Cryptographic and parallel hash function based on cross coupled map lattices suitable for multimedia communication security

Abstract

Cryptographic hash functions can map data of arbitrary size to data of fixed size (hash values), which can be used in a wide range of multimedia applications for communication security, such as integrity protection, message authentication and digital signature. In this paper, we present a cryptographic and parallel chaotic hash function based on the cross coupled map lattices for multimedia communication security. More specifically, we first utilize the piecewise linear chaotic map with secret keys to generate initial parameter sequence for the cross coupled map lattices and an initial hash value. Then, we extend the original message into a message matrix to enhance the correlation of message characters. Next, we process each of the message blocks in the matrix in parallel as the space domain input of the cross coupled map lattices and the initial parameters as the time domain input to generate intermediate hash values. After all message blocks are processed in parallel, the final h-bit hash value is obtained by logical operations with the initial and intermediate hash values. Finally, we evaluate the performance of the proposed hash function in terms of uniform distribution of hash values, sensitivity of the hash value to subtle changes of the original message, secret keys, and images, confusion and diffusion properties, collision tests, efficiency of computation speed. The cryptanalytic results demonstrate that the proposed hash algorithm has statistical properties with \(\bar {B} = 64.0022\) and P = 50.0017%, collision resistance with d = 85.3944, average computation speed of 132.0 Mbps, and better statistical performance compared with existing chaotic hash functions, which are suitable for multimedia communication security.

1 Introduction

With the rapid development of computer and Internet technology, multimedia communication plays a significant role in multiple areas in our social society. The security of multimedia data is becoming more and more important in wired or wireless communications, such as file downloading and online payments [6, 8], image authentication [47] and watermarking [41]. Due to the high redundancy and large amount of data, multimedia data have special requirements for the security protection, such as real time, self-certification and availability. Among the various techniques proposed to address these challenges, hash algorithm has been proven to be an effective and efficient solution, which is able to protect information integrity [50], authenticate messages/images [26, 54], and generate digital signatures/watermarking [46, 69] for multimedia communication security [9, 10, 52] and mobile communication security [11,12,13,14,15,16,17, 71].

A hash function is a special kind of one-way function, which can be classified into two categories: (i) unkeyed hash function, whose specification dictates a single input parameter, a message; and (ii) cryptographic hash function, whose specification dictates two distinct inputs, a message and a secret key [27, 55, 61]. Unkeyed hash function h() has four properties: compression, irreversibility, second-preimage resistance and collision resistance. More specifically, (a) compression: a function h() maps an input M with arbitrary bit length, to an output h(M) of fixed bit length l; (b) irreversibility: given a function h() and an input M, it is easy to compute h(M). However, it is computationally infeasible to find any input which hashes to a specific output, i.e., to find any pre-image M such that h(M) = y, given any y for which a corresponding input is not known; (c) second-preimage resistance: it is computationally infeasible to find any second input which has the same output as any specified input, i.e., given M, to find a second-preimage M^′≠M such that h(M) = h(M^′); (d) collision resistance: it is hard to find any two distinct inputs M and M^′, which hash to the same output, i.e., such that h(M) = h(M^′). On the other hand, a cryptographic hash function h_k is a class of hash functions {h_k : k ∈ V_n} indexed by a key k such that {h_k : M → V_m} generates a message digest with length l, where V_n denotes the n-dimensional vector space over GF(2). h_k is a secure keyed one-way hash function, if it satisfies the following properties: (a) The function h_k is keyed one-way. That is: (i) given k and M, it is easy to compute h_k(M); (ii) without knowledge of k, it is hard to find M when h_k(M) is given; (iii) without knowledge of k, it is hard to find h_k(M) when M is given; (b) the function h_k should uniformly distribute the message digest in the message digest space. This thwarts statistical attacks; (c) the function h_k is keyed collision free. That is, without the knowledge of k, it is difficult to find two distinct messages M and M^′ that collide under h_k; (d) the function h_k should produce a message digest with at least 128 bits to thwart birthday attacks; (e) the function h_k should have enough key space to thwart exhaustive key search [25, 31].

