Nothing Special   »   [go: up one dir, main page]

Next Article in Journal
Implementation of the Onsager Theorem to Evaluate the Speed of the Deflagration Wave
Next Article in Special Issue
High Efficiency Continuous-Variable Quantum Key Distribution Based on ATSC 3.0 LDPC Codes
Previous Article in Journal
Experimental Investigation and Theoretical Modelling of a High-Pressure Pneumatic Catapult Considering Dynamic Leakage and Convection
Previous Article in Special Issue
A Novel Image-Encryption Scheme Based on a Non-Linear Cross-Coupled Hyperchaotic System with the Dynamic Correlation of Plaintext Pixels
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Designing Two Secure Keyed Hash Functions Based on Sponge Construction and the Chaotic Neural Network

1
Institut d’Electronique et des Télécommunications de Rennes (IETR), UMR CNRS 6164, Université de Nantes-Polytech, 44306 Nantes, France
2
School of Electronics and Telecommunications, Hanoi University of Science and Technology, 1 Dai Co Viet, Hai Ba Trung, Hanoi 100000, Vietnam
3
Institut d’Electronique et des Technologies du NuméRique, UMR CNRS 6164, INSA Rennes, 35700 Rennes, France
4
LASTRE Laboratory, Lebanese University, Beirut, Lebanon
*
Author to whom correspondence should be addressed.
Entropy 2020, 22(9), 1012; https://doi.org/10.3390/e22091012
Submission received: 16 July 2020 / Revised: 19 August 2020 / Accepted: 27 August 2020 / Published: 10 September 2020
(This article belongs to the Special Issue Information Theoretic Security and Privacy of Information Systems)
Figure 1
<p>General architecture of the <span class="html-italic">Sponge</span> construction.</p> ">
Figure 2
<p>The three types of <span class="html-italic">keyed-Sponge</span> functions.</p> ">
Figure 3
<p>General architecture of the two proposed <span class="html-italic">keyed-Sponge CNN</span> hash functions.</p> ">
Figure 4
<p>Padding rule in the two proposed <span class="html-italic">keyed-Sponge CNN</span> hash functions of the input message <span class="html-italic">M</span>.</p> ">
Figure 5
<p>Structure of the <math display="inline"><semantics> <mrow> <mi>i</mi> </mrow> </semantics></math>th <span class="html-italic">Chaotic System</span> used in the two proposed structure of <span class="html-italic">keyed-Sponge CNN</span> hash functions.</p> ">
Figure 6
<p>Detailed architecture of the <math display="inline"><semantics> <mrow> <mi>i</mi> </mrow> </semantics></math>th chaotic function in the proposed two-layered <span class="html-italic">KSCNN</span> hash function.</p> ">
Figure 7
<p>Detailed architecture of the <math display="inline"><semantics> <mrow> <mi>k</mi> </mrow> </semantics></math>th neuron at the input layer of the two proposed <span class="html-italic">KSCNN</span> hash functions.</p> ">
Figure 8
<p>Detailed architecture of the <math display="inline"><semantics> <mrow> <mi>k</mi> </mrow> </semantics></math>th neuron at the output layer of the proposed two-layered <span class="html-italic">KSCNN</span> hash functions.</p> ">
Figure 9
<p>Detailed structure of <span class="html-italic">NL</span> Functions block.</p> ">
Figure 10
<p>Detailed architecture of the <math display="inline"><semantics> <mrow> <mi>i</mi> </mrow> </semantics></math>th chaotic function in the proposed <span class="html-italic">keyed-Sponge</span> hash function based on one-layered <span class="html-italic">NL CNN</span>.</p> ">
Figure 11
<p>Hash value distribution for Structure 1 with <math display="inline"><semantics> <mrow> <mo>|</mo> <mi>h</mi> <mo>|</mo> </mrow> </semantics></math> = 256 bits. (<b>a</b>) ASCII values of message <span class="html-italic">M</span>, (<b>b</b>) Hexadecimal hash value <span class="html-italic">h</span> of <span class="html-italic">M</span>, (<b>c</b>) Zero message, and (<b>d</b>) Hexadecimal hash value <span class="html-italic">h</span> of the zero message.</p> ">
Figure 12
<p>Histogram of <math display="inline"><semantics> <msub> <mi>B</mi> <mi>i</mi> </msub> </semantics></math> for Structure 1 with <math display="inline"><semantics> <mrow> <mo>|</mo> <mi>h</mi> <mo>|</mo> </mrow> </semantics></math> = 256 bits, and J = 2048 tests.</p> ">
Figure 13
<p>Histogram of <math display="inline"><semantics> <msub> <mi>B</mi> <mi>i</mi> </msub> </semantics></math> for Structure 1 with <math display="inline"><semantics> <mrow> <mo>|</mo> <mi>h</mi> <mo>|</mo> </mrow> </semantics></math> = 512 bits, and J = 2048 tests.</p> ">
Figure 14
<p>Comparison of hashing throughput for Structures 1 and 2 - <math display="inline"><semantics> <msub> <mi>n</mi> <mi>r</mi> </msub> </semantics></math> = 8/24 rounds with <math display="inline"><semantics> <mrow> <mo>|</mo> <mi>h</mi> <mo>|</mo> </mrow> </semantics></math> = 256/512 bits.</p> ">
Versions Notes

Abstract

:
In this paper, we propose, implement, and analyze the structures of two keyed hash functions using the Chaotic Neural Network (CNN). These structures are based on Sponge construction, and they produce two variants of hash value lengths, i.e., 256 and 512 bits. The first structure is composed of two-layered CNN, while the second one is formed by one-layered CNN and a combination of nonlinear functions. Indeed, the proposed structures employ two strong nonlinear systems, precisely a chaotic system and a neural network system. In addition, the proposed study is a new methodology of combining chaotic neural networks and Sponge construction that is proved secure against known attacks. The performance of the two proposed structures is analyzed in terms of security and speed. For the security measures, the number of hits of the two proposed structures doesn’t exceed 2 for 256-bit hash values and does not exceed 3 for 512-bit hash values. In terms of speed, the average number of cycles to hash one data byte (NCpB) is equal to 50.30 for Structure 1, and 21.21 and 24.56 for Structure 2 with 8 and 24 rounds, respectively. In addition, the performance of the two proposed structures is compared with that of the standard hash functions SHA-3, SHA-2, and with other classical chaos-based hash functions in the literature. The results of cryptanalytic analysis and the statistical tests highlight the robustness of the proposed keyed hash functions. It also shows the suitability of the proposed hash functions for the application such as Message Authentication, Data Integrity, Digital Signature, and Authenticated Encryption with Associated Data.

