Pseudorandom number generator based on Arnold ... - Tubitak Journals

Turkish Journal of Electrical Engineering & Computer Sciences http://journals.tubitak.gov.tr/elektrik/

Turk J Elec Eng & Comp Sci (2017) 25: 633 – 643 ¨ ITAK ˙ c TUB ⃝ doi:10.3906/elk-1507-253

Research Article

Pseudorandom number generator based on Arnold cat map and statistical analysis ∗ ˘ Erdin¸ c AVAROGLU Department of Computer Engineering, Faculty of Engineering, Mersin University, Mersin, Turkey

Received: 30.07.2015

•

Accepted/Published Online: 05.02.2016

•

Final Version: 24.01.2017

Abstract: Pseudorandom number generators (PRNGs) generate random bit streams based on deterministic algorithms. Any bit stream generated with a PRNG will repeat itself at a certain point, and the bit streams will become correlated. As a result, all bit streams generated in this manner are statistically weak. Such weakness leads to a strong connection between PRNGs and chaos, which is characterized by ergodicity, confusion, complexity, sensitivity to initial conditions, and dependence on control parameters. In this study, we introduce a PRNG that generates bit sequences by sampling two Arnold cat map outputs. The statistical randomness of bit streams obtained using this PRNG was verified by statistical analyses such as the NIST test suite, the scale index method, statistical complexity measures, and autocorrelation. The generated bit streams successfully passed all the analytical tests and can be safely used for the many applications of randomness. Key words: Pseudorandom number generator, Arnold cat map, NIST statistical test, scale index, statistical complexity measure, autocorrelation

1. Introduction Randomness means being unknown with any certainty. In other words, it means unpredictability in cryptography and a lack of relationship between samples in statistics [1,2] . Random numbers, on the other hand, are numbers that are generated with equal probability so that there is no correlation between the numbers. Random numbers have been widely used in the fields of simulation, sampling, numerical analysis, decisionmaking, entertainment, computer programming, and cryptography. Random numbers must be unpredictable and irreproducible (nonperiodic) with good statistical properties and uniform distribution [3]. Various number generators such as pseudorandom number generators (PRNGs), true random number generators (TRNGs), and hybrid random number generators have been developed to generate random numbers. TRNGs generate random numbers by using a physical process as a source of noise. A hybrid random number generator is a random number generator that uses random numbers generated by a TRNG as a seed in a PRNG [4]. A PRNG uses a seed obtained from a source of entropy as the random input and generates bit streams that cannot be distinguished from those generated by TRNGs by means of calculations. Since these generators are deterministic, the output value cannot exceed the seed value introduced. Moreover, their streams repeat themselves after a while, which means that the system is periodic. A nonperiodic system requires a rather large memory. However, this requirement causes the system to slow down. The system safety of PRNGs depends on the unpredictability of seeds and the complexity of the functions used in the system. Moreover, the parameters of ∗ Correspondence:

[email protected]

