#### Abstract

The design of cryptographically secure pseudorandom number generator (CSPRNG) producing unpredictable pseudorandom sequences robustly and credibly has been a nontrivial task. Almost all the chaos-based CSPRNG design approaches invariably depend only on statistical analysis. Such schemes designed to be secure are being proven to be predictable and insecure day by day. This paper proposes a design and instantiation approach to chaos-based CSPRNG using proven generic constructions of modern cryptography. The proposed design approach with proper instantiation of such generic constructions eventually results in providing best of both worlds that is the provable security guarantees of modern cryptography and passing of necessary statistical tests as that of chaos-based schemes. Also, we introduce a new coupled map lattice based on logistic-sine map for the construction of CSPRNG. The proposed pseudorandom number generator is proven using rigorous security analysis as that of modern cryptography and tested using the standard statistical testing suites. It is observed that the generated sequences pass all stringent statistical tests such as NIST, Dieharder, ENT, and TestU01 randomness test suites.

#### 1. Introduction

Cryptographically secure pseudorandom number generator (CSPRNG) efficiently generates sequences that cannot be distinguished from random sequences by (computationally) efficient adversaries. The number of hardware and software implementations of CSPRNG based on chaotic maps has increased recently along with chaos-based cryptosystems. Chaotic maps are mathematical functions that exhibit random or chaotic behaviour that is hard to predict. The idea is to use the behaviour of such chaotic maps to produce chaotic sequences that are disordered, unpredictable, and sensitive to the initial conditions. However, the designers of such chaos-based cryptosystems claim security by statistical analysis of the topological properties of disorder as defined by the mathematical theory of chaos. More often, there is no rigorous provable security methodology that bridges the gap between statistical analysis of chaotic maps topological properties and security guarantees unlike modern cryptography. As a result, the use of chaos-based cryptosystems is disputed, especially for cryptographic applications, and they are often shown to be flawed, with such failures often attributed to the use of nonrigorous empirical-only methodology in the design process [1]. Modern cryptography instead creates cryptographic primitives by instantiating tried and tested over time standard generic constructions (such as Goldreich–Levin construction, Feistel structure, SPN, counter mode, and sponge construction) with new computationally efficient mathematical functions. We know that such designs drawing strength and credibility from the foundational generic constructions have been resilient to attacks for over sufficient period of time. However, in chaos-based cryptosystems, more often bespoke generic constructions are designed with standard candidate (mathematical) chaotic functions leading to faulty designs. This is largely due to lack of rigorous analysis treatment to bespoke generic constructions used to design cryptographic primitives unlike new instantiations of time-tested generic construction approach of modern cryptography. Therefore, the need to bridge the gap between such chaos-based cryptosystem designs and modern cryptography to provide credible and robust cryptographic primitive designs is pertinent. This paper attempts to bridge this gap through demonstration of provably secure chaos-based CSPRNG design denoted . We show in this paper that the sequences generated are computationally indistinguishable and hard to predict in the presence of efficient adversaries using modern cryptography design tools. Also, we show that such sequences pass all necessary statistical analysis tests that are required to a chaos-based cryptosystem design. Therefore, the design approach advocates to consider statistical analysis as a necessary condition and mathematical simulation-based proofs as sufficient condition for credible chaos-based cryptographic primitive designs. Provable CSPRNG constructions instantiated with chaotic maps that they will pass all efficient statistical tests are hardly proposed to the best of our knowledge.

Generally, pseudorandom sequences generated from a potential CSPRNG passes a subset of all statistical tests. The question of whether there exists a mechanism to determine the existence of a potential pseudorandom number generator passes all efficient statistical tests is provided by the abstract notion of computationally indistinguishable (denoted ) formalized in [2]. The abstract notion of computationally indistinguishable is proven in [2] to be equivalent to the abstract notion of unpredictability (denoted ). The notion of computationally indistinguishable requires nonexistence of efficient (computationally bounded) distinguisher () which can distinguish samples taken from two different distributions. In the same way, the notion of unpredictability requires nonexistence of efficient (computationally bounded) predictor () which can predict the distribution from which a sample was taken given two sample distributions.

Based on the notion of computationally indistinguishable, one-way functions (OWFs) [3, 4] or unpredictable functions (UFs) are designed based on assumptions that and intractable problems. Furthermore, based on the assumption that OWFs or UFs exist, generic pseudorandom generator constructions are proposed [5–7]. The generic constructions provide a construction framework when instantiated with provable one-way functions or unpredictable functions can be composed to design pseudorandom number generator [7]. These abstract notions provides provability that such instantiated constructions will pass all efficient statistical tests and provably unpredictable. The chaotic maps when operated in the region of chaos or sensitive dependence on initial conditions (SDIC) exhibit function solutions or trajectories which are unpredictable and uniformly distributed in the state space. The design of PRNGs using chaotic maps have provided many efficient candidates for . Moreover, such using chaotic maps are entropy sources and generate sequences which look random and provide guarantees for conducted experiments but no guarantees for passing of all efficient statistical tests.

