Physics Letters A 364 (2007) 252–258

www.elsevier.com/locate/pla

A novel symmetrical cryptosystem based on discretized two-dimensionalchaotic map

Tao Xiang a,∗, Kwok-Wo Wong b, Xiaofeng Liao a

a College of Computer Science, Chongqing University, Chongqing 400044, Chinab Department of Electronic Engineering, City University of Hong Kong, Hong Kong

Received 5 September 2006; accepted 4 December 2006

Available online 14 December 2006

Communicated by A.R. Bishop

Abstract

A prevalent situation in existing digitized chaotic cryptosystems is that multi-dimensional chaotic maps are usually employed for image en-cryption as the elements of an image are managed in two-dimensional way. On the other hand, one-dimensional chaotic maps are widely adoptedin document encryption. In this Letter, a novel cryptosystem employing two-dimensional chaotic maps for document encryption is proposed.Several widely used two-dimensional chaotic maps are considered and their performance is investigated. Both theoretical analysis and numericalsimulation verify their feasibility and superiority for practical applications.© 2006 Elsevier B.V. All rights reserved.

PACS: 05.45.Ac

Keywords: Chaotic cryptography; Chaotic map; S-box

1. Introduction

Chaos has been introduced to cryptography as its ergod-icity, unpredictability, and sensitivity to parameter and initialcondition meet the analogous requirements of a good cryp-tosystem. The existing chaos-based cryptosystems can be di-vided into two categories: one corresponds to secure commu-nications based on chaotic synchronization of analog circuits[1–3], the other refers to the cryptosystems based on digi-tized chaos, including document encryption [4–10] and mul-timedia encryption [11–15]. An interesting phenomenon is thatdocument encryption schemes usually employ one-dimensionalchaotic maps [4–10] while image encryption schemes make useof multi-dimensional chaotic maps [11–15]. The reason may lieon the fact that when encrypting a document, the input/outputdata are treated as a one-dimensional stream. Therefore one-

* Corresponding author.E-mail addresses: xiangtaooo@gmail.com (T. Xiang),

itkwwong@cityu.edu.hk (K.-W. Wong), xfliao@cqu.edu.cn (X. Liao).

0375-9601/$ – see front matter © 2006 Elsevier B.V. All rights reserved.doi:10.1016/j.physleta.2006.12.020

dimensional chaotic maps are naturally used. However, thepixel elements of an image are related to their geometrical co-ordinates which format least a two-dimensional vector. Multi-dimensional chaotic maps are then more suitable for imageencryption.

There are two main problems of most existing one-dimen-sional chaotic maps such as logistic map, skew tent map, sinemap, etc. used in cryptosystems. First, as chaotic variablesare defined over the real number field, their chaotic dynamicproperties may degrade in finite precision implementation [16],which may result in consequent degradation in security. Sec-ond, float-point number operations are involved in the chaoticmap iteration, which increases the computational complex-ity and decelerates the encryption/decryption speed. As multi-dimensional chaotic maps are often used in image encryptionwhose pixel values are represented in integer field, they arediscretized over finite set in bijective manner [11–15]. The orig-inal periodicity may also be changed during this discretization[11,12]. Fridrich gave a criterion in [11] for the discretized mapto become increasingly closer to the continuous map as thenumber of pixels tends to infinity.

T. Xiang et al. / Physics Letters A 364 (2007) 252–258 253

In this Letter, we propose a novel symmetrical cryptosystembased on discretized two-dimensional chaotic map (TDCM)which can be used to encrypt documents. Two identical S-boxes,generated by the same chaotic map, are employed to realize thenonlinear mapping. In order to enhance the security, the en-cryption/decryption procedures are carried out on a Feistel-likestructure. In simulation, several widely used TDCMs are usedand their performance is investigated. Both theoretical analysisand numerical simulation verify the feasibility and superiorityof the proposed chaotic cryptosystem for practical application.

