Digital key for chaos communication performing time delay concealment

Romain Modeste Nguimdo, Pere Colet, Laurent Larger, Lúıs Pesquera Instituto de F́ısica Interdisciplinar y Sistemas Complejos, IFISC (CSIC-UIB), Campus Universitat de les Illes Balears, E-07122 Palma de Mallorca, SPAIN. UMR CNRS FEMTO-ST 6174/Optics Department, University of Franche-Comté, 16 Route de Gray, 25030 Besançon cedex, France Instituto de F́ısica de Cantabria, (CSIC-Universidad de Cantabria), Santander E-39005,Spain (Dated: June 1, 2011)

Since the emergence of experimental chaos encryption dating back to the seminal work of Cuomo et al. in the earlier 90's [1], proofs of principles have been extensively reported ranging from electronic, optical [2] to optoelectronic [3] systems.These last years, field demonstrations have been conducted over installed optical fiber network, involving high bit rate message, and using standard telecommunications components [4,5].Typically, the chaos is generated using analog systems subject to either optical or electro-optical delayed feedback.In chaos encryption there is no rigorous counterpart to the digital key of algorithmic cryptography.Confidentiality relies essentially on the hardware parameters that should be kept secret.Unfortunately, the time delay in itself, though being a very sensitive key parameter for a proper decoding, has been found to be vulnerable since it can be identified from the chaotic time series using methods such as autocorrelation function, delayed mutual information (DMI), extrema statistics and filling factor [6] even in systems with multiple delays [7].Out of those, autocorrelation and DMI are robust to noise perturbations and therefore are suitable to crack the time delay.Still worse, under the assumption of noise-free or even of small noise, it has been shown that the underlying chaotic dynamics of some systems can be reconstructed, once the time delay is identified, using appropriate techniques such as artificial neural networks [8].Another limit of hardware cryptography relies on the fact that its parameter space dimension (a sort of equivalent to the digital key size) is relatively low compared to algorithmic cryptography.
To circumvent these drawbacks, we propose in this Letter to implement a currently suggested principle in algorithmic cryptography, which consists in mixing different algebra when constructing the encryption algorithm [9].The idea is to combine a pseudo-random binary sequence (PRBS) typically used in symmetric key encryption, together with an analog physical chaos, in order to provide an enhanced cryptographic security through the reciprocal concealment between the boolean pseudorandom sequence and the high dimensional continuous time chaotic motion.At this point we notice that while public-key encryption schemes have won popularity, they have drawbacks such as limited speed and non-absolute security.Thus symmetric-key algorithms are still actively pursued, including new stream cyphers [10] and cryptographic hash functions [11].Besides, hybrid algorithms such as the PGP combine public key encryption to define a private key used for fast symmetric encryption [12].
In general chaotic communications mix the digital message and the chaotic carrier, however this mixing is quite weak and the statistical properties of the message cannot be controlled beforehand, thus the masking of the chaotic carrier statistical properties is quite limited.Through the introduction of an amplitude-balanced entropy mixing between a PRBS and a chaotic generation process, we perform an efficient entropy amplification for the resulting carrier even in absence of any message.As a consequence, this approach proposes a solution both for the problem of the introduction of an efficient digital key in chaos communications, as well as for the problem of time delay concealment.There have been indeed recently a few attempts to address separately these issues.In semiconductor lasers with optical feedback, the optical feedback phase plays an important role in the synchronization [13] thus a digital key implemented by modulating that phase was suggested [14].In the same context, it has been also suggested [15] that time delay can be masked if chosen to be close to the laser relaxation time, however chaos complexity is weak in that regime.Systems with time delay modulation [16] proposed as alternatives to get around the time-delay extraction, are however very difficult to implement practically.
