Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2015, Article ID 468567, 9 pages
http://dx.doi.org/10.1155/2015/468567
Research Article

On the Cryptanalysis of Two Cryptographic Algorithms That Utilize Chaotic Neural Networks

1School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
2School of Computer Science, Carleton University, 1125 Colonel By Drive, Ottawa, ON, Canada K1S 5B6

Received 14 October 2014; Revised 30 January 2015; Accepted 3 February 2015

Academic Editor: Joao B. R. Do Val

Copyright © 2015 Ke Qin and B. John Oommen. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

This paper deals with the security and efficiency issues of two cipher algorithms which utilize the principles of Chaotic Neural Networks (CNNs). The two algorithms that we consider are (1) the CNN-Hash, which is a one-way hash function based on the Piece-Wise Linear Chaotic Map (PWLCM) and the One-Way Coupled Map Lattice (OCML), and (2) the Delayed CNN-Based Encryption (DCBE), which is an encryption algorithm based on the delayed CNN. Although both of these cipher algorithms have their own salient characteristics, our analysis shows that, unfortunately, the CNN-Hash is not secure because it is neither Second-Preimage resistant nor collision resistant. Indeed, one can find a collision with relative ease, demonstrating that its potential as a hash function is flawed. Similarly, we show that the DCBE is also not secure since it is not capable of resisting known plaintext, chosen plaintext, and chosen ciphertext attacks. Furthermore, unfortunately, both schemes are not efficient either, because of the large number of iteration steps involved in their respective implementations.

1. Introduction

Over the last few decades, the phenomenon of chaos has been widely investigated and applied in a variety of domains including social networks, control systems, and prediction. A chaotic system is characterized by salient phenomena such as its sensitivity to initial values, its pseudorandomness, and ergodicity, rendering it to be quite similar to a cryptographic system. The characteristics that render chaotic systems to be akin to cryptographic algorithms are listed below.

(1) Chaotic Maps versus Encryption/Decryption Algorithms. The form of a chaotic system is usually iterative, when the system is discrete, or it involves differential equations when it is continuous. As opposed to this, an encryption/decryption algorithm is usually a nonlinear mapping from the plaintext space to the ciphertext space, and this mapping is, often, not complex. The similarity between the two is that both of them can yield, as their outputs, results that appear to be random, by virtue of the underlying algorithm repeating certain steps.

(2) Iterations versus Rounds. For a chaotic system, each of the steps mentioned above that are “repeated” constitute a so-called “iteration.” As opposed to this, a cryptographic system involves a sequence of “rounds.” Only long-term chaotic iterations can yield sequences that appear to be random [1].

(3) Controlling Parameters versus Keys. If a chaotic system starts from a given initial value, different control parameters can yield different output sequences at each iteration. This, in turn, is analogous to the role of keys in a cryptographic system. The similarity between the two lies in the fact that it is computationally infeasible to deduce the initial input without knowing the controlling parameters or the keys, respectively.

(4) Sensitivity to Initial Values versus Diffusion and Confusion. When it concerns a chaotic system, a slightly different initial value may result in a significant difference in the output generated after a sufficiently large number of iterations. Analogously, in a cryptographic system, the change of even a single bit (whether it is in the key or the plaintext) should affect most of the ciphertext bits. Furthermore, the statistics relating the plaintext and the key should be “as complicated as possible.” Thus, if we regard the plaintext or the key as the initial value, the ciphertext should be highly sensitive to these.

(5) Pseudorandom and Ergodic. The sequence of outputs generated by a chaotic system should be able to fill the entire range in a random-like manner. Analogously, a good encryption algorithm requires that the ciphertexts be randomly distributed in the cipher space.

Brief Survey of the Field. As a result of the above observations, chaos has also been widely applied in the field of information security since Matthews proposed the first chaotic encryption algorithm [2] in 1984. Later, Baptista and Alvarez reported two cryptographic algorithms based on the phenomenon of chaotic searching in [35], respectively. While Erdmann and Murphy described a stream cipher based on the so-called Henon maps [6], Kanso and his coauthors illustrated a novel hash function [7] and showed how one could achieve digital image encryption based on chaotic maps [8]. Kocarev and Tasev presented a public-key encryption [9] and random number generators [10] based on chaotic maps. A detailed list of articles that advocate the use of chaotic principles in cryptographic systems can also be found in [11, 12], and systematic reviews about chaos-based ciphers are found in [13, 14].