2. Proposed cryptosystem

Although TDCMs are rarely used in document encryption,its potential in this application area is obvious. We only needto reorganize the one-dimensional input stream to proper for-mat that meets the requirement of input argument format ofTDCMs. All the subsequent encryption operations are similarto traditional document encryption. In the decryption process,what we decode the output of TDCMs according to the estab-lished rule and revert it to one-dimensional output stream.

In order to facilitate discussion, some useful symbol defin-itions are listed. The plaintext (P ) and the ciphertext (C) areboth divided into 16-bit blocks, respectively represented in (1)and (2):

(1)P = P1P2P3 · · ·Pn,

(2)C = C1C2C3 · · ·Cn,

where the subscript i denotes the block index 1 � i � n andn is the block length. Each Pi and Ci can be further subdi-vided into 8-bit left part and 8-bit right part, and symbolizedthem as 〈P l

i ,Pri 〉 and 〈Cl

i ,Cri 〉, respectively (i.e. Pi = 〈P l

i ,Pri 〉

and Ci = 〈Cli ,C

ri 〉). In this way, the one-dimensional plain-

text/ciphertext sequence is converted to a two-tuple sequence,which can be used in TDCM iterations.

The procedures of encryption include the following steps:

(1) Parameter configuration. Select a discretized bijectiveTDCM and keep its system parameter (Kc) secret (the detailedTDCM type and its mathematic formula should be public).Choose an iteration number t , round number r , and a 16-bitsubkey seed Ks that will all be used later secretly. It should benoted that the selection of t is not independent of TDCM. Ac-tually, for different TDCMs, the suitable value of t should beconsidered for gaining higher security. Set plaintext block in-dex i = 1.

(2) Subkey seed updating. If Ks ⊕ Ci−1 is not equal to 0,use (3) to update the subkey seed Ks :

(3)Ks = Ks ⊕ Ci−1,

where ⊕ is bit-wise exclusive-OR (XOR) operation. C0 is a16-bit secret sequence.

(3) Subkey generation and masking. Use (4) to update Ks ,where ROL stands for the rotate left operation. Moreover, m isthe number of bits to be rotated. m is secretly pre-determinedand should be dependent on the selection of r which will be

discussed later. Kl and Kr is obtained by the left and right eightbits of Ks , respectively. Then mask the plaintext 〈P l

i ,Pri 〉 by Kl

and Kr in the way that described in (5) and (6):

(4)Ks = ROL(Ks,m),

(5)P li = P l

i ⊕ Kl,

(6)P ri = P r

i ⊕ Kr.

(4) S-box substitution. In order to have good confusionproperty, S-box is employed in the proposed scheme. Kocarevet al. proposed a method to generate one-to-one S-box by it-erating a chaotic map [5,6]. We employ two identical 16 × 16S-boxes generated by the logistic map used in [5] and [6], aslisted in the left part of Table 1, to substitute 〈P l

i ,Pri 〉 obtained

in step 3. This procedure can be formulized as (7) and (8):

(7)P li = S-box

(P l

i

),

(8)P ri = S-box

(P r

i

).

(5) Chaotic iteration and exchanging. Use 〈P li ,P

ri 〉 ob-

tained in step 4 as the initial condition of the selected dis-cretized bijective TDCM, and iterate the map for t times. Up-date 〈P l

i ,Pri 〉 to the latest status of chaotic variables, then ex-

change P li with P r

i . These operations are described by (9):

(9)〈P ri ,P l

i 〉 = TDCMt(P l

i ,Pri

).

(6) Round repetition. Repeat step 3 to step 6 for r times.(7) Ciphertext block output. Output the latest P l

i and P ri as

the corresponding ciphertext 〈Cli ,C

ri 〉.

(8) i = i + 1. Go to step 2 until the end of plaintext isreached.