633

˘ AVAROGLU/Turk J Elec Eng & Comp Sci

the functions must be carefully selected. The algorithms used by PRNGs include linear feedback shift registers, midsquare methods, and linear congruential generators [3]. Aside from these generators, chaos, particularly, is used to generate random numbers in PRNGs due to its properties. These are [5]: • Ergodicity and confusion • Sensitivity to initial condition/control parameter • Deterministic dynamics (deterministic processes lead to random-like (pseudorandom) behaviors) • Structure complexity and algorithm complexity Dependence on extreme initial conditions makes chaotic systems very attractive for PRNGs. Chaos is used for many PRNG designs such as piecewise linear maps [6–9], logistic maps [10,11], and z-logistic maps [12]. In recent studies, the design of chaos-based PRNGs continues. Sun and Lu designed a PRNG system based on spatial chaotic maps for cryptographic use [13]. Patidar et al. developed a PRNG design that generates bit streams through a comparison of outputs obtained with two chaotic standard maps with different initial conditions [14]. Guyeux et al. developed a PRNG design based on chaotic iterations and a combination of XORShift and ISAAC generators [15], and Pareek et al. developed a PRNG design based on a cross-coupled chaotic tent map [16]. López et al. developed a PRNG design based on coupled chaotic map (a modification of a piecewise linear map) [17]. For the PRNG design offered in [18], deterministic chaotic systems were used. Using three logistic maps, Francois and Defour modified Patidar’s [14] PRNG design based on two logistic maps and showed that their results were more successful [19]. Fran¸cois et al. made PRNG designs composed of a chaotic logistic map [20] and a mixture of three chaotic maps [21]. These studies indicate a strong link between chaos and PRNGs. Especially for PRNG design, chaotic maps have been used most. This is because a chaotic map is fast and iterative. Therefore, this study introduces a PRNG design based on a chaotic Arnold cat map. Using two Arnold cat maps, a bit stream was generated by passing the random numbers through the compare section. An output bit stream was generated by sampling the generated bit streams according to the selection rule in the sampler section. The NIST 800-22 test suite was used to verify that the bit stream generated is statistically random. In addition, the scale index method, statistical complexity measures, and a correlation test were used to determine whether the generated bit streams are nonperiodic and correlated. This article is organized as follows: Section 2 introduces the Arnold cat map. Section 3 describes the PRNG design. Section 4 describes the statistical analyses used with the generated bit streams and presents the results of these analyses. Finally, Section 5 evaluates these results. 2. Arnold cat map Recently, chaos has been commonly used in random number generators [22–26]. This is because the generation and storage of chaotic number streams has proven to be fast and easy and does not require storing long number streams. Only a few functions (chaotic maps) and a few parameters (initial conditions) are sufficient even for very long streams. Moreover, it is possible to generate a large number of number streams easily by simply changing the initial conditions. These advantages have led to using chaos as a random number generator [27]. This study used the Arnold cat map discovered by Arnold and Avez [28]. The map is named after Vladimir Arnold, who demonstrated its effects in the 1960s using an image of a cat, as in Figure 1. 634


Figure 1. Arnold cat map [29].

To define the Arnold cat map, we first need to define a torus and phase space. A torus is the surface obtained by revolving a circle in three-dimensional space around a disconnected axis that is coplanar with the circle. A phase space represents all possible states of a system, and each state corresponds to one unique point. The map can be now defined as a discrete system in which the trajectories in phase space are stretched and folded to obtain a torus. The mathematical definition of the Arnold cat map is shown in Eqs. (1)–(4). [ ] x Let X = . X is an n× n matrix, and the Arnold cat map transformation is as follows: y [ Γ:

x y

]

[ →

1 1

1 2

][

x y

]

[ mod n =

1 0 1 1

][

1 0

Γ : (x, y) −→ (x + y, x + 2y) mod n

1 1

][

x y

] mod n

(1)

(2)

This system can be represented like this: xm = (2xm + ym )modn

(3)

ym = (xm + ym )modn

(4)

Since this is a chaotic map, made of a discrete system, it expresses the dynamics of chaos. The initial conditions will affect the map, and its outputs will appear to be random.

3. The proposed PRNG A random number generator is a tool, a natural source or an algorithm. The random numbers generated by a random number generator are expected to be unpredictable and irreproducible with good statistical properties. Some generators use natural sources (nondeterministic), while others use specific algorithms (deterministic). Any bit stream generated with a deterministic system will repeat itself at a certain point, and the bit streams will become correlated. As a result, all bit streams generated in this manner are statistically weak. To resolve these problems, this section introduces a PRNG that uses the Arnold cat map. Figure 2 shows the proposed PRNG design. 635


Figure 2. The proposed PRNG design.