1. Introduction

Hash functions can be used in various applications such as Message Authentication, Digital Signature, Data Integrity, and Authenticated Encryption [1]. As a definition, a hash function H takes an input message M, and produces an output value h, named hash code, digital fingerprint, message digest, or simply hash. Precisely, the hash function H takes a bit sequence M (e.g., data, image, video, and file) with an arbitrary finite length, and produces a fixed length digest h of u bits. The digest acts as a kind of signature for the input data. Moreover, when the same hash function H is run for the same input message M, the same hash value h is obtained [2].
A cryptographic hash function employs an encryption algorithm in producing the output value h. The advantage of cryptographic hash functions is to meet some security requirements and to be immune against different attacks such as statistical, brute-force, and cryptanalytic attacks, etc. Recently, CNN based hash functions [3,4] attract the interest of research community because of the important properties of chaotic systems and neural networks related to the nonlinear security [5,6].
In general, chaos is a kind of deterministic random-like process generated by nonlinear dynamical systems. Chaos was given by Edward Lorenz [7], and its main properties have been investigated by a large community of research [8]. Chaotic systems are appropriate to be used in cryptographic hash algorithms due to their pertinent properties such as random-like behavior, sensitivity to tiny changes in initial conditions, and unstable periodic orbits. In addition, neural networks are powerful computational models, designed to simulate the human brain and adopted to solve many problems in different fields. Neural networks exhibit, by construction, many convenient properties to be used in cryptographic hash algorithms such as parallel implementation, flexibility, nonlinearity, one-way, data diffusion, and compression functions.
At first, some designers combine both these systems (chaos and neural network) in the Merkle–D a ˚ mgard structure to build robust CNN hash functions [9,10]. In our previous work [2], Abdoun et al. designed, implemented, and analyzed the performance, in terms of security and speed, of two proposed keyed CNN hash functions based on the Merkle–D a ˚ mgard (MD) construction with three output schemes, i.e., CNN–Matyas–Meyer–Oseas, Modified CNN–Matyas–Meyer–Oseas, and CNN–Miyaguchi–Preneel. However, the Merkle–D a ˚ mgard construction has several vulnerabilities to some attacks such as Second preimage, Multicollisions, Herding, and Length extension attacks [11,12]. To resist these attacks, a new Secure Hash Algorithm called SHA-3 [13] based on an instance of the KECCAK algorithm was selected as a winner of the National Institute of Standards and Technology (NIST) hash function competition in 2015 [13,14,15,16,17,18]. Indeed, the SHA-3 family consists of four cryptographic hash functions such as, SHA3-224, SHA3-256, SHA3-384, and SHA3-512 and two Extendable-Output Functions (XOFs) such as SHAKE128 and SHAKE256 [13]. For the XOFs, the length of the output can be chosen to meet the requirements of user applications. There are different structures being used to build various hash functions such as Wide Pipe [19], Merkle–D a ˚ mgard [20,21], Haifa [22], Fast Wide Pipe [23], Sponge [24], etc. Indeed, a number of these existing structures are employed in the design of many popular hash functions. The Merkle–D a ˚ mgard construction is used in the design of MD5 [25] family like SHA-1 [26], and SHA-2 [27] standards, while the Sponge construction is used to design a new secured standard hash algorithm SHA-3 [13], which will be used when the current standard SHA-2 will be inevitably compromised. In our previous work [28], Abdoun et al. proposed, implemented, and analyzed the performance of a new structure for keyed hash function based on chaotic maps, neural network, and Sponge construction.
Since 2009, there are several lightweight cryptographic hash functions [29] proposed that are based on a Sponge construction such as LightMAC [30], TuLP [31], SipHash [32], QUARK [33], PHOTON [34], and SPONGENT [35].
In this paper, two robust keyed hash functions that contain a chaotic system (CS) and a CNN-based Sponge construction are proposed. In these two proposed structures, the input message M is hashed to a hash value h with a fixed length of bits equal to 256 or 512 bits. The combination of Sponge construction and CNN results the increase in the robustness of the proposed hash function. The proposed structures are based on the efficient CS [36]. The efficient CS in [36] produces pseudo-chaotic samples and those are used as the parameter values of the neural network. In addition, the proposed activation function of neural network is formed of two chaotic maps that are connected in parallel. The proposed CNN and CS ensure that our hash functions are more secure against different attacks in comparison with other hash functions that are based on Sponge construction. Indeed, the various experimental results and theoretical analysis demonstrate the effectiveness and prove that the proposed hash functions have very good statistical properties, high message sensitivity, high key sensitivity, strong collision resistance, and are immune against collision, preimage, and second preimage attacks [37].
The rest of the paper is organized as follows: Section 2 introduces a brief reminder of cryptographic hash function properties. Then, the general models of Sponge and keyed-Sponge constructions are presented. Section 3 describes in detail the proposed structures of the two keyed CNN hash functions based on Sponge construction with their important constitutive elements. Section 4 shows the results and analysis in terms of security and computational performance for the proposed hash functions, and comparison with the two standards SHA-2 and SHA-3. Finally, in Section 5, conclusions for the contribution and the future work are given.

2. Preliminaries

2.1. Properties and Classification of Cryptographic Hash Functions

The cryptographic hash function H (noticed also as hash functions in the rest of paper) must verify the two implementation properties, i.e., ease of computation and compression, in addition to the three main security properties, i.e., preimage resistance (called one-way), second preimage resistance (called weak collision resistance), and collision resistance (called strong collision resistance).

2.2. Structures of Cryptographic Keyed Hash Functions Based on Sponge Construction

In this section, we describe the three phases of the Sponge construction, and then how to build keyed-Sponge hash functions from unkeyed Sponge construction.