The detail flow chart of the encryption process is depicted inFig. 1. As every step is invertible, the decryption procedures aresimilar to that of encryption, except that the execution sequenceof step 3 to step 6 is reversed. Moreover, the inverse S-box listedon the right side of Table 1 and the inverse TDCM should beused respectively in step 4 and step 5 of the decryption process.

As mentioned above, the selection of m is dependent on r .Detail relationship between them is given by (10). In this man-

Fig. 1. A flow chart of the proposed cryptosystem.

254 T. Xiang et al. / Physics Letters A 364 (2007) 252–258

Tabl

e1

A16

×16

S-bo

x(l

eft)

and

itsin

vers

e(r

ight

)ge

nera

ted

bylo

gist

icm

ap(a

llva

lues

are

inhe

xfo

rmat

)0

12

34

56

78

9a

bc

de

f

060

c456

5288

1782

ac28

964f

4aff

20b5

6a1

9283

bca7

b29a

ee70

35e1

2561

9da4

9c47

2b7

7d2f

24c7

7ec5

c877

148d

ccfd

8aef

363

762c

1211

2a29

a8b8

2284

c3e9

e6e2

1557

4e0

3c69

ce05

d4cd

fa30

f8dd

75cf

a00c

555

9f41

f36f

ead2

a265

2389

8139

e493

ba6b

6a9

b01f

f734

431b

0804

fc0b

aa73

94eb

8e7

c2d6

5348

1827

8f5b

5dd0

ecf4

f531

4bab

84e

9779

bb13

b65e

8b10

5049

1df6

9900

689

3f95

ade7

e887

8c51

641e

d9e5

5ada

def0

a0f

46f1

1c71

e309

a5dc

9ebf

4080

3b45

02b

a642

d1ed

d7fe

169b

6372

c078

b467

2603

c01

5407

9038

2162

3dd8

ca7f

b10a

d544

a1d

0dc9

f22e

b959

6c66

b374

32bd

df58

6d37

e3a

2ddb

6ef9

1ac6

065f

a32b

197c

fb7b

aff

be0e

855c

337a

c14d

cb86

914c

d3ae

3e98

01

23

45

67

89

ab

cd

ef

08e

c0af

bf68

44e7

c267

a6cc

6a4e

d0f1

a01

8833

3284

293e

b605

74eb

e566

a38b

9962

20d

c538

5823

1abe

7508

3534

ea31

e1d3

223

487d

daf4

6418

2fdf

c45b

e0ad

41c7

fe90

4ab

51b1

65ce

aea1

1f73

8a0b

7efb

f780

0a5

8997

0372

c14f

023f

ddd5

9c77

f378

86e8

600

1bc6

b898

57d7

bd8f

420f

5fd6

dee3

537

17a4

b96c

d94b

3028

bb82

f5ee

ec21

25ca

8ac

5a06

1139

f2f9

9504

592d

8796

2a6f

769

c3fa

105d

6d91

0981

ff8d

15b7

1e1c

a950

a4d

cf56

e91d

a7b0

1336

606b

7f07

92fd

efb

61cb

14d8

bc0e

8520

37d4

5e83

12db

f0aa

cba

f670

3a01

26e6

2427

d1c9

f82b

4643

4cd

79b2

55fc

45cd

71b4

c89a

9de2

a84a

9edc

e40

193d

a55c

9b3c

9394

3b54

6e7a

b316

2ef

9fa2

d252

7b7c

8c63

49e4

47ed

692c

b50c

Fig. 2. An external key representation.

ner, we can fully use the cycle of rotate left operation on thekey

(10)m ={ �16/r�, r � 16,

1, otherwise.

During the procedures of encryption, all pre-determined se-cret parameters compose the secret key. They include the it-eration number t , round number r , rotate number m, subkeyseed Ks , initial two-tuple C0, and the parameter of TDCMKc . For convenience in key maintenance and manipulation, anappropriate method should be adopted to organize them. As in-spired by [8,9], we use the concept of external key, i.e. a bitsequence whose segment at different positions denotes the el-ement of the key. An example is that we can use the externalkey format depicted in Fig. 2. The first three bytes are used tostore the values of t , r , and m. The two subsequent 16-bit se-quences are reserved for Ks and C0. The last part of the externalkey is Kc . Its length and format are TDCM dependent becausedifferent TDCMs have different parameters.