Traditional hash functions such as MD5 and SHA-1 are mainly based on logical operations, modular arithmetic operations or digital algebraic operations, which reveal security weakness, since attacks on these algorithms have been discovered [34, 40, 49, 56, 57]. In particular, X. Y. Wang has found an effective method to reduce the complexity of collisions of SHA-1, issued as a Federal Information Processing Standard by NIST [57]. Due to the high computational complexity of logical or xor operations on traditional hash functions, chaos has been exploited to design chaotic hash algorithms for its interesting characteristics, such as sensitivity to tiny changes in initial conditions and parameters, random-like behavior, ergodicity, unstable periodic orbits with long periods and desired diffusion and confusion. Compared with traditional hash algorithms, chaos-based hash algorithms have unstable and aperiodic orbits, and are more unstable dynamical systems with high sensitivity to initial conditions and more suitable for large-scale data encryption [38]. K. W. Wong is the first to propose the chaotic hash function, which is built on the number of iterations of one-dimensional logistic map needed to reach the region corresponding to the character, along with a lookup table updated dynamically [63]. Then, chaotic hash functions are attracting more and more researchers to research ranging from the use of simple maps such as tent map [4, 32, 37, 70] and logistic map [1, 20, 58] to the use of more complicated maps of the sine map [21], standard map [33], piecewise linear or nonlinear chaotic maps [2, 30, 36, 53, 64, 65, 74], and high-dimensional chaotic maps [3, 22, 26, 35, 43]. For instance, M. Amin designed a chaos-based hash function based on a tent map for cryptographic applications [4]. Y. Wang provided a one-way hash function based on iterating a logistic map [58]. M. Ahmad provided a simple secure hash function scheme using multiple chaotic maps including logistic map, tent map, skew-tent map, cubic map and baker map [1]. A. Akhavan designed a hash function based on piecewise nonlinear chaotic map [2]. P. Zhang presented a parallel and collision resistance hash function with variable initial values [74]. Z. Lin developed a methodology to construct keyed hash functions based on chaotic iterations to avoid dynamic degradation caused by finite precision [36]. M. Todorova proposed a hash function based on irregularly decimated chaotic map [53]. H. S. Kwok presented a chaos-based cryptographic hash function for message authentication based on a high-dimensional cat map [26]. Z. Lin again designed an approach for constructing one-way hash function based on a message block controlled 8D hperchaotic map [35].

Although the above hash algorithms have their advantages, most of them ignore the parallel characteristic of message processing, which effectively improves the computation speed. In this paper, we present a cryptographic and parallel hash algorithm based on the cross coupled map lattices for multimedia communication security. More specifically, we first iterate the piecewise linear chaotic map with secret keys l times to generate a parameter sequence A for the cross coupled map lattices and generate an initial h-bit hash value H₀. Then, we extend an arbitrary length of message M into a message matrix M^″ to enhance the correlation of message characters. Next, we iterate the cross coupled map lattices CCML 2h times to generate a h-bit intermediate hash value H_i. There are two inputs for the CCML: the space domain input, which is the message blocks \(M^{\prime \prime }_{i}\) in the matrix M^″ and the time domain input, which is the parameters C from sequence A. After all message blocks are processed in parallel, the final h-bit hash value is obtained by logical operations with H₀ and H_i(i = 1,2,…). Finally, we evaluate the performance of the proposed hash function in terms of uniform distribution of hash values, sensitivity of the hash value to subtle changes of the original message and secret keys, confusion and diffusion properties, collision tests, efficiency of computation speed, and the cryptographic results demonstrate that the hash algorithm has good statistical properties, strong collision resistance, and better statistical performance compared with existing chaotic hash functions. We differ in that we are among the first to exploit a two-dimensional cross coupled map lattices with space domain and time domain inputs to design a cryptographic hash function and that the proposed hash function can be performed in parallel.

The main contributions of this work can be summarized as:

• We present a cryptographic and parallel hash algorithm based on the cross coupled map lattices for multimedia communication security. Different from the chaotic maps-based parallel keyed hash scheme [64], we are among the first to exploit the cross coupled map lattices to construct the hash algorithm.

• We utilize message blocks as the space domain input and parameter sequence from the piecewise linear chaotic map as the time domain input for the cross coupled map lattices to generate intermediate hash values. We differ from the 2D coupled map lattices-based hash scheme [59] in that the cross coupled map lattices have space and time domain inputs, which significantly compress the message information into intermediate hash values.

