarily choosetwo types of file, a 28 kB pdf file and a 29.7 kB wav file,and encrypt them using above-mentioned TDCMs. The distri-bution of plaintext and ciphertext is drawn in Fig. 4. The dis-tribution of 8-bit value of the plaintext, portrayed in Figs. 4(a)and (e), are obviously uneven as the occurrence frequency ofsome values are extremely high than others. In particular, thedistribution of the wav file plaintext reveals a spike-like model
256 T. Xiang et al. / Physics Letters A 364 (2007) 252–258
Table 2Encryption speed (in seconds) and ciphertext file size for five different types of plaintext files
File type Plaintext file size(kB)
Ciphertext file size(kB)
Encryption time(cat map)(s)
Encryption time(baker map)(s)
Encryption time(standard map)(s)
Encryption time(standard mapwith sine table)
Text files(*.txt)
30 30 0.05 0.11 0.42 0.3090 90 0.14 0.32 1.27 0.91
240 240 0.38 0.88 3.38 2.41
Document files(*.doc)
30 30 0.05 0.11 0.43 0.3190 90 0.16 0.33 1.30 0.91
240 240 0.39 0.89 3.38 2.41
Executable file(*.exe)
488 488 0.77 1.78 6.86 4.91914 914 1.43 3.34 12.88 9.22
Audio files(*.wav)
255 255 0.39 0.92 3.59 2.56544 544 0.86 1.97 7.66 5.47
Video files(*.avi)
636 636 0.99 2.31 8.97 6.391230 1230 1.97 4.59 17.73 12.70
in Fig. 4(e). After encryption, the distribution of ciphertext areall flat, whichever the above-mentioned TDCM is used. Thisis clearly shown in Figs. 4(b)–(d) and (f)–(h). The frequencydiversity and the distribution pattern of plaintext are coveredthereby.
As the size of ciphertext and the speed of encryption are an-other two important aspects for a cryptosystem, we select fiveprevalent types of plaintext to investigate the performance of theproposed cryptosystem in these two aspects. The detail resultsare listed in Table 2. The ideal length of ciphertext is equiv-alent to that of plaintext because it is a one-to-one mappingbetween plaintext and ciphertext when the key is given. Thisgoal is achieved in the proposed cryptosystem, which can beconcluded from the procedures of encryption, or verified fromthe data in the second and the third columns of Table 2.
The plaintext of various sizes and types are also chosen tomeasure the encryption speed of the proposed cryptosystemwhen different TDCMs are used. Obviously, the most time-consuming operation in the proposed cipher is the iteration ofTDCM. Therefore, the performance of TDCM determines theperformance of the whole cipher. Once the type and the size ofplaintext file as well as the TDCM are given, we repeat the en-cryption for 10 times and record the speed in each run. Then theaverage speed is calculated and listed in the last four columnsof Table 2. The encryption speed varies when different TD-CMs are adopted. The computation overhead of standard mapis the highest (i.e. the encryption speed is the lowest) because itinvolves the calculation of trigonometric function calculation.The same conclusion has also been pointed out by Lian et al.in [17]. Note that, in Eq. (11), xi+1 ranges from 0 to N − 1, thusthe expression sin 2πxi+1
Nhas only N different values. A sine ta-
ble was suggested in [14] to accelerate the computation. Thisimprovement is also taken into account in our experiments andthe results are listed in the last column of Table 2. It is foundthat the introduction of sine table does accelerate the com-putation of standard map. About 28% acceleration is gainedcomparing to the direct computation of standard map without
sine table. Even so, the data type in sine table is still floatpoint and it is further multiplied by k. The encryption speedusing standard map with sine table is still much slower thanthose using the other two TDCMs. However, the performanceof generalized cat map and generalized baker map found in ourexperiments are not consistent with the conclusion in [17]. Lianet al. stated that generalized baker map has the lowest computa-tional complexity. But one thing they did not take into accountis that, in order to use (13) to calculate xi+1 and yi+1, thereis a search operation to determine the interval of Nj where xi
belongs to. The search operation increases the computing com-plexity of baker map, especially when N is divided into manypieces of kj . The data in the last column of Table 2 also illus-trate that the encryption speed when using generalized bakermap is only in the middle. The fastest encryption appears whenusing generalized cat map, and it is substantially faster than us-ing the other two maps. As the size of plaintext increases, thesuperiority of generalized cat map in speed is even more re-markable.