3. Simulation results

In general, any TDCMs that can be discretized over integerfield in bijective manner can be adopted in the proposed cryp-tosystem. In this Letter, three TDCMs widely used in existingimage encryption schemes are considered. They are standardmap, generalized cat map, and generalized baker map [11].Their discretized versions are described in (11), (12), and (13),respectively.

(11)

{xi+1 = (xi + yi) mod N

yi+1 = (yi + k sin 2πxi+1

N

)mod N

, with k > 0,

[xi+1yi+1

]=

[a11 a12

a21 a22

][xi

yi

](mod N),

(12)with a11 ∗ a22 − a12 ∗ a21 = 1,⎧⎨⎩

xi+1 = Nkj

(xi − Nj) + yi mod Nkj

,

yi+1 = kj

N

(yi − yi mod N

kj

) + Nj ,

(13)with

⎧⎪⎪⎪⎪⎪⎪⎪⎪⎨⎪⎪⎪⎪⎪⎪⎪⎪⎩

k0 + k1 + · · · + kt = N,

Nj = k0 + k1 + · · · + kj ,

0 � yi � N,

Nj � xi � Nj + kj+1,

0 � j � t − 1,

k0 = 0,

where x and y are variables in each TDCM, and other symbolsdenote the system parameters. N is set to 256 in all TDCMssince the minimum unit of plaintext/ciphertext in the proposedscheme is a byte. Meanwhile, as discussed in [17], different

T. Xiang et al. / Physics Letters A 364 (2007) 252–258 255

Fig. 3. Plot of plaintext and the corresponding ciphertext using different TDCMs where x-coordinate denotes the sequence index of plaintext or ciphertext andy-coordinate its 8-bit value.

Fig. 4. The distribution of plaintext and ciphertext using different TDCMs where x-coordinate denotes the 8-bit value of plaintext or ciphertext and y-coordinatethe number of occurrence. (a) Plaintext distribution of a 28 kB pdf file. (b), (c), (d) distribution of the corresponding ciphertext of the pdf file using standard map,cat map, and baker map, respectively. (e) Plaintext distribution of a 29.7 kB wav file. (f), (g), (h) Distribution of the corresponding ciphertext of the wav file usingstandard map, cat map, and baker map, respectively.

chaotic maps have different confusion properties that are re-lated to the iteration time. Sufficient number of iterations shouldbe made in order to maintain high security against statisti-cal or differential attack. t is set to 12 as suggested in [17].Throughout the experiments, the system parameters of TDCMsare configured as follows. For standard map, k = 53246 whilea11 = 1, a12 = 1, a21 = 1, a22 = 2 for cat map. In baker map,k1 = k2 = k3 = k4 = 64.

The values of other parts of the key are selected ran-domly. For example, r = 8, m = 2, Ks = (8F4C)16, andC0 = (4ED3)16.

The proposed cryptosystem is realized using C++ program-ming language and executed on a Celeron-M 1.5 GHz PC with512 MB RAM.

Firstly, the title of this Letter “A novel symmetrical cryp-tosystem based on discretized two-dimensional chaotic map” isused as the plaintext. The corresponding ciphertext obtained us-

ing standard map, generalized cat map, and generalized bakermap is plotted in Figs. 3(a), (b) and (c), respectively. It is easilyfound that for the all above-mentioned TDCMs, the plaintextand the corresponding ciphertext are totally different both intheir 8-bit value and trendline.