• We evaluate the performance of the proposed hash algorithm, and the cryptanalytic results demonstrate that the hash algorithm has good statistical properties, strong collision resistance, and better statistical performance compared with existing chaotic hash functions. Comparing to [23], our algorithm shows better performance in the average computation speed, statistical analysis, and collision resistance.

The remainder of this paper is organized as follows: Section 2 briefly describes the piecewise linear chaotic map and the crossing coupled map lattices. In Section 3, we present the design of the cryptographic and parallel hash algorithm based on the cross coupled map lattices in detail. We evaluate the performance of the proposed hash algorithm in Section 4 and conclude the work in Section 5.

2 Preliminaries

In this section, we briefly describe the one-dimensional piecewise linear chaotic map and the two-dimensional crossing coupled map lattices used in the proposed hash algorithm, respectively.

2.1 Piecewise linear chaotic map (PWLCM)

We select the one-dimensional piecewise linear chaotic map in the proposed hash algorithm, which is expressed as in (1):

$$ x_{i + 1} = \text{PWLCM}(\alpha,x_{i}) = \left\{\begin{array}{ll} x_{i}/\alpha &0 \leq x_{i} < \alpha; \\ (x_{i}-\alpha)/(0.5-\alpha) & \alpha \leq x_{i} < 0.5; \\ (1-x_{i}-\alpha)/(0.5-\alpha) & 0.5 \leq x_{i} < 1- \alpha; \\ (1-x_{i})/ \alpha &1-\alpha \leq x_{i} \leq 1. \end{array}\right. $$

(1)

where x_i represents the iteration trajectory value, and α denotes the control parameter. When α is assigned values in (0,0.5), x_i evolves into a chaotic state in range of (0,1), and there is no dynamical degradation of PWLCM because only rounded values of x_i (0 or 1) are needed in the hash algorithm [24]. The PWLCM has properties of uniform distribution, good ergodicity, confusion and diffusion, therefore, it can provide chaotic random sequences. An explicit analysis of the bifurcation diagram of the PWLCM shows that with the specified initial value x₀ and parameter α, its iterative values are fixed, which are listed in Table 1. The map is running in a chaotic state within the range (0,1), except for the specified values in Table 1. Therefore, we use the map as a key generator to produce the four initial buffers for our hash algorithm. Moreover, according to Ref. [5], {x_i} is ergodic, uniformly distributed in the interval (0,1) and the autocorrelation function is δ-like.

Table 1 The fixed iterative values of PWLCM with the specified initial value x₀ and parameter α

2.2 Cross coupled map lattices (CCML)

We select the two-dimensional cross coupled map lattice of size L with nearest neighbor coupling in the proposed hash algorithm, which is a mixed model of coupled map lattices with a diffusion process and local reaction process. CCML is defined by (2):

$$ x_{n + 1}(i) = \text{CCML}(\varepsilon,q_{i}) = \left\{\begin{array}{ll} \frac{f(x_{n}(i))}{1+\varepsilon}+\frac{\varepsilon}{2(1+\varepsilon)}(x_{n}(i-1))+x_{n}(i + 1) & i\bmod2 = 0; \\ \frac{f(x_{n}(i))}{1+\varepsilon}+\frac{\varepsilon}{2(1+\varepsilon)}(x_{n + 1}(i-1))+x_{n + 1}(i + 1) & i\bmod2 = 1. \end{array}\right. $$

(2)

where n denotes the number of discrete-time steps in [1,N], referred to as the time dimension, and i represents the number of discrete-space steps in [1,L], referred to as the space dimension. x_n(i) denotes the state of site i (or i th lattice) at time n, and ε indicates a coupling coefficient in range of (0,1). Periodic boundary conditions meet x_n(i) = x_n(i + L). Lattice mapping function f() is an asymmetric tent map that creates the local dynamics, which is defined by (3):

$$ x_{n + 1} = \left\{\begin{array}{ll} \frac{x_{n}}{q} & 0 \leq x_{n} < q; \\ \frac{1-x_{n}}{1-q} & q \leq x_{n} \leq 1. \end{array}\right. $$

(3)

where q ranges in (0,1). Since the asymmetric tent map f() is a chaotic map, CCML model is chaotic. CCML uses the way of diffusion in both time dimension (x-axis in Fig. 2) and space dimension (y-axis). In even lattice point of each iteration (black dots), the current value depends on even value in previous iteration step and both-side odd values in previous iteration step. In odd lattice point of each iteration (white circle), the current value depends on odd value in previous iteration step and both-side even values in current iteration step. Therefore, even lattice point reacts first and continues completing diffusion process before odd lattice point does, and then odd lattice point performs reaction and diffusion processes. The state of odd lattice points differs half step unit time than that of even lattice points. We cascade the two chaotic maps ((2) and (3)) to counteract the degradation of various extents [62].