The proposed PRNG is composed of three sections: the random number generation section, the compare section, and the sampler section. In the random number generation section, Arnold cat map 1 and Arnold cat map 2 use different initial conditions to generate random numbers. In this study, random bit streams were generated for 100 different initial conditions and then they were analyzed. However, for the results presented in this article the initial conditions are x 0 = 0.9, y 0 = 0.4, z 0 = 0.3, and w 0 = 0.6, and mod 1 is used since we want the generated numbers to be in the range of [0, 1]. The bit stream is generated by comparing the random numbers generated in the random number generation section in the compare section following the rules given in Eqs. (5) and (6). { For Arnold cat map 1:

g (xm+1 , ym+1 ) =

For Arnold cat map 2:

g (zm+1 , wm+1 ) =

{

1 if xm+1 ≥ yn−1 0 if xm+1 ≤ yn−1 1 if zm+1 ≥ wn−1 0 if zm+1 ≤ wn−1

} (5) } (6)

Here, n is the length of the bit stream. In the sampler section, the bit streams generated in the compare section are sampled by using the sampler rule in Eq. (7) to obtain the output bit stream b i . { sampler rule =

bi discard

if ai = 1 if ai = 0

}

Table 1 shows an example of the sampler rule in use. Table 1. Example for sampler rule.

ai : Generated bit stream with Arnold cat map 1 bi : Generated bit stream Arnold cat map 2 Sampler rule Output bit stream

636

10111000111011010110111010 00101101110011110101010111 0 -101 — 110 -11- 1-10- 010- 10101110111100101

(7)


4. Statistical analysis Any bit stream generated by PRNGs is expected to be highly random, unpredictable, irreproducible, and uncorrelated. These properties, however, must be analyzed carefully. This section analyzes the bit stream generated by the proposed PRNG. 4.1. Randomness test (NIST test suite) The applicable statistical tests are used to determine whether a generated bit stream is random or not. For this purpose, various test suites such as FIPS140 [30], NIST [1], Diehard [31], TestU01 [32], and others have been developed. The best test known to date is the NIST 800-22 test suite released by the National Institute of Standards and Technology. The NIST 800-22 test suite includes 15 tests and requires success in all of these tests. The studies of PRNGs with chaotic maps in the literature are declared successful when they pass all the NIST tests successfully. In this study, the bit streams generated by Arnold cat map 1 and Arnold cat map 2 did not pass all 15 tests. However, the bit streams obtained by sampling the bit streams from Arnold cat map 1 and Arnold cat map 2 according to the sampler rule did successfully pass the entire NIST test suite. The test results obtained are presented in Table 2. Table 2 also contains the NIST test success rate of bit streams generated from 100 different initial conditions. 4.2. Scale index method The scale index technique was proposed by Benitez [33]. This technique enables the obtaining of information about the periodic nature of generated number series. The technique, which depended on the continuous wavelet transform (CWT) and wavelet multiresolution analyses, is given below [34]. The scale s and f at time u in the CWT and scalogram are defined as shown in Eqs. (8) and (9) [24,33,34]. ∫ W f (u, s) := ⟨f, ϕu,s ⟩ =

−∞

(∫ S (s) := ||W f (u, s)|| =

+∞

f (t)ϕ∗u,s (t)dt )

+∞

−∞

(8)

|W f (u, s)|2 du

(9)

S(s) is the CWT’s energy. The inner scalogram is defined by Eq. (10). (∫ S

in

)2

d(s)

|W f (u, s)| du 2

(s) :=||W f (u, s)||j(s) =

(10)

c(s)

Here, J(s) = [c(s), d(s)] ⊆ I indicates the maximal subinterval in I. The support of ψu,s is included in I for all u ϵ j(s). S¯in as defined in Eq. (11) is normalized. S¯in (s) =

S in (s) 1

(d (s) − c (s)) 2

(11)

The scale index of f in the scale interval [s0, s1] can be described as shown in Eq. (12). iscale :=

S(smin ) S(smax )

(12)

637


Table 2. NIST test results of the proposed PRNG and success rates for 100 different initial conditions.

Test Frequency

P-value -

Result Not passed

P-value 0.980

Result Passed

P-value 0.664

Result Passed

Success rates for 100 different initial conditions Proportion 0.95

Frequency test within a Block Runs Test for the longest run of ones in a block

-

Not passed Not passed Not passed

0.117 0.283 -

Passed Passed Not passed

0.222 0.241 0.904

Passed Passed Passed

0.95 0.95 0.95

Binary matrix rank Discrete Fourier transform Nonoverlapping template matching

0.988 -

Passed Not passed Not passed

0.456 0.024 -

Passed Passed Not passed

0.315 0.400 0.030

Passed Passed Passed

0.95 0.95 0.90

Overlapping template matching Maurer’s universal statistical

-

Not passed Not passed

0.200

Not passed Passed

0.854 0.257

Passed Passed

0.90 0.90

Linear complexity Serial 1 Serial 2 Approximate entropy Cumulative sums

0.153 -

Passed Passed

0.295 0.203 0.992 –4 –3 –2 –1 1 2 3 4 –9 –8 –7 –6 –5 –4 –3 –2 –1 1 2 3 4 5 6 7 8 9