The distribution of ciphertext content is of much importancebecause it should hide the redundancy of plaintext and shouldnot leak any information about plaintext or the relationship be-tween plaintext and ciphertext. In other words, the distributionof ciphertext should be sufficiently flat. We arbitrarily choosetwo types of file, a 28 kB pdf file and a 29.7 kB wav file,and encrypt them using above-mentioned TDCMs. The distri-bution of plaintext and ciphertext is drawn in Fig. 4. The dis-tribution of 8-bit value of the plaintext, portrayed in Figs. 4(a)and (e), are obviously uneven as the occurrence frequency ofsome values are extremely high than others. In particular, thedistribution of the wav file plaintext reveals a spike-like model

256 T. Xiang et al. / Physics Letters A 364 (2007) 252–258

Table 2Encryption speed (in seconds) and ciphertext file size for five different types of plaintext files

File type Plaintext file size(kB)

Ciphertext file size(kB)

Encryption time(cat map)(s)

Encryption time(baker map)(s)

Encryption time(standard map)(s)

Encryption time(standard mapwith sine table)

Text files(*.txt)

30 30 0.05 0.11 0.42 0.3090 90 0.14 0.32 1.27 0.91

240 240 0.38 0.88 3.38 2.41

Document files(*.doc)

30 30 0.05 0.11 0.43 0.3190 90 0.16 0.33 1.30 0.91

240 240 0.39 0.89 3.38 2.41

Executable file(*.exe)

488 488 0.77 1.78 6.86 4.91914 914 1.43 3.34 12.88 9.22

Audio files(*.wav)

255 255 0.39 0.92 3.59 2.56544 544 0.86 1.97 7.66 5.47

Video files(*.avi)

636 636 0.99 2.31 8.97 6.391230 1230 1.97 4.59 17.73 12.70

in Fig. 4(e). After encryption, the distribution of ciphertext areall flat, whichever the above-mentioned TDCM is used. Thisis clearly shown in Figs. 4(b)–(d) and (f)–(h). The frequencydiversity and the distribution pattern of plaintext are coveredthereby.

As the size of ciphertext and the speed of encryption are an-other two important aspects for a cryptosystem, we select fiveprevalent types of plaintext to investigate the performance of theproposed cryptosystem in these two aspects. The detail resultsare listed in Table 2. The ideal length of ciphertext is equiv-alent to that of plaintext because it is a one-to-one mappingbetween plaintext and ciphertext when the key is given. Thisgoal is achieved in the proposed cryptosystem, which can beconcluded from the procedures of encryption, or verified fromthe data in the second and the third columns of Table 2.

The plaintext of various sizes and types are also chosen tomeasure the encryption speed of the proposed cryptosystemwhen different TDCMs are used. Obviously, the most time-consuming operation in the proposed cipher is the iteration ofTDCM. Therefore, the performance of TDCM determines theperformance of the whole cipher. Once the type and the size ofplaintext file as well as the TDCM are given, we repeat the en-cryption for 10 times and record the speed in each run. Then theaverage speed is calculated and listed in the last four columnsof Table 2. The encryption speed varies when different TD-CMs are adopted. The computation overhead of standard mapis the highest (i.e. the encryption speed is the lowest) because itinvolves the calculation of trigonometric function calculation.The same conclusion has also been pointed out by Lian et al.in [17]. Note that, in Eq. (11), xi+1 ranges from 0 to N − 1, thusthe expression sin 2πxi+1

Nhas only N different values. A sine ta-

ble was suggested in [14] to accelerate the computation. Thisimprovement is also taken into account in our experiments andthe results are listed in the last column of Table 2. It is foundthat the introduction of sine table does accelerate the com-putation of standard map. About 28% acceleration is gainedcomparing to the direct computation of standard map without

sine table. Even so, the data type in sine table is still floatpoint and it is further multiplied by k. The encryption speedusing standard map with sine table is still much slower thanthose using the other two TDCMs. However, the performanceof generalized cat map and generalized baker map found in ourexperiments are not consistent with the conclusion in [17]. Lianet al. stated that generalized baker map has the lowest computa-tional complexity. But one thing they did not take into accountis that, in order to use (13) to calculate xi+1 and yi+1, thereis a search operation to determine the interval of Nj where xi

belongs to. The search operation increases the computing com-plexity of baker map, especially when N is divided into manypieces of kj . The data in the last column of Table 2 also illus-trate that the encryption speed when using generalized bakermap is only in the middle. The fastest encryption appears whenusing generalized cat map, and it is substantially faster than us-ing the other two maps. As the size of plaintext increases, thesuperiority of generalized cat map in speed is even more re-markable.

