Download full-text PDF

BREEZE - A CHAOS BASED PSEUDO RANDOM NUMBER GENERATOR BY HOPPING BETWEEN LOGISTIC MAP PSEUDO ORBITS

Technical Report (PDF Available)  · December 2014with19 Reads
DOI: 10.13140/RG.2.1.5157.1684
Report number: 1, Affiliation: eduToolbox@Bri-C GmbH, Sarstedt, Germany
Andreas Briese at Bri-C Veterinärinstitut Gbr / until 2010 University of Veterinary Medicine Hannover
  • 22.56
  • Bri-C Veterinärinstitut Gbr / until 2010 University of Veterinary Medicine Hannover
Abstract
Logistic maps (LM) expose a well studied phenomenom. The recursive call of the LM with (1) f(xn) = τxn−1(1 − xn−1) with {τ ∈ R | (3.83,4.0]};{x ∈ R | (0,1)} will get into chaotic state at 0<x<1 and 3.56995 <τ <3.82843 or 3.82843 <τ <=4.0 and in a theoretically infinite space of real numbers the LM will conserve the chaotic state ad infinitum (elsewhere called an ’orbit of the LM’). Each orbit is unique and subsequently deterministic to the seed x0. This makes LM an interesting candidate for deterministic Chaos Based Random Number Generation (CBPRNG). Unfortunately in computational reality due to the double float IEEE754 representation and the resulting precision loss from rounding the single LM orbit might degrade rapidly and the period length of such a computed LM is limited in length and might even be very short (Li (2003, 2004), Arroyo (2009), Persohn and Povinelli (2012)). The proposed ’breeze’ CBPRNG uses a number of interacting LMs with {τ ∈ R | (3.83, 4.0]} to prevent orbit degradation. Random number output gained from the intermediate result mantissa in IEEE74 double float representation of the LM orbits repeatedly passed NIST Test Suite for randomness while the speed of the Go/Golang breeze implementation outclasses Go’s standard library random implementations and implementations of the Multiply-with-Carry method and Salsa20 in Go. See https://github.com/AndreasBriese/breeze for the detailed results and source code.
BREEZE - A CHAOS BASED PSEUDO RANDOM NUMBER
GENERATOR BY HOPPING BETWEEN LOGISTIC MAP PSEUDO
ORBITS
ANDREAS BRIESE
1. Summary
2. Introduction
3. Coding chaos
3.1. Chaos in logistic maps. Logistic maps are well studied. They exhibit chaotic
behavior if τis set to values greater than 3.57 and smaller or equal to 4.0. At τnear
3.82 chaotic (up-and-down) output is suspended, but with τgreater 3.83 output is
unpredictable and within the range of 0 to 1. Breeze uses {τR|(3.83,4.0]}therefore.
f(xn) = τxn1(1 xn1)with {τR|(3.83,4.0]};{xR|(0,1)}(1)
When exploring a single logistic map, they exhibit orbits of xnRdetermined by
the starting x1. In theory these orbits should be non-overlapping and expose an endless
period but if translated to finite space of computational double float representation the
pseudo orbits caused by rounding are overlapping and periods are limited in length and
might be very short (Li (2003, 2004), Arroyo (2009), Persohn and Povinelli (2012)). The
starting points of such degradation leading to a short periods had been called pathological
seeds by Persohn and Povinelli (2012).
To prevent the before mentioned degradation of pseudo orbits the new family of
CBPRNG uses singular calculations of multiple logistic maps for random number output
instead of exploring the pseudo orbits. These multiple maps are combined in such a way,
that the outcome of one equation is used for the next calculation of another logistic
map with τn6=τn+1 after ’mirroring it at 1’ by calculation x0= 1 x. This results in
’hopping’ between pseudo orbits of the logistic maps with any computation cycle. In
finite space of double float computation this is turning both calculations into potential
’one-way-functions’ because of the rounding errors in IEEE double float:
xn1
=xn
τ(1 xn)with xn=τ xn1(1 xn1)(2)
x
=1(1 x)for small x (x0and x < 223 in particular)(3)
Date: December 18, 2014.
