Introduction Applications: Pay-TV, Confidential video conferencing, secure VOD service via network, Medical imaging systems, etc. Problems: 1) The well-developed modern ciphers cannot be directly used, because most of them run so slow (especially in software implementation). 2) Compression algorithms make it more difficult to incorporate the ciphers into the video system. State of the Art: Many different video encryption scheme have been proposed, but some of them are not secure and most of them are dependent of specific video format (chiefly MPEG-1 and 2).

Our New Scheme - CVES CVES – Chaotic Video Encryption Scheme. CVES is independent of any video compression algorithms; CVES can provide high security for real-time digital video with fast encryption speed; CVES can be simply realized both by hardware and software. CVES can be extended to support random retrieval of cipher- video with considerable maximal time-out (RRS-CVES: Random Retrieval Supported CVES). Essentially speaking, CVES is a universal fast cipher .

CVES – A General View

Chaotic Cryptography Chaos vs. Cryptography: Many fundamental characteristics of chaos, such as the mixing property and the sensitivity to initial conditions, can be connected with “confusion” and “diffusion” property in good ciphers. Three facts about presented chaotic ciphers: 1) Most chaotic block ciphers require to iterate the employed chaotic systems for many times to make the ciphertext independent of the plaintext, which will markedly reduce the encryption speed. 2) Most chaotic stream ciphers employ one single chaotic system to generate pseudo-random numbers to mask the plaintext, which may weaken the capability to resist potential attacks. 3) Generally, chaotic stream ciphers run much faster than chaotic block ciphers.

How to Realize Digital Chaotic Systems in Finite Precision? Problems: It has been found that the dynamical properties of digital chaotic systems are far different from the theoretical ones. The related problems include short cycle length, non- ideal distribution and correlation, etc. Remedies: In CVES, we use the perturbation-based algorithm presented in [24] to avoid this flaw: Use a simple pseudo-random number generator (PRNG) to make a small signal pt(i). The l lowest bits of the chaotic orbits are perturbed by pt(i) with fixed interval Δ.

CVES - Components ECS Pool: The kernel part of the whole CVES. 2n digital chaotic systems, which are called Encryption Chaotic Systems (ECS): ECS (1)~ECS(2n). All 2n ECS-es are based on a same one-dimensional chaotic map Fe(xe,pe) defined on I=[0,1], with different control parameters pe(1)~pe(2n). All ECS-es are realized in finite precision L (bits) with perturbation-based algorithm, and one maximal length LFSR (m-LFSR1, whose degree is L1) is used as the perturbing PRNG. The perturbing intervals are Δe(1)~ Δe(2n) respectively. The current states of the 2n ECS-es are denoted as xe(1)~xe(2n).

CVES - Components CCS: One digital chaotic systems (called Control Chaotic System) is used to control the 2n ECS-es. CCS is based on another chaotic map Fc(xc,pc) defined on I=[0,1]. CCS is also realized in finite precision L with perturbation-based algorithm, and m-LFSR2 with degree L2 is used as the perturbing PRNG. The perturbing interval is Δc. CIT: A Control Information Table (CIT) stores the required information of CVES. Stream Sub-Cipher: A 2n×1 MUX controlled by CCS is used to select an ECS to generate a L-bit chaotic key, which is used to XOR the plain-cluster L-bit block by L-bit block. Block Sub-Cipher: A 2n×2n L-bit sorter and 2n n-bit memory units compose a Pseudo-Random S-Box Generator (PRSBG). Then generate a pseudo-random n×n S-Box, which is used to substitute the pre-masked plain-cluster n-bit block by n-bit block.

CVES – Encryption/Decryption Secret key: K={xc,pc}. Initialization: 1)Iterate CCS for 2n times to obtain 2n initial conditions xe0(1)~xe0(2n) for all ECS-es. 2)Iterate CCS for 2n times to obtain 2n control parameters pe0(1)~pe0(2n) for all ECS-es. Any two must not be same. 3) Sort xe0(1)~xe0(2n) to generate a rank sequence l(1)~l(2n). Then Δe(i)=Pr(l(i)), where Pr(i) denotes ith prime number larger than 2. Iterate CCS for several times to obtain Δc, which should be a prime number smaller than 2n. 4) Iterate each ECS(i) for η>λ(i) times, where λ(i) is its Lyaponov exponent. Encryption/Decryption Procedure: See Slide 4.

RRS-CVES – Modified CVES Initialization: Three operations are added. 1) Run CCS for 2+2n times to generate two L-bit numbers p+, x+ and 2n m-bit numbers τe(1)~τe(2n). Here, gcd(τe(i),2)=1 and τe(i)≥τmin. 2) Sort pe0(1)~pe0(2n) to generate a sequence re(1)~re(2n). 3) Set the 2·2n L-bit numbers to 0: C1(1)~C1(2n), C2(1)~C2(2n). Encryption Procedure: Only the stream sub-cipher is modified. For jth L-bit plain-block, select ECS(re(j mod 2n)) as the current ECS. ECS(i) runs once, C1(i)++. If C1(i) mod τe(i)=0, reset ECS(i) as follows: C1(i)=0, C2(i)++, xe(i)=xe0(i)=(xe0(i)+x+) mod 2L. If C2(i) mod τe(i)=0, reset ECS(i): C1(i)=C2(i)=0, pe(i)=pe0(i)=(pe0(i)+p+) mod 2L. Reconstruct: Assume the total number of L-bit cipher-blocks Before the cipher-cluster is Il. We can reconstruct all 2n ECS-es within considerable maximal time-out.

CVES/RRS-CVES – Configuration L: Since the key space is 22L, L should be large enough to provide high security. L=32 or 64 is suggested. n: Apparently, the realization complexity has positive relation with n. So n can not be too large, and we suggest n=8. The Cluster Size: It can slightly adjust the speed. m and τmin: We suggest m≤n and τmin≥2n/2 to reduce the maximal time-out of RRS-CVES. The Chaotic Maps: We suggest using the PLCM in [27,28].

CVES – Performance: Speed Assume all ECS-es and CCS are based on the PLCM in [27, 28], and the cluster size is fixed: Pmax·L bits. Hardware - Assume the basic clock frequency is fb MHz and the time consuming by the sorter is τs clock cycles, the speed of CVES will be fb/(1+1/n+τs/(Pmax·L)) Mbps, which is faster than most conventional ciphers. 2) Software - The speed under WindowsTM OS is tested with Visual C++. The speed is about 1/10 of the CPU frequency (60Mbps on a 667MHz Pentium®III PC). Such a speed is rather high for a software cipher. 3) The initialization consumes not too much time, and the maximal time-out of RRS-CVES is not too large.

CVES – Performance: Security Essentially features to avoid potential attacks: a) The independent 2n+1 digital chaotic systems. b) The different pseudo-random S-Box for different cluster. c) The product of the stream cipher and the block cipher. Cryptographic properties: a) Balance; b) Avalanche property. Stream sub-cipher: Huge cycle length; Block sub-cipher: Perfect pseudo-random S-Boxes with equiprobable and symmetric distribution.

CVES – Performance: Realization Complexity and Experiments Realization Complexity: One L-bit digital dividers, a 2n×2n sorter, two perturbing m-LFSR-s, and some memory units (not too many). Experiments: See the following figures. For a uncompressed digital video, we test the practical performance of CVES. In Fig. 2, we give the comparison of one plain-frame and the cipher- frame. We can see the plain-image is encrypted to a cipher-image with uniform histogram, which implies CVES is perfect.