Here we propose a configuration based on a double electro-optic delayed feedback dynamics.The scheme al-lows on one hand to integrate a digital key required for successful decryption which can be implemented as a long PRBS generated by an appropriate algorithm or as a relatively short sequence generated from a natural random process used repetitively.On the other hand, under conditions described later, the digital key conceals the delay time so that it cannot be identified using known methods.Besides the scheme, our proposal is based physically on high speed phase chaos [17] which has been recently successfully tested in a chaos communication field experiment up to 10 Gb/s [5].Though the proposed system is inspired by the principles reported in [5], structural architecture modifications have been necessary in order to ensure the efficient achievement of our initial goal: security enhancement of chaos communication through the use of a digital key.The proposed setup is illustrated in Fig. 1.Both emitter and receiver are consisting of two similar nonlinear delayed differential processing chains, serially connected.The sub-indices i = 1, 2 refer a given chain.Each chain has an electro-optic phase modulator (PM) with a half-wave voltage V π seeded by a continuous-wave (CW) telecom semiconductor laser (SL), which is phase modulated by an external signal (whether the PRBS, R, or the message m).The electrical input of the PM of a chain, is driven by the electrical output of the other chain.The PM optical output of one chain thus consists of two superimposed phase modulations, the PRBS or the message, and the nonlinear delayed differential processing performed by the other chain.The phase modulated light beam is then processed according to the delayed nonlinear dynamics of its chain.The time delay T i is performed by a length of fiber.The nonlinear transformation is performed non locally in time [17], between the input phase and the output intensity of an Mach-Zehnder interferometer (MZI) with imbalancing δT i which is longer than the typical time scale of the phase modulation.The intensity fluctuations are detected by an amplified broadband telecom photodiode (PD).The output electrical signal is further amplified by an RF driver, which gives the output of the processing chain serving as the electrical input for the other chain.The transmitted light beam is the output of PM 2 , which contains the linearly superimposed  message in DPSK (differential phase shift keying) format.
The dynamical modeling can be described as follows.The electronic bandwidth of the loop is assumed to result from two cascaded linear first-order low-pass and highpass filters.Considering the filter output voltages V 1 (t) and V 2 (t) and proceeding as in [17,18], the emitter dynamics can be described by the dimensionless variables x 1 (t) = πV 1 (t)/(2V π,1 ) and y 2 (t) = πV 2 (t)/(2V π,2 ): where The key physical parameters are arbitrary chosen, within the range of experimentally accessible values [17], as follows: the feedback strengths We first consider that no message is transmitted (m(t) = 0) to show the role of the PRBS in the statistical properties of the carrier x 1 (t).As stated before, the most robust methods to extract the time delay are the autocorrelation C(s) and the DMI between the value of the variable and its time-lagged version [6].We focus on these two methods since extrema statistics and filling factor methods are so sensitive to noise that even just a 1% noise added to the carrier prevent them to work properly.Fig. 2 displays C(s) and the DMI computed from the transmitted phase proportional to x 1 (t), without PRBS (grey line, red on line) and with a PRBS of amplitude π/2 at 3 Gb/s (black line).In the first case both functions show peaks at T = T 1 + T 2 , T + δT 1 , T + δT 2 and T + δT 1 + δT 2 , so that all relevant time delays can be readily identified.The delay time signature vanishes completely when the PRBS is included.

PRBS).
Increasing the bit rate, the peak size decreases.For low bit rates R(t) and R(t − δT 1 ) take the same value most of the time, so ∆(R) T1 usually vanishes and the effect is small (see the concept of temporal non locality as introduced in [17]).Therefore the peaks both in the DMI and in C(s) can still be distinguished from the background standard deviation, shown with bars in the figure [19].When the bit rate reaches a value corresponding to the inverse of δT 1 (∼ 1.97 Gb/s), ∆(R) T1 is typically non zero, and the PRBS plays a key role in the dynamics, concealing the time delay peaks.The size of the peaks as function of the PRBS modulation amplitude [Figs.3  c) and d)] is a π-periodic function associated to the periodicity of cos 2 in Eq. (1).A PRBS of amplitude π has no effect since ∆(R) T1 only takes values 0 or π and both are equivalent in the cos 2 term.Efficient concealment occurs for amplitudes between π/3 and 2π/3 approximately.This range increases increasing β.
Remarkably enough, while the PRBS conceals the delay time in the chaotic carrier x 1 (t), the cross-correlation between x 1 (t) and R(t) is of the order of 10 −3 , meaning that the digital key itself is also concealed in the chaotic carrier.This is explained by the fact that the interplay between balanced amplitudes of the chaos and a PRBS is optimizing the mutual nonlinear mixing, resulting in an efficient mutual masking of each signal by the other.
At the receiver side, decoding is performed as follows.The input phase-modulated beam is split into two paths.The long path replicates the two serial processing chains used for the encoding at the emitter, in which a synchronized PRBS is involved, thanks to the knowledge of the digital secret key.The analog secret key consists in the hardware parameters determining the devices and their exact operating conditions.The output of the two processing chains, after being inverted, serves as the electrical input of PM 2 , which is intended to cancel the carrier.The dynamics at the receiver is given by: where dv 1 /dt = z 1 , dv 2 /dt = w 2 , and primes refer to the receiver parameters.The output of PM 2 is then expected to be the phase modulation issued by the message only.
