One-Time Pad as a nonlinear dynamical system

Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

Contents lists available at SciVerse ScienceDirect

Commun Nonlinear Sci Numer Simulat journal homepage: www.elsevier.com/locate/cnsns

Short communication

One-Time Pad as a nonlinear dynamical system Nithin Nagaraj Department of Electronics and Communication Engineering, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Amritapuri Campus, Kerala 690 525, India

a r t i c l e

i n f o

Article history: Received 12 October 2011 Received in revised form 30 January 2012 Accepted 18 March 2012 Available online 4 April 2012 Keywords: One-Time Pad Perfect secrecy Binary map Bernoulli shift Arithmetic coding Generalized Luröth Series

a b s t r a c t The One-Time Pad (OTP) is the only known unbreakable cipher, proved mathematically by Shannon in 1949. In spite of several practical drawbacks of using the OTP, it continues to be used in quantum cryptography, DNA cryptography and even in classical cryptography when the highest form of security is desired (other popular algorithms like RSA, ECC, AES are not even proven to be computationally secure). In this work, we prove that the OTP encryption and decryption is equivalent to finding the initial condition on a pair of binary maps (Bernoulli shift). The binary map belongs to a family of 1D nonlinear chaotic and ergodic dynamical systems known as Generalized Luröth Series (GLS). Having established these interesting connections, we construct other perfect secrecy systems on the GLS that are equivalent to the One-Time Pad, generalizing for larger alphabets. We further show that OTP encryption is related to Randomized Arithmetic Coding – a scheme for joint compression and encryption. Ó 2012 Elsevier B.V. All rights reserved.

1. Introduction Cryptography – the art and science of keeping secrets, has always been fascinated by the notion of an ‘‘Unbreakable’’ cipher. For sometime, the Vigenère cipher [1], a poly-alphabetic substitution cipher (where a single letter of the message gets substituted to different symbols based on a secret key of certain length) invented in 1568 AD by the Frenchman B. de Vigenère was thought to be unbreakable. However, this was eventually broken by Charles Babbage in 1854. The search for an unbreakable cipher remained the ‘‘Holy Grail’’ of cryptography until 1949, when for the first time, a mathematically sound definition of perfect secrecy was provided by Shannon [2]. He used concepts from information theory, which he had invented the year before [3], to build a systematic mathematical theory of secrecy systems. In the same paper, he showed that the One-Time Pad (a type of Vernam cipher [1]), invented way back in 1917, is indeed mathematically unbreakable. The One-Time Pad or OTP for short is one of the simplest encryption algorithms. For binary messages, OTP encryption is achieved by an exclusive-OR operation (XOR) between every bit of the message with the corresponding bit of the private key (pad). The transport of this private key/pad is typically done by a trusted courier. For OTP to be unbreakable, the private key needs to be as long as the message (not quite as shown recently in [4]), perfectly random and can be used only once (hence the name ‘‘One-Time’’ Pad). In spite of these practical drawbacks of the OTP, it continues to be used in quantum cryptography [5], DNA cryptography [6] and even in classical cryptography, when the highest form of security is desired. Until recently, the hot-line between Washington DC and Moscow for very high level communications was secured by OTP encryption [1,7]. Popular encryption techniques like RSA (the first public-key cryptosystem), ECC (Elliptic Curve Cryptosystem), DES (Data Encryption Standard) and AES (Advanced Encryption Standard) which are widely used today, are not even proven to be computationally secure (security is provided by the difficulty of breaking unproven hard problems by a computationally bounded adversary). OTP forms the basis of all modern stream ciphers. E-mail address: [email protected] URL: http://www.amrita.ac.in/nithin 1007-5704/$ - see front matter Ó 2012 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.cnsns.2012.03.020

