CELLULAR AUTOMATA ENCRYPTION

1 downloads 0 Views 2MB Size Report
Sep 25, 2008 - Chain-rules are maximally chaotic cellular automata (CA) rules that can be constructed at random to provide a huge number of encryption keys ...
September 25, 2008 11:9 WSPC/INSTRUCTION FILE

aw˙PPL2

Parallel Processing Letters c World Scientific Publishing Company

CELLULAR AUTOMATA ENCRYPTION the reverse algorithm, Z-parameter and chain-rules

ANDREW WUENSCHE∗ Discrete Dynamics Lab. www.ddlab.org and University of Sussex, United Kingdom.

Received (received date) Revised (revised date) Communicated by (Name of Editor) ABSTRACT Chain-rules are maximally chaotic cellular automata (CA) rules that can be constructed at random to provide a huge number of encryption keys – where the CA is run backwards to encrypt, forwards to decrypt. The methods are based on the 1D CA reverse algorithm for directly finding pre-images, and the resulting Z-parameter, and rely on the essential property that chain-rules have minimal in-degree in their basins of attraction, usually an in-degree of just one for larger systems. Keywords: encryption, cellular automata, chain-rules, chaos, basins of attraction, pre-images, in-degree, reverse algorithm, Z-parameter, DDLab

1. The CA reverse algorithm and basins of attraction In the simplest cellular automata [3], each cell in a ring of cells updates its value (0,1) as a function of the values in its neighbourhood, size k. All cells update synchronously – in parallel, in discrete time-steps, moving through a deterministic forward trajectory, as illustrated in Figs. 1 and 2. Each “state” of the ring, a bit string, has one successor, but may have multiple or zero predecessors (pre-images). A book, “The Global Dynamics of Cellular Automata” [4] published in 1992 introduced a reverse algorithm for finding the pre-images of states for any finite 1D binary CA with periodic boundary conditions, which made it possible to reveal the precise topology of “basins of attraction” – represented by state transition graphs – states linked into trees rooted on attractor cycles, which could be drawn automatically as in Fig. 3. The software was attached inside the back cover on a floppy disk – the origin of what later became DDLab [10]. As state-space necessarily includes every possible piece of information encoded within the size of its string, including Shakespeare’s sonnets, copies of the Mona Lisa, ∗ [email protected]

1

September 25, 2008 11:9 WSPC/INSTRUCTION FILE

2

aw˙PPL2

Parallel Processing Letters

time steps ↓

Fig. 1. Schematic of a 1D CA with periodic boundaries. Each cell updates in parallel as a function of the values in its neighbourhood at the previous time-step.

←——————— 1D space ——————–→ rule 250

rule 110 time steps ↓ rule 30

Fig. 2. 1D space-time patterns of the k=3 rules 250, 110 and 30, characteristic of order, complexity and chaos. Rule 30 is in fact an example of a maximally chaotic (chain) rule in k=3 rule-space. System size n=100 with (unfolded) periodic boundaries. The same random initial state was used in each case.

September 25, 2008 11:9 WSPC/INSTRUCTION FILE

aw˙PPL2

Cellular Automata Encryption

3

Fig. 3. Three basins of attraction with contrasting topology, n=15, k=3. The direction of time flows inward towards the attractor, then clockwise. One complete set of equivalent trees is shown in each case, and just the nodes of Garden-of-Eden (leaf) states. Data for each basin is provided as follows: attractor period=p, volume=v, leaf density=d, longest transient=t, max in-degree=Pm . toplef t: rule 250, ZL =0.5, ZR =0.5, too convergent for encryption, p=1, v=32767, d=0.859, t=14, Pm =1364 (seed=110100101011000). right: rule 110, ZL =0.75, ZR =0.625, too convergent for encryption, p=295, v=10885, d=0.55, t=39, Pm =30 (seed=110100101011000). bottom: rule 30, a chain-rule, ZL =0.5, ZR =1, OK for encryption, p=1455, v=30375, d=0.042, t=321, Pm =2 (seed=110110111000000).