We believe CCML is superior to other maps for our specified hash algorithm, because: 1) we exclusively design the two-dimensional CCML to enhance the security of the hash function construction, since it considers the message blocks as the space domain input and the parameter sequence from PWLCM as the time domain input; and 2) we are among the first to exploit CCML to design a cryptographic and parallel hash algorithm.

3 Cryptographic and parallel hash function based on CCML

In this section, we describe the proposed cross coupled map lattices based parallel chaotic hash function in detail. We first detail the proposed hash function in four steps: parameter initialization, message extension, message processing, and hash value generation, as shown in the structure of the hash function in Fig. 1. Then we present the hash function in Algorithm 1, and illustrate the flowchart of the proposed hash function in Fig. 3. As illustrated in Algorithm 1 and Fig. 3, the inputs are an arbitrary length of message M and secret keys {x₀, p₀, ε, q₀}, and the output is h-bit hash value H, where h = 128.

Fig. 1

The structure of the chaotic hash algorithm.

Step 1: Parameter Initialization

With initial secret keys {x₀, p₀}, we iterate PWLCMl times and intend to generate a parameter sequence A for CCML, where l = (n^′ + h) × 2 and \(n^{\prime } = \lceil \frac {n}{h-1}+ 1 \rceil \times h\). Let n denote the number of characters in the arbitrary length of message M. Since parameter p is variable, for each iteration i (i = 1,2,…,l), \(p_{i}=\frac {1}{2}(p_{i-1}+x_{i-1})\) and \(x_{i}=\frac {1}{2}(x_{i}+m_{i-2h} \times \frac {1}{2h})\) if i ≥ 2h. After l iterations, we obtain a chaotic sequence S = {s_i = x_i|i = 1,2,…,l} and then the parameter sequence A = {a_j = x_i|i = 2h + 1,2h + 2,…,l;j = 1,2,…,2n^′} is generated. With A = {a_i|i = 1,2,…,2n^′}, we calculate T = {t_i = round(a_i)|i = 1,2,…,2n^′} and then conduct XOR operation on each h-bit binaries in T, and finally cascade them to generate the h-bit initial hash value H₀.

Step 2: Message Extension

Given the arbitrary length of message M, we extend it into a matrix M^″ to enhance the correlation of message characters. In order to make the original message M a multiple length of ((h − 1) × 8) bits, we first append {1010…10}₂ bits to message M, and then preserve 64 bits rightmost denoting the length of original message M. Then we convert each 8-bit character of the padded message into the corresponding ASCII code value (a decimal integer) and store them into an array m (m = {m₁, m₂,…}). Finally, we obtain a p × (h − 1) message matrix M^′ by:

M^′ = \(\left [\begin {array}{llll} m_{1,1}^{\prime } & m_{1,2}^{\prime } & {\cdots } & m_{1,h-1}^{\prime } \\ m_{2,1}^{\prime } & m_{2,2}^{\prime } & {\cdots } & m_{2,h-1}^{\prime } \\ {\vdots } & {\vdots } & {\ddots } & {\vdots } \\ m_{p,1}^{\prime } & m_{p,2}^{\prime } & {\cdots } & m_{p,h-1}^{\prime } \end {array}\right ]\)\(=\{m_{i,j}^{\prime } = m_{(h-1)(i-1)+j}|i = 1,2,\ldots ,p;j = 1,2,\cdots ,h-1\}\).