Yao [2] showed that the notion of unpredictability implies pseudorandomness. It was then shown that unpredictability () for bit sequences is equivalent to pseudorandomness with the notion of computationally indistinguishable (). It is under the premise that existence of efficient predictor () to predict bit sequences from unpredictable functions can be used to construct efficient distinguisher () to look apart from uniformly random sequences . Also, unpredictable functions imply one-way functions from which pseudorandom functions can be constructed. It is known that modern cryptography constructions from one-way functions to PRNGs are provably secure but take a toll on computational efficiency. This fact makes pseudorandom generators constructed from unpredictable functions to PRNGs using chaotic maps as unpredictable functions relatively efficient [8].

This kind of modern cryptography design approach in chaos cryptography can lead to credible and robust designs. The proven modern cryptographic constructions such as Merkle–Damgard, sponge construction, and block cipher modes can be used by instantiating such proven constructions with suitable chaos-based functions. Such design approach will reduce the reliance of security assessment methods on statistical analysis. Moreover, statistical analysis is performed only on the produced output of cryptographic algorithms such as on ciphertexts obtained from an encryption mechanism, hash or message digest obtained from a hash algorithm, and pseudorandom bits obtained from a pseudorandom number generator. Also, statistical tests conducted only on the output of cryptographic algorithms generally do not capture the notion of attackers’ potential, attackers’ knowledge of the algorithm (Kerckhoffs’ principle), and attackers’ capabilities to interact or query the algorithm. Cryptographic algorithms are often vulnerable in real-world situations due to such attackers’ characteristics. Therefore, beyond statistical analysis, the design approach for chaos-based cryptographic design should be based more on instantiating proven constructions with chaotic maps as unpredictable functions rather designing new constructions on each proposed chaotic cryptographic algorithm.

Considering all the above factors, we demonstrate a design approach by instantiating a proven modern cryptographic PRNG construction with a new chaotic map based on coupled map lattices, prove its security using modern cryptographic attack models, and perform statistical analysis on the output. The proposed design approach can also be used for designing other chaos-based cryptographic primitives with proper instantiation of the chaotic maps. The chaotic maps should satisfy the conditions or properties as required by the choice of construction and security model to prove the security. For example, the choice of construction in this work requires that the instantiated chaotic map to be a unpredictable function, and hence, a map known to be noninvertible is used in the composition. Similarly, other chaotic maps can be used in the proposed approach depending on the choice of construction. PRNGs are required to produce output sequence of bits which are distributed almost uniformly. However, for a CSPRNG, the output sequence is required to have negligible probability to be distinguished by an adversary not knowing the initial seed from random sequence besides passing all polynomial-time (in respect of size of the seed) restricted statistical tests. Such CSPRNG can be used in stream ciphers and block ciphers as a submodule as required by the design. The main contributions of this paper are as follows:(1)We instantiate Goldreich–Levin generic construction with a new deterministic discrete coupled map lattice ()(2)We prove through theoretical security analysis methodology using modern cryptography tools that is an unpredictable function and subsequently, we prove the pseudorandomness of construction as required by modern cryptography(3)The sequences generated using the proposed are tested using standard statistical test suites and show that the sequences indeed pass all statistical analysis tests as required by chaos cryptography

##### 1.1. Organization

In Section 2, we summarize the related works. The preliminaries and definitions are presented in Section 3. The construction and instantiation of the proposed CSPRNG is presented in Section 4. The theoretical security analysis of the proposed construction using computational indistinguishability properties leading to security of the CSPRNG is presented in Section 5. The experimental tests for randomness using various statistical testing suites are given in Section 6. Section 7 discusses about various implementation issues. We conclude with final remarks in Section 8.

#### 2. Related Works

Entropy of nondeterministic source is used as input to the true random number generator (TRNG) that induces complex and unpredictability properties. For instance, mouse movements or electrical signal noise and bioelectrical signals can be utilized for TRNG process [9–13]. On the other hand, PRNG computed by a deterministic algorithm makes use of a complex mathematical formula in order to remain deterministic and yet unpredictable [14].

In recent years, chaos has been used extensively in computing cryptographically secure PRNGs as it is computationally infeasible to predict the preceding bits despite the visible part of the output dynamics. In spite of the hype surrounding the chaos-based PRNGs, there are many shortcomings of this technique which make them insecure to be used in cryptographic systems. The selection of the chaotic system is a indispensable problem in the generation of the pseudorandom bits. Various single-dimensional chaotic maps such as logistic map, multimodal maps, Tinkerbell map, quantum logistic map, and piecewise logistic map are used in the design of PRNGs [14–17]. García-Martínez and Campos-Cantón [14] employed a unidimensional multimodal discrete map in computing the pseudorandom bits. The positive and negative values of the multimodal map yield a complex sequence with long periods. Furthermore, the complex sequences are tested using the NIST statistical testing suite for its credibility. However, the statistical test showcased a number of weak keys causing improper functioning of the generator [18]. Wang et al. [19] present a PRNG based on a piecewise logistic map. Furthermore, the sequence generated from the map is transformed into PRNGs based on the S-box of AES. The author claims that the generated PRNGs have good statistical properties and no shorter periods. Inspite of the claims, the PRNG was found to be insecure where the auxiliary mechanism used in computing the control parameter of the system is exploited [20].