One point should be noted is that the same configurationof t and r is used for all three TDCMs in the simulation toevaluate their performance fairly. Actually, the least iterationnumber and round number to achieve same security level fordifferent TDCMs are also discrepant. For example, the iterationtime for standard map should not be smaller than 4 to gain suf-ficient confusion property. The value for cat map is not lowerthan 6, and the one for baker map should be 12 or above [17].Therefore, different values of t and r can be configured whendifferent TDCMs are employed to achieve a certain securitylevel and an acceptable speed.
4. Security analysis
Security is a major issue of a cryptosystem. As the securityof the three TDCMs have been well investigated in [11–15,17],the security analysis of the proposed cryptosystem can be per-formed based on some of their conclusions.
T. Xiang et al. / Physics Letters A 364 (2007) 252–258 257
Fig. 5. Plot of the plaintext containing 64 zero bits and the corresponding ciphertext using different TDCMs where x-coordinate denotes the sequence index ofplaintext or ciphertext and y-coordinate its 8-bit value.
4.1. Key space
The security of a cryptosystem must rely entirely on the se-cret keys, thus the importance of key space is self-evident. Ancryptographic algorithm’s key space refers to all possible keysthat can be used to initialize it. In our proposed cipher, all thepre-determined secret parameters in encryption/decryption con-stitute the key. An example to organize the key is depicted inFig. 2, in which the key space is 256 multiply the parameterspace of TDCM. Different TDCMs have different parameterspace, as investigated in [17]. Among the above-mentionedchaotic maps, standard map has the largest parameter spaceand the highest computational complexity, Baker map has themedium computational complexity and parameter space, andcat map has the smallest parameter space and the lowest com-putational complexity. One should choose the TDCM based onthe trade of its parameter space and computational complexity.
4.2. Confusion and diffusion
The performance of confusion and diffusion directly affectsthe immunity of a cryptosystem from cryptanalysis. In the pro-posed cryptosystem, two identical 16 × 16 S-boxes generatedby chaotic map in [5,6] are employed. It is well known thatS-box possesses high confusion effect, and Jakimoski et al.claimed the employed S-box is superior to those randomly con-structed ones [6]. After S-box substitution, the confused plain-text are further fed to a TDCM for iterating t times which iskey-dependent. By this procedure, the two 8-bit input valuesare well mixed, and any slight change in bit level of plaintext orkey will be avalanched throughout the entire 16-bit block. Thediffusion effect between blocks is carried out by a cipher blockchaining (CBC) [18] like operation (refers to steps 2 and 3 in theencryption procedures or masking by f (Ks,Ci−1) in Fig. 1).As a part of the secret key and the previous encrypted cipher-text block are used to update the subkey seed, then the rotate leftoperation is used to allocate the round key sequence based onthe updated subkey seed. When the round key is masked by thecurrent plaintext block, the diffusion effect is realized. Theseprocedures will repeat r times accompanied by exchanging P l
i
with P r at the end of each round. At that moment, the confusion
ias well as the diffusion effect are enhanced significantly. Thewhole encryption procedures are similar to the Feistel architec-ture [18] widely used in classic block ciphers including DES.