Then, we generate a transform sequence B = {b_i = ⌊a_i × 2h⌋|i = 1,2,...,2n^′}, where a_i ∈ A. Based on M^′ and B, we obtain elements of M^″: \(m_{i,j}^{\prime \prime }=m_{i,j}^{\prime } \oplus b_{k} + b_{n^{\prime }+k}\), \(r_{i}={\sum }_{j = 1}^{h-1}m_{i,j}^{\prime \prime }\), \(c_{j}=\oplus _{i = 1}^{p}m_{i,j}^{\prime \prime }\), where “⊕” represents bitwise exclusive OR operation, “ + ” denotes addition modulo 2⁸, and k = (h − 1) × (j − 1) + j. Then, we extend the original message M into a (p + 1) × h matrix M^″ as shown:

M^″ = \(\left [\begin {array}{lllll} m_{1,1}^{\prime \prime } & m_{1,2}^{\prime \prime } & {\cdots } & m_{1,h-1}^{\prime \prime } & r_{1} \\ m_{2,1}^{\prime \prime } & m_{2,2}^{\prime \prime } & {\cdots } & m_{2,h-1}^{\prime \prime } & r_{2} \\ {\vdots } & {\vdots } & {\ddots } & {\vdots } & {\vdots } \\ m_{p,1}^{\prime \prime } & m_{p,2}^{\prime \prime } & {\cdots } & m_{p,h-1}^{\prime \prime } & r_{p} \\ c_{1} & c_{2} & {\cdots } & c_{h-1} & c_{h} \end {array}\right ]\)

Step 3: Message Processing

Each message block \(M_{i}^{\prime \prime }~(i = 1,2,...,p + 1)\) in matrix M^″ will be processed by CCML in parallel and the corresponding intermediate hash value H_i will be generated. We select \(M_{i}^{\prime \prime }\) as an instance to demonstrate the process, which is illustrated in Fig. 2. In time domain, based on the parameter sequence A, we obtain sequence C_i = {c_{i, j} = a_{(i− 1)×2h + j}|j = 1,2,…,2h}, which are used as the lattice boundary values for step “i” (green dots in Fig. 2) in CCML. In space domain, the elements \(M_{i}^{\prime \prime }=\{m_{i,1}^{\prime \prime }, m_{i,2}^{\prime \prime },..., m_{i,h}^{\prime \prime }\}\) in matrix M^″ are used as initial values for step “n” (red dots) in CCML, respectively. We iterate CCML2h times with secret keys {ε, q₀} and variable parameter q_i+ 1 = q_i + b_{i, j} × 10^− 3 to generate h-bit binaries (yellow dots), that is, one bit (a yellow dot) generation is associated to one element \(m_{i,j}^{\prime \prime }\) (a red dot) in current message block \(M_{i}^{\prime \prime }\) by CCML iterations. For h elements in \(M_{i}^{\prime \prime }\), h-bit binaries are generated, which are cascaded sequentially as intermediate hash value H_i (Fig. 3).

Fig. 2

The detailed process of message block \(M_{i}^{\prime \prime }\)

Fig. 3

The flowchart of the chaotic hash algorithm

Step 4: Hash value generation

After all message blocks in M^″ are processed in parallel, we obtain the final hash value H = H₀&H₁&…&H_p&H_p+ 1, where “&” is defined as (4):

$$ \& = \left\{\begin{array}{ll} (H \oplus H_{i})<<1 & i\bmod 2== 0; \\ (H \oplus H_{i})<<2 & i\bmod 2== 1. \end{array}\right. $$

(4)

4 Performance evaluation

In this section, we implement the cross coupled map lattices (CCML) based cryptographic and parallel hash function for performance evaluation by utilizing secret keys x₀ = 0.676767, p₀ = 0.232323, ε = 0.333333 and q₀ = 0.375281. We evaluate the parallel hash algorithm in terms of uniform distribution of hash values, sensitivity of the hash value to subtle changes of the original message, secret keys and images, confusion and diffusion properties, collision tests, efficiency of computation speed, and comparison with other algorithms. An arbitrary of length of message M for evaluating the performance of the proposed hash algorithm is randomly chosen as:

Southwest University (SWU) is a key comprehensive university, under the direct administration of the Ministry of Education. It was newly established in July 2005 through the incorporation of former Southwest China Normal University and Southwest Agricultural University upon the approval of the Ministry of Education. SWU is situated nearby the beautiful Jialing River, and is located at the foot of Jinyun Mountain, a state level scenic spot, in Beibei District, Chongqing Municipality.