Xu et al. [16] proposed an algorithm to produce binary sequence that has three layers. The top layer consists of linear feedback shift register (LFSR) of 16 cells, the bit-reorganization (BR) at the middle, and a nonlinear function F in the bottom. The two chaotic maps are used as a nonlinear element to avoid the finite precision problem. However, PRNG does not enhance its security since the attacker is able to reconstruct the secret key after six iterations [21]. Hu et al. [11] proposed PRNGs based on quantum logistic map, whose randomness was merely based on the chaotic equation involved. The PRNG is subjected to various statistical tests on randomness using testing suites such as ENT, NIST, Dieharder, and TestU01. Although the author claims sufficient randomness, the PRNG has serious security implications. Degradation of security has emerged due to the poor selection of control parameter and the resulting secret key that leads to nonchaotic behaviour of the quantum logistic map [22]. Sahari and Boukemara proposed a 3D chaotic map by coupling two maps of piecewise and logistic maps in order to overcome the weaknesses of one-dimensional map. The PRNG has cryptographic statistical properties such as the simplicity, ergodicity, and higher sensitivity. Additionally, as generation process involves only multiplications and additions, realization by both hardware and software was made easy [23]. Fractional-order chaotic systems such as [24] are dynamical systems which rely on functional calculus and modelled as fractional differential equations. They have the potential to exhibit chaos with low order as low as 0.3. Montero-Canela et al. [25] proposed a PRNG as part of their cryptosystem design using fractional-order chaotic system specifically designed for Internet of Things. Though the work proves the properties of dynamics supported with standard statistical analysis, formal security proof capturing the attacker and attacks is not provided.

Another issue which is profoundly identified in the chaotic PRNG is the implementation of generators with finite precision [21, 26–29]. A number of studies have been conducted to solve the problem of dynamical degradation of the chaotic system caused by the data sequence with shorter period. Thus, the security of the cryptographic applications may become completely insecure. Flores-Vergara et al. [30] proposed a novel chaotic PRNG as an alternative to diminish the dynamical degradation of the chaotic dynamics. This method generates pseudorandom numbers with the double precision specified by the IEEE 754 standard for floating-point arithmetic. Nevertheless, the computational speed of the system is significantly influenced. François et al. [31] proposed a solution with the use of more than one chaotic map in cascade. The PRNG consists of mixing three chaotic maps generated from an input initial vector; however, it increases the overhead cost. Perturbation using a nonlinear element was one of the prospective ideas deployed to weed out the influence of shorter period. Dastgheib and Farhang [32] developed a multiple recursive generator based on a digitized sawtooth map. It is demonstrated that this map in a recursive structure and a tiny perturbation can potentially cause unpredictable longer periods in a finite precision. However, the aforementioned solutions such as combining multiple chaotic maps, holding higher precision, and perturbation methods can improve the average length of the period and short trajectories cannot be avoided indefinitely. It can be inferred from the above discussion that unlike cryptographic system, the chaos-based PRNGs lack instantiations based on mathematically proven constructions guarantee satisfiability of all required cryptographic statistical properties. However, chaos provides many potential functions for proven generic construction instantiations, but only the process of exploiting the right function with right properties has been nontrivial.

#### 3. Preliminaries and Notations

The choice of the dynamical system in this paper is limited to discrete dynamical functions as in [33]. A parametric discrete time dynamical system is a tuple denoted by where is the state space, is the parameter space, and is a function. The orbit or trajectory formed by such a discrete dynamical functions is denoted by . For a map, a forward orbit is defined by the set . If is invertible, then a backward orbit is defined by the set . A full orbit is defined by . For , the time map of a continuous dynamical system is the transformation of state space which takes . The study of qualitative behaviour of the dynamical system is thus the analysis of the orbits formed by . The orbits could be periodic, eventually periodic, asymptotic, and more. To get rich complex behaviour, functions such as are formed as an array of cells called coupled map lattices (CMLs) similar to cellular automata arrays. The cells or array elements are called lattices. The CML exhibits spatiotemporal dynamics in discrete time in which each lattice executes a and is coupled to its nearest lattice neighbours or coupled dynamically based on a configuration, denoted in the form .