4030

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

In this paper we show interesting connections between OTP and chaotic dynamical systems. In particular, we show that OTP encryption and decryption is equivalent to finding the initial condition on a pair of binary maps (or Bernoulli shift). The binary map belongs to a family of 1D nonlinear chaotic and ergodic dynamical systems known as Generalized Luröth Series (GLS). In a recent work [8], we have used GLS for lossless compression of independent and identically distributed (i.i.d) sequences. Having established these interesting connections, we construct other perfect secrecy systems on the GLS that are equivalent to OTP, generalizing for larger alphabets. The paper is organized as follows. In the next section, we introduce OTP and the binary map along with its skewed cousins. In Section 3, we establish the central result of this paper – OTP encryption is equivalent to finding initial condition on a pair of binary maps. We then construct new perfect secrecy systems using GLS in Section 4. Randomized Arithmetic Coding, a technique for providing joint compression and encryption is shown to be a generalization of OTP in Section 5. This is followed by discussion and conclusion in Section 6. 2. One-Time Pad: the unbreakable cipher The electrical One-Time Pad was invented by Gilbert Vernam in 1917 for telegraph encryption [9]. It was known as the Vernam cipher and encryption was performed by combining each character in the message with a character on a paper tape key by means of an XOR operation. In the 1920s, the Vernam cipher was converted into a paper pad system. J. Mauborgne of the U.S. Army is credited with the development of the OTP in the modern form [1]. He observed that the use of a random, non-repeating private-key (pad) vastly improved the security of Vernam cipher. The OTP was extensively used by Russian agents operating in foreign countries. Rudolph Abel, a high ranking Russian agent captured in the United States in 1957 had in his possession a booklet the size of a postage stamp containing a One-Time Pad [1]. The OTP encryption and decryption are defined as follows. A binary message M ¼ m1 m2 . . . mL is operated on by a binary private key string (the pad) K ¼ k1 k2 . . . kL , of the same length L to produce a cipher text string C ¼ c1 c2 . . . cL where

ci ¼ mi  ki ;

1 6 i 6 L:

ð1Þ

Here,  stands for XOR operation (bitwise addition modulo 2). The key string K is composed of bits which are independently and randomly chosen. The key K is used only once and never used again. 2.1. Perfect secrecy Although it was empirically observed that a non-repeating random private-key used only once for encryption vastly increases the security of the OTP, it was only in 1949 that the mathematical basis for this fact was provided by Shannon [2]. The notion of perfect secrecy (also known by the names Shannon security, mathematically unbreakable and unconditionally secure) defined by Shannon can be understood in the following way. If a passive cryptanalyst has only the cipher text C ¼ c1 c2 . . . cL which is the result of OTP encryption (Eq. 1), the cryptanalyst can do no better than guess at the plaintext/message being any binary string of length L. In other words, for the cryptanalyst, every binary string of length L is equally likely to be the plaintext. This is the strongest notion of security since it is independent of statistical distribution of the plaintext and also computational resources (thus quantum computing or any other future developments in computing can never be a threat to this form of security). The uncertainty of the plaintext for the passive cryptanalyst does not reduce with the interception of the ciphertext. This means that no information is leaked by the ciphertext whatsoever. This is a strong contrast to all other encryption algorithms, where some amount of information is unavoidably leaked by the ciphertext. Shannon’s result implies that OTP offers the best possible mathematical security of any encryption scheme. It remains as the only known perfectly secure or provably, absolutely unbreakable cipher till date. There have been many cryptographic algorithms in the last sixty years, both private-key and public-key algorithms [1], but none can offer perfect secrecy. In fact, popular algorithms such as RSA, ECC, DES and AES are not even proven to be computationally secure, but only believed to be hard to break, based on failure of existing attempts. With rapid developments in quantum computing, belief in these algorithms may be under serious threat whereas the OTP shall forever remain immune to any future developments in computing. 2.2. The binary map and its skewed cousins The binary map [10] shown in Fig. 1(a) is a map T : ½0; 1Þ ! ½0; 1Þ given by:

x # 2x;

06x<

# 2x  1;

1 ; 2

1 6 x < 1: 2

It is well known that the binary map is a nonlinear chaotic dynamical system, which preserves the lebesgue measure [11]. Furthermore, every initial condition in [0, 1) has a unique symbolic sequence and every finite length (>0) symbolic sequence corresponds to a subset of [0, 1) of non-zero measure. Since the binary map has the maximum topological entropy for two symbols (=ln(2)), all possible arrangements of 0 and 1 can occur in its space of symbolic sequences.

4031

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

0.5

p

‘0’

‘1’

‘0’

(a)

‘1’

(b)

Fig. 1. (a) Binary map. (b) Skew-binary map. Both these are examples of Generalized Luröth Series (GLS). Arithmetic coding, a popular lossless data compression algorithm can be seen as finding the initial condition on the skew-binary map with the appropriate skew p (equal to the probability of the symbol ‘0’).