Now that chaotic maps have been proven to be useful in encryption; researchers have attempted to use Chaotic Neural Networks (CNNs), which are characterized by much more complicated dynamics than chaotic maps, to develop cryptosystems. The authors of [1517] proposed different one-way hash functions based on different CNNs. Similarly, Yu and Cao proposed an encryption algorithm based on delayed CNNs [18]. Our present paper concerns some of these results.

Motivation of This Paper. Although the latter above-mentioned authors have affirmed that their schemes are secure and efficient, in this paper, we shall demonstrate that the security levels guaranteed by them are weak and that they are inefficient. For example, most chaos-based ciphers require an excessive number of iterations, without which the ciphertexts are not sensitive to plaintexts. As opposed to these, traditional ciphers, for example, the AES, only require a 10-round calculation if one utilizes a key of 128 bits. Further, since chaotic equations are typically specified on the set of real numbers, the associated accuracy of implementing these schemes using digital computations is also problematic. Indeed, when we implement the associated computations numerically, we observe that some of the significant digits will be automatically truncated, and the consequence of this is that the original system which was chaotic within the domain of “real” numbers is no longer chaotic [13]! Also, the improvement brought about by increasing the accuracy using higher-precision software entails a larger computational cost.

In this paper, we analyze two typical CNN-based cipher systems, the first of which is a one-way hash function and the second is an encryption method. However, we believe that our analysis is also valid for other CNN-based schemes.

2. The CNN-Based Hash Function

2.1. The Description of the CNN-Based Hash Function

The authors of [15] proposed a novel one-way hash function based on a special CNN. The structure of the network (more details about PWLCM’s dynamics and analysis can be found in [19] and omitted here to avoid repetition.) is shown in Figure 1.

Figure 1: The structure of the network used for the CNN-Hash.

More specifically, they used two chaotic maps, namely, the Piece-Wise Linear Chaotic Map (PWLCM; see (1)) and the Logistic map: where is a control parameter, which is a real number between 0 and 0.5.

The network has a single input layer with neurons and a single output layer with neurons. Each of the input neurons can receive external inputs , where each consists of bits. If , we see that the CNN can receive a -bit external input sequence. Each of the output neurons can now generate a 32-bit output sequence, where the One-Way Coupled Map Lattice (OCML), specified by (2), is used to control the output neurons. The associated weights for each connection is a constant, . Further, the internal state of the input neuron is given by . Let be the internal state vector.

In brief, we remark that the CNN compresses a -bit sequence to yield a -bit sequence: where is the Logistic map and is a coupling factor between 0 and 1.

We now present the process involved in the hash function as follows.

(1) Data Preparation. Divide the given plaintext into small blocks , where each block is bits long. All together, there are 8 such blocks. Thus, the network is able to accept a 256-bit length input sequence at a time.

(2) Data Formatting. Format the input integer numbers to be real number between by means of the PWLCM. To be specific, this is achieved by using , where is the number of iterations that is enforced so as to yield the required “diffusion” and “confusion,” and is the control parameter. The authors of [15] have suggested to set and .

(3) Key Preparation. For the given 128-bit key , divide it into 4 32-bit sequences . Using these, compute , . The four values of are used as the initial values of the OCML. The authors suggested to set the value of as .

(4) Hash Computing. For every 30 iterations, record a vector and repeat this until we have gathered vectors. The vectors are used as the connection weights between the input and output neurons, . is set as the threshold, and is used as the PWLCM’s control parameter.

(5) Output Preparation. The output of each neuron is given by where means the th row of .

(6) Loop. Repeat the above steps until all message blocks have been processed.

(7) Assembling. Transform the output of each neuron of the last CNN to be a 32-bit sequence and then combine the four 32-bit sequences to be the final 128-bit hash value, as shown in Figure 2.

Figure 2: The CBC mode hashing process.

Summary. The entire process of the CNN-Hash can be summarized by the following equations: where are computed according to the CNN, are given constants, and is transformed from the plaintext.

2.2. The Analysis of the CNN-Based Hash Function

Although the authors of [15] claimed that this CNN-Hash has good properties such as its sensitivity to the plaintext and the key, its one-way computation power, and its anti-birthday attack, our analysis below proves that it is not secure.

As is well known, a good one-way hash function (both keyed or unkeyed) must satisfy the following conditions [20].

(1) Efficiency. For a given key and message , it must be easy to compute the Message Authentication Code (MAC): .

(2) Preimage Resistance. For a given value , it must be computationally infeasible to find such that .