In such a CML, the lattices are ordered on an grid and each lattice can be considered as a function . A configuration of the CML denoted as consists of real assignments to each of its lattices, and parameters for if any. A coupled map lattice (CML) as in [34–37] is denoted by a pair , where is a continuous set of states, and is a transition function. A configuration of a CML, at time , is an assignment of a unique state to each lattice, where a lattice is represented by an integer. is the state of lattice at time is defined by , and a configuration at time uniquely determines a configuration at time as represented succinctly as while denotes an initial configuration. The dynamical system with an initial configuration computes to reach a destination configuration , creating an orbit of points given by , and this notion of computability is formalized using [37] as follows.

*Definition 1. *Computable: a computation of a CML of length is a sequence of configurations . If and , are two configurations in a computation, then or represents to say that computes . Also, we say that when a configuration computes in time steps. The probability that it is computable is then .

We often for brevity denote , if by in the context when configuration can be inferred and computable. In a complex dynamical system, the problem of determining the preimage is formalized [37] as follows.

*Definition 2. *Preimage problem: given a fixed dynamical system and a configuration substring determine whether there is a configuration substring such that where is the time steps and .

A deterministic dynamical system does not always exhibit deterministic behaviour but rather exhibit chaotic or unpredictable behaviour or sensitive dependence to certain initial conditions or parameters. From [33], a deterministic dynamical system is said to be chaotic if has sensitive dependence on initial conditions, is topologically transitive, and periodic points are dense. From the multitude of definitions, Devaney [33] formalizes chaos using theory of topology and the qualitative behaviour of orbits in region of chaos for a given that conditions for chaos exists, such as is unpredictable. This implication of chaos is formalized by the notion of approximately probabilistically irrelevant using measure theory defined in [38] is given below.

*Definition 3. *Approx. probabilistically irrelevant: is approximately probabilistically irrelevant for predicting , at level iff .

The intuition behind the above definition under the assumption that is operating in its region of chaos, given predicting is negligible. The condition for predictability can be defined in terms of Lyapunov stability. A discrete deterministic dynamical system is said to be Lyapunov stable if two different orbits whose initial conditions are sufficiently small and progress in time arbitrarily close to each other towards infinity. The system as in [39] is given bywhere is the lower bound on the level of measurement accuracy error of initial conditions and is the practical lower bound on the tolerable error in the measurement accuracy of the predicted destination state. Given the preliminaries, the next section describes the constructions of a pseudorandom number generator applying these results or notions of dynamical systems and chaos.

#### 4. Construction and Instantiation

A general approach towards construction of efficient encryption mechanism is used to generate a short random key and then expand using a pseudorandom generator , into a longer sequence that looks random, and use as the key in one-time pad encryption as since key generated from a truly random source such that is not practical. The existence of such PRNGs is a contradiction to Shannon’s theorem [40] assuming a computationally unbounded malicious adversary. However, the probability of a computationally unbounded adversary is almost negligible. Therefore, without contradicting Shannon’s theorem, it is surmised that the adversary is computationally bounded or efficient and also it is conjectured that exists if [2]. Assuming , the class of hard problems is used in cryptographic applications such as PRNG for generating sufficiently random looking sequences for cryptographic applications.

Let be a pseudorandom generator as formalized in [41] that generates pseudorandom sequences which are sufficiently random. Let be a unpredictable function and let be a hard-core predicate of defined as , where and . Then, is a pseudorandom generator with expansion factor . The construction of involves parameter generation and construction which uses a coupled map lattice.

##### 4.1. Parameter Generation

The deterministic discrete dynamical system is chosen as follows:(1)Let the state space be .(2)The function is the proposed one-dimensional coupled map lattice (CML) based on logistic-sine map given by where is control parameter, is the initial state for lattice , and is coupling coefficient. The choice of CML being composed of logistic-sine map lattices is to have a well-known noninvertible map which can be scaled and be able to scale the number of pseudorandom bits.(3)Let denote a hard-core predicate of of the lattice given by where and being the number of lattices in the .(4)If is an unpredictable function and a hard-core predicate of , then a pseudorandom number generator can be constructed for each lattice. We prove in Section 5 that is indeed unpredictable.(5)The choice of is given by which are chosen such that

The values of are chosen to be and based on observation from the experimental results which is shown in Figure 1. The bifurcation diagram, KS entropy diagram, and scatter plot depicted in Figure 1 show chaos and uniform distribution of function values for map defined in equation (3). The Lyapunov exponent is often used to quantify the amount of separation of nearby orbits. A positive Lyapunov value indicates that the system is chaotic. A KS entropy density normalizes the amount of chaos in a coupled map lattice where the combined measure of chaos across all lattices is required for assessing the overall chaos. A positive KS entropy value is indicative of being unpredictable and in chaos state as a whole or almost all lattices exhibiting a positive Lyapunov value. The higher percentage of lattices exhibiting chaotic behaviour and less periodic windows in bifurcation diagram make it suitable for cryptography. The KS entropy () and universality () were determined as in [42] by varying between for 25 lattices and 1000 iterations as shown in Figure 1.