2.2.1. The Sponge Construction: Initialization, Absorbing and Squeezing Phases

In Figure 1, the general structure of the unkeyed Sponge construction is shown and it has three phases: Initialization, Absorbing, and Squeezing. The unkeyed Sponge construction, which operates on a state H M i ( i 0 ) of size b bits, builds a new hash function. These states are split into an outer part of r-bit size named bitrate, which is accessible externally, and an inner part C of c-bit size named capacity, which is hidden. The size called width b-bit is given by b = r + c. In the initialization phase, the initial value I V = H M 0 of b-bit size is set to 0. The input message M is padded and then split into q blocks of r-bit size. Next, in the absorbing phase, the q blocks of the entire message are absorbed on the basis of message block M i by message block M i , ( i = 1 , , q ) . In the squeezing phase, the hash value h is obtained by squeezing out r-bit block by r-bit block.
Note that the security depends partially on the capacity c, while the speed of the construction relies partially on the bitrate r. In the absorption process, H M i , ( i = 0 , , q 1 ) , with r-bit size is xored with each message block M i , ( i = 1 , , q ) , to become the input of the function f. If we increase the bitrate r, then more bits are absorbed at once and the process runs faster. However, the increase of the bitrate r implies the decrease in the capacity c, or the security is reduced. Thus, there is a trade-off between security and speed.
As mentioned before, the KECCAK-p family of permutations is the specialization of the KECCAK-f family:
K E C C A K p [ b , n r ] = K E C C A K f [ b ]
where n r is the number of rounds and b is the width. Therefore, the KECCAK family is denoted by KECCAK[c](N, d) as
K E C C A K [ c ] ( N , d ) = S P O N G E [ K E C C A K p [ 1600 , 24 ] , 1600 c ,   p a d 10 1 ] ( N , d ) ,
where N is the concatenation of the initial message M with the suffix 01, or (N = M ‖ 01); pad 10 1 is the used padding rule explained below; d is the hash value length (u = d); and Sponge[.] is the sponge function. As we can see, for a given input message M, this equation is restricted to the case n r = 24 rounds and b = 1600 bits.
In particular, the four variants of SHA-3 standard hash functions are defined from the KECCAK[c](N, d) function as follows:
S H A 3 256 ( M ) = K E C C A K [ 512 ] ( M     01 , 256 ) S H A 3 224 ( M ) = K E C C A K [ 448 ] ( M     01 , 224 ) S H A 3 512 ( M ) = K E C C A K [ 1024 ] ( M     01 , 512 ) S H A 3 384 ( M ) = K E C C A K [ 768 ] ( M     01 , 384 )
In each case, the suffix 01 supports the domain separation; it distinguishes the SHA-3 hash functions from the XOFs, where its suffix is 1111 (N = M ‖ 1111), and the capacity c is double the hash value length u, i.e., c = 2u.
Thus, to ensure that the obtained message (M ‖ 01) of arbitrary length is padded to become a bit string with the length of multiple of r bits, and a padding rule is necessary. Indeed, a simple padding rule with 0 is insufficient because the produced hash value will be vulnerable to various attacks due to the collision between all-zero latest message blocks.

2.2.2. Unkeyed Sponge Construction to Keyed-Sponge Construction

The unkeyed Sponge hash functions, which use an initial value IV, are transformed to keyed-Sponge hash functions, without any structural modification, by adding a secret key K as an additional entry to the structure. In the literature, three types of keyed-Sponge functions were reported as displayed in Figure 2:
  • The Outer keyed-Sponge (OKS) [38]: The input message is obtained by prepending the secret key K to the message M, i.e.,  K     M as in Figure 2a.
  • The Inner keyed-Sponge (IKS) [39]: The inner part of the initial value IV contains the secret key K as in Figure 2b.
  • The Full-State Keyed Sponge (FKS) [40]: The inner part of the initial value IV contains the secret key K as IKS, but the input message M is absorbed over the entire b-bit state instead of absorbing it in the r-bit outer part only as in Figure 2c.
In the literature, the OKS and IKS hash functions were analyzed by Andreeva et al. [41], and Naito and Yasuda [42]. The donkeySponge construction employed the idea of the third type as in [43], and an analysis for only one output block was given by Gaži et al. [44]. A complete security analysis of the FKS was given by Daemen et al. [45] and Mennink et al. [40].
Under the security perspective, the same security level of c bits is achieved by the three modes, and there is no reason to take a key K of size | K | bits greater than the capacity c ( | K | > c ) [46]. However, in terms of the number of permutation evaluations, OKS and IKS are less efficient than FKS, that is, the absorption of b-bit input data at a time rather than r bits ( r < b ). Thus, we restrict our focus to FKS hash functions. There are several applications of the keyed-Sponge hash functions such as the MAC generation and the Bitstream encryption. For the first application, the MAC function is given by
M A C K , I V [ M ] : Z 2 l × Z 2 b × Z 2 L Z 2 u ,
where Z 2 is a binary sequence; IV is the initial value; K is the secret key; and | K | , b, L, and u are the lengths of the secret key K, the initial value IV, the message M, and the desired hash value h, respectively.
For the second application, the STREAM function is given by:
S T R E A M K , I V : Z 2 l × Z 2 b Z 2 .
In the next section, we introduce our proposed keyed-Sponge CNN hash functions.

3. Proposed Keyed-Sponge Chaotic Neural Network Hash Functions

The proposed keyed-Sponge hash functions are the chaotic functions C f i , ( i 1 ) that contain a CS and a CNN [47]. These chaotic functions use a padded message block M i     0 c , ( i = 1 , , q ) of size b-bit, subkeys K M i , ( i 1 ) of length 128 bits and a secret key K M 0 of length | K | = 160 bits and produce hash values with two variant lengths, 256 bits and 512 bits, depending on the value of r and c as shown in Figure 3.
The first CNN hash function is made up of a two-layered Neural Network called Structure 1, whereas the second hash function is made up of a one-layered Neural Network followed by a combination of Nonlinear (NL) functions called Structure 2 [28].
In the following subsection, the architecture of the two proposed keyed-Sponge CNN hash functions is described.

3.1. Description of the General Structure of the Two Proposed Keyed-Sponge CNN Hash Functions

The general structure of the proposed keyed-Sponge CNN hash functions (KSCNN[c]( M     01 , u)) is composed of three phases, i.e., Initialization, Absorbing, and Squeezing phases (see Figure 3).

3.1.1. Phase 1: Initialization

This phase initializes the secret key K = K M 0 and the initial value I V = H M 0 to 0, and determines the values of r and c according to Table 1. In addition, the input message M is appended by the suffix 01, in this phase. Then, the appended message M | | 01 is padded using the function Pad (explained below), and divided into q blocks of the r-bit size, M i with ( i = 1 , , q ) .
For Structures 1 and 2, we adopt the same value of c like the standard SHA-3, i.e., c equal to 512 bits (like SHA3-256) for the 256-bit hash value, and c equal to 1024 bits (like SHA3-512) for the 512-bit hash value.
We use the multi-rate padding Pad in our proposed hash functions, which appends a bit sequence 10 1 of length v + 2 bits (a bit 1 followed by the minimum number v of bits 0, and lastly a bit 1), as shown in Equation (5):
v = r m o d [ ( ( L + 2 ) + 2 ) , r ] ,
where mod is the modulo function and L = | M | . In general, we have three cases of padding as shown in Figure 4:
Case 1 : m o d ( | M + 2 | , r ) r 2 ; Case 2 : m o d ( | M + 2 | , r ) = 0 ; Case 3 : m o d ( | M + 2 | , r ) > r 2 .
Now, let’s take a look at the three cases of padding, where r = 1088 bits as follows:
Case 1 : i f L = 3248 b i t s : v = 1088 m o d [ ( 3248 + 2 ) + 2 , 1088 ] = 12 b i t s ; Case 2 : i f L = 3262 b i t s : v = 1088 m o d [ ( 3262 + 2 ) + 2 , 1088 ] = 1086 b i t s ; Case 3 : i f L = 3261 b i t s : v = 1088 m o d [ ( 3261 + 2 ) + 2 , 1088 ] = 1087 b i t s .
Then, we divide the padded message into q blocks, and the obtained message is processed as a sequence of blocks:
M 1     M 2         M q = M     01     p a d 10 1