4.3. Origin problem
A problem of the three TDCMs used in image encryption aspermutation functions is that the pixel at corner (0,0) cannotbe moved to other positions [17]. If the plaintext were directlyused as the input of TDCM, the same problem would occurin our cryptosystem that the plaintext block 〈0,0〉 could notbe transferred to other values. However, we do take measuresto eliminate this loophole. As the original plaintext will firstlybe masked by a subkey and then substituted by a S-box, thisproblem will not exist in our proposed scheme. What’s more,step 2 in the encryption process also ensures that the iterationsof chaotic map used to generate the subkey sequence are valid.An example is given in Fig. 5, in which a sequence of 64 zerobits is used as the plaintext. From Figs. 5(a), (b), and (c) wefind that a plaintext containing only 0’s can also be successfullyencrypted with good confusion property. This improvement fur-thermore gets rid of the feasibility of some chosen-plaintextattacks.
5. Conclusion
It is well known that multi-dimensional chaotic maps areusually used for image encryption while one-dimensionalchaotic maps are for document encryption. In this Letter, thefeasibility of employing multi-dimensional chaotic maps fordocument encryption is investigated. A novel symmetricalcryptosystem based on discretized TDCM is also proposed. Inorder to achieve good confusion and diffusion effect, a seriesof measures such as subkey masking, S-box, etc., are intro-duced in the encryption process. A Feistel-like structure is alsoadopted to carry out the encryption procedures. An externalkey is suggested to provide the secret parameters required inthe cryptosystem. Three prevalent discretized TDCMs widelyused in existing image encryption schemes, i.e. standard map,generalized cat map, and generalized baker map, are adoptedin the simulation. Both numerical and theoretic analyses show
258 T. Xiang et al. / Physics Letters A 364 (2007) 252–258
its superior performance and high security. Furthermore, it alsogets rid of the problem of float-point number manipulation intraditional document encryption, as well as the origin problemin image encryption.
Acknowledgements
The work described in this Letter was fully supported by agrant from CityU (Project No. 7001927).
References
[1] L. Kocarev, K.S. Halle, K. Eckert, L.O. Chua, U. Parlitz, Int. J. Bifur.Chaos 2 (1992) 709.
[2] Y.C. Lai, E. Bollt, C. Grebogi, Phys. Lett. A 255 (1999) 75.[3] J.Y. Chen, K.W. Wong, L.M. Cheng, J.W. Shuai, Chaos 13 (2003) 508.[4] M.S. Baptista, Phys. Lett. A 240 (1998) 50.[5] L. Kocarev, G. Jakimoski, Phys. Lett. A 289 (2001) 199.
[6] G. Jakimoski, L. Kocarev, IEEE Trans. Circuits Systems I: Fund. TheoryAppl. 48 (2001) 163.
[7] K.W. Wong, Phys. Lett. A 298 (2002) 238.[8] N.K. Pareek, V. Patidar, K.K. Sud, Phys. Lett. A 309 (2003) 75.[9] N.K. Pareek, V. Patidar, K.K. Sud, Commun. Nonlinear Sci. Numer.
Simul. 10 (2005) 715.[10] T. Xiang, X.F. Liao, G.P. Tang, Y. Chen, K.W. Wong, Phys. Lett. A 349
(2006) 109.[11] J. Fridrich, Int. J. Bifur. Chaos 8 (1998) 1259.[12] G.R. Chen, Y.B. Mao, C.K. Chui, Chaos Solitons Fractals 21 (2004) 749.[13] Y.B. Mao, G.R. Chen, S.G. Lian, Int. J. Bifur. Chaos 14 (2004) 3613.[14] S.G. Lian, J.S. Sun, Z.Q. Wang, Chaos Solitons Fractals 26 (2005) 117.[15] Z.H. Guan, F.J. Huang, W.J. Guan, Phys. Lett. A 346 (2005) 153.[16] S.J. Li, G.R. Chen, X.Q. Mou, Int. J. Bifur. Chaos 15 (2005) 3119.[17] S.G. Lian, J.S. Sun, Z.Q. Wang, Physica A 351 (2005) 645.[18] B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source
Code in C, second ed., Wiley, New York, 1996.