**(a)**

**(b)**

**(c)**

##### 4.2. Construction

We construct pseudorandom generator with expansion factor , for some polynomial . On input from parameter generation described in Section 4.1, the does the following:(1)Set (2)Set (3)Set (4)Set (5)For do(a)(6)Set (7)Set (8)Set . For do(a)For do(i)Let be the first bits of , and let denote the remaining (when and is empty string)(ii)Set (9)Output

Figure 2 shows the working of the construction with lattices and will output bits. The claim that construction is a cryptographically secure PRNG is proven in Section 5.

#### 5. Theoretical Security Analysis

The construction is based on the abstract notions of unpredictability. We analyse the security of the construction through a series of theorem using modern cryptography. First, we prove ’s unpredictability and then its one-way function property. We then show that the construction instantiated with is next-bit unpredictable secure PRNG with polynomial expansion factor. We also show that construction is secure against adversaries given adaptive queries. These proof techniques are a design strategy which eventually helps in identification and removal of design weaknesses if not completely but to a large extend.

Theorem 1. *Unpredictable function: the function is an unpredictable function in the chaotic interval*

*Proof. *The theorem is proven through two claims, namely, the unpredictability of the and hardness of preimage problem using the inherent properties of and choice of parameters made in the construction. Though the dynamic system is deterministic, it exhibits chaotic behaviour which makes predictions hard when they operate in their region of chaos. Given a deterministic dynamic system with an initial configuration where is the initial state, is the function, is the number of iterations, and is the number of bits used for representation, two things are necessary for making predictions:(1) should be known and particularly , and the initial state should be measured with reasonable accuracy such that the errors in the prediction are small say (2)Given the initial state and time steps, compute in polynomial timeMeasuring the initial state with the required accuracy to keep the prediction errors small and within is difficult even if we consider that the initial configuration is known [39]. Therefore, meeting the two necessary conditions is nontrivial to make predictions in . Let us assume that the computations are carried out in discrete time and continuous state space which are efficiently made discrete with finite precision arithmetic.

*Claim 1. *If a system with parameters as initial conditions chosen uniformly random such thatthen the system is pragmatically unpredictable where is the chaotic interval and the following holds:

*Proof. *Consider the deterministic dynamical system , and it is said to be strongly pragmatically predictable if and only if the following holds [39]:where represents interested prediction time denotes state space, denotes the smallest measurement accuracy of initial conditions, and represents practically tolerable prediction error. The above equation intuitively gives the implication that the inability to predict with reasonable accuracy level below at all times implies system’s initial conditions could not be measured with accuracy less than . In other words, if the system’s initial conditions cannot be measured with at least the measurement accuracy , the system is not strongly pragmatically predictable. Hence, strong pragmatic predictability condition cannot hold if the initial conditions are kept secret as in construction , and therefore, . Also, if the systems are carefully chosen such that the system is in chaotic regime, as described in Section 4 (parameter generation Section 4.1), it makes predictability hard even when the measurement of initial conditions is within . If the system satisfies equation (6), then the equation for strong predictability cannot hold. The condition for weak pragmatic predictability is given byThe above condition for weak pragmatic predictability can neither hold for the system if holds. The intuitive meaning of the above equation is that for all times and states in the chaotic region, if the initial state prediction error is less than and final state prediction error is more than , then the system is unpredictable. This also means sensitive dependence to initial conditions or chaos. Moreover, it is known that boundedness of the trajectories produces nonlinearity, being nonperiodic, simulates statistical random experiment, and fills the entire state space [39]. The system when bounded in the interval by parameter generation will exhibit the following characteristics consequently:(1)Nonlinearity due to addition of nonlinear term sine to the linear differential equation(2)Trajectory divergence or positive Lyapunov implies that the time-independent orbits will oscillate without being periodic in a finite region of the state space periodic making it unpredictable as observed from Figure 1(3)Orbits will contain all possible state values and thus simulate a statistical random experiment(4)Set of orbits starting from one finite state space will fill the entire state space as observed from Figure 1 after some timeHence, the system is unpredictable if equation (6) holds. Moreover, equation (6) holds by assumption and given , that is, all the dynamical system parameters except for , an approximation such that also holds, and then it implies that it is hard to compute such that . Any adversary trying to predict with practically relevant accuracy has to exhaustively search all possible values of initial conditions over , and then the probability of determining from assuming is chosen uniformly random which is given byThe second inequality follows from the fact that the state space is represented in finite arithmetic with bits. The quantity is negligible, and the above equation can be rewritten asConsidering that being kept secret by design and inference from the above equation that the probability of computing such that given that is negligible, the above equation can thus be written asHence, Claim 1 is proven.