‘0’

‘1’

‘1’

‘0’

‘0’

‘1’

‘1’

‘0’

‘0’

‘1’

‘1’

‘0’

‘0’

‘1’

‘1’

‘0’

Fig. 2. Different modes of the skew-binary map (GLS with two alphabets). Maps in bottom row are duals of those in first row.

The symbol ‘0’ corresponds to the interval [0, 0.5) and the symbol ‘1’ corresponds to the interval [0.5, 1). The binary map belongs to a larger class of dynamical systems known as Generalized Luröth Series (GLS) [11]. GLS is studied for its number theoretical properties. The skew-binary map is a type of GLS which is a generalization of the binary map and is shown in Fig. 1(b). Here the symbols ‘0’ and ‘1’ correspond to the intervals ½0; pÞ and ½p; 1Þ respectively (0 < p < 1, a value of p ¼ 0:5 corresponds to the binary map). 2.3. Modes of skew-binary map There are 8 different modes of the skew-binary map as shown in Fig. 2. These are obtained by a combination of swapping the two intervals corresponding to ‘0’ and ‘1’, and changing the sign of the slope of the map in the two intervals. We shall call a map with two alphabets a dual of another if the two intervals along with their symbols are swapped. The GLS can be readily extended to larger alphabets. 3. OTP and the binary map In this section, we prove the central result of this paper. To this end, we treat the plaintext (binary message) as a symbolic sequence M and the random private key K is treated as a switching sequence. This determines when to switch between the binary map and its dual. We prove the following theorem. Theorem. OTP encryption is equivalent to finding the initial condition for the symbolic sequence M under switching based on key K on the binary map and its dual (refer to Fig. 4). Proof. We shall prove that finding the initial condition corresponding to the symbolic sequence M on the binary map and its dual (as determined by the switching sequence K) is equivalent to an XOR operation between the message M and key K. Since XOR operation is equivalent to OTP encryption, we would thus have a proof of the theorem. In order to determine the initial condition, we first begin with the interval [0, 1) since the initial condition can lie anywhere in this interval. Each bit of the switching sequence K determines the map – if the bit is ‘0’ we take the binary map and for a bit ‘1’, we take its dual. Each bit of the symbolic sequence M reduces the uncertainty of the initial condition and

4032

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

Fig. 3. Pre-image of [0, 1) on the binary map and its dual under various instances. The interval on the x-axis marked in bold is the set of initial conditions with M as the symbolic sequence. In other words, all initial conditions in the marked interval have their symbolic sequences beginning with M. Key K determines whether we are using the binary map (if K ¼ 0) or its dual (if K ¼ 1) to estimate the set of initial conditions for the symbolic sequence M. Symbols ‘A’ and ‘B’ can be assumed to be ‘0’ and ‘1’ respectively.

shrinks the interval in which it is going to lie. Once all the bits of the symbolic sequence M are exhausted, we end up with a final estimate of the interval and any real number in that interval, expressed in binary, is the initial condition corresponding to M. Now, let us consider all possibilities for one bit of key K and one bit of message M. Fig. 3 shows all the possibilities and also the pre-image of [0, 1) given the value of M and K. For example, the pre-image of [0, 1) corresponding to M ¼ 0 on the binary map ðK ¼ 0Þ is [0, 0.5). The initial condition is going to lie in this interval irrespective of future bits (this is because the map is continuous in each of the intervals). This implies that the first bit of the initial condition is going to be 0 in this case (all real numbers in the range [0, 0.5) start with a 0 in its binary expansion). Hence, the ciphertext in this instance will be C ¼ 0. The ciphertexts for all cases are tabulated in Table 1. It can be seen that this is exactly equivalent to the XOR operation between K and M. Subsequent bits would follow the same logic (one can imagine that the first bit of the initial condition has been flushed as output and the interval has been rescaled to [0, 1) to begin the process all over again with the second bit of the symbolic sequence M and the second bit of the switching sequence K). Thus we have proved the theorem. h 3.1. An example As an example, consider the binary message M ¼ 1101 and the OTP K ¼ 0110. We begin with the interval [0, 1). The initial condition corresponding to the message (symbolic sequence) will lie in this interval. The first bit of the key K is 0 which

K=0

‘0’

‘1’

K=1

‘1’

‘0’

Fig. 4. OTP encryption is equivalent to determination of initial condition under switching on the binary map and its dual where M is symbolic sequence and K is switching sequence.

