An Improved Multi-Chaotic Public Key Algorithm Based on Chebyshev Polynomials

Abstract

Due to the similar characteristics of chaotic systems and cryptography, public key encryption algorithms based on chaotic systems are worth in-depth research and have high value for the future. Chebyshev polynomials have good properties and are often used in the design of public key algorithms. This paper improves the Bose Multi-Chaotic Public Key Cryptographic Algorithm (BMPKC) by applying Chebyshev polynomials. The proposed algorithm (CMPKC-$k_i$) introduces the selective coefficient $k_i$ based on the properties of Chebyshev polynomials, allowing the special functions that need to be negotiated in the original system to be freely and randomly chosen as Chebyshev polynomials, and can also be expanded to m levels. The improved cryptographic algorithm also utilizes chaotic hash functions and logistic mapping to generate pseudo-random sequences and overcomes shortcomings of the Bose algorithm by iteratively iterating the selected Chebyshev polynomials based on the number of 0s or 1s in the pseudo-random sequence, thus providing better security. Analysis and software testing results indicate that this algorithm has strong robustness against brute force attacks, achieving a higher attack time for breaking the private key compared to the CEPKC, BMPKC, and CMPKC algorithms. Compared to the CMPKC algorithm, our proposal algorithm achieves better performance in the encryption and decryption phases. Furthermore, we combine this Multi-Chaotic System Key Exchange Protocol with the Advanced Encryption Standard (AES) algorithm, while providing a demonstration, offering more possibilities for practical applications of this system.

1. Introduction

With the advent of cloud computing, the Internet of Things, the mobile internet, and the big data era, security threats brought by the deployment of new technologies are constantly expanding, and designing new high-performance encryption schemes has become an important problem to be urgently solved. Compared with traditional encryption systems, chaotic public key cryptography has higher security, better resistance to attacks, a longer validity period, and more application areas [1,2]. As a new direction in the field of public key cryptography research, it is still in the initial stage and has very important exploratory value.

Cryptography is a very active research field, with traditional ciphers mainly including DES, AES, RSA, and other algorithms [3]. In recent years, new ideas have stimulated many new forms of cipher systems, primarily including quantum cryptography [4], visual cryptography [5], biometric cryptography [6], DNA cryptography [7], homomorphic cryptography [8], attribute-based encryption [9], and Post-Quantum Cryptography [10,11].

Chaos theory is considered the third revolution in physics in the 20th century, following relativity and quantum mechanics. It is the seemingly random behavior generated by deterministic systems. It has extreme sensitivity to initial conditions and parameters, and long-term unpredictability, which conforms to some characteristics of cryptography, opening a new field of research in chaotic cryptography. In 1949, Shannon [12] pointed out the confusion and diffusion principles in cipher design, which correspond precisely to the pseudo-randomness and sensitivity to initial conditions of chaotic systems: the ergodicity and topological mixing of chaotic systems correspond to the confusion properties of ciphers; on the other hand, the extreme sensitivity of chaotic systems to initial conditions and control parameters corresponds to the diffusion properties of ciphers. Diffusion can create an avalanche effect, producing completely different outputs from tiny changes to the initial input. This suggests that chaos can be applied to the field of cryptography. Alvarez et al. [13] summarized some relationships between chaotic systems and cryptography. Chaotic cryptography theory emerged in the mathematics and physics fields in the early 1960s, and it is known as one of the three major scientific revolutions of the 20th century along with quantum theory and relativity. In 1989, Matthews proposed the chaotic cipher algorithm, which provided a chaotic sequence cipher scheme based on modified logistic mappings [14]. In particular, Pecora and Carroll published an article on chaotic synchronized secure communication in 1990 [15], sparking a research wave in chaotic cryptography. At the same time, analysis of chaotic cipher systems has also been carried out, proving the insecurity of some chaotic cipher systems and proposing improvement measures. In recent years, significant progress has been obtained in the research of chaotic cryptography [16,17,18,19,20,21], but there are still some challenging problems to be solved, such as the problem of finite precision digitization of chaotic systems, the security and efficiency of chaotic cipher design, etc. Therefore, compared with traditional cryptography, the development of chaotic cryptography is still not mature and perfect, lacking sufficient persuasiveness. On the other hand, compared with symmetric cryptography, the study of chaotic public key cryptography is relatively weak. Designing public key cryptographic systems based on chaotic systems is a new scientific exploration attempt, which has important research value and significance.

1.1. Trend

Currently, traditional public key encryption algorithms may have some potential issues, such as the threat of quantum computing, increasing key length requirements, and having specific algorithmic characteristics that are vulnerable to targeted attacks. Although the capability of chaotic cryptography to resist quantum computing is still under research, it offers a new approach that is different from traditional public key encryption. Chaotic encryption algorithms can provide more efficient computational performance than traditional public key algorithms, especially in resource-constrained environments such as IoT devices. Certain characteristics of chaotic systems allow for the design of lightweight encryption schemes, thereby saving computational and energy resources. Therefore, it is necessary to find new practical public key cryptographic algorithms as a supplement or replacement to current public key cryptographic algorithms.

Table 1. Major research history of chaotic public key cryptography.

Year	Author	Description	Evaluation
1987	Puhua, G. [22]	A public key cryptography algorithm based on cellular automation, which can be seen as a discrete dynamical system.	It has significant limitations, such as performing poorly in processing large-scale data, with slow computational processes that cannot meet real-time requirements.
2003	Kocarev, L. [23,24] Bergamo, P. [25]	A chaotic public key cryptography algorithm based on Chebyshev polynomials, which is extended to finite fields due to security flaws and deployed in applications such as key exchange protocols and digital signatures.	It represents a primary focus within the realm of chaotic public key cryptography, marking the inaugural application of Chebyshev polynomials in a more extensive manner to public key encryption algorithms.
2004	Kocarev, L. [26]	A public key cryptography algorithm based on toroidal self-isomorphism, which can be seen as an extension of public key cryptography based on Chebyshev polynomials.	The algorithm’s security is claimed to be consistent with the RSA algorithm and is purportedly applicable to the ElGamal and Rabin public key algorithms. However, only a simple example is provided, and the conclusion awaits confirmation.
2005	Bose, R. [27] Zhang, L. [28]	A public key cryptography algorithm based on multiple chaotic systems.	It has been proven to have security flaws, such as its susceptibility to brute force attacks.
2009	Ariffin, M.R.K. [29] Blackburn, S.R. [30]	A new public key cryptography algorithm constructed using the $A{A}_{\beta }$ chaotic system, claiming to have the same level of security as the classical discrete logarithm problem.	By solving the discrete logarithm problem modulo 1, it has been demonstrated that this cryptographic system is not sufficiently secure.
2010	Algehawi, M.B. [31] Haifeng, Q. [32]	An identity-based encryption scheme is proposed based on Chebyshev chaotic mapping (IBE).	It has security flaws. People can more easily attack by exploiting the semi-group property of extended Chebyshev polynomials on $Z_p$.
2014	Islam, S.K.H. [33]	New identity-based encryption and signature schemes are proposed based on Chebyshev polynomials.	The security and efficiency still need to be verified.
2014	Lai, H. [34]	A three-party key exchange protocol is proposed based on Chebyshev polynomials and proven to be secure in the standard model.	It has promoted the progress of chaotic public key cryptography research as the protocol is the first provably secure 3PAKE protocol using Chebyshev chaotic maps under the standard model.
2015	Lee, T.F. [35]	A three-party key exchange protocol based on Chebyshev chaotic mapping is proposed based on password authentication.	Its security can be proven in the random oracle model.
2018	Abd-El-Atty, B. [36]	An efficient cryptosystem is based on the Logistic-Chebyshev map.	Its security has not been verified yet.
2021	Tan, Z. [37]	A secure dual-factor key agreement protocol based on Chebyshev polynomials.	Preliminarily addressed the issue of user unlinkability in authentication key protocols based on chaotic maps.
2022	Meshram, C. [38]	Secure client authentication based on Chebyshev chaotic mapping.	It has higher security and computational performance.
2023	Meshram, A. [39]	An efficient three-party authenticated key exchange process (AKEP) is proposed using Chebyshev chaotic mapping.	It presents a novel type of key exchange process, based on an efficient three-party authenticated key exchange procedure (AKEP) using Chebyshev chaotic maps with client anonymity.

lists the development of chaotic public key cryptography in chronological order, with people attempting to design public key cryptographic algorithms using cellular automata, chaotic iterative structures, distributed dynamical systems, multi-chaos systems, Chebyshev polynomials, torus automorphisms, etc. However, there are security flaws or low efficiency problems in all of them, which is why chaotic public key cryptography cannot match traditional public key cryptography. As a new direction in the field of public key cryptography research, chaotic public key cryptography is still in its early stages and has very important exploratory value.

According to Table 1, the development of chaotic public key cryptography, especially the Chebyshev-based public key cryptography discussed in this paper, can be roughly divided into three time periods, as shown in Figure 1.