*Claim 2. *Let be such that , then it holds that

*Proof. *It is given that for the system , the following holds:and then for all the points in the forward predicted orbit for implies that given a such that , predicting the points in the forward orbit is negligible, and then it can be written without loss of generality:Given that is a noninvertible map and probability of computing is negligible, it implies that given a destination point in an orbit and predicting all the points backward towards the initial point in the backward orbit is also negligible, givesCombining forward and backward orbit computability probability from equations (15) and (16), we getHence, Claim 2 is proven.

It follows from Claims 1 and 2 that the function is unpredictable.

Corollary 1. * problem: let be a system such that , then the following holds in the chaotic interval:*

Theorem 2. *If is unpredictable, then it is a one-way function in the chaotic interval*

*Proof. *A function is one-way if the following two conditions hold [41]:(1)There exists a polynomial-time algorithm computing , that is, for all and (2)For every probabilistic polynomial-time algorithm , there is a negligible function such thatThe above equation can be also represented succinctly asThe proof of the theorem is structured by means of proving each condition for one-way function described above holds for through claims as given below.

*Claim 3. *Given and with finite precision, the function computes deterministically in polynomial time

*Proof. *It is assumed that given is of finite precision and . The function computes at each lattice given byWe can see the abovementioned way of computing recursively and using modular arithmetic which keeps the complexity of finite arithmetic computing deterministic within polynomial time as long as is polynomial.

*Claim 4. *Given , for every probabilistic-time algorithm , there is a negligible function such that

*Proof. *We construct the experiment as follows.

*Construction 1. *()(1)Choose uniform , and compute (2) is given and as input, and outputs (3)The output of the experiment is defined to be 1 if , and 0 otherwiseA closer observation of the definition of the experiment will reveal the fact that the experiment Invert is just a conceptual redefinition of the preimage problem defined in Section 3 and Definition 2. Rewriting the equation in terms of the preimage problem, we getThe second and third equality follows from equation (16) and Corollary 1. The fourth inequality proves Claim 4.

Now, from Claims 3 and 4, it follows that is one way.

From Theorems 1, 2, and [41], the corollaries are as follows.

Corollary 2. *If is a one-way function in the chaotic interval and , then the function where and is a hard-core predicate of .*

Corollary 3. *If is an OWP in the chaotic interval, is hard-core bit of and is defined by , then is next-bit unpredictable.*

Corollary 4. *If is a pseudorandom generator with expansion factor , then for any polynomial denoted , then there exists a pseudorandom generator with expansion factor .*

Theorem 3. *Let predictor be a construction as given below for , an efficient function ensemble, and let be some constant as follows.*

*Construction 2. *():(1)Assume two parties, the predictor and verifier (2)Let denote the private initial configuration generated during parameter generation(3)Let be the initial state space and iterated such that or (4)The protocol runs in rounds for . sends to a point and in return sends to at the round of the protocol value computed as follows:(a) where takes values in the interval (b)(5) outputs a point which is not previously queried in and a string which is its guess for at the termination of the protocol is unpredictable against an adaptive sample and an adaptive challenge if for any polynomial-time machine and any constant , then

*Proof. *The initial configuration parameters are generated using parameter generation described in Section 4.1 such that for , the following condition for chaos or unpredictability holds:From [38], we know that predicting any point in a orbit at any level of precision , all sufficiently past points are approximately probabilistically irrelevant. Hence, if the condition for chaos holds, then by Definition 2, we have for where is a negligible quantity, without loss of generality can be assumed to be equal to a small quantity :Rewriting the above equation, we getThe is negligible function of level of precision by definition and its equivalent to . Hence, it can be inferred that the probability conditioned on past observations has negligible effect under unpredictability assumption, and then it can be written asThe first inequality is obtained by rewriting equation (26). The second inequality follows from Theorem 2 and its corollary. The third and fourth inequality follows that the predictor’s advantage is negligible. Hence, the adversary or the predictor has negligible advantage in predicting given adaptive sample query access.

Corollary 5. *Let be such that , then from [43], it holds that*

Corollary 6. *From Corollaries 2–5, it follows that is a secure next-bit unpredictable PRNG with expansion factor .*

#### 6. Empirical and Statistical Analysis

The central requirement for any PRNG to be practical is pseudorandomness and unpredictability (both forward and backward). A well-designed generator produces sequences that exhibit good statistical properties and are evenly distributed. To test the statistical strength of the designed PRNG, the sequence generated is subjected to rigorous statistical tests against the null hypothesis. The null hypothesis is that the sequence under test is random, and alternate hypothesis that the sequence is nonrandom. The statistical test suite describes the probability of the tested potential pseudorandom sequence, called test sequence, against a priori known truly random source or reference distribution. The intuition is that when the computed statistical value does not exceed the critical value, it means that a low probability event does not occur naturally, and hence, it must be random.