3.1.2. Phase 2: Absorbing

In the second phase, the q blocks of the message, M i , ( i = 1 , , q ) , are absorbed, and each block is of r bits. Each message block M i , ( i = 1 , , q ) , is padded by the sequence 0 c . Then, the obtained blocks M i     0 c , ( i = 1 , , q ) with the length of b bits are xored with the intermediate hash values H M i 1 , ( i = 1 , , q ) . It is noted that H M 0 is defined in the initialization phase ( H M 0 = I V ). The obtained values from the xor operation h i 1 , ( i = 1 , , q ) , with the length of 1600 bits form the inputs of chaotic functions C f i , ( i = 1 , , q ) , in addition to the subkeys K M i , ( i = 1 , , q 1 ) , of 128 bits. For every r-bit input message block M i , ( i = 1 , , q ) , the chaining variables H M i , ( i = 1 , , q ) , of b bits (e.g., b = 1600 bits) are filled from the outputs of C f i , ( i = 1 , , q ) . K M 0 = K is the secret key of 160 bits for the first chaotic function C f 1 [48]. For the other chaotic functions C f i , ( i 2 ) , the subkeys K M i , ( i = 1 , , q 1 ) are obtained from the Least Significant Bit (LSB) of H M i , ( i = 1 , , q 1 ) , or  K M i = L S B ( H M i ) , ( i = 1 , , q 1 ) . These subkeys K M i ( i = 1 , , q 1 ) are used by the CS to generate initial conditions and the necessary parameters for the CNN. For the final chaotic function C f q , H M q forms the final hash value h q with the length equal to b bits as the output of the absorbing phase of the message M. The pseudo-code of the absorbing phase Algorithm 1 is presented below:
Algorithm 1 The absorbing phase.
  • Require: r < b
  • M 1     M 2         M q P a d ( M     01 )
  • H M 0 0 b
  • for i = 1 to q do
  •      h i 1 H M i 1 ( M i     0 c ) )
  •      H M i C f i ( K M i 1 , h i 1 )
  • end for
  • Return ( h q ) u .

3.1.3. Phase 3: Squeezing

Squeezing phase is only used when the length of the hash value u is greater than the width b, i.e.,  u > b . In this case, the hash value h q of b bits generated by the absorbing phase is the input to the squeezing phase, and the obtained hash values H M i , ( i q ), are sequentially forwarded to C f i , ( i q + 1 ) . For each H M i , ( i q ) , we extract the r most significant bits to form Z j , ( j 1 ) , and the 128 least significant bits to produce the key K M i , ( i q ) , for the CS of each C f i , ( i q + 1 ) . Finally, the r-bit size of all obtained values Z j , ( j 1 ) , are concatenated to constitute the final hash value h of the desired length of u bits as follows:
h = Z 1 Z 2 Z 3 | | = ( H M q ) r ( H M q + 1 ) r ( H M q + 2 ) r
The obtained hash value h can be used as a Message Authentication Code (MAC) for Digital Signature (DS) and Authenticated Encryption (AE) applications [49,50]. The pseudo-code of the squeezing phase Algorithm 2 is given below:
Algorithm 2 The squeezing phase.
  • Require: u > b
  • Z 1 ( H M q ) r
  • h Z 1
  • j 2
  • for i = q+1, … do
  •     while | h | < u  do
  •          h i 1 H M i 1
  •          H M i C f i ( K M i 1 , h i 1 )
  •          Z j ( H M i ) r
  •          h h     Z j
  •          j j + 1
  •     end while
  • end for
  • Return ( h ) u .
In the next paragraph, the proposed CS will be used in the chaotic functions C f i , ( i 1 ) , to generate the necessary parameters and initial conditions for CNN as described above.

3.2. Detailed Description of the Proposed Chaotic System

As shown in Figure 5, the proposed CS is a simple version of that given by S. El Assad and H. Noura [36]. It is based on the Discrete Skew Tent map (DSTmap) in Equation (8) as
K S s ( n ) = D S T m a p ( K S s ( n 1 ) , Q 1 ) = 2 N × K S s ( n 1 ) Q 1 i f 0 < K S s ( n 1 ) < Q 1 2 N 1 i f K S s ( n 1 ) = Q 1 2 N × 2 N K S s ( n 1 ) 2 N Q 1 i f Q 1 < K S s ( n 1 ) < 2 N
where N is the finite precision equal to 32 bits; and Q1 is the control parameter of DSTmap. KSs(n − 1) and KSs(n) are the outputs of DSTmap at the ( n 1 ) t h and n t h iterations, respectively. The value range of Q1, KSs(n − 1), and  KSs(n) is from 1 to 2 N 1 . The secret key K of the first input block message, M 1 , is represented by the following equation:
K = { K S s 1 ( 1 ) ,   K s 1 ,   K S s 1 ( 0 ) ,   Q 1 ,   U s } ,
where K S s 1 ( 1 ) , K s 1 , K S s 1 ( 0 ) , Q 1 , and  U s are parts of the secret key K. U s is only used for generation of the first sample. The components of the secret key K are samples of 32 bits, and its size is:
| K | = | K S s 1 ( 1 ) | + | K s 1 | + | K S s 1 ( 0 ) | + | Q 1 | + | U s | = 160 ( b i t s )