Table 1 Finding the initial condition corresponding to M on the two maps with a switching sequence K is exactly equivalent to XOR between K and M. K

M

First bit of initial condition

0 0 1 1

0 1 0 1

0 1 1 0

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

4033

Fig. 5. An example: finding the initial condition for the message M ¼ 1101 for the OTP K ¼ 0110. All real numbers in the final interval begin with 1011 in their binary expansion (or symbolic sequence). This is the cipher text C.

means that we use the binary map. On the binary map, since the message M begins with 1, the interval can be narrowed down from [0, 1) to [0.5, 1). Another way to see this is by observing that on the binary map, the interval [0.5, 1) consists of all real numbers whose binary expansion (or symbolic sequence) begins with bit 1. Now for the next bit of the message M which is 1, we have the second bit of the key K which is a 1. This implies that we use the dual binary map for narrowing down the interval from [0.5, 1) to [0.5, 0.75). For the third bit, the interval narrows down to [0.625, 0.75). And finally for the last bit, the interval is [0.6875, 0.75). Thus the initial condition for M ¼ 1101 corresponds to any real number in the interior of the interval [0.6875, 0.75). If we choose the mid-point of this interval 0.71875 as the initial condition, it corresponds to C ¼ 1011 which is also the XOR of M ¼ 1101 and the OTP K ¼ 0110. Fig. 5 illustrates this example. It is interesting to observe that instead of the mid-point, we could have chosen any real number in the final interval [0.6875, 0.75] as the ciphertext (with the length of the binary expansion equal to 4 bits). All real numbers in this final interval will begin with 1011 in their binary expansion and so any real number in this interval will do. For the binary map, the binary expansion of a real number is nothing but the symbolic sequence of the real number treated as the initial condition on the chaotic map. Since the message or symbolic sequence is finite in length, it will always correspond to an interval of initial conditions. Only an infinitely long message (symbolic sequence) will correspond to a unique initial condition on the GLS [11].

4. Other perfect secrecy systems on GLS This connection between binary map (GLS) and OTP enables us to find perfect secrecy systems which are all equivalent to OTP. We know that the binary map is a type of GLS and has 4 possible modes that correspond to choosing either positive or negative slope in the two intervals and 4 other modes that are duals (Fig. 2). In order to obtain secrecy systems that are equivalent to OTP, we can choose any of the 4 modes for K ¼ 0 and K ¼ 1 independently. Thus there are 16 possible secrecy systems which are all perfectly secure (refer to Fig. 6). The OTP is one of them.

4.1. n-OTP: Generalization to Non-binary alphabets The dynamical system viewpoint that we have proposed immediately enables us to generalize OTP for non-binary alphabets (n-OTP where n P 2) while retaining perfect secrecy. Suppose we have a message that takes values from the ternary alphabet f0; 1; 2g. We further assume that we have a perfect random key stream that also takes values from the ternary alphabet. To perform encryption, we switch between the three GLS maps shown in Fig. 7 depending on the key value. For n > 2, there are multiple options for choosing the n dynamical systems to switch. Thus it is possible to generalize OTP encryption to larger alphabets.

4.2. What about other chaotic maps? We have established the equivalence of OTP with finding the initial condition on binary map which is a type of GLS. The natural question to ask is whether we can use other chaotic maps instead of the binary map. One of the most popular chaotic maps is the logistic map [10] which is given by the equation x # 4xð1  xÞ for 0 6 x 6 1. Several authors have proposed chaotic cryptographic algorithms which makes use of the logistic map and other one dimension maps (for e.g., see [12–14]). These are private-key cryptographic algorithms which are not perfectly secure. Logistic map does not belong to the GLS family of maps and it can be easily verified that finding the initial condition on logistic map and its dual is not equivalent to XOR operation, and hence not equivalent to OTP encryption. However, it is well known that a topological conjugacy exists between the logistic map and the tent map [10], which is a GLS. The tent map and the binary map are both modes of the same GLS and are hence related. By making use of these relationships, whether one can find conjugate perfect secrecy systems is a subject of future investigation.

4034

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

K=0

K=1

‘0’

‘1’

‘1’

‘0’

‘0’

‘1’

‘1’

‘0’

‘0’

‘1’

‘1’

‘0’

‘0’

‘1’

‘1’

‘0’

Fig. 6. Perfect secrecy systems equivalent to OTP. There is a choice of 4 modes for K ¼ 0 and K ¼ 1 independently. Thus, there are 16 possible perfect secrecy systems which are all equivalent to OTP. The OTP happens to be one of them.