There are an infinite number of statistical tests describing a methodology to test the existence of a prescribed pattern to prove that the tested sequence is nonrandom. The presence of an infinite number of statistical tests leads to no finite set of tests to quantify randomness. Therefore, the statistical tests are only a necessary condition and not a sufficient condition, but they are truly an indicator of randomness using probability. In this section, we analyze the statistical strength of the binary sequence generated by generators using statistical randomness testing suites, namely, NIST 800-22 randomness test suite [44], Dieharder battery of test [45], ENT [46], and TestU01 [47, 48]. The pseudorandom binary bits are generated using and instantiated with with , and is used for both proposed generators. All other parameters are chosen as described in Section 4.1.

##### 6.1. NIST Test Results

NIST SP800-22 statistical test suite consists of 15 independent statistical tests to investigate the randomness of the arbitrary long binary sequence produced by the generators. For each test, with a fixed significant level (), the quality of the sequence is given as values. If the value is , the generated sequence passes the test; otherwise, it fails. The sample size of 100 binary sequences for each test is used with the bit length of the order . The interpretation of the empirical results can be done from the proportion of passing of a test, i.e., the pass rate. The minimum pass rate is calculated from the sample size and the significant level as given in [44]. The minimum pass rate for 100 binary sequences with 0.01 significance level is 0.9602. The test is statistically successful if at least 96 sequences out of 100 sequences pass the test and the generator successfully passed all the 15 tests as seen in Table 1 confirming the randomness of the generated sequence.

##### 6.2. Dieharder Test Results

The Dieharder test suite developed by Robert G. Brown consists of 31 stringent tests for distinguishability from random. The value distribution generated by each test for Dieharder in contrast to NIST test suite is analyzed by a Kuiper–Kolmogorov–Smirnov (KKS) test, which has a higher sensitivity to deviations from an equal distribution. A random sequence with size bit sequence from generators is used as input for the Dieharder test suite. Table 2 shows the result of the Dieharder battery of tests. The number of trials used in each test is given as . The generators passed all the 31 stringent tests, which indicate that there is evidence of randomness at a high confidence level.

##### 6.3. ENT Test Results

The ENT battery of tests consists of 5 tests for randomness. Table 3 shows the ENT test results. The information density of the sequence is evaluated using the entropy test expressed as number of bits per byte. Entropy quantifies how much expected information is contained in the generated sequence. shows a maximum level of entropy (ideal value is 8) indicating a good measure of randomness. The chi-square test indicates that the generated sequence is random, and it is extremely sensitive to errors in PRNG. The arithmetic mean is the sum of all the bytes in the generated file divided by the file length. is very close to random, i.e., within the mean range of . The Monte Carlo value converges to with minimal error 0.01 percent for signifying that the sequence is close to random. The serial correlation coefficient (SCC) test indicates that there is no correlation between each byte with the previous byte in the sequence.

##### 6.4. TestU01 Results

The results for TestU01 are shown in Table 4. TestU01 battery of tests developed by Pierre L’Ecuyer and Richard Simard is one of the most stringent tests for randomness. The binary sequence battery test includes Rabbit (38 tests), Alphabit (17 tests), and Blockalphabit (17 tests) are used to test the randomness of the generators. The test results are shown in Table 4. The generator successfully passed all the tests ( value between [0.001, 0.999]) of the TestU01. This indicates that the generated binary sequence has good randomness and hence unpredictable.

Experimentally through a series of stringent battery of the test, it is seen that generator has passed all the randomness tests successfully in agreement to the security analysis presented in Section 5. Therefore, it is evident that the generated sequences exhibit good statistical evidence of randomness and can be used confidently in sensitive applications.

#### 7. Discussion

Implementation of cryptographic primitives for practical usage and for memory-constrained devices requires standardization in implementation. Also, the choice of operations involved in the algorithm directly affects the choice of hardware. In this proposal, we have focused to establish a solid approach to create robust and credible chaos cryptographic primitive design methodology. However, it can be observed from the construction that the design uses logistic-sine map-based lattices composed into a CML, and hence, the design only requires implementing mainly logistic-sine map in hardware. Therefore, the performance of the CML and the proposed CSPRNG in hardware or specific suitability to resource constrained devices can be assumed to be on par with the performance similar to that of LS map implementations as in [49, 50]. Furthermore, in future we would like to study the performance of the construction on hardware implementations.

As dynamical system with chaotic behaviour, its trajectory will never repeat in theory but due to finite precision limitations in digital implementations may give rise to cycles. The robustness to dynamical degradation is thus captured by measuring the cycle length of symbols or bits produced by a chaotic systems. Since the proposed system passed all NIST tests with 1 million bit length output sequence from the proposed CSPRNG, including the random excursion test which captures the notion of cycle lengths in the output sequence, it can be safely assumed that effect of dynamical degradation is negligible for all practical purposes. Moreover, the experiments are carried out using Python 3.7 which adheres to the IEEE Standard for Floating-Point Arithmetic (IEEE 754), thereby restricting the key space to single and double precision. In this CSPRNG, the only secret is the initial seed or initial vector. Therefore, the key length is proportional to the precision or number of bits used to represent one initial seed in a lattice times the total number of lattices in the CML. For example, if a double precision IEEE 754 representation takes 53 significant and 11 exponent bits, then for 25 lattices, the key length is 275 and the total key space is in the order of without considering the parameters of logistic-sine map which are nondominant factors in the order. Similarly, for a single precision, the total key space is in the order of . In chaos-based cryptography, a key space above is considered secure to be used for encryption, and hence, for the proposed CSPRNG, the probability of a brute force attack is negligible.