• In the embryonic stage, researchers started to explore the design of public key cryptography algorithms using different chaotic systems, such as cellular automata, distributed dynamical system models, Chebyshev chaotic mappings, chaotic synchronization systems, etc.
• In the development stage, more attention was paid to the security of chaotic public key cryptography algorithms, especially the analysis and improvement of Chebyshev-based public key cryptography algorithms, to achieve higher security and efficiency.
• In the expansion stage, chaotic public key cryptography algorithms were extended to other aspects of cryptography, such as identity-based public key encryption schemes, key exchange protocols, digital signature schemes, provable security, etc.

In the early schemes of chaotic public key cryptography, Puhua proposed a chaotic public key algorithm based on cellular automata, which was not practical due to its limitations [22]. Tenny et al. proposed a distributed dynamical model chaotic synchronization public key encryption scheme [40], but it did not adhere to the principle of “all secrets are embedded in the keys” and had potential vulnerabilities against digital attacks. Subsequently, Bose proposed a public key cryptography algorithm based on multiple chaotic systems [27], but it also suffered from security and efficiency issues. Public key cryptography based on multiple chaotic systems and Chebyshev polynomials remains of high value in chaotic public key cryptography research and is the focus of this project. Currently, Kumar et al. has further extended Chebyshev-based public key cryptography and proposed new encryption schemes [41], Islam has proposed new identity-based encryption and signature schemes [33], and Hong Lai et al. has proposed a three-party key exchange protocol based on Chebyshev polynomials and proved its security in the standard model, driving the advancement of chaotic public key cryptography theoretical research [34]. Chatterjee et al. proposed a new multi-server authentication scheme based on Chebyshev chaotic mappings, which is low in computation and communication costs and has been widely cited by scholars [42]. Attaullah et al. proposed a new cryptographic technique based on improved Chebyshev mapping and verified the effectiveness of the expected algorithm [43]. Louzzani et al. proposed a new chaotic Chebyshev polynomial-generating function and applied it to image encryption with good resistance against various attacks [44]. In recent years, chaotic public key cryptography has achieved some new research results [45,46,47,48].

1.2. Contribution

Our approach includes evaluating and discussing several modified Chebyshev public key cryptographic algorithms and understanding their performance and security compared to our proposed algorithm. Specifically, in our proposed improved chaotic multiple public key cryptographic algorithm based on Chebyshev polynomials (CMPKC-$k_i$), we aim to design a multiple chaotic public key algorithm using Chebyshev polynomials. The algorithm introduces the concept of selective coefficient $k_i$ based on the properties of Chebyshev polynomials, allowing the original system’s special functions $f_1(x)$ and $f_2(x)$ that need to be negotiated to be freely chosen as Chebyshev polynomials $f_{k_{\alpha }}(x)$ and $f_{k_{\beta }}(x)$, where the selection of $k_{\alpha }$ and $k_{\beta }$ is randomly determined by $k_i$ and can also be extended to m levels. The improved cryptographic algorithm also utilizes chaotic hash functions and logistic mapping to generate pseudo-random sequences and overcomes the four shortcomings of the Bose algorithm by iteratively iterating $f_{k_{\alpha }}(x)$ and $f_{k_{\beta }}(x)$ based on the number of 0s or 1s in the pseudo-random sequence, thus providing better security. Analysis and experimental results show that the algorithm has strong robustness against common attacks, achieving a higher attack time to break private keys compared to other variants, proving the algorithm’s security against such attacks. Compared to other similar variants of Chebyshev polynomial public key algorithms, our proposal achieves better performance in the encryption and decryption stages. Furthermore, we combine this multiple chaotic system key exchange protocol with the Advanced Encryption Standard (AES) algorithm and provide a demonstrative example.

1.3. Organization

The remainder of this paper is organized as follows: Section 2 focuses on demonstrating Chebyshev chaotic mapping, the CEPKC algorithm, and the corresponding research work performed to upgrade and improve public key encryption schemes using the Chebyshev system. Then, we improved a public key encryption algorithm and provide related examples and flowcharts in Section 3. Section 4 emphasizes the software implementation and example verification of the proposed method, while Section 5 presents the performance, analysis, and discussion of the method in terms of security. Finally, Section 6 summarizes this paper and proposes future directions for work.

2. Preliminary

2.1. Chebyshev Chaotic Mapping

Definition 1.

Let $n$ be a positive integer, $x\in [-\mathrm{1,1}]$, and the $n$ order Chebyshev polynomial $T_n(x):[-\mathrm{1,1}]\to [-\mathrm{1,1}]$ is defined as:

$$T_n(x)=\mathit{cos}(n·\mathit{arccos}(x))$$

(1)

$T_n(x)$ can also be defined using the following recursive relation:

$$T_n(x)=2x{T}_{n-1}(x)-T_{n-1}(x),n\ge 2$$

(2)

where in $T_0(x)=1,T_1(x)=x$. from Equation (2), it can be observed that the first $n$ terms of the Chebyshev polynomial are:

$$T_2(x)=2x^2-1,T_3(x)=4x^3-3x,T_4(x)=8x^4-8x^2+1,\cdots$$

Chebyshev polynomials possess two important properties: the semi-group property and the chaotic property [49].

2.1.1. Semi-Group Property

$T_r(T_s(x))=\mathit{cos}(r{\mathit{cos}}^{-1}(\mathit{cos}(s{\mathit{cos}}^{-1}(x))))=\mathit{cos}(rs{\mathit{cos}}^{-1}(x))=T_{sr}(x)=T_s(T_r(x))$, where $r$ and $s$ are positive integers and $x\in [-\mathrm{1,1}]$. To utilize the properties of Chebyshev polynomials in the subsequent context, it is necessary to generalize their properties.

Theorem 1.

Chebyshev polynomials satisfy the semi-group property everywhere in the interval $(-\infty , +\infty )$, i.e.,

$$T_r(T_s(x))=T_{rs}(x)=T_s(T_r(x))$$

(3)

2.1.2. Chaotic Property

The Chebyshev map is a one-dimensional chaotic map with favorable nonlinear dynamic properties. Chaos occurs when the control parameter $\mu$ is greater than 1. When greater than 2, the map remains in a chaotic state. Figure 2 shows the bifurcation diagram of the Chebyshev map. Figure 3 shows the bifurcation diagram of the improved Chebyshev chaotic map $x_{n+1}=a·(1-2x_n^2)$.

2.1.3. Lyapunov Exponent

The Lyapunov exponent is an important indicator of the dynamic behavior of nonlinear systems. In this section, the Lyapunov exponent (LE) is further used to analyze the predictability of the Chebyshev chaotic system. When $n>1$, the Chebyshev polynomial has an invariant density distribution of $f^{*}(x)={\displaystyle \frac{1}{\pi \sqrt{1-x^2}}}$ and a positive Lyapunov exponent of $\lambda =\mathit{ln}n>0$, indicating its chaotic property. Figure 4 shows the Lyapunov Exponent of the Chebyshev Map.

2.1.4. Information Entropy

Information entropy is usually used to measure the uncertainty of a variable. The greater the uncertainty of variables, the higher the information entropy, which is defined as $H(x)={\sum }_{i=0}^{L-1}p(x_i)\mathit{log}{\displaystyle \frac{1}{p(x_i)}}$, where $X=\left\{x_i\left|x_i\in \left[\mathrm{0,255}\right]\right.\right\}$, $p\left(x_i\right)$ is the probability of $x_i$ and $L=256$ for grayscale images. The maximum value of information entropy is 8 for grayscale images.

Figure 5 shows the information entropy diagrams of the Chebyshev chaotic maps. It can be seen that the entropy values of the output sequence generated by the Chebyshev map stabilize within a good range when $\mu >2$, indicating that the Chebyshev map exhibits a high degree of unpredictability.

2.2. Chebyshev-ElGamal Public Key Cryptographic Algorithm (CEPKC)

In [50], Kocarev et al. utilized the semi-group properties and chaotic characteristics of Chebyshev chaotic mapping to propose a Chebyshev polynomial-based ElGamal-like public key cryptography algorithm, with the ElGamal public key cryptography algorithm as a blueprint. This algorithm does not require the generation of large prime numbers as private keys, and has high computational efficiency. In the algorithm, r and s are large random integers, and $x\in [-\mathrm{1,1}]$. Due to the chaotic characteristics, $s$ and $T_s\left(x\right)$ can be seen as independent random numbers. However, the inverse operation of the trigonometric function definition in the Chebyshev chaotic mapping leads to the ciphertext information being $c=(c_1,c_2)=(T_r(x),T_s(x))$, from which an adversary can compute:

$$r^{\prime }=round\left(\underset{k\in Z}{min}\left\{\left|{\displaystyle \frac{\pm \mathit{arccos}(T_r(x))+2k\pi }{\mathit{arccos}x}}\right|\right\}\right),$$

(4)

as $T_{rs}(x)=T_{sr}(x)=T_s(T_r(x))=T_s(T_{r^{\prime }}(x))={T_s}_{r^{\prime }}(x)=T_{r^{\prime }}(T_s(x))$ and the adversary can recover the plaintext $m=c_2·(T_{r^{\prime }}(T_s(x)){)}^{-1}$. Similarly, the adversary can compute $s^{\prime }$ using Equation (4) to steal Bob’s equivalent private key. To enhance security, Kocarev et al. extended the definition of Chebyshev polynomials from the real field to the finite field $(Z_N,+,\times ),$ as shown below:

$$T_n(x)=(2x{T}_{n-1}(x)-T_{n-2}(x))(\mathit{mod}N),$$

(5)

where $n\ge 2$ and $N$ is a large prime number. It can be proven that the semi-group properties of Chebyshev polynomials still hold in the finite field $Z_N$. Since $T_n(x)$ is an algebraic expression, Equation (6) holds.

$$T_n(x)(\mathit{mod}N)=T_n((x(\mathit{mod}N)))(\mathit{mod}N).$$

(6)

Therefore, the semi-group expression of Chebyshev polynomials in the finite field can be derived, as shown in Equation (7).

$$T_r(T_s(x))(\mathit{mod}N)=T_{sr}(x)(\mathit{mod}N)=T_s(T_r(x))(\mathit{mod}N).$$

(7)

For any Chebyshev polynomial $T_n(x)$ in the finite field $Z_N$, it can also be represented as:

$$T_n(x)=(a_n{x}^n+a_{n-1}{x}^{n-1}+\cdots +a_{1}x+a_0)(\mathit{mod}N).$$

(8)

At the current stage, no inverse function expression for finite field Chebyshev polynomials has been found.