(3) Second-Preimage Resistance. For a given message , it must be computationally infeasible to find a different message such that .

(4) Collision Resistance. It must be computationally infeasible to find two different messages and such that , where the two inputs and can be freely chosen.

We now evaluate the properties of the CNN-Hash by using the above metrics.

(1) Analysis on Efficiency. As explained above, the computations needed for the CNN-Hash are done on the elements of the real numbers in , which is, unarguably, much slower than the corresponding computations executed on the set of integers. Besides, according to Step (4), we have to do at least iterations to compute the first output , which is thereafter used as the input for hashing the second block. Therefore, for hashing a message of 1 MB, we need at least iterations, which is a computationally intensive task. The authors of [15] have stated that their algorithm is not competitive against MD5 or SHA and said that it requires almost twice as much computation as both of them. Our analysis and experiments, however, show that the performance is even worse than they claimed. To confirm this, we mention that we conducted a simulation on an Intel Celeron CPU E1500 (2.20 GHz) with 4 G main memory and the time involved for the CNN-Hash for a 1 MB input of text was almost 59.83 s, which is much more expensive than the cost of both the MD5 and the SHA.

(2) Analysis on Preimage Resistance. Because chaotic maps have ergodic and stochastic properties, it is, indeed, not possible to find the inverse of a given value. This is especially true for the CNN-Hash which uses two different chaotic systems. From this perspective, we agree with the fact that the CNN-Hash is Preimage resistant even when the key is known.

(3) Analysis on Second-Preimage Resistance. Although the CNN-Hash is Preimage resistant, it is not Second-Preimage resistant. The reason for this is quite straightforward. Consider (4) from which we see that the final hash value only depends on the initial value and the key . Thus, if we are able to find another different such that , we can conclude that the subsequent intermediate/final results are exactly the same if the system uses the same key. For example, consider (1) and the iteration trajectories of the PWLCM as shown in Figure 3. From examining these, we see that we can determine four different values: sharing the same iteration trajectories yielding the final result . Thus, if we let and (where is some specified value), by examining (1), we see that we can have at least four solutions for : We can thus have four different each of which is the solution of , whence we see that the CNN-Hash is not Second-Preimage resistant.

Figure 3: An example of the PWLCM’s iteration trajectories. The four red bold lines make up the image of the PWLCM. The line and vertical and horizontal lines indicate the iteration process. In this figure, an iteration begins at starting point (marked with ) and ends at (marked with a “square”). The reader should note that associated with the line (marked with dash-dot line), there are at least four starting points that share the same trajectory. These are, namely, the points , , , and , which, in turn, implies that there is a collision for at least four different initial inputs.

(4) Analysis on Collision Resistance. The analysis on collision resistance is quite similar to the analysis on Second-Preimage resistance and is omitted here in the interest of brevity.

Besides the above four conclusions, we can also claim the following.

(1) The OCML Component Has Many “Weak Keys.” According to Step (3), the initial values of the OCML come from the initial key . Based on the above, one can see that those keys which lead to the four equal parts are necessarily weak keys. Further, the reader should observe that since the CNN is a fully connected network, if , we can conclude that no matter how many iterations have been done, the condition always holds, which implies that a message of length bits compresses to be 32 bits long instead of being 128 bits long. Thus, in this case, we see that it is feasible to find a collision since the ciphertext space is contracted.

(2) Hash Values Do Not Obey a Uniform Distribution. The OCML employs the Logistic chaotic map, whose values are not uniformly distributed in . To demonstrate this, we have computed the statistics of the distribution, and these are shown in Figures 4(a) and 4(b). We can clearly see from the two figures that most of the values fall into the intervals close to unity. This will cause the distribution of the hash values to also be nonuniform, further implying that the probability of collision is high in certain parts of the interval [21].

Figure 4: The distribution of the values of the OCML. (a) Trajectories of 300 points. (b) The distributions of the 300 points in ten intervals from 0 to 1. The four figures in (a) and (b) are for , , , and , respectively.

3. The Delayed CNN-Based Cryptography

3.1. The Description of the Delayed CNN-Based Cryptography

Delayed CNNs have been widely investigated in the past decades. The authors of [18] proposed a cryptographic system based on a special type of the delayed CNN. The model used in [18] is also a Hopfield-like NN which exhibits chaotic phenomenon and which obeys the following equation: where(1)denotes the number of units in the CNN,(2) is the state vector associated with the neurons,(3) is the external input vector,(4) are the neurons' activation functions,(5) are the time delays,(6) is a diagonal matrix,(7) and are the connection weight matrix and the delayed connection weight matrix, respectively.