3.3. Keyed-Sponge Hash Functions Based on Two-Layered CNN Structure (Structure 1)

The structure of the chaotic function C f i for KSCNN[512] and KSCNN[1024] is shown in Figure 6. It contains two layers of neurons, i.e., a CNN input layer of five neurons and a CNN output layer of eight neurons. The necessary samples, Key Stream KS, are generated by the CS to supply the both layers. The KS is composed as follows:
K S = { B I , W I , Q I , B O , W O , Q O }
The size of K S must be:
| K S | = | B I | + | W I | + | Q I | + | B O | + | W O | + | Q O | = 129 s a m p l e s ,
where | B I | = 5 samples, | W I | = 50 samples, | Q I | = 10 samples, | B O | = 8 samples, | W O | = 40 samples and | Q O | = 16 samples. Each component has 32 bits in length.
Indeed, all neurons of the two CNN layers use the same activation function with different number of inputs. For the input layer, each neuron has 10 inputs receiving data from h i , ( i = 0 , , q 1 ) as displayed in Figure 6 and Figure 7. In addition, for  ( k = 0 , , 4 ) , the first five inputs P j , ( j = 10 k , , 10 k + 4 ) , of each neuron are weighted by the W I j , ( j = 10 k , , 10 k + 4 ) , and then added together with the bias B I k (weighted by 1), to form the input of the chaotic map DSTmap. The last five inputs P j , are weighted by W I j , ( j = 10 k + 5 , , 10 k + 9 ) , and then combined together with the same bias B I k to form the input of the chaotic map DPWLCmap. All inputs P j , biases B I k and weights W I j are samples (integer values) of 32 bits. Q I k , 1 and Q I k , 2 are the control parameters of DSTmap and DPWLCmap, respectively. The biases B I k , ( k = 0 , , 4 ) , are necessary in case the input message is null as seen in Figure 7. The chaotic map DPWLCmap is realized as follows:
K S p ( n ) = D P W L C m a p ( K S p ( n 1 ) , Q 2 ) = 2 N × K S p ( n 1 ) Q 2 i f 0 < K S p ( n 1 ) Q 2 ; 2 N × K S p ( n 1 ) Q 2 2 N 1 Q 2 i f Q 2 < K S p ( n 1 ) 2 N 1 ; 2 N × 2 N K S p ( n 1 ) Q 2 2 N 1 Q 2 i f 2 N 1 < K S p ( n 1 ) 2 N Q 2 ; 2 N × 2 N K S p ( n 1 ) Q 2 i f 2 N Q 2 < K S p ( n 1 ) 2 N 1 ; 2 N 1 Q 2 o t h e r w i s e ;
where KSp(n − 1) and KSp(n) are the outputs of DPWLCmap at the ( n 1 ) t h and n t h iterations, respectively; N is the number of bits defining the finite precision, N = 32 bits; Q2 is the control parameter; KSp(n − 1), KSp(n) and Q2 range between 1 to 2 N 1 .
After computation, the two outputs of DSTmap and DPWLCmap are xored together to produce the output of neurons represented by C k , ( k = 0 , , 4 ) , which is presented by the following equation:
C k = m o d { [ F 1 + F 2 ] , 2 N } w h e r e F 1 = D S T m a p { m o d ( [ j = 10 k 10 k + 4 ( W I j × P j ) ] + B I k , 2 N ) , Q I k , 1 } , F 2 = D P W L C m a p { m o d ( [ j = 10 k + 5 10 k + 9 ( W I j × P j ) ] + B I k , 2 N ) , Q I k , 2 } .
At the output layer, each neuron has five inputs, W O k , j × C j , ( k = 0 , , 7 ; j = 0 , , 4 ) , where k represents the index of output neurons, j represents the index of input neurons;  W O k , j , ( k = 0 , , 7 ; j = 0 , , 4 ) , are the weights associated with the connections between output and input layers, and  C j , ( j = 0 , , 4 ) are the outputs of neurons at the input layer; W O k , j , ( k = 0 , , 7 ; j = 0 , , 4 ) , and  C j , ( j = 0 , , 4 ) , both are samples of 32-bit length. As presented in Figure 8 for the inputs of each neuron at the output layer, the outputs of the first three neurons at the input layer, C 0 , C 1 and C 2 , are fed to the chaotic map DSTmap, and the last two outputs C 3 and C 4 from the input layer are sent to the chaotic map DPWLCmap. After computation, the outputs of chaotic maps DSTmap and DPWLCmap are xored together to generate the output of the neuron, given by the following equation:
H k = m o d { [ G 1 + G 2 , 2 N ] } w h e r e G 1 = D S T m a p { m o d ( [ j = 0 2 ( W O k , j × C j ) ] + B O k , 2 N ) , Q O k , 1 } , G 2 = D P W L C m a p { m o d ( [ j = 3 4 ( W O k , j × C j ) ] + B O k , 2 N ) , Q O k , 2 . }
Here, the control parameters Q O k , 1 , Q O k , 2 , ( k = 0 , , 7 ) , and the biases B O k , ( k = 0 , , 7 ) , used by the two chaotic maps, are also samples of 32 bits in length.
Finally, the output layer of the proposed structure is iterated seven times to produce the intermediate hash values with the length b = 7 × 8 × 32 bits.

3.4. Keyed-Sponge Hash Functions Based on One-Layered CNN and One NL Output Layer (Structure 2)

The architecture of the second proposed KSCNN hash function uses the same input CNN layer as that in Structure 1, and the second layer is replaced by NL functions. The NL functions are similarly used in SHA-2 as displayed in Figure 9. The CS generates the necessary samples to supply the CNN of each C f i , ( i 1 ) as
K S = { B I , W I , Q I , W O } ,
and its size is
| K S | = | B I | + | W I | + | Q I | + | W O | = 70 s a m p l e s .
Here, | W O | = 5 samples instead of 40 samples as used in Structure 1.
The outputs of neurons at the input layer C k , ( k = 0 , , 4 ) are calculated by Equation (14). As seen in Figure 10, the outputs of neurons are weighted by W O k , k , ( k = 0 , , 4 ) , to form the inputs D k , ( k = 0 , , 4 ) for the NL functions of the output layer; D k = W O k , k × C k , ( k = 0 , , 4 ) . The outputs H k , ( k = 0 , , 7 ) are calculated by the following equations:
H 0 = D 0 t 1 M a j ( D 1 , D 2 , D 3 ) Σ 0 ( D 1 ) , H 1 = t 1 D 0 , H 2 = D 0 D 1 , H 3 = D 1 D 2 , H 4 = D 2 D 3 , H 5 = D 0 D 1 t 1 , H 6 = D 1 D 2 t 1 , H 7 = D 2 D 3 t 1 , w h e r e t 1 = C h ( D 1 , D 2 , D 3 ) D 4 Σ 1 ( D 3 ) ,
where H k , ( k = 0 , , 7 ) are values of 32-bit length and D k , ( k = 0 , , 4 ) are truncated to 32 bits. The four NL functions, Maj, Ch, Σ 0 and Σ 1 , are defined by the equations as
M a j ( D 1 , D 2 , D 3 ) = ( D 1 D 2 ) ( D 1 D 3 ) ( D 2 D 3 ) , C h ( D 1 , D 2 , D 3 ) = ( D 1 D 2 ) ( ¬ D 1 D 3 ) , Σ 0 ( D 1 ) = R O T R 2 ( D 1 ) R O T R 13 ( D 1 ) R O T R 22 ( D 1 ) , Σ 1 ( D 3 ) = R O T R 6 ( D 3 ) R O T R 11 ( D 3 ) R O T R 25 ( D 3 ) , R O T R n ( x ) = ( x n ) ( x ( 32 n ) ) ,
where the denotations are ¬: NOT logic, ∧: AND logic, ∨: OR logic, ⊕: XOR logic, ≪: binary shift left operation, and ≫: binary shift right operation.
To compute the intermediate hash values, the output layer is iterated n r times firstly, while the value of n r (1, 2, 4, 8, 16, and 24) depends on the desired security level. The obtained results given in the performance section indicate that n r = 8 rounds is sufficient. Then, with fixed n r , we again iterate the output layer seven times to obtain the desired length of the intermediate hash values as done in Structure 1.

4. Performance Analysis

In order to evaluate the performance of KSCNN[512] and KSCNN[1024], the performance analysis focuses on the security and the number of needed cycles per byte (NCpB). In addition, we compare the obtained performance with the standard hash algorithm SHA-3. First, we analyze the preimage resistance (one-way property) of the proposed structures. Then, we evaluate the statistical tests such as the collision resistance, the distribution of hash value, the sensitivity of hash value h to the message M and the sensitivity of hash value h to the secret key K, and the diffusion effect. In addition, we study the immunity of the proposed structures against the brute-force and cryptanalytic attacks. The detailed description of these tests is presented in our previous work [47]. For that, we just resume in this section the necessary test description to interpret the obtained results.