2.2.1. CEPKC Algorithm

Assuming Alice is the sender and Bob is the receiver, the communication process of the ElGamal-type public key algorithm based on finite field Chebyshev polynomials (CEPKC) proposed by Kocarev et al. [51] is as follows:

• Key generation. Bob randomly generates a large prime number $N$, chooses positive integers $x$ and $s$, such that $x<N$, $s<N$, and computes $y=T_s(x)\mathit{mod}N$. Bob’s public key is $(x,N,y)$, and the private key is $s$.
• Message encryption. After receiving Bob’s public key $(x,N,y)$, Alice converts the message to be encrypted into an integer $m(1<m<N)$. She chooses a random number $r$, such that $0<r<N$. Using the public key $(x,N,y)$, she calculates $c_1=T_r(x)(\mathit{mod}N)$ and $c_2=(m·T_r(y))(\mathit{mod}N)$ then sends the ciphertext message $c=(c_1,c_2)$ to Bob.
• Message decryption. Upon receiving the ciphertext message $c$, Bob can decrypt it using the private key $s$ to recover the plaintext message $m=(c_2·T_s(c_1{)}^{-1})(\mathit{mod}N)$.

2.2.2. Parameter Selection in the Algorithm

The selection of parameters is crucial to ensure the security of the CEPKC public key cryptographic algorithm, and the following principles [25,52] are mainly considered:

• Selection of parameter $N$: If $N$ is a prime number, it is desirable to make $N+1$ or $N-1$ have no factors other than 2, in which case $N$ is called a strong prime; if $N$ is a composite number, $N={\Pi }_{i=1}^{\phi }{p}_i^{k_i}$, where $p_i$ is a prime number and it is preferable to have $p_i$ as a strong prime, ideally $\phi \le 3$. When properly chosen, the probability of small cycles occurring is minimized.
• Principles for selecting parameter $x$: For the above prime number $N$, $x$ is a parameter for the seed of $T_n(x)$. Randomly choose an integer $x\in Z_N^{*}$, where $Z_N^{*}$ denotes the group on $Z_N$, with $x\ne 1$. If $N+1={\Pi }_{i=1}^{\phi }{p}_i^{k_i}$, where $p_i$ is a prime number, $i\in (1,\phi )$, let $n={\displaystyle \frac{N+1}{p_i}}$ and compute $T_n(x)$. If $T_n(x)=1$ and $p_i\ne 2$, restart. Repeat until the desired parameter $x$ is obtained. When $N$ and $x$ are appropriately chosen, the probability of small cycles is minimized, and the security of the finite field CEPKC encryption scheme can be effectively enhanced.

2.3. Bose Multi-Chaotic Public Key Algorithm (BMPKC)

A public key encryption algorithm based on the multi-chaos system ($\tilde{m}$-CS) [27] is divided into the following basic steps. For ease of reading, let us assume $\tilde{m}$= 2, so $\tilde{m}$-CS is C-CS (a couple of chaotic systems) in this case. Assume there are two different one-dimensional chaotic maps $F_1(x_1,p_1)$ and $F_2(x_2,p_2)$, such that $x_1(i+1)=F_1(x_1(i),p_1),{ x}_2(i+1)=F_2(x_2(i),p_2)$, where $p_1,p_2$ are control parameters, $x_1(0)$,$x_2(0)$ are initial conditions, and $\{x_1(i)\}$,$\{x_2(i)\}$ denote the two chaotic orbits.

Step 1. Alice and Bob determine the linear transformations $f_1(x)$ and $f_2(x)$, chaotic mappings $F_1(x_1, p_1)$ and $F_2(x_2, p_2)$, and initial vector $x_0$ through public negotiation $x_1(i+1)=F_1(x_1(i),p_1),x_2(i+1)=F_2(x_2(i),p_2)$, where $p_1,p_2$ are control parameters, $x_1\left(0\right),x_2(0)$ are initial conditions, and $\{x_1(i),x_2(i)\}$ denote the two chaotic orbits.

Step 2. Alice randomly selects key seeds $s_{A1}$ and $s_{A2}$ and a large number $n_A\in [0, N]$, inputs these parameters into a pseudo-random sequence generator, outputs a $\{0, 1\}$ sequence $k_{iA}$ of length $n_A$, iterates $x_0$ for $n_A$ times based on the content of $k_{iA}$ to obtain $x_{nA}$, and passes $x_{nA}$ as the public key to Bob, $x_i=h(x_{i-1}, k_i)$,

$$h_2(x, k)=\left\{\begin{array}{c}{f}_1(x) if k=0, \\ f_2(x) if k=1.\end{array}\right.$$

(9)

$k_i$ is the defined pseudo-random sequence $k_i=g(x_1(i),x_2(i))$, where

$$g\left(x_1\left(i\right), x_2\left(i\right)\right)=\left\{\begin{array}{c}1, if x_1>x_2, \\ no output, if{ x}_1=x_2, \\ 0, if x_1<x_2.\end{array}\right.$$

(10)

Step 3. Similarly, Bob secretly selects key seeds $s_{B1}$ and $s_{B2}$ and a large number $n_B\in [0, N]$, inputs these parameters into a pseudo-random sequence generator, outputs a $\{0, 1\}$ sequence $k_{iB}$ of length $n_B$, iterates $x_0$ for $n_B$ times based on the content of $k_{iB}$ to obtain $x_{nB}$, and passes $x_{nB}$ as the public key to Alice.

Step 4. Alice iterates $x_{nB}$ for $n_A$ times based on $k_{iA}$ to obtain $x_{nB+nA}$.

Step 5. Bob iterates $x_{nA}$ for $n_B$ times based on $k_{iB}$ to obtain $x_{nA+nB}$.

Since $f_1(x)$ and $f_2(x)$ are both linear transformations, and $f_1\circ f_2=f_2\circ f_1$, we have

$$x_{nB+nA}=f_1^{n_{A1}}{f}_2^{n_{A2}}(x_{nB})=f_1^{n_{A1}}{f}_2^{n_{A2}}{f}_1^{n_{B1}}{f}_2^{n_{B2}}(x_0)=f_1^{n_{A1}+n_{B1}}{f}_2^{n_{A2}+n_{B2}}(x_0),$$

(11)

where $n_{A1},n_{A2},n_{B1},n_{B2}$ are the numbers of 0s and 1s in $k_{iA}$ and $k_{iB}$. Obviously, $n_{A1}+n_{A2}=n_A$, $n_{B1}+n_{B2}=n_B$. Similarly, $x_{nA+nB}=f_1^{n_{A1}+n_{B1}}{f}_2^{n_{A2}+n_{B2}}(x_0)$, so $x_{nA+nB}=x_{nB+nA}$, which is used as the actual key.

The process of the algorithm is shown in Figure 6.

Similarly, by extending the function $h_2(x, k)$ in the algorithm to $\tilde{m}$ times $h_{\tilde{m}}(x, k)$, the linear function count becomes $\tilde{m}$ and the corresponding selection functions are

$$h_{\tilde{m}}(x, k)=\left\{\begin{array}{cc}{f}_1(x)\hfill & if k=1, \hfill \\ f_2(x)\hfill & if k=2,\hfill \\ ⋮\hfill \\ f_{\tilde{m}}(x)\hfill & if k=\tilde{m}.\hfill \end{array}\right.$$

(12)

The choice of $K$ is given by the defined pseudo-random sequence $k_i=g(x_1(i),x_2(i),\dots ,x_{\tilde{m}}(i))$, where $g(x_1(i),x_2(i),\dots ,x_{\tilde{m}}(i))$ follows the conditions described in Equation (13).

$$g(x_1(i),x_2(i),\dots ,x_{\tilde{m}}(i))=\left\{\begin{array}{c}1, if x_1>x_2, x_1>x_3, \cdots ,x_1>x_{\tilde{m}}, \\ 2, if x_2>x_1, x_2>x_3, \cdots ,x_2>x_{\tilde{m}}, \\ ⋮\\ r, if x_r>x_1, x_r>x_2, \cdots ,x_r>x_{\tilde{m}}, \\ ⋮\\ \tilde{m}, if x_{\tilde{m}}>x_1, x_{\tilde{m}}>x_2, \cdots ,x_{\tilde{m}}>x_{\tilde{m}-1}.\end{array}\right.$$

(13)

2.4. Multi-Chaotic Public Key Cryptographic Algorithm Based on Chebyshev Polynomials

In [27], Bose proposes a specific design case, where the key point of the algorithm lies in both $f_1(x)$ and $f_2(x)$ being linear transformations and satisfying $f_1\circ f_2=f_2\circ f_1$. In fact, $f_1(x)$ and $f_2(x)$ do not need to be strictly linear transformations, so the commutative property becomes particularly important. The semi-group property of Chebyshev polynomials happens to satisfy this property.