1
2 ANDREAS BRIESE
The multiple logistic maps in breeze are:
breeze128(6 maps :f1..6with τ1..6)
fi(xi,n) = τi(1 xi+1,n1)(1 (1 xi+1,n1)); i[1..6]
breeze256(12 maps :f1..12 with τ1..12)
fi(xi,n) = τi(1 xi+1,n1)(1 (1 xi+1,n1)); i[1..12]
breeze512(24 maps :f1..24 with τ1..24)
fi(xi,n) = τi(1 xi+1,n1)(1 (1 xi+1,n1)); i[1..24]
represented by the following Go code:
fun c ( l Br ee z e 12 8 ) r ou n dT r ip ( ) {
n ew s ta t e 1 := ( 1 . 0 l . s t a t e 1 )
newstate1 = 4 . 0 l . s t a t e 1
n ew s ta t e 2 := ( 1 . 0 l . s t a t e 2 )
newstate2 = 3.999999999 l . s t a t e 2
n ew s ta t e 3 := ( 1 . 0 l . s t a t e 3 )
newstate3 = 3.99999998 l . s t a t e 3
n ew s ta t e 4 := ( 1 . 0 l . s t a t e 4 )
newstate4 = 3.99999997 l . s t a t e 4
n ew s ta t e 5 := ( 1 . 0 l . s t a t e 5 )
newstate5 = 3 . 9 9 9 9 9 9 l . s t a t e 5
n ew s ta t e 6 := ( 1 . 0 l . s t a t e 6 )
newstate6 = 3 . 9 9 9 9 9 7 l . s t a t e 6
s w i t c h n e w s t a t e 1 newstate2 newstate3 newstate4 newstate5 newstate6 {
c a s e 0 :
s 1 := ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 1 ))< <11>> (12 + l . b i t s h i f t % 7))
s 1 += ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 2 )) <<11>>(12 + l . b i t s h i f t % 7))
s 1 += ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 5 )) <<11>>(12 + l . b i t s h i f t % 7))
s 2 := ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 ))< <11>> (12 + l . b i t s h i f t % 7))
s 2 += ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 4 )) <<11>>(12 + l . b i t s h i f t % 7))
s 2 += ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 6 )) <<11>>(12 + l . b i t s h i f t % 7))
s e e d := [ 2 ] u i n t 6 4 {s 1 , s 2 }
l . b i t s h i f t ++
l . s e e d r ( s e ed )
default :
l . s t a t e 1 = 1. 0 newstate2
l . s t a t e 2 = 1. 0 newstate3
l . s t a t e 3 = 1. 0 newstate4
l . s t a t e 4 = 1. 0 newstate5
l . s t a t e 5 = 1. 0 newstate6
l . s t a t e 6 = 1. 0 newstate1
}
...
}
No te : ma th . F l o a t 6 4 b i t s ( ) r e t u r n s L i t t l e E nd ia n b i t r e p r e s e n t a t i o n o f t h e f l o a t d ou b le .
’ ˆ me ans x or , > >’ ’< < b i t w is e s h i f t i n g a nd ’ %’ me ans mod .
The switch statement leeds to a reseed of the generator from the previous states mantissa in case one of the (new)states
rounded to Zero in the equation. The ’default:’ case leeds to interchange of the (new)state values ’mirrored at 1’.
By splitting the newstate calculation (see code) ’Fused Multiply Add’ (FMA) operation with different internal floating
point representation in some chipsets should be prevented. The splitting should ensure that the intermediate results are
always stored in 64 bit floating point words.
The theoretical entropy of logistic map orbits (isomorphic symmetric of 1
2) in finite
space of double float computation should be L52
2=L51 but the degradation of the map
BREEZE - A CHAOS BASED PSEUDO RANDOM NUMBER GENERATOR BY HOPPING BETWEEN LOGISTIC MAP PSEUDO ORBITS3
will reduce this in computational linear exhaustion of the maps pseudo orbits. Breeze
approach of multiple logistic maps does not suffer of such degradation because any new
cycle of computation may or may not be within the previous pseudo orbit (hopping effect)
and the output randomness may therefore benefits from the full entropic potential of the
finite space representation: H=log2(251) = 51 Sh.
3.2. Processing output from the logistic maps. In contrast to other chaos based
PRNG breeze uses the mantissa bits of the computation result from the logistic map
equation as source of random bits. As discussed before the entropy of the 52 mantissa
bits in double float IEEE754 representation should be L51 or51 Sh. For latter crypto
graphical use of the algorithm, encapsulation of the computation outcomes is useful to
prevent leakage of any inner state of the generator. Therefore fractions of at least two
outcome mantissa are added to form one 64 bit stream that is stored in a 64 unsigned
integer. The underlying states are further obfuscated by bitwise xoring this variable by
a previous 64 bit output and the 64 bitstream deriving from two different logistic map
equations.