and one’s own thumb print, and given that each unique string is linked somewhere within the graph according to a dynamical rule, this immediately suggested that a string with some relevant information could be recovered from another string, linked to it in some remote location in the graph, for example by running backwards from string A (the information) to arrive after a number of time-steps at string B (the encryption), then running forwards from B back to A to decrypt (or the method could be reversed) – so here was a new approach to encryption where the rule is the encryption key, previously described in [7, 8, 11]. Gutowitz patented analogous methods using dynamical systems, CA in particular [1], but these are different from the methods I will describe, where its crucial to distinguish a type of CA rule were the graph linking state-space has the appropriate topology to allow efficient encryption/decryption.

September 25, 2008 11:9 WSPC/INSTRUCTION FILE

4

aw˙PPL2

Parallel Processing Letters

Fig. 4. The CA reverse algorithm, where there are three possibilities for next unknown cell (from left to right in this example): determined, ambiguous or forbidden. The rule illustrated is the 3 neighbour (k=3) rule 110, the decimal equivalent of the rule-table 01101110, with the neighbourhoods ordered according to Wolfram’s convention[3], the highest value neighbourhood on the left. Note that the rule-table resolves into adjoining pairs, where the neighbourhoods differs only by their rightmost bit. If the bits in a pair differ, the next cell is determined – if the same, the next cell is either ambiguous or forbidden.

2. The CA reverse algorithm and Z-parameter Given an arbitrary 1D CA state, a reverse algorithm introduced in [4] and implemented in DDLab [10], can directly compute all of a state’s immediate pre-images, or determine that there are none. The algorithm is illustrated in Fig. 4. It works from either left to right or right to left, to find the next unknown cell in a partially known pre-image. There are three possibilities derived from the automata rule - the next cell is: determined (so fill in the value and continue to the next), ambiguous 0 and 1 are both valid (so continue from both solutions - the pre-image bifurcates), or forbidden (there is no valid solution so halt and abandon this partial pre-image). Once a pre-image is computed periodic boundaries need to be checked – does the value at cell 0 equals the value at cell n+1? otherwise the pre-image is invalid. Ordering the rule-table according to Wolfram’s convention [3], and computing from left to right, adjoining pairs of outputs, where the neighbourhoods differ only by their rightmost bit,a conveniently provide the solution for the next cell. If the output bits in a pair differ, the next cell is determined, if the same, the next cell is either ambiguous or forbidden. So the frequency of unequal pairs should provide some insight into the probability of finding determined next cells, which limit bifurcation thus the proliferation of pre-images. A converse procedure applies from right to left. This is the basis of the Z-parameter, introduced in [4] and generalised in [5, 6]. The fraction of “deterministic pairs” (ZL for left to right, and ZR for right to left) in the lookup-table (the CA rule) gives a first approximation of the probability that the next bit is uniquely determined. The complete calculation of Z takes into a There

is a converse procedure from right to left, taking pairs where the neighbourhoods differ only by their leftmost bit. To maintain adjoining pairs each neighbourhood could be reflected and the outputs rearranged as in Fig. 5 (but not done in Fig. 8).

September 25, 2008 11:9 WSPC/INSTRUCTION FILE

aw˙PPL2

Cellular Automata Encryption

5

Fig. 5. Calculating the Z-parameter for rule 110. For ZL there are 3/4 deterministic pairs, indilinks, so ZL =0.75. For ZR , where the rule-table has been rearranged by reflection, cated with link must be accounted for there are 1/4 deterministic pairs - but the 2 pairs indicted by the because their neighbourhood’s leftmost bit is irrelevant - they are effectively k=2 neighbourhoods, so ZR = 1/4 + (1 − 1/4) ∗ 2/4 = 0.65. The Z-parameter = 0.75, the greater of ZL and ZR .

account neighbourhoods where effective-k