To avoid attacks based on the 2-norm as presented by Wang et al. [53], Su et al. propose a multi-chaos public key algorithm based on Chebyshev polynomials (CMPKC). The key exchange step of this algorithm is like Bose’s multi-chaos public key algorithm, as shown in Figure 7 for $\tilde{m}$ = 2.

It is easy to see that the basic ideas of these two algorithms are consistent, with the difference being that the former involves Alice and Bob publicly negotiating $\tilde{m}$ linear functions $f_1(x),f_2(x),\cdots ,f_{\tilde{m}}(x)$ that satisfy the commutative property, while the latter involves Alice and Bob publicly negotiating $\tilde{m}$ choice functions $f_1(x),f_2(x),\cdots ,f_{\tilde{m}}(x)$ as Chebyshev polynomials with mutually prime degrees. Since Chebyshev polynomials have the semi-group property, they still satisfy the requirements of a public key encryption scheme. At this point, $x_i=h(x_{i-1}, k_i)$.

$$h_{\tilde{m}}(x, k)=\left\{\begin{array}{cc}{f}_1(x)(\mathit{mod}N)\hfill & if k=1, \hfill \\ f_2(x)(\mathit{mod}N)\hfill & if k=2, \hfill \\ ⋮\hfill \\ f_{\tilde{m}}(x)(\mathit{mod}N)\hfill & if k=\tilde{m}.\hfill \end{array}\right.$$

(14)

2.5. Security Analysis of the Algorithm Above

The Bose algorithm (RMPKC) combines the Diffie–Hellman protocol framework. The authors of Reference [53] point out that attacking this algorithm is equivalent to solving the Diffie–Hellman problem, and the difficulty is $(NP{)}^{\tilde{m}}$, where $N$ and $P$ represent the key space size and the complexity of the linear transformation, respectively. However, the algorithm still has the following shortcomings [28]:

Let $C$ be a complex field, and $C^n$ be the $n$-dimensional vector space of $C$. At this point, the linear transformation $f_1\left(x\right), { f}_2(x)$ can be represented as $f_1(x)=x·L$, $f_2(x)=x·R$. Since $f_1\circ f_2=f_2\circ f_1$, this means that $LR=RL$; therefore,

$$x_{nA}=x_0·L^{n_{A1}}{R}^{n_{A2}}.$$

(15)

• If $f_1(x)$ and $f_2(x)$ are linear transformations on the vector space $C^n$, it is difficult to choose suitable linear transformations $f_1$ and $f_2$, since $f_1\circ f_2=f_2\circ f_1$ does not hold in this space.
• Let $A$ be any norm of $‖A‖$, if $‖L‖<1$ and $‖R‖<1$, when $n_{A1}$ and $n_{A2}$ are two large integers, the statistical characteristics of the $n$-tuple vector $x_{nA}$ are poor. In fact, in the instances given by Bose, despite $x_0$ being secret, there are still potential security issues, such as when $k>1$ and $n\to 8$, $k^n\to 8$; when $k<1$ and $n\to 8$, $k^n\to 0$. This requires that $n_A$ cannot be a large integer, otherwise the statistical characteristics of the public key will be compromised.
• Although it is difficult for an attacker to infer the specific operational steps from the seed $x_0$ to the public key $x_{nA}$, they can still calculate $\left|n_{A1}-n_{A2}\right|$ by conducting single-bit tests on Alice’s pseudo-random sequence generator. Letting $n_0$, $n_1$ denote the number of 0s and 1s in an arbitrary bit sequence of length $n$, the statistic is

  $$X={\displaystyle \frac{(n_0-n_1{)}^2}{n}}.$$

  (16)

This approximately follows a ${\chi }^2$ distribution with 1 degree of freedom, so $P(X<3.8415)>0.5$ and $\left|n_{A1}-n_{A2}\right|<\sqrt{3.8415n_A}$. Let $s=⌈\sqrt{n_A}⌉$, then $\left|n_{Ai}-⌊0.5n_A⌋\right|<\sqrt{3.8415n_A}/2<s,i\in \left\{1,2\right\}$. Furthermore, based on Equation (15), we have

$$x_{nA}=x_0·(LR{)}^{⌊0.5n_A⌋}{L}^{\xi }{R}^{\zeta },$$

(17)

where $\xi =n_{A1}-⌊0.5n_A⌋,\zeta =n_{A2}-⌊0.5n_A⌋$, such that $\xi ,\zeta \in \left\{0,\pm 1,\cdots ,\pm s\right\}$.

We can see that the algorithm provides three design parameters: the size $N$ of the key, the computational complexity $P$ of linear functions, and the number $\tilde{m}$ of linear functions. By analyzing the properties of the $\tilde{m}$-CS pseudo-random sequence generator, we deduce that the computational degree of the algorithm is $(NP/\tilde{m}{)}^{\tilde{m}}$, which is lower than $(NP{)}^{\tilde{m}}$. In fact, the attacker can be computed as

$$x_{i, i_1, \cdots ,i_{\tilde{m}}}=f_1^{i+i_0}{f}_2^{i+i_1}\cdots f_{\tilde{m}}^{i+i_{\tilde{m}-1}}(x_0),$$

(18)

where $i\in \left\{1,2,\cdots ,⌊n_A/\tilde{m}⌋\right\}$, $i_k\in \left\{0,1\right\}(k=1,2,\cdots ,⌈\sqrt{N}⌉)$.

Based on $x_{n_A}\in \left\{x_{i, i_1, \cdots ,i_{\tilde{m}}}\right\}$, the computational complexity of breaking the private key $n_A$ can be calculated as

$$C_{break}\le {\sum }_{i=1}^{⌊N/\tilde{m}⌋}iP·\tilde{m}·N^{0.5\tilde{m}}.$$

(19)

4.

Since it requires step-by-step adaptation to the selection rules, Alice cannot use a fast algorithm to encrypt messages. Nonetheless, the attacker can estimate $n_A$ and calculate the weight of the matrix through a sum of squares algorithm. In the worst case scenario, the time consumed for encryption and decryption are equal, so this mode cannot withstand brute force attacks.

Regarding the four shortcomings mentioned above, the CMPKC public key algorithm replaces the linear transformations in the original algorithm with Chebyshev polynomials, inheriting the security performance of multiple chaotic systems in the original algorithm. Transforming to the real finite field can greatly increase the security of the algorithm. In this case, $f_1(x)$ and $f_2(x)$ are no longer linear transformations, making it very difficult to choose orthogonal linear transformations. Nevertheless, attackers can still decipher this encryption system through points 3 and 4 mentioned above, indicating that the encryption mode mentioned does not have sufficient security yet.

3. An Improved Multi-Chaotic Public Key Cryptographic Algorithm Based on Chebyshev Polynomials (CMPKC-k_i)

3.1. Selection of Coefficient k_i

Before introducing the improved algorithm, we need to clarify the use of the coefficient $k_i$. The detailed selection scheme of $k_i$ is described as follows:

• Alice chooses two large prime numbers $P$ and $Q$, and sets $N=P·Q$. She generates a large integer $d<N$ randomly.
• Calculate $A=T_d(x)(\mathit{mod}N)$, where $(x, A, N)$ are the public key and $d$ is the private key.
• Bob randomly selects $r<N$, calculates $T_r(A)(\mathit{mod}N)$, and selects $k_i$ based on Equation (20).
• Calculate $B=T_r(x)(\mathit{mod}N)$ and send it to Alice.
• Alice calculates $T_d(B)(\mathit{mod}N)$ based on the private key $d$ and selects $k_i$ based on Equation (20).

The selection rule of $k_i$ is as follows:

$$k_i=\left\{\begin{array}{c}{k}_1, 0\le T_r(T_d(x))\mathit{mod}N=T_d(T_r(x))\mathit{mod}N\le {\displaystyle \frac{\delta }{n}} \\ k_2, {\displaystyle \frac{\delta }{n}}\le T_r(T_d(x))\mathit{mod}N=T_d(T_r(x))\mathit{mod}N\le {\displaystyle \frac{2\delta }{n}} \\ ⋮\\ k_i, {\displaystyle \frac{(i-1)\delta }{n}}\le T_r(T_d(x))\mathit{mod}N=T_d(T_r(x))\mathit{mod}N\le {\displaystyle \frac{i\delta }{n}} \\ ⋮\\ k_n, {\displaystyle \frac{(n-1)\delta }{n}}\le T_r(T_d(x))\mathit{mod}N=T_d(T_r(x))\mathit{mod}N\le \delta \end{array}\right..$$

(20)

In Equation (20), $\delta$ is a large number and $n$ is the number of $k_i$. It is easy to see from the semi-group property of Chebyshev that $T_r(T_d(x))\mathit{mod}N=T_d(T_r(x))\mathit{mod}N$.