4.1 Uniform distribution of hash values

Uniform distribution of hash values indicates that hash values are uniformly randomly distributed into “buckets”, which is directly related to the security of hash functions. The uniform distribution of a hash value is one of the significant security features of hash functions. We evaluate the uniform distribution of hash values by implementing the proposed hash algorithm with a randomly chosen message, and then plot the distribution of the message and the corresponding hash value. As demonstrated in Fig. 4a, the original message spreads in a range of [32, 126], which fits the range of ASCII code values of printable characters (such as message) in ASCII code chart. As illustrated in Fig. 4b, the hexadecimal hash value spreads around randomly and uniformly, which hides the statistical information of the message. In contrast, we evaluate the proposed algorithm on an extreme case - “blank space” message with the same length, and then plot the distribution of the particular message and the hash value as well. As shown in Fig. 5, even under such an extreme condition, the distribution of hash value is still uniform. These distributions are well uniform enough to hide information and act as a strong security measure. Therefore, the proposed hash algorithm has a good characteristic of uniform distribution on hash values.

Fig. 4

Spread of message and hash value: a distribution of the message in ASCII code; b distribution of the hash value in hexadecimal format (A724966A1ADE6A21C68D47185C9E829C)

Fig. 5

Spread of all “blank space”-message and hash value: a distribution of all “blank space”-message; b distribution of the hash value in hexadecimal format (0EB8E2CD5139475EC72D02685D36A35A)

4.2 Hash sensitivity

The irreversibility property indicates that it is computationally infeasible to find any input message for a given hash value, which entails that a hash algorithm should have excellent message and key sensitivity. That is, a good hash algorithm should be sensitive to tiny modifications in messages, secret keys, as well as images. According to Hamming distance, any slight modifications on messages, secret keys or images will lead to a 50% difference in the hash value. We evaluate the hash sensitivity of the proposed hash algorithm to the original message and secret keys under ten different conditions (Conditions 1 to 10) and to a grey-scale Lena image with 256 × 256 image size in Fig. 6 under three different conditions (Conditions 11 to 13):

1. Condition 1:

   The original randomly chosen message;

2. Condition 2:

   Change the first character “S” in the original message into “T”;

3. Condition 3:

   Change the word “direct” in the original message into “directly”;

4. Condition 4:

   Swap “Southwest China Normal University” and “Southwest Agricultural University” in the original message;

5. Condition 5:

   Change the full stop “.” at the end of the original message into comma “,”;

6. Condition 6:

   Add a blank space to the end of the original message;

7. Condition 7:

   Change the initial value x₀ = 0.676767 to x₀ = 0.676767000001;

8. Condition 8:

   Change the control parameter p₀ = 0.232323 to p₀ = 0.232323000001;

9. Condition 9:

   Change the coupling coefficient ε = 0.333333 to ε = 0.333333000001;

10. Condition 10:

    Change the parameter q₀ = 0.375281 to q₀ = 0.375281000001;

11. Condition 11:

    The original grey-scale Lena image with 256 × 256 image size (Fig. 6);

12. Condition 12:

    Add 1 to the gray value of the pixel located at the upper left corner;

13. Condition 13:

    Subtract 1 to the gray value of the pixel located at the upper right corner.

Fig. 6

The standard grey-scale Lena image with 256 × 256 image size

We illustrate the corresponding hash values in binary format associated to the thirteen conditions in Fig. 7, and tabulate the hash values in hexadecimal format as well as Hamming distances from Condition 1 for Conditions 2 to 10 and from Condition 11 for Conditions 12 and 13 in Table 2. As depicted in Fig. 7, the hash sensitivity property of the proposed algorithm to text is good, since any subtle change of the message (Conditions 2 to 6) causes large difference in hash values, and any tiny modification of the secret keys (Conditions 7 to 10) leads to huge difference. It also shows a good sensitivity property to images that 1 bit of the gray value change causes much difference in hash values (Conditions 12 and 13). As illustrated in Table 2, Hamming distances from Condition 1 have an average value of 64.6, which is significantly close to the ideal value of 64 (half of hash value size), and from Condition 11 have an average value of 66. These prove that the proposed hash algorithm satisfies the irreversibility property of a cryptographic hash function. Therefore, our hash algorithm shows high hash sensitivity to messages, secret keys, and images.