The dynamics of (7) have been well studied and it is reported that it can exhibit rich chaotic phenomenona [22, 23]. As demonstrated in [18, 23], if the parameters are the trajectories of (7) are shown in Figure 5.

Figure 5: The trajectories of (7). In this figure, the values of and are calculated by means of the fourth-order Runge-Kutta method. The time span is from 0 to 200 with a total of 30,000 steps.

The encryption and decryption schemes proposed in [18] are based on (7) and can be summarized as follows.(i)Initialization. Obtain the starting point from the last transient time iterations as where is the discretized time step.(ii)Data Preparation. Divide the plaintext into subsequences of length bytes, for example, . That is, any message can be digitized as where is an 8-bit binary string. Then combine four to form a 32-bit binary block, implying that .

The following steps constitute the core process of encryption.

(1) Dynamic Parameter Computing. Iterate the initial value   38 times and to yield . Extract one bit from the numbers and to obtain a -bit random binary sequence, where is computed as per and where and are the upper and lower bounds of , respectively, Denote Also, let denote the decimal value of .

(2) Permutation. Permute the message block with left cyclic shift bits and the message block with right cyclic shift bits, to obtain and . If , the is used for the successive block iteration illustrated in Step (1). Otherwise, is used as the initial value of the next iteration.

(3) Encryption by XOR. Encrypt the message block by XOR operations (represented by ) to yield

(4) Loop. Reset the initial value by (or ; this depends on the value of ) and repeat the above steps; till all blocks are encrypted.

As for the decryption, the steps are very similar to the encryption process except in the case of Step (3), where The plaintext can be recovered by performing inverse permutations with right cyclic shifts of bits.

3.2. The Analysis of the Delayed CNN-Based Cryptography

We now proceed to analyze the security and performance of the delayed CNN-based cryptography. Our goal is to demonstrate that this cryptography has several weaknesses as follows.

(1) Nonrandomness. and are not uniformly distributed, which causes the “random” bits generated in Step (1) to be nonrandom. To illustrate this, we present the frequency statistics of the value of and . The parameters used here are exactly the same as those used in Figure 5. We categorize the combination of and into 4 classes:(a) AND : 1801,(b) AND : 15618,(c) AND : 10781,(d) AND : 1800.We can clearly see from the statistics that more than a half (52.06%) of the and gather in the first quadrant, while only 48.94% distribute in the other three quadrants. This phenomenon is confirmed from Figure 5. Furthermore, as demonstrated in Step (1), we can normalize and into by where and are the upper and lower bounds of , respectively. We can thus generate the “random” binary bits according to . Indeed, the new counts are(a) AND : 2769,(b) AND : 11573,(c) AND : 14379,(d) AND : 1279.Clearly, the bits generated by (12) are not “random.”

(2) Trajectory Behavior. The authors of [18] did not use the trajectories as shown in Figure 5 directly. Instead, the random bits were generated according to the 38 successive iterations, as demonstrated in Step (1). We should thus carefully check the randomness of the corresponding sequences. According to Step (2) in Section 3.1, if , is used for the successive iteration; otherwise, it is . In this case, we swap the value of and every 38 iterations. As shown in Figure 6 we can see that the value of and is very close during the 38 iterations, which means the random bits are almost identical.

Figure 6: The controlled trajectories of (7). For a better view, we have used a larger step 0.05 yielding a lesser number of points. The points contained in rectangles are marked as 1 and 3, 2 and 4 are symmetric pairs along the axis given by the line .

In spite of the above, the authors of [18] attempted to use this sequence to achieve the goals of “diffusion” and “confusion.” It is well known that a sequence possessing poor randomness properties cannot be used in any cryptographic algorithm [21], because it would otherwise lead to a more predictable ciphertext. Consequently, we argue that this algorithm is not secure.

(3) Resistance to Attacks. This cryptographic system cannot resist known plaintext attacks, chosen plaintext attacks, and chosen ciphertext attacks. To demonstrate this, assume that an attacker has some plaintext-ciphertext pairs , , and , where are the first 4 bytes of different plaintexts. If they are all encrypted by the same key, according to the algorithm, then , and some other intermediate iteration results should be the same. Thus where denotes the cyclic left shift operation. Thus, Since and are known, it is quite easy to find the value of . After that, we can solve the equation and thereafter determine successfully. Observe that during the whole process, we did not need any knowledge about the delayed CNN. The reason why we are able to proceed with such attacks is that the authors did not introduce the concept of the Initial Vector to the scheme.