$(A\mathit{mod}N)(\mathit{mod}P)=A(\mathit{mod}P)$, where $A$ represents the Chebyshev polynomial and $N=P·Q$, $P$ and $Q$ are two large prime numbers.

3.2. Chaotic Hash Function for Generating a $\left\{0, 1\right\}$ Sequence

In the algorithm’s design, we will use a chaotic hash function to generate a $\left\{0, 1\right\}$ sequence. The specific Algorithm 1 is as follows.

Algorithm 1 Chaotic hash function generates a $\left\{0, 1\right\}$ sequence

Input: seed_value, sequence_length, Chaotic parameters $r$ Output: binary sequence 1: ChaoticHash(seed, length): 2:   x: = seed 3:  bit_sequence:= “” 4:  for I from 1 to length do 5:      x: = logistic_map(x) 6:      if x > 0.5 then 7:          bit_sequence:= bit_sequence + ‘1’ 8:      else 9:           bit_sequence: = bit_sequence + ‘0’ 10:       end if 11:   end for 12:   return bit_sequence: 13: Function logistic_map(x): 14:   $r$: = // Chaotic parameters 15:   return r * x * (1 − x)

3.3. Improved Algorithm (CMPKC-ki)

The improved public key encryption system adopts the coefficient selection $k_i$ based on the equality $T_r(T_d(x))\mathit{mod}N=T_d(T_r(x))\mathit{mod}N$, where the size of $k_i$ $(i=1, 2\cdots n)$ is determined, and $T(x)$ is the Chebyshev polynomial. The specific value selection rule of $k_i$ and the size of $n$ are shared secrets among participants. A pseudo-random sequence $\left\{0, 1\right\}$ is generated using chaotic hash functions and logistic mapping. The initial value $x_0$ is iterated $n_A$ and $n_B$ times based on the sequence content to obtain $x_{nA}$ and $x_{nB}$, and then iterated $n_B$ and $n_A$ times again to obtain $x_{nB+nA}$ and $x_{nA+nB}$.

The key exchange process of this improved multi-chaos public key system is illustrated in Figure 8.

The algorithm is described as follows (assuming Alice wants to communicate with Bob):

Let $N$ be a large positive number, and the chaotic system is of m levels.

Step 1. Alice and Bob choose coefficients $k_i$ through public negotiation and calculation and determine the initial value $x_0$ and $\tilde{m}$ selection functions $f_1(x),f_2(x),\cdots ,f_{\tilde{m}}(x)$, where $f_1(x),f_2(x),\cdots ,f_{\tilde{m}}(x)$ are Chebyshev polynomials.

Step 2. Alice randomly selects a key seed $s_A$ and a large number $n_A\in [0, N]$, inputs these parameters into a pseudo-random sequence generator, and outputs a $\left\{0,1\right\}$ sequence $r_A$ of length $n_A$. Select $k_{\alpha },k_{\beta }$ by the selectivity coefficient $k_i$, select functions $f_{k_{\alpha }}$ and $f_{k_{\beta }}$ based on $k_{\alpha }$ and $k_{\beta }$. Iterating $f_{k_{\alpha }}(x_0),f_{k_{\beta }}(x_0)$ over $n_{A1}, { n}_{A2}$ times according to the content of $\left\{0,1\right\}$ in $r_A$ to obtain $x_{nA}$, and pass $x_{nA}$ as the public key to Bob.

$$\begin{gathered} x_i=h(x_{i-1}, k_i) \\ {h}_{\tilde{m}}(x, k)=\left\{\begin{array}{cc}{f}_1(x)(\mathit{mod}N)\hfill & if k=1, \hfill \\ f_2(x)(\mathit{mod}N)& if k=2, \hfill \\ ⋮\hfill \\ f_m(x)(\mathit{mod}N)& if k=\tilde{m}.\hfill \end{array}\right. \end{gathered}$$

(21)

Step 3. Similarly, Bob randomly selects a key seed $s_B$ and a large number $n_B\in [0, N]$, inputs these parameters into a pseudo-random sequence generator, and outputs a $\left\{0,1\right\}$ sequence $r_B$ of length $n_B$. Select $k_{\alpha },k_{\beta }$ by the selectivity coefficient $k_i$, select functions $f_{k_{\alpha }}$ and $f_{k_{\beta }}$ based on $k_{\alpha }$ and $k_{\beta }$. Iterating $f_{k_{\alpha }}(x_0),f_{k_{\beta }}(x_0)$ over $n_{B1}, n_{B2}$ times according to the content of {0, 1} in $r_B$ to obtain $x_{nB}$, and pass $x_{nB}$ as the public key to Alice.

Step 4. Alice iterates $x_{nB}$ over $n_A$ times according to $r_A$ to obtain $x_{nB+nA}$.

Step 5. Bob iterates $x_{nA}$ over $n_B$ times according to $r_B$ to obtain $x_{nA+nB}$.

Since $f_1(x),f_2(x),\cdots ,f_{\tilde{m}}(x)$ are Chebyshev polynomials, it is known from preliminary knowledge that Chebyshev polynomials satisfy the semi-group property on $\left(-\infty ,+\infty \right)$. Therefore, we have $f_{k_{\alpha }}\circ f_{k_{\beta }}=f_{k_{\beta }}\circ f_{k_{\alpha }}(k_{\alpha }, k_{\beta }\in [1, \tilde{m}])$, that is

$$x_{nB+nA}=f_{k_{\alpha }}^{n_{A1}}{f}_{k_{\beta }}^{n_{A2}}(x_{nB})=f_{k_{\alpha }}^{n_{A1}}{f}_{k_{\beta }}^{n_{A2}}{f}_{k_{\alpha }}^{n_{B1}}{f}_{k_{\beta }}^{n_{B2}}(x_0)=f_{k_{\alpha }}^{n_{A1}+n_{B1}}{f}_{k_{\beta }}^{n_{A2}+n_{B2}}(x_0),$$

(22)

where $n_{A1}, n_{A2}, n_{B1}, n_{B2}$ are the numbers of 0s and 1s in $r_A$ and $r_B$, respectively. Similarly, it can be proven that

$$x_{nA+nB}=f_{k_{\alpha }}^{n_{A1}+n_{B1}}{f}_{k_{\beta }}^{n_{A2}+n_{B2}}(x_0),$$

(23)

therefore, we have $x_{nA+nB}=x_{nB+nA}$.

Combined with the process in Figure 8, this improved algorithm can be used for both encryption and decryption, and can be combined with the AES algorithm for further applications.

3.3.1. Improved Algorithm for Encryption and Decryption

Assuming plaintext $m$, the steps are as follows:

• Bob selects private key $s_B$, calculates $x_{nB}$, and passes it to Alice.
  Similarly, Alice selects private key $s_A$, calculates $x_{nA}$, and passes it to Bob.
• Encrypt $c=x_{nA+nB}·m$, then Alice passes $x_{nA}$ and ciphertext c to Bob.

Bob calculates $x_{nB+nA}$ based on his private key $n_B$, and uses it to recover plaintext $m=c/x_{nB+nA}$.

3.3.2. Combination with the AES Algorithm to Obtain the Improved Algorithm

Based on steps 1 to 5 of the improved public key encryption algorithm in Section 3.3, $x_{nA+nB}$ and $x_{nB+nA}$ can be used as the keys for encryption and decryption in the AES algorithm, thus achieving the combination of chaotic public key encryption and AES private key encryption. The specific process is shown in Figure 9.

It is worth noting that after calculating $x_{nA+nB}$ and $x_{nB+nA}$, they cannot be directly applied to the AES algorithm in most cases. This is because, in practical applications, AES keys need to be represented as hexadecimal strings, Base64 encoded strings, or raw byte sequences. Thus, we need to continue to convert the values of $x_{nA+nB}$ and $x_{nB+nA}$ into the corresponding format.

Step 6: Alice and Bob each transcode the exchanged keys $x_{nA+nB}$ and $x_{nB+nA}$ into 32-byte random binary keys using Algorithm 2.

Algorithm 2 Convert a decimal number to a 32-byte random binary key

Input: decimal_number, random_key Output: 32-byte random binary key, Hexadecimal representation 1: Function decimal_to_random_key(decimal_number): 2:    decimal_bytes: = Convert decimal_number to byte array(decimal_number) 3:    hash_object: = Create SHA-256 hash object (decimal_bytes) 4:    hash_result: = Get digest from hash_object 5:   random_key: = First 32 bytes of hash_result 6:   return random_key

Step 7: Alice inputs the plaintext into the AES algorithm for encryption.

Step 8: Bob, upon receiving the ciphertext, uses the key $x_{nB+nA}$ to recover the plaintext using Algorithm 3.

Algorithm 3 Encrypt and decrypt using the AES algorithm.

