Chaos Theory and Cyber Security

November 3, 2020

Tech

Nowadays, the skillful genesis of chaos turns out to be a key issue in many technological application fields such as engineering, medicine, communications, information storage, and, with particular importance, cryptography.

Chaos theory is a branch of mathematics focusing on the study of chaos - practically the final result being highly sensitive to initial conditions. Chaotic systems are predictable for a while and then, when you think everything is ok, all results from that point become random.

A metaphor for this behavior is that: “*A* *butterfly flapping its wings in China can cause a hurricane in Texas”. *The butterfly effect is the idea that small things can have non-linear impacts on a complex system. The concept is imagined with a butterfly flapping its wings and causing a hurricane.

Benjamin Franklin offered a poetic perspective, long before the identification of the butterfly effect, that’s been around since the 14th century in English and the 13th century in German:

*For want of a nail the shoe was lost,*

*For want of a shoe the horse was lost,*

*For want of a horse the rider was lost,*

*For want of a rider the battle was lost,*

*For want of a battle the kingdom was lost,*

*And all for the want of a horseshoe nail*.

The lack of one horseshoe nail could be inconsequential, or it could indirectly cause the loss of a war. There is no way to predict which outcome will occur.

When talking about security, the first thing that comes to our mind is? Cryptography. And what would cryptography be without hash functions?

Hash functions are cryptographic mathematical algorithms that apply to a variable-length binary and lead to a fixed-length binary string.

For example, hash on 32 bits for this text:

* “mindit is cool” is“003aee9cd0074f00f74532df472aa3ab”*

**Study case:** You want to store strong and large passwords into your database and you want to compare the password inserted by the user with your stored password? And, for obvious reasons, you want it to be very fast and safe.

Yes, you’ve hit it! The answer to the question above is the Hash function.

And that’s not all they can do. They can be used in the following situations:

· Almost all **digital signature** schemes require a cryptographic hash to be calculated over the message. This allows the signature calculation to be performed on the relatively small, statically sized hash digest.

· ** Password verification** commonly relies on cryptographic hashes. Storing all user passwords as cleartext can result in a massive security breach if the password file is compromised. One way to reduce this danger is to only store the hash digest of each password. To authenticate a user, the password presented by the user is hashed and compared with the stored hash.

· A message digest can also serve as a means of reliably **identifying a file**; several source code management systems, including Git, Mercurial, and Monotone, use the sha1sum of various types of content (file content, directory trees, ancestry information, etc.) to uniquely identify them. Hashes are used to identify files on peer-to-peer filesharing networks.

Having in mind what a hash function is let's move on to understanding what a chaotic function is.

The best-known definition of chaotic functions is that of Robert Devaney:

*A function is chaotic if it is sensitive to the initial conditions* (*Butterfly Effect*).

To be more exact, we can consider the next example:

We can see that, for a simple defined function, we can generate some pseudo-random values; meaning that the logistic function is chaotic as for small changes in the initial conditions the result will be completely chaotic in the [0,1] range.

Using what we know about hash and chaotic functions we can use ** Merkle-Damgard **construction to create our “custom” hash function.

The main capability of hash functions is that they can generate messages of the same length regardless of the initial message's length.

We can consider that *our hash* is on 32 bits so all the messages digested by our hash will have an output of 32 bits. Now, following the steps described in the Merkle-Damgard construction, we will add our *custom chaotic function* to the message's construction.

- Convert the entire message to binary.
- Slice the binary into N slices of 32 bits each. If the message length is not divisible with 32 we can add 0’s at the end of the message until the length is divisible.
- Generate N 32 bits unsigned int with Chaotic Map.
- Take every slice unsigned int and apply different logical operators ( ^, |, &) between two bits. Combine the results using permutations to obtain a good propagation of any change in the entire message. The M slice should be combined with the slice obtained at the previous step (M-1).
- For example result = result ^ (slice(M) | charNumber)&slice(M), This is one example for a compression function.
- The final result should be a single 32 bits message.

In conclusion with the development of Internet technology, electronic-based messages have become more and more important in daily communication. These electronic data interchange activities are pertinent to e-commerce and e-business, where integrity and authenticity are vital. To achieve this goal, some cryptographic hash functions have been developed and used, such as MD4 [Rivest, 1991], its improved version MD5 [Rivest, 1992; Touch, 1995] or SHA-1 [NIST, 1995].

With the use of a cryptographic hash function, a finite length hash value (called message digest - MD) can be obtained from an electronic-based message with arbitrary length.

Although cryptographic hash functions are well-designed and commonly used, there always exists a chance of collision, in which two different messages will generate the same MD. Therefore, designing a secure cryptographic hash function is challenging. The function should be one-way efficient, and collision-resistant.

In this article, a novel custom cryptographic hash function was described based on a high dimensional chaotic map and Merkle-Damgard construction. Unlike the conventional cryptographic hash function, which involves logical functions, the proposed scheme is developed according to the complex temporal behavior and the high sensitivity to the initial conditions of a high-dimensional chaotic map.