(4) Efficiency. Although the authors of [18] claimed that the algorithm is efficient, this is not really the case. Actually, this conclusion is also true for many other cryptosystems such as those algorithms presented in [8, 24], which involve time delays in their equations. It is well known that the Runge-Kutta method is one of the best ways to solve differential equations where the initial values are provided. However, this method is still far too expensive when compared to traditional block ciphers such as the DES or AES. Indeed, the computation of these traditional ciphers involves a finite field and only makes use of simple operations such as permutation. As opposed to this, solving differential equations involves the set of real numbers. For example, to encrypt a plaintext with size 1 M bytes, we have to divide the message into blocks, where each block is of length bytes. According to the encryption phase, at least iterations are involved to encrypt a single block. If we assume that , we see that we have to thus do approximately iterations to encrypt the entire file, which is, really, prohibitively large. More specifically, on an Intel Celeron CPU E1500 (2.20 GHz) with 4 G main memory, this encryption time using Matlab was about 7 minutes, which is unacceptable when compared to the “real time” operation of traditional block ciphers.

(5) Statistical Attacks. The reader should take note of the fact that the block size was increased from 64 bits in DES to 128 bits in AES in order to avoid statistical attacks. Thus, it is not recommended that one uses blocks whose sizes are less than 128 bits in modern block ciphers [25]. Consequently, the fact that the Delayed CNN-based cryptography still relies on Exclusion OR operations involving strings of length 32 bits renders it more susceptible to statistical attacks.

4. Conclusion

Chaotic Neural Networks have been widely used in various fields such as pattern recognition, dynamic associate memory, and optimization. Recently, cryptography based on chaos or CNNs has drawn great attention. In this paper, we present a detailed analysis of two typical cipher schemes: the CNN-Hash and Delayed CNN-Based Encryption. The former compresses a plaintext onto a 128-bit sequence, which is similar to MAC. The latter encrypts plaintext so that an eavesdropper will not be able to decrypt the message without the key, which is analogous to common cipher algorithms. Although the authors have affirmed that their schemes are secure and efficient, our investigation proves that these claims are not valid. We have proven that the CNN-Hash is not Second-Preimage resistant and collision resistant. The DCBE has also been shown to not be secure since an attacker can partially recover the plaintext by using a known plaintext attack, a chosen plaintext attack, or chosen ciphertext attack. We have also concluded that the two schemes are not computationally efficient.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper. B. John Oommen is also an Adjunct Professor with the University of Agder in Grimstad, Norway.

Acknowledgments

The work of Ke Qin is supported by the National Natural Science Foundation of China (Grant no. 61300093) and Fundamental Research Funds for the Central Universities in China (Grant no. ZYGX2013J071). The work of B. John Oommen was partially supported by NSERC, the Natural Sciences and Engineering Research Council of Canada. The authors are also extremely grateful to the anonymous referees for their input and feedback on the earlier version of the paper. their comments, certainly, improved the quality of the final version. The authors sincerely thank the anonymous Referee who provided Statistical Attacks.