K=0

‘0’

‘1’

K=1

‘2’

‘2’

‘0’

K=2

‘1’

‘1’

‘2’

‘0’

Fig. 7. n-OTP: For n ¼ 3 and for an input ternary message M, the OTP can be implemented as finding initial condition by switching between the above three dynamical systems based on a random key K drawn from the alphabet {0, 1, 2} with equal probabilities. This is equivalent to M þ K mod 3.

5. Joint compression and encryption Arithmetic coding is a popular lossless data compression algorithm [15] used in international compression standards such as JPEG2000 and H.264. Recently [8], we have shown that arithmetic coding can be seen as finding the initial condition of the (binary) message which is treated as the symbolic sequence on the appropriate GLS (skew-binary map with p corresponding to the probability of the alphabet ‘0’). The initial condition serves as the compressed file which can be used to determine the symbolic sequence (message) at the decoder (given p). We called such a method as GLS-coding and arithmetic coding is a special case of GLS-coding. 5.1. Randomized Arithmetic Coding and the One-Time Pad Grangetto’s Randomized Arithmetic Coding (RAC) is one of the earliest attempts to provide both lossless data compression and encryption using arithmetic coding [16]. The idea of RAC is to randomly swap (or not swap) the two intervals corresponding to the symbols (‘0’ and ‘1’) at every iteration based on a random private binary key stream (K). This randomizes the location of the final interval while retaining compression efficiency. Having already established that arithmetic coding is a specific mode of GLS, we can interpret RAC as a swapping between two modes of the GLS (the two modes are duals of each other) at every iteration based on a private key stream (Fig. 8).

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

K=0

K=1

p

p ‘0’

4035

‘1’

‘1’

‘0’

Fig. 8. Grangetto’s Randomized Arithmetic Coding (RAC): ‘K’ is the binary key stream, also known as switching sequence and M is the binary message, also known as symbolic sequence. It can thus be seen as a generalization of OTP. Compare with Fig. 4.

RAC can thus be seen as a generalization of OTP where the skew in the binary map accounts for compression of the message. Just like the OTP, RAC also requires the private key K to be random (non-repeating) and as long as the message string M. 6. Discussion In light of Section 5, we can re-interpret OTP encryption as follows. We are effectively attempting to compress the message M under the switching operation based on the switching sequence K. We are performing Grangetto’s RAC on the binary map and its dual without the skew. However, it must be noted that since the two intervals for the binary map and its dual are of equal length (no skew), no compression will be achieved by the method. Thus the initial condition when expressed in binary need to have the same length as the message stream M to enable lossless decompression (in this case, decryption). Decryption involves finding the symbolic sequence on the binary map (and its dual under the operation of switching key K) using the initial condition. We have not discussed about OTP decryption since it is easy to see that the same argument holds since the inverse of XOR operation is itself. Thus our theorem holds for OTP decryption as well. Grangetto’s RAC can be seen as a natural generalization of OTP encryption, but with lossless compression of message M built into it. Grangetto’s method involves using a short key as the seed of a pseudo-random keystream generator which generates the switching sequence K (which is as long as M). In short, RAC can be seen as a generalization of stream ciphers by incorporating lossless compression. Underlying this scheme, is GLS which is a nonlinear chaotic dynamical system, and its modes, as a basis for security and optimal lossless compression. Recently, there have been work on using all the different modes of the GLS (and not just the two modes as in RAC) for futher enhancing the security [17]. There have been a number of different uses of GLS recently. We have shown that the popular Huffman coding algorithm is related to GLS [18] and re-interpreted certain fundamental results of prefix-free codes using GLS [19]. 6.1. Conclusion Nonlinear physics, especially Chaos is finding increasing applications to secure communications. However, it is a matter of concern that nonlinear science has not yet made a deep impact which was originally promised and there are no commercial products or standards which use chaos based methods today. Fractal based compression has also not delivered state-ofart performance [20]. In this work, we have shown that OTP encryption can be re-interpreted as finding the initial condition on the binary map and its dual based on the random pad as a switching sequence. OTP is a very important theoretical landmark in cryptography since it is the only known mathematically unbreakable cipher till date. A similar narrative holds true for optimal lossless data compression (arithmetic coding or GLS-coding [8]). These results imply that a single piece of hardware can be made to perform diverse operations such as optimal lossless compression (GLS-coding) and perfect secrecy cryptosystem (OTP) since both these algorithms have been shown to be nothing but finding the initial condition on appropriate 1D GLS maps. The failure of the application of nonlinear science to compression and cryptography seems to be justifiably vindicated. Acknowledgments The author is thankful to Prabhakar G. Vaidya for introducing him to the fascinating world of nonlinear science/chaos theory. The author is deeply grateful to the spiritual guidance of Mata Amritanandamayi Devi, popularly known as ‘‘The Hugging Saint’’ and affectionately known as ‘‘Amma’’ (means ‘‘Mother’’). This work is dedicated to the memory of the 1949 paper of Claude E. Shannon (1916–2000 AD). References [1] Menezes A, van Oorschot PC, Vanstone S. Handbook of applied cryptography. Boca Raton, FL: CRC Press; 1996. [2] Shannon CE. Communication theory of secrecy systems. Bell Syst Tech J 1949;28:656–715.