4.1. One-Way Property

According to Equations (14) and (15), for a hash value h, it is highly difficult to retrieve the secret key K and the message M. For a given secret key K, the attacker tries to find the message M using the brute force attack (as explained in the Section 4.3.1), such that its hash is equal to a given hash value. On average, an attacker tries 2 u 1 values of the message, to find the hash value h of length u (u is equal to 256 or 512 bits). Nowadays, with such lengths, this attack is infeasible [51,52].

4.2. Statistical Tests

In this sub-section, we implement and analyze the different statistical tests.

4.2.1. Collision Resistance Analysis

This statistical test quantitatively evaluates the collision resistance [51]. For that, given a hash value h of a random message M in the ASCII format h = { c 1 , c 2 , , c s } , and its corresponding h = { c 1 , c 2 , , c s } obtained with one bit flipping of the same message M, we calculate the number of hits ω as follows:
ω = i = 1 s f ( T ( c i ) , T ( c i ) ) ,
where the function
f ( x , y ) = 0 if x y ; 1 if x = y .
The value s = u 8 , and  T ( . ) is the function that converts the entries to their equivalent decimal values.
In theory, the relation between a number of tests and a number of hits ω = 0 , 1 , 2 , , s as mentioned in [53] that
W J ( ω ) = J × P r o b { ω } = J s ! ω ! ( s ω ) ! ( 1 2 k ) ω ( 1 1 2 k ) s ω ,
where J represents the number of independent experiments. These theoretical values of W J ( ω ) according to Equation (22) are given in Table 2 and Table 3 for hash values with the lengths of 256 and 512 bits, respectively.
For the two lengths of hash values, the obtained results in Table 4 indicate that the number of rounds n r = 8 and n r = 24 give the best results. Indeed, for 256-bit hash value length with n r = 8, there are two hits for 17 tests, one hit for 244 tests, and zero hits for 1787 tests. For  n r = 24, there are two hits for 11 tests, one hit for 213 tests, and zero hits for 1824 tests. Similar behavior is obtained for the 512-bit hash value with a slight increase in the number of hits.
In Table 5, we summarize the obtained number of hits ω = 0 ,   1 ,   2 ,   3 ,   4 for the two proposed structures. As expected, we obtain comparable results. The absolute difference d of two hash values is calculated as
d = i = 1 s | T ( c i ) T ( c i ) | .
The mean, mean/character, minimum, and maximum of d are presented in Table 6. It is clear that the values of mean/character are close to the expected ones as observed from the obtained results, evaluated by Equation (24) that are equal to 85.33 for 256-bit hash value length (L = 256) and equal to 170.66 for 512-bit hash value length [54]:
E [ T ( c i ) T ( c i ) ] = 1 3 × L

4.2.2. Hash Value Distribution

Theoretically, the hash value h, produced by a hash function H, should be uniformly distributed in the entire output range. For this purpose, we execute the following test for a given message M as:
With the wide application of Internet and computer technique, information security becomes more and more important. As we know, hash function is one of the cores of cryptography and plays an important role in information security. Hash function takes a message as input and produces an output referred to as a hash value. A hash value serves as a compact representative image (sometimes called digital fingerprint) of input string and can be used for data integrity in conjunction with digital signature schemes.
The hash value h is computed using Structures 1 and 2 with the 256-bit and 512-bit hash value lengths. In Figure 11, we exhibit the ASCII values of the message M (Figure 11a), and its hexadecimal hash value h (Figure 11b) according to their index of positions.
As predicted, the distribution of the original message is located around a small area, while the distribution of hexadecimal hash value looks like a mess. The distribution of the hash value h (Figure 11d) is also verified, even under the worst case of zero input message (Figure 11c). Similar results are obtained for the two proposed structures with their two variant hash output lengths.

4.2.3. Sensitivity of Hash Value h to the Input Message M

A hash function H is very sensitive to an input message M. It means that a small change in its input will generate a totally different hash value h i . To this end, for a given secret key K, the hash value h i in hexadecimal, the number of changed bits B i ( h , h i ) , and the sensitivity of the hash value h to the original message M are measured by Hamming Distance H D i ( h , h i ) ( % ) for the two proposed structures with their two variants of hash value lengths of 256 and 512 bits as
B i ( h , h i ) = k = 1 | h | [ h ( k ) h i ( k ) ] b i t s ,
and
H D i ( h , h i ) % = B i ( h , h i ) | h | × 100 % .
The different message variants are obtained under the following six conditions:
  • Condition 1: The input message M is the one given in Section 4.2.2.
  • Condition 2: The first character W in the input message is changed to X.
  • Condition 3: The word With in the input message is changed to Without.
  • Condition 4: The dot at the end of the input message is changed to the comma.
  • Condition 5: A blank space at the end of the input message is added.
  • Condition 6: We exchange the first block M 1
With the wide application of Internet and computer technique, information security becomes more and more important. As we know, hash function is one of the cores of cryptography and plays an important role in information security. Hash function takes a mes,
with the second block M 2
sage as input and produces an output referred to as a hash value. A hash value serves as a compact representative image (sometimes called digital fingerprint) of input string and can be used for data integrity in conjunction with digital signature schemes.”
With each condition, Table 7 shows the obtained results of h i , B i , and H D i ( % ) for the 256-bit hash value. Similar results are obtained for | h | = 512 bits. In Table 8, the obtained results for the two structures with their two lengths of 256 and 512 bits are compared. All the results are close to the expected values ( B i = 128 bits for the 256-bit hash value length, B i = 256 for the 512-bit hash value length, and H D i = 50% for all proposed structures), demonstrating the high sensitivity to the input message M for the two proposed structures.

4.2.4. Sensitivity of Hash Value h to the Secret Key K

A hash function H is highly sensitive to the secret key K when a slight change in K produces a completely different hash value h i . Here, for the previous message M with each of the five following conditions and for the two proposed structures with their two variants of hash value length 256 and 512 bits, we calculate the hash value h i (hexadecimal), the number of changed bits B i ( h , h i ) (bits), and the sensitivity of the hash value h to the secret key K measured by Hamming Distance H D i ( h , h i ) ( % ) :
  • Condition 1: The original secret key K is used.
  • In each of these conditions, we flip the LSB in the aforementioned parameters and initial conditions.
  • Condition 2: The initial condition KSs(0) in the secret key is changed.
  • Condition 3: The parameter Ks in the secret key is changed.
  • Condition 4: The initial condition KSs(−1) in the secret key is changed.
  • Condition 5: The control parameter Q1 in the secret key is changed.
Table 9 presents the obtained results of h i , B i , and H D i ( % ) for 256-bit hash value length. Comparable results are obtained for | h | = 512 bits. We compare the results of the two proposed structures for two lengths of 256 and 512 bits in Table 10. All results obtained are close to the expected values ( B i = 128 bits for the 256-bit hash value length, B i = 256 for the 512-bit hash value length, and H D i = 50% for all proposed structures), demonstrating the high sensitivity to the secret key K of the two proposed structures.