Passed Passed Passed Not passed Passed

0.030 0.104 0.207 0.694 0.902 –4 –3 –2 –1 1 2 3 4 –9 –8 –7 –6 –5 –4 –3 –2 –1 1 2 3 4 5 6 7 8 9

Passed Passed Passed Passed Passed

0.95 0.95 0.95 0.90 0.90

Passed

0.90

Passed

0.90

Arnold cat map 1

Not passed Not passed

Random excursion

-

Not passed

Random excursion variant

-

Not passed

Arnold cat map 2

Output bit streams (bi )

0.028 0.131 0.053 0.014 0.266 0.618 0.968 0.580 0.228 0.545 0.956 0.798 0.761 0.895 0.823 0.990 0.845 0.728 0.483 0.415 0.501 0.398 0.374 0.434 0.505 0.748

Passed

Passed

0.796 0.663 0.846 0.829 0.187 0.939 0.576 0.907 0.982 0.814 0.636 0.579 0.716 0.600 0.569 0.959 0.820 0.699 0.947 0.625 0.952 0.655 0.681 0.845 0.943 0.942

i scale should be in the range of 0 ≤ i scale ≤ 1. If the i scale obtained from the proposed system is 0 or near 0, the system is nonperiodic. If it is 1 or near 1, the system is defined as periodic. The scale index plot of the 100 different bit streams obtained from the proposed PRNG is shown in Figure 3. All the values are 1 or near 1. This shows that the bit streams are nonperiodic.

4.3. Statistical complexity measure The statistical complexity measure (SCM), based on H-disorder and Q-disequilibrium, was introduced in previous studies [34,35]. The SCM is a quantifier of the probability distribution P. The SCM is expressed by Eq. (13). 638


Figure 3. Scale index plot of 100 different bit streams.

C[P ] = Q[P ] ∗ H[P ]

(13)

For the probability distribution P = {P i , I = 1. . . N } and its information measure S, the disorder H is defined as in Eq. (14). H[P ] = S[P ]/Smax

(14)

S max = S[Pe ], where Pe = [1/N, . . . , 1/N ] is the equilibrium distribution so that (0 < H[P ] < 1) is true. S is the Shannon entropy as in Eq. (15). S[P ] = −

N ∑

Pi log2 Pi

(15)

1

Q is defined as the distance in probability space. To calculate Q with Eq. (16), Euclidean distance ( DE ) is used. }2 N { ∑ 1 (E) E Pi − Q [P ] = QE [P, Pe ] = Q0 DE [P, Pe ] = Q0 (16) N 1 (E)

Q0

= N/(N − 1) such that 0 ≤ QE ≤ 1. For nonperiodic streams, SCM and Q must be zero or near zero, while H[P] must be 1 or near 1.

The results of the SCM performed with 16-bit and 32-bit blocks of the bit streams obtained from the proposed PRNG are presented in Figures 4 and 5, respectively. The results show that for both the 16-bit and 32-bit blocks the SCM and Q are zero or near zero, while H[P] is 1 or near 1. This shows that the generated bit stream is nonperiodic. 4.4. Autocorrelation test Correlation is an indication of a linear relationship between two variables or more and has a value between +1 and –1. If the value is 0 or near 0, then there is no linear relationship between the variables. The aim of this test is to check the correlation between the generated bit stream b i and its shifted version. We assume that d is a constant integer and 1 ≤ d ≤ (n/2). The mathematical expressions of the test are given in Eqs. (16) and (18) [36]. A (d) =

n−d−1 ∑

bi ⊕ bi+d

(17)

i=0

639


Figure 4. The 16-bit statistical complexity measure results: (a) Shannon entropy, (b) disequilibrium, (c) statistical complexity.