One point should be noted is that the same configurationof t and r is used for all three TDCMs in the simulation toevaluate their performance fairly. Actually, the least iterationnumber and round number to achieve same security level fordifferent TDCMs are also discrepant. For example, the iterationtime for standard map should not be smaller than 4 to gain suf-ficient confusion property. The value for cat map is not lowerthan 6, and the one for baker map should be 12 or above [17].Therefore, different values of t and r can be configured whendifferent TDCMs are employed to achieve a certain securitylevel and an acceptable speed.

4. Security analysis

Security is a major issue of a cryptosystem. As the securityof the three TDCMs have been well investigated in [11–15,17],the security analysis of the proposed cryptosystem can be per-formed based on some of their conclusions.

T. Xiang et al. / Physics Letters A 364 (2007) 252–258 257

Fig. 5. Plot of the plaintext containing 64 zero bits and the corresponding ciphertext using different TDCMs where x-coordinate denotes the sequence index ofplaintext or ciphertext and y-coordinate its 8-bit value.

4.1. Key space

The security of a cryptosystem must rely entirely on the se-cret keys, thus the importance of key space is self-evident. Ancryptographic algorithm’s key space refers to all possible keysthat can be used to initialize it. In our proposed cipher, all thepre-determined secret parameters in encryption/decryption con-stitute the key. An example to organize the key is depicted inFig. 2, in which the key space is 256 multiply the parameterspace of TDCM. Different TDCMs have different parameterspace, as investigated in [17]. Among the above-mentionedchaotic maps, standard map has the largest parameter spaceand the highest computational complexity, Baker map has themedium computational complexity and parameter space, andcat map has the smallest parameter space and the lowest com-putational complexity. One should choose the TDCM based onthe trade of its parameter space and computational complexity.

4.2. Confusion and diffusion

The performance of confusion and diffusion directly affectsthe immunity of a cryptosystem from cryptanalysis. In the pro-posed cryptosystem, two identical 16 × 16 S-boxes generatedby chaotic map in [5,6] are employed. It is well known thatS-box possesses high confusion effect, and Jakimoski et al.claimed the employed S-box is superior to those randomly con-structed ones [6]. After S-box substitution, the confused plain-text are further fed to a TDCM for iterating t times which iskey-dependent. By this procedure, the two 8-bit input valuesare well mixed, and any slight change in bit level of plaintext orkey will be avalanched throughout the entire 16-bit block. Thediffusion effect between blocks is carried out by a cipher blockchaining (CBC) [18] like operation (refers to steps 2 and 3 in theencryption procedures or masking by f (Ks,Ci−1) in Fig. 1).As a part of the secret key and the previous encrypted cipher-text block are used to update the subkey seed, then the rotate leftoperation is used to allocate the round key sequence based onthe updated subkey seed. When the round key is masked by thecurrent plaintext block, the diffusion effect is realized. Theseprocedures will repeat r times accompanied by exchanging P l

i

with P r at the end of each round. At that moment, the confusion

i

as well as the diffusion effect are enhanced significantly. Thewhole encryption procedures are similar to the Feistel architec-ture [18] widely used in classic block ciphers including DES.