Fig. 7

Hash values in binary format under thirteen different conditions

Table 2 The corresponding hash values in hexadecimal format to the thirteen conditions

4.3 Confusion and diffusion

In cryptography, confusion and diffusion are two properties of the operation of a secure cipher, which are identified by Claude Shannon [48]. Confusion refers to making the relationship between the key and the ciphertext as complex and as involved as possible, and diffusion refers to the property that redundancy in the statistics of the plaintext is “dissipated” in the statistics of the ciphertext. In our evaluation, confusion refers to as the relationship between a message and its corresponding hash value must be complex and unpredictable, while diffusion refers to as the hash value is highly dependent on the message.

We conduct the diffusion and confusion experiment for the proposed hash algorithm: a message is randomly selected and the hash value for the message is generated; then one bit of the message is modified randomly, and a new hash value is generated. The two hash values are compared with each other, and the number of different bits at the same position in the two hash values is counted. We introduce six statistical metrics for evaluation of confusion and diffusion: minimum changed bit number B_min = min{B₁, B₂,...,B_N}, maximum changed bit number B_max = max{B₁, B₂,...,B_N}, mean changed bit number \(\bar {B}=\frac {1}{N}{\sum }_{i = 1}^{N}B_{i}\), mean changed probability \(P=\frac {\bar {B}}{h}\times 100\%\), standard variance of the changed bit number \({\Delta } B=\sqrt {\frac {1}{N-1}{\sum }_{i = 1}^{N}(B_{i}-\bar {B})^{2}}\), and standard variance \({\Delta } P=\sqrt {\frac {1}{N-1}{\sum }_{i = 1}^{N}(\frac {B_{i}}{h-P})^{2}}\times 100\%\), where B_i denotes the changed bit number, N indicates the test time of the experiment, and h represents the length of hash value.

The experiment is performed N times on the proposed hash algorithm, where N = 256,512,1024,2048, and 10000, respectively. The corresponding results of B_min, B_max, \(\bar {B}\), P, ΔB, and ΔP are tabulated in Table 3. The corresponding distribution of changed bit number \(\bar {B}\), is illustrated in Fig. 8.

Table 3 Statistics of number of changed bits

Fig. 8

Spread of changed bit number: a Plot of B_i, b Histogram of B_i

As illustrated in Table 3, the proposed hash algorithm has a mean changed bit number \(\bar {B} = 64.0022\) and mean changed probability P = 50.0017% that are extremely close to the ideal values of 64 bits and 50%, respectively. The values of ΔB and ΔP are very small, which shows a strong capability for confusion and diffusion. As depicted in Fig. 8, the plot of B_i shows that its value is evenly distributed (Fig. 8a), and the histogram of B_i has a normal distribution centering on the ideal value of 64 (Fig. 8b). The statistical confusion and diffusion results ensure that the proposed algorithm exhibits the competency to mitigate any kind of linear or differential attacks related to hash values. Therefore, the proposed hash function has a near-ideal confusion and diffusion strength.

4.4 Collision resistance

Collision refers to as two distinct messages produce the same hash value, while collision attack indicates that it tries to find two arbitrary messages that collide. Collision resistance is an important property of a secure hash function, which refers to as it is hard to find two different message with the same hash value.

In the proposed hash algorithm, the state of the chaotic CCML is related to message blocks (space domain input) and the sequence of PWLCM (time domain input). The sequence of PWLCM is affected by the control parameter and initial conditions, which will be assigned values if the algorithm is designed. Therefore, the state of CCML is directly related to each message bit in message blocks. These ensure that each bit of the final hash value is related to all the bits of the message. That is, even 1-bit change in the message would lead to a completely different in hash values.

We conduct collision resistance experiment for the proposed hash algorithm: a hash value for a randomly chosen message is generated and stored in ASCII code format; then a new hash value for the message with a bit randomly modified is generated and stored in ASCII code format as well. The two hash values are compared with each other, and the number of the same ASCII character at the same location (the number of hits) is counted. The collision resistance experiment is conducted N = 2048 times, and the distribution of the number of hits is plotted in Fig. 9. As described in Fig. 9 and Table 4, 2 tests hit twice, 117 tests hit once, while in 1930 tests, no hit occurs. The maximum number of equal characters is only 2, therefore, the collision on our hash algorithm is very low.