4.2.5. Statistical Analysis of the Diffusion Effect

We obtain the optimal value of diffusion effect when flipping any bit in the input message M that causes a change of each output bit (binary format) in the hash value h with a probability of 50% [55]. This is often mentioned as the Strict Avalanche Criterion (SAC) in literature [56].
To quantify the performance of Structures 1 and 2 with their variants of hash output lengths of 256 and 512 bits, we execute the following diffusion test.
First, the hash value h for the previous message M is generated. Next, a new hash value h’ for the same message M with one randomly changed bit is produced. Then, the number of bits changed B i between the two obtained hash values h and h’ is calculated. This experiment is repeated J times, with J = 512, 1024, and 2048. Finally, we compute the six following statistical tests as below:
  • Minimum number of bits changed:
    B m i n = m i n ( { B i } i = 1 , , J ) bits
  • Maximum number of bits changed:
    B m a x = m a x ( { B i } i = 1 , , J ) bits
  • Mean number of bits changed:
    B ¯ = 1 J i = 1 J B i bits
  • Mean changed probability (mean of H D i ( % ) ):
    P = ( B ¯ u ) × 100 %
  • Standard variance of the changed bit number:
    Δ B = 1 J 1 i = 1 J ( B i B ¯ ) 2
  • Standard variance of the changed probability:
    Δ P = 1 J 1 i = 1 J ( B i u P ) 2 × 100 %
The obtained results given in Table 11 with 2048 tests demonstrate that the diffusion effect is close to the expected results ( B ¯ = 128 bits for the 256-bit hash value length, B ¯ = 256 for the 512-bit hash value length, and P = 50% for all proposed structures). In addition, it is noted that the diffusion is extremely stable for whatever the hash value length | h | in both Structure 1 and 2 because both the mean of number of changed bits B ¯ and the mean of changed probability P are very close to the ideal values, while Δ B and Δ P are very small.
For different number of tests (J = 512, 1024, and so on), similar results are obtained for the two proposed structures with their different hash value lengths (256 and 512 bits).
In addition, the histograms of B i as seen in Figure 12 and Figure 13 of Structure 1 illustrate that the values of B i are centered on the ideal values 128 and 256 bits for u = 256 and 512 bits, respectively. We obtain similar results for Structure 2.

4.3. Cryptanalysis

In the literature, there exist known attacks, which can be applied to the two categories of hash functions, unkeyed or keyed. In [24], Bertoni et al. demonstrate the dependency of these known attacks on the hash value length u for the unkeyed hash function with the secret key length | K | and for the keyed hash function with the hash value length u. Normally, if an attacker comprises the secret key K, then the system is completely compromised during the key life time [57]. In the following, the robustness of the proposed two structures, Structures 1 and 2, against these known attacks is demonstrated.

4.3.1. Brute Force Attacks

The brute force attacks can be carried out on the secret key K (namely, exhaustive key search attack) and on the hash value h. We order the attacks on the hash value h from the easiest one to the hardest one:
  • Collision resistance attack
  • Preimage attack and Second preimage attack
Exhaustive Key Search Attack [58]:
With this kind of attack, the attacker needs 2 | K | 1 = 2 159 tries for the two proposed hash functions. Thus, this attack is ineffective.
Collision Resistance Attack (Birthday Attack) [59]:
With this kind of attack, the attacker tries to find two different messages ( M , M ) , which the proposed hash functions produce the same hash value h. To break the collision resistance property, the smaller workload expected by the attacker is approximately equal to 2 u / 2 .
Preimage and Second Preimage Attacks [60]:
With the Preimage attack, the attacker tries to find the original message M for a known value h such that H(M) = h. In the Second preimage attack, knowing the hash value h for a given input message M, the attacker tries to find another message M that produces the same hash value h. With these two types of attacks, the smaller expected workload required by the attacker to break the collision resistance property is approximately 2 u .
In conclusion, to realize the attack on the hash value h for the two proposed structures with the minimum length (u = 256 bits), the minimum workload required by the attacker is 2 128 attempts, which is infeasible.

4.3.2. Cryptanalytic Attacks

With these kinds of attacks, the attacker tries to find specific weaknesses in the structure of a hash function, and performs on it some attacks, and it is expected that the amount of effort less than that with the brute force attack. In the next paragraphs, the two most common cryptanalytic attacks in the literature against the proposed hash functions are considered such that:
  • Padding attack (Length extension attack)
  • Meet-in-the-middle (MITM) preimage attack
Padding Attack [61]:
In the two proposed hash functions, the secret key K is used as an input for the CS to produce the necessary supplies to the CNN, and is not prepended to the message M. Then, this type of attack cannot be conducted.
Meet-in-the-Middle Preimage Attack [62]:
The Meet-in-the-middle (MITM) attack is a generic cryptanalytic approach that is originally applied to the cryptographic systems based on block ciphers (chosen-plaintext attack). In 2008, Aoki and Sasaki [62] noticed that the MITM attack could be applied to hash functions, to find collision, preimage, or second preimage for intermediate hash chaining values instead of the final hash value h. This attack has successfully broken several hash function designs. As our hash functions are preimage resistant, the minimum effort (with u = 256 bits) to succeed the MITM attack with probability 0.632 is 2 u / 2 = 2 128 tries.