This is the ’GO’ code to process the output from float double Little Endian bit rep-
resentation:
fun c ( l B re e z e1 2 8 ) r ou n dT r ip ( ) {
...
l . b i t s h i f t = ( l . b i t s h i f t + 1 ) % 20
tmp : = l . s t a t e [ 0 ]
l . s t a t e [ 0 ] = l . s t a t e [ 1 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 1 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 2 ))< <12>>( 13 + l . b i t s h i f t ) ) )
l . s t a t e [ 1 ] = l . s t a t e [ 2 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 2 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 ))< <12>>( 13 + l . b i t s h i f t ) ) )
l . s t a t e [ 2 ] = l . s t a t e [ 3 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 3 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 4 ))< <12>>( 13 + l . b i t s h i f t ) ) )
l . s t a t e [ 3 ] = l . s t a t e [ 4 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 4 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 1 ))< <12>>( 13 + l . b i t s h i f t ) ) )
ho p : = ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 5 )) < <30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 6 )) <<12> >(13 + l . b i t s h i f t ) ) )
l . b i t s h i f t ++
l . s t a t e [ 4 ] = ( l . s t a t e [ 5 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 1 ) )< < 12)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 2 ))< <12>>( 13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 2 ]
l . s t a t e [ 5 ] = ( l . s t a t e [ 6 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 1 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 ))< <12>>( 13 + l . b i t s h i f t ) ) ) ) ˆ hop
l . s t a t e [ 6 ] = ( l . s t a t e [ 7 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 1 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 4 ))< <12>>( 13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 1 ]
l . s t a t e [ 7 ] = ( l . s t a t e [ 8 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 2 ) )< < 30)
4 ANDREAS BRIESE
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 1 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ ho p
l . s t a t e [ 8 ] = ( l . s t a t e [ 9 ] ˆ ( ( ( mat h . F l o a t 6 4 b i t s ( l . s t a t e 2 ) )< < 12)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 3 ]
l . s t a t e [ 9 ] = ( l . s t a t e [ 1 0 ] ˆ ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 2 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 4 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ ho p
l . b i t s h i f t ++
l . s t a t e [ 1 0 ] = ( l . s t a t e [ 1 1 ] ˆ ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 2 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 3 ]
l . s t a t e [ 1 1 ] = ( l . s t a t e [ 1 2 ] ˆ ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 ) )< < 12)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 4 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 1 ]
l . s t a t e [ 1 2 ] = ( l . s t a t e [ 1 3 ] ˆ ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 1 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ ho p
l . s t a t e [ 1 3 ] = ( l . s t a t e [ 1 4 ] ˆ ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 4 ) )< < 12)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 1 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 2 ]
l . s t a t e [ 1 4 ] = ( l . s t a t e [ 1 5 ] ˆ ( ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 4 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 2 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ ho p
l . s t a t e [ 1 5 ] = ( tmp ˆ ( ( ( math . F l o a t 6 4 b i t s ( l . s t a t e 4 ) )< < 30)
+ ( ( m ath . F l o a t 6 4 b i t s ( l . s t a t e 3 )) <<12> >(13 + l . b i t s h i f t ) ) ) ) ˆ l . s t at e [ 0 ]
}
No te : ma th . F l o a t 6 4 b i t s ( ) r e t u r n s L i t t l e E nd ia n b i t r e p r e s e n t a t i o n o f t h e f l o a t d ou b le .
’ ˆ me ans x or , > >’ ’< < b i t w is e s h i f t i n g a nd ’ %’ me ans mod .
3.3. Initialization. The main difference between the breeze variants is their key space.
The multiple logistic maps are seeded each by x0=1
swith {sN|(1,221 22)}.
Initialization seed derives from a 64 bit word cut into three srepresenting 21, 22, 21
bits.
That leads to a 128bit keyspace (two 64 bit words for six seedings) in breeze128, 256
bit (four 64 bit words for twelve seedings) in breeze256 and 512 bit (eight 64 bit words
for 24 seedings) in breeze512.
4. Testing for random output
4.1. NIST Test Suite. The three variants of breeze had been tested by NIST Test
Suite (NIST (2014)). 20 Sets of 100 output sequences of 8 106bit length deriving from
each variant passed the test suite without warnings.
4.2. Visual patterns. Output from the PRNG was converted into RGBA-channels
of 24bit png images (8000x4000 pixels scaled to 25%) underlaid with white and black
backgrounds for visual pattern recognition and thoroughly inspected switching between
consecutive images in 1sec intervals. Human visual sense is very fast in pattern recogni-
tion. Such patterns would indicate weakness in the random output by repeated sequence
(short periods) or degradation of underlying entropy.
4.3. Test for output doublets. Degradation of the PRNG would lead to shortened pe-
riods, that are found repeatedly in the output. the breeze variants breeze128, breeze256
and breeze512 hold output arrays of 64 bit unsigned integers of length 16, 32 and 64,
that are produced by one computation cycle.
A 236 bit Bloom filter with 7 hash locations was used to check continuously for rep-
etitions of consecutive pairs of PRNG variant output (256, 512, 1024 Byte) in 100 sets
of 200 GB, 400 GB, 800 GB output length from breeze128, breeze256 and breeze512.
A single doublet was found in each of breeze128 and breeze512 total output sequences.
They occurred after 174 GB output testing in the 98th sequence and after 728 GB of
the 61rst sequence respectively.