4036 [3] [4] [5] [6] [7] [8]

[9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20]

N. Nagaraj / Commun Nonlinear Sci Numer Simulat 17 (2012) 4029–4036

Shannon CE. A mathematical theory of communication. Bell Syst Tech J 1948;27:379–423. Nagaraj N, Vaidya V, Vaidya PG. Re-visiting the One-Time Pad. Int J Net Sec 2008;6(1):94–102. Nielsen MA, Chuang IL. Quantum computation and quantum information cambridge. UK: Cambridge Univ Press; 2000. Gehani A, LaBean T, Reif J. DNA-based cryptography. DIMACS DNA based computers V. American Mathematical Society; 2000. Massey JL. Contemporary cryptology: an introduction. In: Simmons GJ, editor. Contemporary cryptology: the science of information integrity, vol. 139. IEEE Press; 1992. Nagaraj N, Vaidya PG, Bhat KG. Arithmetic coding as a nonlinear dynamical system. Commun Nonlinear Sci Numer Simul 2009;14:1013–20. Nagaraj N, Vaidya PG, editors. Proc of Intl Conf on Recent Developments in Nonlinear Dynamics, 13–16 February 2008, School of Physics, Bharathidasan Univ., Trichy [Narosa Publishers, New Delhi, ISBN: 978-81-7319-941-7]. Nagaraj N. Novel applications of chaos theory to coding and cryptography. PhD thesis, National Institute of Advanced Studies, Indian Institute of Science Campus, Bangalore; 2010. Vernam GS. Cipher printing telegraph systems for secret wire and radio telegraphic communications. J Amer Inst Electr Eng 1926;55:109–15. Alligood KT, Sauer TD, Yorke JA. Chaos: an introduction to dynamical systems. New York: Springer; 1996. Dajani K, Kraaikamp C. Ergodic theory of numbers, vol. 29. Washington, DC: The mathematical association of america, Washington; 2002. Patidar V, Pareek NK, Sud KK. A new substitution diffusion based image cipher using chaotic standard and logistic maps. Commun Nonlinear Sci Numer Simul 2009;14:3056–75. Pareek NK, Patidar V, Sud KK. Image encryption using chaotic logistic map. Image Vision Comput 2006;24:926–34. Patidar V, Pareek NK, Sud KK. Cryptography using multiple one dimensional chaotic maps. Commun Nonlinear Sci Numer Simul 2009;10(7):715–23. Rissanen JJ, Langdon GG. Arithmetic coding. IBM J Res Dev 1979;23(2):146–62. Grangetto M, Grosso A, Magli E. Selective encryption of JPEG2000 images by means of randomized arithmetic coding. In: IEEE 6th workshop on multimedia signal processing, Sienam, Italy; 2004. p. 347–50. Wong KW, Lin Q, Chen J. Simultaneous arithmetic coding and encryption using chaotic maps. IEEE Trans Circuits Syst—II 2010;57(2):146–50. Nagaraj N. Huffman coding as a nonlinear dynamical system. Int J Bifur Chaos 2011;21(6):1–10. Nagaraj N. A dynamical systems proof of Kraft–McMillan inequality and its converse for prefix-free codes. Chaos 2009;19:013136-1–6-5. Peitgen H, Jürgens H, Saupe D. Chaos and fractals: new frontiers of science. 2nd ed. New York: Springer; 2004.