Figure 5. The 32-bit statistical complexity measure results: (a) Shannon entropy, (b) disequilibrium, (c) statistical complexity.

Here, ⊕ is the XOR operator and n is the length of the bit stream. The following random variable is defined:

X5 =

2 [A (d) − (n − d)/2] √ n−d

(18)

If {b i } is a true random stream and n → ∞ , this random variable has a normal distribution N(0, 1). Assuming α = 0.05, if |X5| < 1.6449, the test is successful [36]. The correlation test results for the proposed PRNG are shown in Table 3. 640


Table 3. Autocorrelation test results for the proposed PRNG.

Test

Autocorrelation

D value 8 10 13 20 25 100 500 1000

X5 value –0.175 0.363 –0.527 0.518 –0.857 0.576 –0.076 –0.06

Result Success Success Success Success Success Success Success Success

5. Conclusion This study introduces a PRNG design based on the Arnold cat map. The randomness of the bit streams generated by the proposed PRNG were measured using specific analytical methods. The results of these analyses show the bit streams generated by means of Arnold cat map 1 and Arnold cat map 2 did not pass the NIST tests, but they managed to pass the tests successfully after sampling according to the proposed system’s sampler rule. The bit streams generated were checked for nonperiodicity, and all 100 bit streams displayed nonperiodicity in the scale index. Furthermore, the SCM results show that the system is not periodic. The final analysis searched for a correlation between the zeros and ones in the generated bit stream and showed that there is no such correlation. In conclusion, the bit streams generated by the proposed PRNG can be used in a variety of applications. The analyses have shown that the proposed system can also be used in cryptographic systems since it is simple and user-friendly and it can generate high-quality random number streams. The only drawback of the proposed system is that the bit rate decreases after sampling. References [1] Rukhin A, Soto J, Nechvatal J, Smid M, Banks D. A statistical test suite for random and pseudorandom number generators for statistical applications. Gaithersburg, MD, USA: NIST Special Publications on Computer Security, 2001. [2] Kenny C, Mosurski K. Random Number Generators. Dublin, Ireland: Distributed Systems Group, Trinity College, 2005. [3] Deng LY, Lin DKJ. Random number generation for the new century. Am Stat 2000; 54: 145-150. [4] Hu Y, Liao X, Wong K, Zhou Q. A true random number generator based on mouse movement and chaotic cryptography. Chaos Soliton Fract 2012; 40: 2286-2293. [5] Gleick J. Chaos: Making a New Science. New York, NY, USA: Viking, 1987. [6] Stojanovski T, Kocarev L. Chaos-based random number generators-part I: analysis [cryptography]. IEEE T CircuitsI 2001; 48: 281-288. [7] Shujun L, Xuanqin M, Yuanlong C. Pseudo-random bit generator based on couple chaotic systems and its applications in stream-cipher cryptography. Lect Notes Comp Sc 2001; 2247: 316-329. [8] Fu SM, Chen ZY, Zhou YA. Chaos-based random number generators. Comput Res Dev 2004; 41: 749-754. [9] Li XM, Shen HB, Yan XL. Characteristic analysis of a chaotic random number generator using piece-wise-linear map. J Electron Inf Technol 2005; 27: 874-878. [10] Bahi JM, Fang X, Guyeux C, Larger L. FPGA design for pseudorandom number generator based on chaotic iteration used in information hiding application. Appl Math Inf Sci 2013; 7: 2175-2188.