BREEZE - A CHAOS BASED PSEUDO RANDOM NUMBER GENERATOR BY HOPPING BETWEEN LOGISTIC MAP PSEUDO ORBITS5
4.4. Results and discussion. The NIST Test Suite was passed by the test sets without
warnings and no indication of visible patterns in the generated images were observed.
Bloom filters are probabilistic approaches to test for inclusion into the filter (see
http://en.wikipedia.org/ wiki/ Bloom filter ). The filter is 100 % accurate for non-
inclusion response and if the bits corresponding to the hash values of a element to be
checked isn’t set, the filter does not include that value. But Bloom filters pose a false
positive error (meaning that all corresponding bits are set even if the value is not included
in the filter) that can be calculated by (4).
p= (1 (1
m)kn)k
(4)
with m = No. of filter bits; k = No. of hashes (locations); n = No. of elements included.
Within the findings range (174GB: 679687500 6element number, 728GB: 710937500
6element number) the false positive probability for the findings was calculated to be
5.99e-09 and 8.12e-09 respectively - furthermore the error probability might be under-
estimated because only one hash function (sipHash) is used to compute seven locations
in the Bloom filter and sipHash is not claimed to be collision resistant.
It is assumed that these two findings by the Bloom filter test were false positives and
the fact that these findings were solitary and do not indicate a repetition in sequence (a
short period longer than three elements) is supporting this statement.
To summarize, the performed test did not indicate weaknesses in any of the variants
of the proposed chaos based pseudo random generator. Nonetheless prior to use in
security sensible areas (i.e. used as stream cipher or other cryptographic purpose) further
cryptanalysis by a third party, that underline it’s security, might be considered.
5. Literature
Shujun Li (2003): Analyses and New Designs of Digital Chaotic Ciphers. Ph.D. thesis, School
of Electronic and Information Engi- neering, Xian Jiaotong University, Xian, China. Available
online at http://www.hooklee.com/pub.html.
Shujun Li (2004): When chaos meets computers. URL http://arxiv.org/ abs/nlin.CD/0405038,
last revised in December 2005.
David Arroyo (2009): Framework for the analysis and design of encryption strategies based on
discrete-time chaotic dynamical systems, Thesis, Universidad Politecnica de Madrid, Dpto. de
Fisica y Mecanica Fundamentales y Aplicadas a la Ingenieria Agroforestal Area de conocimiento
de Fisica Aplicada y Matematica Aplicada
K. J. Persohn, R. J. Povinelli (2012): Analyzing Logistic Map Pseudorandom Number Gen-
erators for Periodicity Induced by Finite Precision Floating-Point Representation
http://povinelli.eece.mu.edu/ publications/ papers/ chaos2012.pdf
NIST Test Suite (2014): version sts-2.1.2 including changes of July 9, 2014; http://csrc.nist.gov/
groups/ ST/ toolkit/ rng/ index.html
Burton H. Bloom (1970), ”Space/Time Trade-offs in Hash Coding with Allowable Errors”,
Communications of the ACM 13 (7): 422426, doi:10.1145/362686.362692
Technical Report
December 2014
    Logistic maps (LM) expose a well studied phenomenom. The recursive call of the LM with f (x n) = τ x n−1 (1 − x n−1) with {τ ∈ R | (3.83, 4.0]}; {x ∈ R | (0, 1)} (1) will get into chaotic state at 0 < x < 1 and 3.56995 < τ < 3.82843 or 3.82843 < τ <= 4.0 In a theoretically infinite space of real numbers the LM will conserve the chaotic state ad infinitum (elsewhere called an 'orbit of the... [Show full abstract]
    Article
      Wenn zwischen mehreren Handlungsmöglichkeiten zu entscheiden ist, trifft oft eine Binsenweisheit den Nagel auf den Kopf: "Wer die Wahl hat, hat die Qual!" Ethische Dilemmata infolge von Konflikten zwi-schen ethischen Prinzipien können eine Entscheidung ebenso erschweren wie die Schwierigkeit, zwischen vielen Übeln das kleinste auszumachen. Eine strukturierte Analyse der Problemstellung... [Show full abstract]
      Article
        Mobile slaughter is commonly discussed as alternative method to slaughter avoiding transportation stress in slaughter animals. In 1994 mobile slaughter became part of the coalition-contract between the two major parties, SPD and GRUNE, in the Department HESSEN. In the article the actual principles, problems to cope with EU-legislation and hygiene-standards, chances and risks of mobile... [Show full abstract]
        Article
          As of 1 September, 2001 existing legislation regulating outdoor dog husbandry is replaced by the domestic dog welfare directive of 2 May, 2001. The new directive applies to details of housing and breeding of dogs kept indoors and as domestic companions. Thus, minimum requirements for housing, care and feeding now apply to the great majority of private dog owners. However these requirements do... [Show full abstract]
          Discover more