Input: plaintext, key Output: ciphertext, decrypted_data 1: Function encrypt (plaintext, key): 2:   cipher: = Create AES cipher object with key in CBC mode 3:   iv: = Generate random initialization vector (IV) 4:   padded_plaintext: = Pad plaintext to AES block size 5:   ciphertext: = Encrypt padded_plaintext with cipher using the IV 6:   Return iv, ciphertext 7: Function decrypt(ciphertext, key, iv): 8:   cipher: = Create AES cipher object with key in CBC mode and IV 9:   decrypted_bytes: = Decrypt ciphertext with cipher 10:  decrypted_data: = Unpad decrypted_bytes to AES block size 11:  Return decrypted_data

4. Software Implementation

4.1. Feasibility Analysis

4.1.1. Fast Algorithm for Chebyshev Polynomials

In Section 3, we presented the improved multiple chaotic public key algorithm, which no longer uses the orthogonal linear exchange designed by Bose in [27]. Instead, it is replaced by Chebyshev polynomials and a set of enhancements (e.g., the introduction of the selective coefficient $k_i$, freely selectable Chebyshev polynomials $f_{k_i}(x)$, and the chaotic hash function). Since Chebyshev polynomials also possess the semi-group property, they still meet the requirements of the public key encryption scheme.

As the semi-group property of Chebyshev polynomials holds in the interval $(-\infty ,+\infty )$, decryption computation is feasible. Evaluating the Chebyshev polynomials to reduce the calculation time of $T_n(x)$ is an important challenge. This paper adopts a fast algorithm consistent with the work proposed in [54] to calculate Chebyshev polynomials.

4.1.2. Selection of Parameters

To enhance the readability of this article and facilitate understanding, let the chaotic series $m=2$ in Equation (21) and the modulus $N=\mathrm{167,413,457}$. Pseudo-random $\left\{0,1\right\}$ sequences are generated by the chaotic hash function, detailed in Algorithm 1, where seed_value = 0.123456789, sequence_length = 100, and Chaotic parameters $r=$ 3.8.

4.1.3. Applications of the Selection of Coefficient k_i

The calculation process for selecting coefficient $k_i$ follows the scheme described in Section 3.1. An example is provided below for illustration.

Selection process for $k_i$:

• Alice chooses two large prime numbers $P=\mathrm{10,753}$ and $Q=\mathrm{15,569}$ and sets $N=P·Q=\mathrm{167,413,457}$. She generates a large integer $d=\mathrm{19,973}<N$ at random.
• Alice computes $A=T_d(x)(\mathit{mod}N)=\mathrm{131,403,701}$.
  The public key is $(x, A, N)=(\mathrm{112,233}, \mathrm{131,403,701}, \mathrm{167,413,457})$, and the private key is $d=\mathrm{19,973}$.
• Bob randomly selects an integer $r=\mathrm{13,297}<N$ and computes $T_r(A)(\mathit{mod}N)=T_{13297}(\mathrm{131,403,701})(\mathit{mod} \mathrm{167,413,457})=\mathrm{96,703,620}$. According to Equation (20), he selects the value of $k_i$. For clarity, let us assume $\delta =N=\mathrm{167,413,457}$, $n=7$ and select $k_i=3i+1$ as an arithmetic sequence. Let us calculate coefficient $k_i$ shown in Equation (24) by applying Equation (20), and since $T_r(A)(\mathit{mod}N)=T_r((T_d)(x))(\mathit{mod}N)=\mathrm{96,703,620}$, we choose $k_i=k_5=16$.

  $$k_i=\left\{\begin{array}{c}4, 0\le T_r(T_d(x))\mathit{mod}N\le \mathrm{23,916,208.1} \\ 7, \mathrm{23,916,208.1}\le T_r(T_d(x))\mathit{mod}N\le \mathrm{47,832,416.3} \\ 10, \mathrm{47,832,416.3}\le T_r(T_d(x))\mathit{mod}N\le \mathrm{71,748,624.4} \\ 13, \mathrm{71,748,624.4}\le T_r(T_d(x))\mathit{mod}N\le \mathrm{95,664,832.6} \\ \begin{array}{c} 16, \mathrm{95,664,832.6}\le T_r(T_d(x))\mathit{mod}N\le \mathrm{119,581,040.7} \\ 19, \mathrm{119,581,040.7}\le T_r(T_d(x))\mathit{mod}N\le \mathrm{143,497,248.9}\end{array}\\ 22, \mathrm{143,497,248.9}\le T_r(T_d(x))\mathit{mod}N\le \mathrm{167,413,457.0}\end{array}\right..$$

  (24)
• Calculate $B=T_r(x)(\mathit{mod}N)=\mathrm{38,698,867}$ and send it to Alice.
• Alice computes $T_d(B)(\mathit{mod}N)=T_r((T_d)(x))(\mathit{mod}N)=\mathrm{96,703,620}$ based on the private key $d=\mathrm{19,973}$. Similarly, according to Equation (20) and the assumptions made in Section 3.1, $k_i$ can still be selected as $k_5=16$.

Through the above process, Alice and Bob can select the same value of $k_i$ while preserving their private key, which will support the subsequent improvement of the Chebyshev polynomial multi-chaos public key algorithm.

Assume that, in the case of $N=\mathrm{167,413,457}$, $x_0=\mathrm{112,233} \mathrm{a}\mathrm{n}\mathrm{d} n=7$, the value of the coefficient $k_i$ is randomly selected through arbitrary transformations of $r$ and $d$. Here, the generation method of two large prime numbers in the Rivest–Shamir–Adleman algorithm can be used to select $r$ and $d$. This not only ensures strong randomness but also avoids unpredictable troubles caused by arbitrary value selection.

Table 2. Values of coefficient $k_i$ under arbitrary transformations of $r$ and $s$.

Group	$\mathit{r}$	$\mathit{d}$	${\mathit{k}}_{\mathit{i}}$
1	13,297	19,973	$k_5=$ 16
2	25,127	26,777	$k_3=$ 10
3	46,261	47,059	$k_3=$ 10
4	8761	8353	$k_4=$ 13
5	3319	8369	$k_1=$ 4

presents five sets of experimental results under arbitrary transformations of $r$ and $d$.

From the values in Table 2, it is easy to see that when $n=7$, the choice of $k_i$ already exhibits preliminary randomness. In practical applications, as long as $k_n<N$, theoretically, the value of $N$ can be arbitrarily large and the values of $k_n$ and $n$ can also be arbitrarily large. This means that the choice of coefficient $k_i$ has strong randomness in practical applications.

4.2. An Example

PYTHON is a popular and powerful programming language that can be used for mathematical calculation and analysis. In our software implementation, we used algorithm libraries under the Windows environment. Below, we provide a specific example to verify the effectiveness of the proposed algorithm.

Step 1. Alice and Bob publicly negotiate and determine the initial values $x_0=\mathrm{112,233}$ and $N=\mathrm{167,413,457}$. They select two functions $f_{k_{\alpha }}(x),f_{k_{\beta }}(x)$ in Equation (25), where the selection rule for $k_i$ is as described in Section 4.1.3.

$$h(x, k)=\left\{\begin{array}{ll}{f}_1(\mathrm{112,233})(\mathit{mod} \mathrm{167,413,475})& if k=1, \\ f_2(\mathrm{112,233})(\mathit{mod} \mathrm{167,413,475})& if k=2,\\ ⋮& \\ f_{\tilde{m}}(\mathrm{112,233})(\mathit{mod} \mathrm{167,413,475})& if k=\tilde{m}.\end{array},\right.$$

(25)

where $f_1(x_0),f_2(x_0),\cdots ,f_{\tilde{m}}(x_0)$ are Chebyshev polynomials and are calculated using the fast algorithm described in Section 4.1.1.

Step 2. Alice randomly selects a key seed $s_A=0.123456$ and a large number $n_A=1000\in [0, N]$. She inputs these parameters into a pseudo-random sequence generator (as described in Section 4.1.2) and obtains a sequence $r_A$ of length $n_A=1000$. The output of this example is as follows:

$$r_A=[0101111101101011\cdots 101111].$$

According to Table 2, we select $k_{\alpha }=k_5=16,k_{\beta }=k_3=10$ and the functions $f_{k_{\alpha }}=f_{16}$ and $f_{k_{\beta }}=f_{10}$ based on $k_{\alpha }$ and $k_{\beta }$. Then, calculate the number of 0s and 1s in the sequence $r_A$, denoted as $n_{A1}=267$ and $n_{A2}=733$, respectively.

Next, we compute $f_{k_{\alpha }}(x_0)(\mathit{mod}N)=f_{16}(\mathrm{112,233})(\mathit{mod} \mathrm{167,413,475})=\mathrm{21,588,224}$ and $f_{k_{\beta }}(x_0)(\mathit{mod}N)=f_{10}(\mathrm{112,233})(\mathit{mod} \mathrm{167,413,475})=\mathrm{53,130,926}$ and iterate these calculations, respectively, $n_{A1}=267$ and $n_{A2}=733$ times to obtain $x_{nA}=f_{k_{\alpha }}^{n_{A1}}{f}_{k_{\beta }}^{n_{\mathrm{A}2}}\left(x_0\right)=f_{16}^{267}{f}_{10}^{733}\left(\mathrm{112,233}\right)=\mathrm{123,490,595}$. Finally, $x_{nA}$ is transmitted as the public key to Bob.