641


[11] Rahimov H. Improving middle square method RNG using chaotic map. Appl Math 2011; 2: 482-486. [12] Wang L, Wang FP, Wang ZJ. Novel chaos-based pseudo-random number generator. Acta Phys Sin 2006; 55: 39643968. [13] Sun F, Liu S. Cryptographic pseudo-random sequence from the spatial chaotic map. Chaos Soliton Fract 2009; 41: 2216-2219. [14] Patidar V, Sud KK, Pareek NK. A pseudo random bit generator based on chaotic logistic map and its statistical testing. Informatica 2009; 33: 441-452. [15] Guyeux C, Wang Q, Bahi JM. Pseudo random numbers generator based on chaotic iterations: application to watermarking. Web Inf Syst Min 2010; 6318: 202-211. [16] Pareek NK, Patidar V, Sud KK. A random bit generator using chaotic maps. Int J Netw Secur 2010; 10: 32-38. ´ Estévez AG, Dégano GP, Garc´ıa MR, Vitini FM. Trident, a new pseudo random number [17] L´ opez ABO, Mara˜ non GA, generator based on coupled chaotic maps. Advances in Intelligent and Soft Computing 2010; 85: 183-190. [18] Elsherbeny MN, Raha M. Pseudo – random number generator using deterministic chaotic system. International Journal of Scientific & Technology Research 2012; 1: 95-97. [19] Francois M, Defour D. A Pseudo-Random Bit Generator Using Three Chaotic Logistic Maps. Research Report. Montpellier, France: LIRMM, 2013. [20] Fran¸cois M, Defour D, Negre C. A fast chaos-based pseudo-random bit generator using binary64 floating-point arithmetic. Informatica 2014; 38: 115-124. [21] Fran¸cois M, Grosges T, Barchiesi D, Erra R. Pseudo-random number generator based on mixing of three chaotic maps. Commun Nonlinear Sci Numer Simul 2014; 19: 887-895. [22] Wang X, Qin X. A new pseudo-random number generator based on CML and chaotic iteration. Nonlinear Dyn 2012; 70: 1589-1592. ¨ [23] Avaro˘ glu E, Tuncer T, Ozer AB, T¨ urk M. A new method for hybrid pseudo random number generator. J Microelectron Electron Compon Mater 2014; 44: 303-311. ¨ [24] Avaro˘ glu E, Tuncer T, Ozer AB, Ergen B, T¨ urk M. A novel chaos-based post-processing for TRNG. Nonlinear Dyn 2015; 81: 189-199. ¨ [25] Tuncer T, Avaro˘ glu E, T¨ urk M, Ozer AB. Implementation of non-periodic sampling true random number generator on FPGA. J Microelectron Electron Compon Mater 2014; 44: 296-302. ¨ [26] Ozkaynak F. Cryptographically secure random number generator with chaotic additional input. Nonlinear Dyn 2014; 78: 2015-2020. [27] Alatas B, Akin E, Ozer AB. Chaos embedded particle swarm optimization algorithms. Chaos Soliton Fract 2009; 40: 1715-1734 [28] Arnold VI, Avez A. Problèmes Ergodiques de la Mécanique Classique. Science 1968; 159: 1344-1344 (in French). [29] Saratov Group. Classic Arnold’s Cat and Other Maps on a Torus. Saratov, Russia: Saratov Group, 2012. Available online at http://www.sgtnd.narod.ru/science/cat/classic/eng/classic.htm. [30] Rukhin A, Soto J, Nechvatal J, Smid M, Barker E, Leigh S, Levenson M, Vangel M, Banks D, Heckert A et al. A Statistical Test Suite for Random and Pseudo Random Number Generators for Cryptographic Applications. Gaithersburg, MD, USA: NIST, 2010. [31] Marsaglia G. The Marsaglia Random Number CDROM Including the Diehard Battery of Tests of Randomness. Available online at http://stat.fsu.edu/pub/diehard/. [32] L’ecuyer P, Simard R. TestU01: A C library for empirical testing of random number generators. ACM T Math Software 2007; 33: 22. [33] Ben´ıtez R, Bol´ os VJ, Ram´ırez ME. A wavelet-based tool for studying non-periodicity. Comput Math Appl 2010; 60: 634-641.

642


[34] Akhshani A, Akhavan A, Mobaraki A, Lim SC, Hassan Z. Pseudo random number generator based on quantum chaotic map. Commun Nonlinear Sci Numer Simul 2014; 19: 101-111. [35] Lopez-Ruiz R, Mancini HL, Calbet X. A statistical measure of complexity. Phys Lett A 1995; 209: 321-326. [36] Menezes AJ, Oorschot PC, Vanstone SA. Handbook of Applied Cryptography. Boca Raton, FL, USA: CRC Press, 1996.

643