Fig. 9

Distribution of the number of the same ASCII characters at the same location in hash value

Table 4 Number of hits

Moreover, we calculate the absolute difference of the two hash values by using equation of \(d={\sum }_{i = 1}^{N}|t(e_{i})-t(e_{i}^{\prime })|\), where e_i denote the i th ASCII character of the original hash value while \(e_{i}^{\prime }\) represents the i th ASCII character of the new hash value, respectively, and the function t() converts the the entries into the equivalent decimal values. We perform the collision test N = 10000 times, and the corresponding maximum, minimum, mean and mean/character values of the absolute difference d for two hash values are 2316, 553, 1366.3105, and 85.3944, respectively. For our algorithm, the mean/character of absolute difference d of two hash values is 85.3944, which is very close to the theoretical mean/character value 85.3333 computed in [45, 67]. Therefore, our mean/character value is a near theoretical value, and the analysis on collision shows that our hash algorithm has strong collision resistance.

4.5 Efficiency

In order to analyze the efficiency of computation speed, we implement the proposed hash algorithm in C99 on a PC with 2.50 GHz Intel Pentium IV Dual-core, 2G Memory and Ubuntu 10.10 operation system and the test message consists of 10000 ASCII codes. The proposed parallel hash function is implemented in a distributed memory architecture, where the message is split and saved to the local memory for each message block. In theory, parallel computation optimizes the use of all processors in a multicore computer. In implementation, it subjects to the number of cores on a computer. Therefore, the degree of parallelism for the proposed algorithm is 2 message blocks, each with a size of 128 bits. The overhead of message separation is quite low, which can be ignored. Furthermore, we implement the widely used MD5 [45] and SHA-1 [42] algorithms in C99 with optimized codes on the same conditions to our algorithm as well. Finally, we present the average computation speed comparison based on the same platform as ours in Table 5. As illustrated in Table 5, the average computation speed of our algorithm (132.0 Mbps) is higher than Li’s algorithm (131.1 Mbps) [31], SHA-1 (114.5 Mbps) [45], Guo’s algorithm (131.3 Mbps) [18], while it is very close to Li’s algorithm [33] (132.1 Mbps) and MD5 (132.1 Mbps) [42].

Table 5 Average computation speed comparison

4.6 Comparison with other hash algorithms

We perform a comparison between the proposed hash function and some significant chaos-based hash functions as well as MD5, which is based on statistical performance and collision resistance. Tables 6 and 7 describe the comparison of statistical performance between the proposed algorithm and selected existing algorithms. Note that the results reported in Table 6 are based on N = 2048 random tests and 128-bit hash value, while the results of Table 7 focus on N = 10000 random tests and 128-bit hash value. Based on the results, our algorithm shows better statistical performance.

Table 6 Comparison on statistical performance with N = 2048 random tests and 128-bit hash value

Table 7 Comparison on statistical performance with N = 10000 random tests and 128-bit hash value

In addition, Table 8 presents the comparison of the number of ASCII characters with the same value at the same location and absolute difference in 128-bit hash values based on N = 2048 random tests between our algorithm and selected existing algorithms. Based on the results, the proposed algorithm shows better collision resistance.

Table 8 Comparison on collision resistance with N = 2048 random tests and 128-bit hash value

5 Conclusions

In this paper, we design, implement and evaluate a cryptographic and parallel chaotic hash function based on the two-dimensional cross coupled map lattices for multimedia communication security. This work includes three main contributions: 1) presents a cryptographic and parallel hash algorithm based on the cross coupled map lattices; 2) utilizes message blocks as the space domain input and parameter sequence from the piecewise linear chaotic map as the time domain input for the CCML to generate intermediate hash values; 3) evaluates the performance of the proposed hash algorithm, and the cryptanalytic results demonstrate that the hash algorithm has good statistical properties, strong collision resistance, and better statistical performance compared with existing chaotic hash functions. Comparing with other related works, it is the first time to exploit the two-dimensional cross coupled map lattices with space domain and time domain inputs to design a cryptographic hash function and the proposed hash function can be performed in parallel. We believe the proposed hash function is suitable for multimedia communication security.