Analysis Of Two Chaotic Ciphers

In this paper, taking the ZLL chaotic stream cipher as example, the problem of equivalent keys of chaotic cipher is studied. The fact that the chatic map is not bijective is proved to be the essential reason why the equivalent keys exist. The expected value of the number of equivalentkeys of the ZLL chaotic stream cipher is 2.25-3/(4(p+1))(Where p is a parameter of chaoticmap). On a Pentium 4/2.5GHz personal computer, ten experiments to seek keys of the ZLL chaotic stream cipher with p = 2 by divide-and-conquer attack are performed and all equivalent keys of every key are gained. The experiments results indicate that the expected value of the number of equivalent keys is 2.5. As the theoretical number is 2, the experiments results are consistent with theory analysis approximately. According to the existence of equivalent keys, this paper considered that the ZLL chaotic stream cipher with performing several iterations before working can still not resist the divide-and-conquer attack.We analyzed the TDSCBE cipher with different number of key parameters and foundsignals being in the preceding (3N+2)/4(Where N is a parameter and N can not be divided by4 with no remainder) batch signals of the cipher were independent of the key. For the sale of avoiding these signals, we suggested that the cipher should iterate several times before working. On the premise of all signals being related to the keys, we studied the dependence between the sequence {K'_i}_i=1^∞ generated by the test key a', and the {K_i}_i=1^∞, generated by the key a, byinvestigating the distribution of the sequence {| K'_i-K_i |}_i=1^∞. When a equals a^l, where themost significant l bites of a^l are identical with that of a but the least significant bits are 0, we found that there was little difference between {K'_i}_i=1^∞'s initial values and that of {K_i}_i=1^∞. When the most significant l bites of a' are random selected and the least significant bits are 0, we found that {K'_i}_i=1^∞ and {K_i}_i=1^∞ were independent each other. According to the leaked information, it was judged the TDSCBE cipher could be attacked by the divide-and-conquer attack. Then we proposed the definitions of "difference of reference", "difference's probability of reference" and presented the distribution of the true a^l's difference of reference. Based on the leaked information of the difference of reference, the definitions of "useful signal" and "useful inequality" were proposed in this paper. Then the divide-and-conquer attack schemes of TDSCBE cipher with the parameter m being 1, 2 and 3 are advanced separately. Analysis of the schemes' propertise indicates that under the success probability is no less than 0.9 the everage complexity of divide-and-conquer attack is smaller than that of exhaustive attack, this proves that the TDSCBE cipher is insecure. In addition, on 2.5GHz of Pentium 4 PC, we have carried out ten experiments to seek keys of the TDSCBE cipher by the divide-and-conquer attack when m equals 1. The experiments results indicate that the average time of the ten experiments is about 155 minutes and 32 seconds and the average complexity is about 1.55×2²⁶ and the success probability is about 0.91. The experiments results are consistent with the theory analysis approximately, so it confirmed the correctness of our theory analysis again.