References

  1. F. James, “Chaos and randomness,” Chaos, Solitons & Fractals, vol. 6, pp. 221–226, 1995. View at Publisher · View at Google Scholar · View at Scopus
  2. R. Matthews, “On the derivation of a ‘chaotic’ encryption algorithm,” Cryptologia, vol. 8, no. 1, pp. 29–41, 1984. View at Google Scholar
  3. M. S. Baptista, “Cryptography with chaos,” Physics Letters A, vol. 240, no. 1-2, pp. 50–54, 1998. View at Publisher · View at Google Scholar · View at MathSciNet
  4. E. Alvarez, A. Fernández, P. Garcí, J. Jiménez, and A. Marcano, “New approach to chaotic encryption,” Physics Letters, Section A: General, Atomic and Solid State Physics, vol. 263, no. 4–6, pp. 373–375, 1999. View at Google Scholar · View at Scopus
  5. G. Alvarez, F. Montoya, M. Romera, and G. Pastor, “Cryptanalysis of a chaotic encryption system,” Physics Letters A, vol. 276, no. 1–4, pp. 191–196, 2000. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  6. D. Erdmann and S. Murphy, “Henon stream cipher,” Electronics Letters, vol. 28, no. 9, pp. 893–895, 1992. View at Publisher · View at Google Scholar · View at Scopus
  7. A. Kanso, H. Yahyaoui, and M. Almulla, “Keyed hash function based on a chaotic map,” Information Sciences, vol. 186, pp. 249–264, 2012. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  8. A. Kanso and M. Ghebleh, “A novel image encryption algorithm based on a 3D chaotic map,” Communications in Nonlinear Science and Numerical Simulation, vol. 17, no. 7, pp. 2943–2959, 2012. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  9. L. Kocarev and Z. Tasev, “Public-key encryption based on Chebyshev maps,” in Proceedings of the International Symposium on Circuits and Systems (ISCAS '03), vol. 3, pp. 28–31, Bangkok, Thailand, May 2003. View at Publisher · View at Google Scholar
  10. T. Stojanovski and L. Kocarev, “Chaos-based random number generators. Part I. Analysis,” IEEE Transactions on Circuits and Systems. I. Fundamental Theory and Applications, vol. 48, no. 3, pp. 281–288, 2001. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  11. K. Qin, M. T. Zhou, and N. Q. Liu, “A novel group key management based on jacobian elliptic chebyshev rational map,” in Network and Parallel Computing, vol. 4672 of Lecture Notes in Computer Science, pp. 287–295, Springer, Berlin, Germany, 2007. View at Publisher · View at Google Scholar
  12. A. A. Zaher and A. Abu-Rezq, “On the design of chaos-based secure communication systems,” Communications in Nonlinear Science and Numerical Simulation, vol. 16, no. 9, pp. 3721–3737, 2011. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  13. S. J. Li, Analysis and design of digital chaotic ciphers [Ph.D. thesis], Xi'an Jiaotong University, Xi'an, China, 2003.
  14. L. Kocarev, “Chaos-based cryptography: a brief overview,” IEEE Transactions on Circuits and Systems Magazine, vol. 1, no. 3, pp. 6–21, 2001. View at Publisher · View at Google Scholar · View at Scopus
  15. G. J. Liu, L. Shan, Y. W. Dai, J. S. Sun, and Z. Q. Wang, “One-way Hash function based on chaotic neural network,” Acta Physica Sinica, vol. 55, no. 11, pp. 5688–5693, 2006. View at Google Scholar · View at MathSciNet
  16. Y. Li, S. Deng, and D. Xiao, “A novel Hash algorithm construction based on chaotic neural network,” Neural Computing and Applications, vol. 20, no. 1, pp. 133–141, 2011. View at Publisher · View at Google Scholar · View at Scopus
  17. Q.-T. Yang and T.-G. Gao, “One-way hash function based on hyper-chaotic cellular neural network,” Chinese Physics B, vol. 17, no. 7, pp. 2388–2393, 2008. View at Publisher · View at Google Scholar · View at Scopus
  18. W. Yu and J. Cao, “Cryptography based on delayed chaotic neural networks,” Physics Letters A, vol. 356, no. 4-5, pp. 333–338, 2006. View at Publisher · View at Google Scholar · View at Scopus
  19. D. Hinrichsen and A. J. Pritchard, Mathematical Systems Theory. I, vol. 48 of Texts in Applied Mathematics, Springer, Berlin, Germany, 2005. View at Publisher · View at Google Scholar · View at MathSciNet
  20. A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boston, Mass, USA, 2001.
  21. D. Eastlake and J. Schiller, “Randomness requirements for security,” IETF RFC 4086, 2005. View at Google Scholar
  22. H. T. Lu, “Chaotic attractors in delayed neural networks,” Physics Letters A, vol. 298, no. 2-3, pp. 109–116, 2002. View at Publisher · View at Google Scholar · View at Scopus
  23. D. Zhang and J. Xu, “Chaotic and hyperchaotic attractors in time-delayed neural networks,” in Complex Sciences, vol. 5, pp. 1193–1202, Springer, Berlin, Germany, 2009. View at Publisher · View at Google Scholar
  24. E. Klein, R. Mislovaty, I. Kanter, and W. Kinzel, “Public-channel cryptography using chaos synchronization,” Physical Review E, vol. 72, no. 1, Article ID 016214, 2005. View at Publisher · View at Google Scholar · View at Scopus
  25. W. B. Mao, Modern Cryptography: Theory and Practice, Prentice Hall, Englewood Cliffs, NJ, USA, 2003.