It can be demodulated using a standard DPSK demodulator, consisting in an MZI with an imbalance delay time δT m and a photodetector.The detected power is where in this specific case ∆(F The decoded message m (t) is obtained from P (t).For perfect synchronization, z 1 (t) is equal to x 1 (t), and m (t) reproduces m(t).While hardware mismatch is unavoidable in practice, several field experiments [4,5] have demonstrated that the resulting synchronization error is still acceptable.Moreover, the electro-optic phase dynamics we consider as our basis has led to the best experimental chaos synchronization quality reported so far over more than 10GHz bandwidth.The correct decoding, however, depends strongly on the matching of all the parameters, in the same way as it was already investigated in the literature [20].The sensitivity of the decoding with respect to physical parameter mismatch is thus not revisited here.To check that the precise knowledge of the PRBS indeed brings significant additional security we consider in the following that the receiver parameters are identical to the transmitter.The differences δ 1 (t) = z 1 (t) − x 1 (t) and δ 2 (t) = w 2 (t) − y 2 (t) follow: where dε 1 /dt = δ 1 and dε 2 /dt = δ 2 .From Eq. ( 7) it turns out that δ 2 decays to zero after a time of order θ 2 .For R T1 = R T1 , once δ 2 decayed to zero, the RHS of Eq. ( 6) vanishes so that δ 1 also decays to zero after a time of order θ 1 .Therefore the receiver synchronizes perfectly to the emitter after a transient of order θ 1 + θ 2 .However, for a mismatched PRBS the RHS of Eq. ( 6) does not vanish and therefore δ 1 is finite, resulting in a degraded synchronization.Actually, for identical parameters, δ 2 decays to zero despite any eventual PRBS mismatch, thus the internal variable does synchronize.Synchronization degradation takes place on the transmitted variable.Fig. 4(a) displays the root-mean square synchronization error σ = δ 1 (t) 2 / x 1 (t) 2 as a function of the percentage of wrong bits η in the receiver PRBS, where stands for time average.σ grows fast from zero when the PRBSs differ.Even for a 1% difference in the PRBS key σ is close to 25% indicating a very poor synchronization.When synchronization is degraded, z 1 (t) does not replicate x 1 (t), and the quality of the recovered message decreases.The most relevant way to characterize this is by measuring the Bit Error Rate (BER) of the recovered message (Fig. 4(b)).The BER increases linearly with η.For a pseudorandom message of amplitude π/2 (≈ 30% of the carrier amplitude) transmitted at 10Gb/s a 1% mismatch in the PRBS leads to a BER of 0.01.Results are similar for keys of different length as shown in Fig. 4(b).
In conclusion we have shown that a digital key can be integrated with a chaos-based communication system in a way that it conceals the delay time and it is necessary for decoding.Besides bridging the gap between symmetrickey algorithmic cryptography and chaos-based encoding, the concealment of the time delay is particularly relevant to prevent from eventual eavesdropper attacks.In our phase-chaos electro-optical delay system the chaotic dynamics does not reveal the digital key so it is possible to use it in a repetitive way while concealing it.The interference generated by the two similar time delays present in our system plays a critical role in the mutual concealment.We have found that in a similar electro-optical setup for intensity chaos generation with a single delay time no concealment takes place.In our system, the effective key-space of the encryption can be defined as the product of the analog key size and the digital one.From another viewpoint, the mixing of a digital source of entropy, and an analogue one, can be viewed as an entropy amplification procedure, which is strongly relevant in terms of cryptographic security.Furthermore, the setup can be easily modified or reconfigured, both from the digital or analogue source of entropy.
On a broad perspective, as for PGP, chaotic symmetric encryption schemes as proposed here may be typically dedicated to high speed secure data transmission.Asymmetric encryption (based on algorithmic cryptography, mutually coupled optical chaos [21] or quantum key distribution [22]) could bring the complementary so-lution for efficient and secure (perhaps slower) secret key exchange.

Figs. 3 a
FIG. 3. (Color on line) Absolute value of the peaks in C(s)(a,c), and DMI (b,d), at T (•), T + δT2 ( ), T + δT1 (+) and T + δT1 + δT2 ( ).In a) and b) the PRBS amplitude is π/2 while in c) and d) the PRBS bit rate is 3Gb/s.Solid line and bars correspond to the background mean value and standard deviation[19].A series of length 267 times T was used.