Step 3. Similarly, Bob randomly selects a key seed $s_B=0.56789$ and a large number $n_B=1200\in [0, N]$, and inputs these parameters into a pseudo-random sequence generator (as in Section 4.1.2). This generates a sequence of length $n_B=1200$ consisting of $\left\{0,1\right\}$, denoted as $r_B$, and the results are as follows:

$$r_B=[1011010101111011\cdots 011111].$$

According to Section 4.1.3, Bob calculates $k_{\alpha }=k_5=16,k_{\beta }=k_3=10$ based on Alice’s public key. Similarly, Bob selects the functions $f_{k_{\alpha }}=f_{16}$ and $f_{k_{\beta }}=f_{10}$ based on $k_{\alpha }$ and $k_{\beta }$.

Bob counts the number of 0s and 1s in $r_B$, which are $n_{B1}=340$ and $n_{B2}=860$, respectively. By applying the functions $f_{k_{\alpha }}(x_0)(\mathit{mod}N)=\mathrm{21,588,224}$ and $f_{k_{\beta }}(x_0)(\mathit{mod}N)=\mathrm{53,130,926}$, Bob iterates these calculations $n_{B1}=340$ and $n_{B2}=860$ times. This results in $x_{nB}=f_{k_{\alpha }}^{n_{\mathrm{B}1}}{f}_{k_{\beta }}^{n_{\mathrm{B}2}}\left(x_0\right)=f_{16}^{340}{f}_{10}^{860}\left(\mathrm{112,233}\right)=\mathrm{16,931,337}$, with $x_{nB}$ then transmitted as the public key to Alice.

Step 4. Alice iterates $x_{nB}$ over $n_A$ times based on $r_A$ to obtain $x_{nB+nA}$. According to Equation (14), we have:

$$x_{nB+nA}=f_{k_{\alpha }}^{n_{A1}}{f}_{k_{\beta }}^{n_{A2}}(x_{nB})=f_{16}^{267}{f}_{10}^{733}(\mathrm{16,931,337})=\mathrm{63,457,287}.$$

Step 5. Similarly, Bob iterates $x_{nA}$ over $n_B$ times based on $r_B$ to obtain $x_{nA+nB}$. At this point:

$$x_{nA+nB}=f_{k_{\alpha }}^{n_{B1}}{f}_{k_{\beta }}^{n_{B2}}(x_{nA})=f_{16}^{340}{f}_{10}^{860}(\mathrm{123,490,595})=\mathrm{63,457,287}.$$

4.2.1. Applying the Improved Algorithm Directly to Encryption and Decryption

Assuming the plaintext $m=\mathrm{12,345}$, the steps are as follows:

• Bob selects the key seed $s_B$ to calculate $n_{B1}=340$ and $n_{B2}=860$, thus obtaining $x_{nB}=\mathrm{16,931,337}$, and passes $x_{nB}$ to Alice;
  Similarly, Alice selects the key seed $s_A$ to calculate $n_{A1}=267$ and $n_{A2}=733$, thus obtaining $x_{nA}=\mathrm{123,490,595}$, and passes $x_{nA}$ to Bob;
• Encryption: $c=x_{nA+nB}·m=\mathrm{63,457,287}\times \mathrm{12,345}=\mathrm{783,380,208,015}$. Then, Alice passes $x_{nA}$ and the ciphertext $c$ to Bob;
• Decrypt: Bob calculates $n_{B1}=340$ and $n_{B2}=860$ based on his private key $s_B$, and computes $x_{nB+nA}=\mathrm{63,457,287}$. Using this value, he recovers the plaintext $m$ as $m=c/x_{nB+nA}=\mathrm{783,380,208,015}/\mathrm{63,457,287}=\mathrm{12,345}$.

4.2.2. Combining the Improved Algorithm with the AES Algorithm

In the improved public key encryption algorithm, we have calculated $x_{nA+nB}=x_{nB+nA}=\mathrm{63,457,287}$ and provided an example of its direct use for encryption. Now, we will combine the improved algorithm with AES and continue with step 5 of the improved algorithm.

Step 6. Alice and Bob each transcode the exchanged keys $x_{nA+nB}$ and $x_{nB+nA}$ into 32-byte random binary keys using Algorithm 2. The transcoding results are shown in

Table 3. Converting decimal numbers to 32-byte random binary keys.

Type	Initial Parameters and Execution Results
Input	decimal number = 63.457.287 random key = decimal_to_random_key (decimal_number)
Output	32-byte binary key: ‘ , \xa6ZE\xa9] \x83\xa5\xfd\x9c\xe2nZ\xe9\r\xe26\xb9\xe6[t \xf8g\xd1q\xd6h\xda\xOf\xd1\xfcj’ 0x (for hexadecimal representations): 2ca65a45a95d83a5fd9ce26e5ae90de236b9e67b74f867d171d668da0fd1fc6a

.

The transcoded result of $x_{nA+nB}=x_{nB+nA}=\mathrm{63,457,287}$ is as follows:

“,\xa6ZE\xa9]\x83\xa5\xfd\x9c\xe2nZ\xe9\r\xe26\xb9\xe6{t\xf8g\xd1q\xd6h\xda\x0f\xd1\xfcj”

Step 7. Assuming the plaintext is “hello world”,

Alice inputs the plaintext into the AES algorithm for encryption, resulting in the following ciphertext:

“B\x88\x0e\xd0|\xc6\xd9\xbb\x19R\xf6m\x04xD\xda”

Step 8. Bob, upon receiving the ciphertext, uses the key $x_{nB+nA}$ to recover the plaintext “hello world”.

The combined result of transcoding the keys $x_{nA+nB}$ and $x_{nB+nA}$ and applying the AES encryption algorithm is shown in

Table 4. Combined test results of transcoded key $x_{nA+nB}$ with AES encryption algorithm.

Type	Initial Parameters and Execution Results
Input	key: = “ , \xa6ZE\xa9]\x83\xa5\xfd\x9c\xe2nZ\xe9\r\xe26 \xb9\xe6{t\xf8g\xd1q\xd6h\xda\x0f\xd1\xfcj” plaintext: = “hello world”
Encrypt	iv, ciphertext: = Encrypt (plaintext, key)
Decrypt	decrypted_data: = Decrypt (ciphertext, key, iv)
Output	The data after encryption: ‘B\x88\x0e\xd0|\xc6\xd9\xbb\x19R\xf6m\x04xD\xda’ The data after decryption: ‘hello world’

.

5. Implementation Results and Analysis

This paper uses a Xiaomi laptop produced by Tianmi Technology Co., Ltd. in Beijing, China, for verification and analysis. The processor is an 11th generation Intel® Core™ i5-11320H @ 3.20 GHz, with 16.0 GB RAM (15.8 GB available) (Intel Corporation, Santa Clara, CA, USA), and the operating system is Windows 10, 64-bit. The implementation and analysis are carried out on this hardware and software system. The next two sections focus on the performance and security evaluation of CMPKC-Ki compared to RMPKC and its variants.

5.1. Performance Analysis

5.1.1. Key Generation

To maintain consistency in the comparison, we unified the value of the multi-chaos level $m$ of the algorithm as 2, and used the same principles for selecting parameters $N$ and $x$ as the CEPKC algorithm in Section 2.2. We generated and analyzed initial random primes for each of the three cases. Each test was performed for different bit sizes of the initial primes within the range of 128, 256, 512, 1024, and 2048.

Table 5. Analysis and comparison of the CMPKC-$k_i$ model with the CEPKC and CMPKC models.

Model	The Length of Module N (in bits)	Key Generation Time (in ms)	Encryption Time (in ms)	Decryption Time (in ms)
CEPKC	128	48.54	1.48	1.37
	256	99.02	3.57	3.53
	512	190.14	10.93	10.57
	1024	1182.36	42.85	41.13
	2048	10,396.48	281.16	270.61
CMPKC	128	68.54	1.62	1.36
	256	134.02	3.93	3.89
	512	224.14	12.02	11.92
	1024	1482.36	47.14	45.24
	2048	12,696.48	318.22	297.67
CMPKC- $k_i$	128	62.31	1.46	1.44
	256	121.89	3.52	3.43
	512	203.76	10.96	10.46
	1024	1347.6	43.61	42.13
	2048	11,542.25	290.33	287.29

shows the comparison analysis of CMPKC-$k_i$ with CEPKC and CMPKC. Figure 10 shows the comparison of key generation times under different key sizes. It is easy to see that the key generation time of the standard CEPKC algorithm is the lowest, while the CMPKC-$k_i$ algorithm falls in the middle, and the key generation time of CMPKC is the highest. Through analysis, our proposed CMPKC-$k_i$ algorithm adds a selective coefficient $k_i$, which increases an initial parameter compared to CEPKC and CMPKC, thus resulting in a longer key generation time. However, due to adjustments made in the multiple chaotic selection and pseudo-random sequence generation stages, the time cost of key generation is lower compared to the CMPKC algorithm. Although there is an increase in key generation time cost relative to the CEPKC scheme, the added security is significant, so we consider the limited increase in time to be tolerable.