4.3. Origin problem

A problem of the three TDCMs used in image encryption aspermutation functions is that the pixel at corner (0,0) cannotbe moved to other positions [17]. If the plaintext were directlyused as the input of TDCM, the same problem would occurin our cryptosystem that the plaintext block 〈0,0〉 could notbe transferred to other values. However, we do take measuresto eliminate this loophole. As the original plaintext will firstlybe masked by a subkey and then substituted by a S-box, thisproblem will not exist in our proposed scheme. What’s more,step 2 in the encryption process also ensures that the iterationsof chaotic map used to generate the subkey sequence are valid.An example is given in Fig. 5, in which a sequence of 64 zerobits is used as the plaintext. From Figs. 5(a), (b), and (c) wefind that a plaintext containing only 0’s can also be successfullyencrypted with good confusion property. This improvement fur-thermore gets rid of the feasibility of some chosen-plaintextattacks.

5. Conclusion

It is well known that multi-dimensional chaotic maps areusually used for image encryption while one-dimensionalchaotic maps are for document encryption. In this Letter, thefeasibility of employing multi-dimensional chaotic maps fordocument encryption is investigated. A novel symmetricalcryptosystem based on discretized TDCM is also proposed. Inorder to achieve good confusion and diffusion effect, a seriesof measures such as subkey masking, S-box, etc., are intro-duced in the encryption process. A Feistel-like structure is alsoadopted to carry out the encryption procedures. An externalkey is suggested to provide the secret parameters required inthe cryptosystem. Three prevalent discretized TDCMs widelyused in existing image encryption schemes, i.e. standard map,generalized cat map, and generalized baker map, are adoptedin the simulation. Both numerical and theoretic analyses show

258 T. Xiang et al. / Physics Letters A 364 (2007) 252–258

its superior performance and high security. Furthermore, it alsogets rid of the problem of float-point number manipulation intraditional document encryption, as well as the origin problemin image encryption.

Acknowledgements

The work described in this Letter was fully supported by agrant from CityU (Project No. 7001927).

References

[1] L. Kocarev, K.S. Halle, K. Eckert, L.O. Chua, U. Parlitz, Int. J. Bifur.Chaos 2 (1992) 709.

[2] Y.C. Lai, E. Bollt, C. Grebogi, Phys. Lett. A 255 (1999) 75.[3] J.Y. Chen, K.W. Wong, L.M. Cheng, J.W. Shuai, Chaos 13 (2003) 508.[4] M.S. Baptista, Phys. Lett. A 240 (1998) 50.[5] L. Kocarev, G. Jakimoski, Phys. Lett. A 289 (2001) 199.

[6] G. Jakimoski, L. Kocarev, IEEE Trans. Circuits Systems I: Fund. TheoryAppl. 48 (2001) 163.

[7] K.W. Wong, Phys. Lett. A 298 (2002) 238.[8] N.K. Pareek, V. Patidar, K.K. Sud, Phys. Lett. A 309 (2003) 75.[9] N.K. Pareek, V. Patidar, K.K. Sud, Commun. Nonlinear Sci. Numer.

Simul. 10 (2005) 715.[10] T. Xiang, X.F. Liao, G.P. Tang, Y. Chen, K.W. Wong, Phys. Lett. A 349

(2006) 109.[11] J. Fridrich, Int. J. Bifur. Chaos 8 (1998) 1259.[12] G.R. Chen, Y.B. Mao, C.K. Chui, Chaos Solitons Fractals 21 (2004) 749.[13] Y.B. Mao, G.R. Chen, S.G. Lian, Int. J. Bifur. Chaos 14 (2004) 3613.[14] S.G. Lian, J.S. Sun, Z.Q. Wang, Chaos Solitons Fractals 26 (2005) 117.[15] Z.H. Guan, F.J. Huang, W.J. Guan, Phys. Lett. A 346 (2005) 153.[16] S.J. Li, G.R. Chen, X.Q. Mou, Int. J. Bifur. Chaos 15 (2005) 3119.[17] S.G. Lian, J.S. Sun, Z.Q. Wang, Physica A 351 (2005) 645.[18] B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source

Code in C, second ed., Wiley, New York, 1996.