Transcript CVES

1
Introduction
 Applications: Pay-TV, Confidential video conferencing,
secure VOD service via network, Medical imaging systems,
etc.
 Problems: 1) The well-developed modern ciphers cannot be
directly used, because most of them run so slow (especially
in software implementation). 2) Compression algorithms
make it more difficult to incorporate the ciphers into the
video system.
 State of the Art: Many different video encryption
scheme have been proposed, but some of them are not
secure and most of them are dependent of specific video
format (chiefly MPEG-1 and 2).
2
Our New Scheme - CVES
 CVES – Chaotic Video Encryption Scheme.
 CVES is independent of any video compression algorithms;
 CVES can provide high security for real-time digital video with
fast encryption speed;
 CVES can be simply realized both by hardware and software.
 CVES can be extended to support random retrieval of ciphervideo with considerable maximal time-out (RRS-CVES: Random
Retrieval Supported CVES).
 Essentially speaking, CVES is a universal fast cipher .
3
CVES – A General View
m-LFSR2
plain-cluster
Controller
CCS
CVES
cipher-cluster
CIT
L bits
ECS(1)
n bits
L bits
ECS(2)





MUX
ECS
Pool




Sorter


PseudoRandom
S-Box

ECS(2n)
L bits
Stream Sub-Cipher
pre-masked
plain-cluster
Dataflow of Encryption Procedure

n bits
n bits
Block Sub-Cipher
m-LFSR1
Dataflow of Decryption Procedure
4
Chaotic Cryptography

Chaos vs. Cryptography: Many fundamental characteristics of chaos,
such as the mixing property and the sensitivity to initial conditions, can
be connected with “confusion” and “diffusion” property in good ciphers.

Three facts about presented chaotic ciphers:
1) Most chaotic block ciphers require to iterate the employed chaotic
systems for many times to make the ciphertext independent of the
plaintext, which will markedly reduce the encryption speed.
2) Most chaotic stream ciphers employ one single chaotic system to
generate pseudo-random numbers to mask the plaintext, which may
weaken the capability to resist potential attacks.
3) Generally, chaotic stream ciphers run much faster than chaotic block
ciphers.
5
How to Realize Digital Chaotic Systems
in Finite Precision?
 Problems: It has been found that the dynamical properties of
digital chaotic systems are far different from the theoretical
ones. The related problems include short cycle length, nonideal distribution and correlation, etc.
 Remedies: In CVES, we use the perturbation-based algorithm
presented in [24] to avoid this flaw: Use a simple pseudo-random
number generator (PRNG) to make a small signal pt(i). The l
lowest bits of the chaotic orbits are perturbed by pt(i) with
fixed interval Δ.
6
CVES - Components
 ECS Pool: The kernel part of the whole CVES. 2n digital
chaotic systems, which are called Encryption Chaotic
Systems (ECS): ECS (1)~ECS(2n). All 2n ECS-es are based
on a same one-dimensional chaotic map Fe(xe,pe) defined on
I=[0,1], with different control parameters pe(1)~pe(2n). All
ECS-es are realized in finite precision L (bits) with
perturbation-based algorithm, and one maximal length LFSR
(m-LFSR1, whose degree is L1) is used as the perturbing
PRNG. The perturbing intervals are Δ e (1)~ Δ e (2 n )
respectively. The current states of the 2n ECS-es are
denoted as xe(1)~xe(2n).
7
CVES - Components
CCS: One digital chaotic systems (called Control Chaotic
System) is used to control the 2n ECS-es. CCS is based on
another chaotic map F c (x c ,p c ) defined on I=[0,1]. CCS is
also realized in finite precision L with perturbation-based
algorithm, and m-LFSR 2 with degree L 2 is used as the
perturbing PRNG. The perturbing interval is Δc.
 C I T : A C o n t ro l I nf o r m a t i o n Ta b l e ( C I T ) s t o r e s t he
required information of CVES.
 Stream Sub-Cipher: A 2n×1 MUX controlled by CCS is used to
select an ECS to generate a L-bit chaotic key, which is used to
XOR the plain-cluster L-bit block by L-bit block.
 Block Sub-Cipher: A 2n×2n L-bit sorter and 2n n-bit memory
units compose a Pseudo-Random S-Box Generator (PRSBG).
Then generate a pseudo-random n×n S-Box, which is used to
substitute the pre-masked plain-cluster n-bit block by n-bit
block.