5.1.2. Encryption and Decryption

From the encryption and decryption time trends shown in Figure 11 and Figure 12, the standard CEPKC has the lowest execution time for encryption and decryption, especially after 1024 bits, making it the best in terms of encryption and decryption time. Since the CMPKC-$k_i$ scheme involves additional computational steps for coefficient selection during the encryption and decryption phases, increasing the overall complexity of the algorithm, attackers are unable to guess the private key or plaintext by multiplying the public key and prime numbers. Furthermore, until the typical size of 1024 bits, our proposed CMPKC-$k_i$ scheme performs comparably to CEPKC in terms of encryption and decryption times. For higher bit sizes, CMPKC-$k_i$ demonstrates better efficiency in both encryption and decryption processes compared to CMPKC, slightly lagging behind the standard CEPKC scheme. However, it is worth noting that our proposed encryption scheme is generally applied in lightweight encryption environments, with the recommended modulus $N$ size being 1024 bits. Therefore, our CMPKC-$k_i$ scheme stands out as efficient and high-performing among all the discussed algorithms. In an overall performance evaluation, among the three algorithms discussed, the CMPKC-$k_i$ algorithm proves to be the most efficient and effective, positioning it as the best algorithm after the standard CEPKC, while CMPKC emerges as the least efficient variant. The reasonable increase in key generation time in CMPKC-$k_i$, compared to standard CEPKC, is justified as the introduction of $k_i$ adds complexity, making the CMPKC-$k_i$ system more time-consuming to break and enhancing overall security.

5.2. Security Analysis

Since we use Chebyshev polynomials based on finite fields, with the domain and range extended to $Z_N$, it effectively avoids the breaking method mentioned in Section 2.2 that utilizes inverse trigonometric functions. In this paper, the selection coefficient $k_i$ is chosen based on the value of $T_{ed}(x)(\mathit{mod}N)$, which can only be obtained through calculations by the communicating parties. It is impossible for any third party to know $T_{ed}(x)(\mathit{mod}N)$, thus ensuring the security of the selection of $k_i$.

In the calculation process, the computational complexity of $k_i$ is equivalent to that of the ElGamal public key cryptosystem and does not add an additional computational load. However, it is computationally infeasible to determine $d$ from $(x, T_d(x)(\mathit{mod}N))$. However, the resonant characteristics of Chebyshev polynomial points in finite fields still exist. That is, given the public key $(x, T_d(x))$, by calculating $x_i=T_i(x)$ and $y_i=T_d(x_i)=T_d(T_i(x))$, enough points $(x_i, y_i)$ can be obtained on the Chebyshev polynomial curve, allowing for curve fitting to derive the key $d$. The autocorrelation function of $T_d(x)$ exhibits binary characteristics, and the normalized autocorrelation function $R_d(\eta )$ for $T_d(x)$ is given by:

$$R_d(\eta )={\displaystyle \frac{{\sum }_{x=0}^{N-1}(T_d(x)\mathit{mod}N)(T_d(x+\eta )\mathit{mod}N)}{{\sum }_{x=0}^{N-1}(T_s(x)\mathit{mod}N{)}^2}}.$$

(26)

In the formula, when $N$ is sufficiently large, it can be shown that:

$$R_d(\eta )=\left\{\begin{array}{c}1, \eta =0,\\ \epsilon , \eta \ne 0.\end{array}\right.$$

(27)

where $\epsilon$ is a constant, such that $0<\epsilon <1$. In other words, when $N$ is sufficiently large, $R_d(\eta )$ exhibits binary characteristics. In practical public key encryption systems, the field values are extremely large. Therefore, it can be assumed that the points on the $T_d(x)$ curve are difficult to predict and count during the effective lifespan of the key. Even if an attacker gains access to many points on the curve, they cannot fit the curve and deduce the private key $d$ within the limited lifespan of the key.

Furthermore, considering the range of values for $k_i$, as long as the maximum value of $k_i$, $k_n<N$, and given that $N$ can be theoretically arbitrarily large, the values of $k_n$ and $n$ can also be arbitrarily large. This means that in practical applications, the selection of the coefficient $k_i$ is highly random, further ensuring the security of the algorithm.

In Section 2.5, we have observed four shortcomings of previous algorithms. By replacing the corresponding linear transformations with finite field Chebyshev polynomials, we can overcome shortcomings 1 and 2. For shortcoming 3, we use chaotic hash functions and logistic mappings to generate pseudorandom sequences. By analyzing the properties of multi-chaos systems, we hypothesized that attackers can calculate $x_{i, i_1, \cdots ,i_{\tilde{m}}}=f_1^{i+i_0}{f}_2^{i+i_1}\cdots f_{\tilde{m}}^{i+i_{\tilde{m}-1}}(x_0)$, where $i\in \left\{1, 2, \cdots ,⌊n_A/\tilde{m}⌋\right\}$ and $i_k\in \left\{0, 1\right\}(k=1, 2, \cdots ,⌈\sqrt{N}⌉)$. However, in our proposed new algorithm, $f_1(x),f_2(x),\cdots ,f_n(x)$ have been replaced with $f_{k_{\alpha }}(x),f_{k_{\beta }}(x),\cdots ,f_{k_n}(x)$, where $k_{\alpha }, k_{\beta }, \cdots ,k_n\in k_i$, with sufficiently large ranges and good randomness. This makes it impossible for attackers to effectively attack the algorithm based on the assumptions.

Regarding shortcoming 4, the performance test of the algorithm shows that the improved algorithm has stronger resistance to brute force attacks compared to previous algorithms.

Table 6. Brute force attack time comparison in milliseconds.

Prime Length (in bits)	CEPKC (in ms)	BMPKC (in ms)	CMPKC (in ms)	CMPKC-${\mathit{k}}_{\mathit{i}}$ (in ms)
4	12.42	5.27	20.66	25.16
5	40.84	16.16	260.85	335.96
6	263.38	129.09	3288.19	4438.59
7	1286.35	653.69	49,154.35	65,516.34

represents the comparison of brute force attack times from 4-bit prime numbers to 7-bit prime numbers. When attacking prime numbers of 7 bits or more, the execution result requires a long time, and the time trend of brute force attacks is already clear within 7 bits, so we will analyze it within 7 bits. Figure 13 also shows the advantage of the results through a line chart. To compare the results more easily, a logarithmic scale with a base of 10 is used for the vertical axis when plotting.

From the corresponding Table 6 and Figure 13, for all prime number lengths, CEPKC takes the least amount of time to brute force decrypt its private key components, and BMPKC also shows results close to CEPKC. This means that standard CEPKC and BMPKC have similar complexity and security, and therefore, they have the lowest security among all discussed algorithms. Compared with the other three algorithms, our proposed CMPKC-$k_i$ algorithm shows a significantly longer decryption time on all prime number bits. Therefore, relative to other algorithms, the proposed CMPKC-$k_i$ algorithm has the longest brute force attack time and, therefore, the highest security. CMPKC has the second-longest attack time, only slightly shorter than CMPKC-$k_i$.

6. Conclusions and Future Work

Due to the similar characteristics between chaotic systems and cryptography, chaos-based public key encryption is currently a hot topic. This paper improves the performance and security of the Bose Multi-Chaotic Public Key Cryptographic Algorithm (BMPKC) from the aspects of efficiency and reliability. The proposed algorithm is named CMPKC-$k_i$, which overcomes the shortcomings of previous algorithms by using selective coefficient $k_i$, chaotic hash functions, and logistic mapping to generate pseudo-random sequences. CMPKC-$k_i$ provides better security because it leads to more complex algorithms and the process of public key generation is sent in parallel, making it difficult for attackers to obtain much information about the key or decrypt the message. Compared to the standard CEPKC and BMPKC, CMPKC-$k_i$ takes longer to break private keys. Meanwhile, we also explore the combination of the improved chaotic public key encryption system with the AES encryption method, which provides more possibilities for practical applications of the system.

In summary, this solution has the characteristics of strong practicality and high security, making contributions to the field of information encryption. We believe that its advantage lies in the fact that even if attackers guess the chaotic sequence $m$ within the same period, they still need to obtain the specific $k_i$ from the selective coefficient and break the chaotic hash function, which is almost impossible within the limited time. Therefore, the security of the algorithm is greatly improved. Although the overall design of this solution is satisfactory, it requires more time for key generation due to parallel computation and the occurrence of selective coefficients through several generation stages. In the case of large prime numbers, the efficiency of the algorithm will decrease, so the selective coefficient cannot be too large or it will have a negative impact on the required time for the algorithm, as seen in Figure 10, which can be considered as a drawback and an issue that needs continuous improvement. In conclusion, after performance and security analysis, the proposed CMPKC-$k_i$ algorithm demonstrates superior results with improved security.

As future research work, we plan to compare the proposed public key encryption system with other common advanced public key encryption schemes in different application scenarios for performance analysis and conduct a more detailed assessment of security aspects. The algorithm will also be extended to parallel machines so that multiple related operations can be parallelly computed on multi-core processors. Compared to similar public key encryption systems, this will result in lower computational costs and wider acceptability in IoT devices. Additionally, we can explore the potential of combining other chaotic mappings, fractals, and traditional encryption methods (such as AES, DES, and Blowfish) to achieve higher efficiency and security in the field of encryption. Interested researchers can implement this algorithm on hardware platforms such as field-programmable gate arrays (FPGAs) and application-specific integrated circuits (ASICs) to optimize its performance for practical applications. In conclusion, this research brings possibilities for continual exploration and advancement in the digital security field.