Provable security has been demonstrated in chaos cryptography with the Chebyshev chaotic map in a multiparty computation setting using the hardness of computational Diffie–Hellman (CDH) problem’s chaotic equivalent computational chaotic Diffie–Hellman (CCDH) problem in their designs. Such designs use the computational chaotic Diffie–Hellman problem posed by Chebyshev maps to build one-way functions. However, to the best of our knowledge, hardly any provable security is proposed in chaos cryptography for a CSPRNG setting. Some of the works using provable security under multiparty computation setting are [51–53] in which the authors present a formal proof of security in a multiparty computation setting to establish a secret key between parties which do not have a preshared secret key for secure communication. Iwasaki and Umeno [54] improved a vector space cipher by modelling a linear masking attack and proved that the improved algorithm can resist linear masking attack but did not use any standard provable security framework for encryption. The reasoning behind the choice of Chebyshev map used in such designs is due to its inherent property of CCDH which perfectly fits in the provable security framework for multiparty computation setting. Similarly, the proposed CSPRNG uses a CML composed of the LS map which is known to exhibit noninvertible property and fits well in the provable security framework for CSPRNG setting. Hence, any chaotic maps or flows can be used in the provable security framework if it would fit in the choice of provable security framework and setting. The proposed chaos-based CSPRNG design methodology demonstrates such instantiation of construction with a chaotic map for a choice of provable security framework and setting. Moreover, the authors in [55] provide a checklist and the proposed work captures those that are pertinent to a CSPRNG setting. The modern cryptography’s provable security frameworks are indeed designed to capture such notions of attack and attacker capabilities enlisted in [55], and their correlation to this work is as follows:(1)Cryptographic primitive’s algorithm should be stated explicitly in the form of mathematical model as described in Section 4.2(2)Propositions for algorithms stated and proven explicitly as described from Theorems 1 to 3(3)Specification of domain and range as described in Section 4.2 parameter generation(4)Models capturing attackers’ knowledge of the algorithm and security depending on just secret key as demonstrated through Theorems 1 to 3(5)Proof-driven design approach as demonstrated through in Theorems 1 to 3(6)Discussion on hardness assumptions and dynamic degradation as demonstrated through Theorems 1 to 3 and Section 7(7)Scope of attacks and robustness as captured through the notion of Theorems 1 to 3

#### 8. Conclusion

The theory that a deterministic system shall produce deterministic output has been proven otherwise with the study of dynamical systems. The construction is based on the results that deterministic dynamical systems can produce chaos over long range. Moreover, when such systems are made to operate in the region of chaos by choosing system parameters appropriately, they tend to become unpredictable. More precisely, the chosen function exhibits unpredictability proving computation of the defined preimage problem as hard or unpredictable making them candidate unpredictable functions according to modern cryptography. It is a proven fact that the pseudorandom number generator constructions satisfying the abstract notions of computational indistinguishability will pass all efficient statistical tests. Such notions to the best of our knowledge hardly have been applied in the design of pseudorandom generator constructions using chaos. This paper presents CSPRNG using the proven Goldreich–Levin generic construction of modern cryptography and then instantiated it with a new CML (), namely, . The security is proven using the abstract notions of unpredictability, a proven equivalent to computational indistinguishability and modern cryptography primitive design tool. The pseudorandom generator is then proven to be computationally indistinguishable. Pseudorandom sequences generated from such design are then tested using standard statistical randomness test suites used by chaos-based cryptography designers, namely, NIST, Dieharder, ENT, and TestU01. The pseudorandom sequences generated from passed all the tests of NIST, Dieharder, ENT, and TestU01 (tests for bits) test suites proving the claims of abstract notions of unpredictability. Hence, the premise that statistical analysis is used as a necessary condition and rigorous mathematical simulation-based proof is used as sufficient condition is demonstrated to eventually produce better designs. Thus, we believe that the demonstrated design approach will provide new directions beyond statistical analysis in designing chaos-based cryptographic primitives by using modern cryptography design tools. Also, it will motivate chaos-based designers to more often instantiate time-tested proven generic constructions with candidate chaotic functions rather than design generic constructions for new cryptographic primitives. This kind of design approach will lead to robust and credible chaotic cryptographic primitives and prevent depreciating motivation on chaos-based cryptographic primitive design.

#### Data Availability

No data were used to support this study.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.