8
CVES – Encryption/Decryption
 Secret key: K={xc,pc}.
 Initialization:
1)Iterate CCS for 2n times to obtain 2n initial conditions
xe0(1)~xe0(2n) for all ECS-es.
2)Iterate CCS for 2 n times to obtain 2 n control
parameters pe0(1)~pe0(2n) for all ECS-es. Any two must not
be same.
3) Sort x e0 (1)~x e0 (2 n ) to generate a rank sequence
l(1)~l(2n). Then Δe(i)=Pr(l(i)), where Pr(i) denotes ith prime
number larger than 2. Iterate CCS for several times to
obtain Δc, which should be a prime number smaller than 2n.
4) Iterate each ECS(i) for η>λ(i) times, where λ(i) is its
Lyaponov exponent.
 Encryption/Decryption Procedure: See Slide 4.
9
RRS-CVES – Modified CVES
 Initialization: Three operations are added. 1) Run CCS for 2+2n
times to generate two L-bit numbers p+, x+ and 2n m-bit numbers
τe(1)~τe(2n). Here, gcd(τe(i),2)=1 and τe(i)≥τmin. 2) Sort
pe0(1)~pe0(2n)
to generate a sequence re(1)~re(2n). 3) Set the 2·2n L-bit
numbers to 0: C1(1)~C1(2n), C2(1)~C2(2n).
 Encryption Procedure: Only the stream sub-cipher is modified.
For jth L-bit plain-block, select ECS(re(j mod 2n)) as the current
ECS. ECS(i) runs once, C1(i)++. If C1(i) mod τe(i)=0, reset ECS(i)
as
follows: C1(i)=0, C2(i)++, xe(i)=xe0(i)=(xe0(i)+x+) mod 2L. If C2(i)
mod τe(i)=0, reset ECS(i): C1(i)=C2(i)=0, pe(i)=pe0(i)=(pe0(i)+p+) mod
2L.
 Reconstruct: Assume the total number of L-bit cipher-blocks
Before the cipher-cluster is Il. We can reconstruct all 2n ECS-es
within considerable maximal time-out.
10
CVES/RRS-CVES – Configuration
 L: Since the key space is 22L, L should be large enough to




provide high security. L=32 or 64 is suggested.
n: Apparently, the realization complexity has positive
relation with n. So n can not be too large, and we suggest
n=8.
The Cluster Size: It can slightly adjust the speed.
m and τmin: We suggest m≤n and τmin≥2n/2 to reduce the
maximal time-out of RRS-CVES.
The Chaotic Maps: We suggest using the PLCM in [27,28].
x/ p


F ( x, p)  ( x  p) /(1 / 2  p)
 F (1  x, p)

0 x p
p  x  1/ 2
1/ 2  x  1
11
CVES – Performance: Speed
Assume all ECS-es and CCS are based on the PLCM in [27,
28], and the cluster size is fixed: Pmax·L bits.
 Hardware - Assume the basic clock frequency is fb MHz
and the time consuming by the sorter is τs clock cycles, the
speed of CVES will be fb/(1+1/n+τs/(Pmax·L)) Mbps, which is
faster than most conventional ciphers. 2)
 Software - The speed under WindowsTM OS is tested with
Visual C++. The speed is about 1/10 of the CPU frequency
(60Mbps on a 667MHz Pentium®III PC). Such a speed is
rather high for a software cipher. 3) The initialization
consumes not too much time, and the maximal time-out of
RRS-CVES is not too large.
12
CVES – Performance: Security
 Essentially features to avoid potential attacks:
a) The independent 2n+1 digital chaotic systems.
b) The different pseudo-random S-Box for different
cluster.
c) The product of the stream cipher and the block cipher.
 Cryptographic properties:
a) Balance;
b) Avalanche property.
 Stream sub-cipher: Huge cycle length;
 2

L1
L2
n
,  e (2 ))   2  1   2  1  lcm    e (i),  c 
 i 1

n
lcm( e (1),
 Block sub-cipher: Perfect pseudo-random S-Boxes with
equiprobable and symmetric distribution.
13
CVES – Performance: Realization
Complexity and Experiments


Realization Complexity: One L-bit digital dividers, a 2n×2n sorter, two
perturbing m-LFSR-s, and some memory units (not too many).
Experiments: See the following figures.
For a uncompressed digital video, we test the practical performance of
CVES. In Fig. 2, we give the comparison of one plain-frame and the cipherframe. We can see the plain-image is encrypted to a cipher-image with
uniform histogram, which implies CVES is perfect.
14