4.4. Computing and Complexity Analysis

Here, the computing performance and the computational complexity of the two proposed structures are analyzed. Firstly, the computing performance of the two proposed structures with their hash value lengths of 256 and 512 bits for different message lengths is estimated. Then, the average hashing throughput HTH [MBytes/second] and the needed number of cycles to hash one Byte NCpB [cycles/byte] are calculated by Equations (27) and (28), respectively, as
H T H [ M B y t e s / s ] = | M | [ M B y t e s ] H T [ s ] ,
N C p B [ c y c l e s / B y t e ] = C P U s p e e d [ H z ] H T H [ B y t e / s ] ,
where HT [second] is the average hashing time. The calculation is done in C code, running an Ubuntu Linux 14.04.1 (64-bit) operating system and using a computer with a 2.9 GHZ Intel core i7-4910MQ CPU and with 4 GB of RAM. In Table 12 and Table 13, the average HT, the average HTH, and the average NCpB for the two proposed structures with their two hash value lengths of 256 and 512 bits are given. When the overhead related to the structures becomes negligible (from 10,000 data bytes and more), we observe that for any length of the hash values (256 or 512 bits), the hash throughput HTH of Structure 2 is just over twice that compared to Structure 1. In addition, we observe that, with any proposed structure, the hash throughput HTH with | h | equal to 256 bits (r = 1088 bits and c = 512 bits) is approximately twice the value with | h | equal to 512 bits (r = 576 bits and c = 1024 bits). Indeed, when r is increased, the hash time HT of the absorbing phase is decreased. Additionally, the HTH for the two proposed structures with their different hash value lengths are shown in Figure 14.
In addition, the computational complexity of the proposed functions varies with the number of required instructions and the latency of executions of these instructions. The computational complexity can be estimated by the big-O notation, which excludes constants, coefficients, and lower order terms. Indeed, the complexity is represented as a function O(f(n)) that depends on the input size n. It should be noted that the complexity of a series of sentences is in the same order of the sum of the individual complexities. In addition, some practical rules are considered to calculate the complexity [63] as
  • Input–output simple sentences are on the order of O(1).
  • If sentences are on the order of O(1).
  • For cycle is on the order of O(1) for k iterations independent of the input n or on the order of O(n) for n iterations.
  • For double nested cycle is on the order of O( n 2 ) for n iterations for each cycle.
  • Iterative cycles with divisive-multiplicative sentences are on the order of O(log n) for n iterations.
  • O(log n) in the For cycle with n iterations is on the order of O(n log n).
The two proposed hash functions (Structures 1 and 2) are based on Sponge construction. These proposed hash functions are built as follows:
  • The hashing process starts by taking a block message with fixed length as input.
  • The message block is padded using a cryptographically secure padding scheme.
  • The padded message block is entered for a combination of operations with a key obtained from the output of the previous block.
  • The final hash block outputs a fixed length hash value having the same size as the input block.
In our proposed hash functions, the equations of the key generator, neural network layers, and nonlinear functions are realized by multiplication/division and addition/subtraction operations. In addition, for double nested operations are used. This means that the computational complexity of the two proposed hash functions is on the order of O( n 2 ) [64,65].

4.5. Performance Comparison with the Standards SHA3, SHA2, and with Other Chaos-Based Hash Functions

This section presents the comparison of the computing performance for our proposed hash functions with the standard hash functions SHA-3, SHA-2 and some chaos-based hash functions in the literature in terms of robustness and speed. To the best of our knowledge, there has not been any chaos-based hash function using Sponge construction in the literature.
In Table 14, Table 15, Table 16, Table 17 and Table 18, we compare the obtained statistical results (collision resistance, diffusion, and message sensitivity) of our proposed chaos-based hash functions with the standard SHA-3 for | h | with the lengths of 256 and 512 bits, and with the standard SHA-2 and some other chaos-based hash functions in the literature for | h | equal to 256 bits. We can conclude that, after carefully analyzing the values in these tables, all of our obtained statistical results are close to those of the standard SHA-3 and of the other hash functions.
A comparison in terms of the needed number of cycles to hash one byte (NCpB) of the proposed chaos-based hash functions with the standard SHA-3 for 2048 tests and different data sizes is given in Table 19. We observe that globally the performance of the standard hash algorithm SHA-3 in terms of NCpB is better than that obtained by the proposed our hash functions. For example, for the long messages with length equal to 1 MB, the NCpB obtained by SHA-3 for both the hash length value, is seven times less than the NCpB of Structure 1, but it is only less than three times of the NCpB obtained by Structure 2 with n r = 8. However, we do our simulations in the sequential implementation without optimization. Thus, with a parallel implementation (with 50 output neurons at the input layer) using optimized calculation, the performance computing will be at least similar to that obtained on SHA-3 [66]. It can be even better than that of SHA-3 when using our proposed Structure 2 with n r = 8.
Finally, we give a comparison of NCpB of the proposed structures with 256-bit and 512-bit hash values with some chaos-based hash functions and with the standards SHA-2 and SHA-3 for one Mbits data size in Table 20. We observe that the obtained NCpB is better than the NCpB of the other cited works, except for that obtained in our previous work [47]. It is because the the structure of the Sponge construction is more complex than that of the Merkle–D a ˚ mgard construction.
Table 14. Comparison of collision resistance for the two proposed structures with | h | = 256 bits with the standards SHA-3, SHA-2 and with some chaos-based hash functions.
Table 14. Comparison of collision resistance for the two proposed structures with | h | = 256 bits with the standards SHA-3, SHA-2 and with some chaos-based hash functions.
Hash FunctionNumber of Hits ω Absolute Difference d
0123 MeanMean/CharacterMinimumMaximum
Structure 11806229130 2715.3984.8516953831
Structure 2 with n r = 81787244170 2584.5180.7616543759
Structure 2 with n r = 241824213110 2665.2483.2816423784
Abdoun et al. Structure MD 1 [47]193111430 1291.6480.724802038
Abdoun et al. Structure MD 2- n r = 8 [47]192911450 1426.2389.137302213
Abdoun et al. Structure MD 2- n r = 24 [47]194210600 1338.8583.676292071
SHA3-256 [13]1818211190 2776.1686.7516863895
SHA2-256 [27]1817220110 2707.1084.5917893819
Xiao et al. [51]---- 150694.126962221
Xiao et al. [67]192612020 1227.876.736051952
Deng et al. [68]194010440 1399.887.495832206
Yang et al. [69]---- -93.25--
Xiao et al. [70]191513210 1349.184.318122034
Li et al. [71]190114610 1388.986.816692228
Wang et al. [72]191712650 132382.706632098
Huang [73]193211150 1251.278.26501882
Li et al. [74]192811820 1432.189.516872220
Li et al. [3]1899124250 1367.685.475142221
Li et al. [75]192012440 1319.582.466032149
He et al. [4]192611840 1504946832312
Xiao et al. [76]192412040 1431.389.456582156
Yu-Ling et al. [77]192811730 1598.699.917962418
Xiao et al. [78]193211420 1401.187.565732224
Li et al. [79]192012260 ----
Li et al. [80]190513580 133583.415772089
Ahmad et al. [81]192312140 1364.785.295372399
Li et al. [82]19578290 142589.076462096
Lin et al. [83]193111430 -90.23--
Table 15. Comparison of collision resistance for the two proposed structures with the standard SHA-3 for | h | = 512 bits.
Table 15. Comparison of collision resistance for the two proposed structures with the standard SHA-3 for | h | = 512 bits.
Hash FunctionNumber of Hits ω Absolute Difference d
01234 MeanMean/CharacterMinimumMaximum
Structure 115724195160 5414.34169.1939117062
Structure 2 with n r = 816073716730 5478.30171.1938746871
Structure 2 with n r = 2416003994621 5233.34163.5437676606
SHA3-512 [13]15934183520 5502.66171.9539337106
Table 16. Comparison of the statistical results of diffusion effect for the two proposed structures with | h | = 256 bits with the standards SHA-3, SHA-2 and with some chaos-based hash functions.
Table 16. Comparison of the statistical results of diffusion effect for the two proposed structures with | h | = 256 bits with the standards SHA-3, SHA-2 and with some chaos-based hash functions.
Hash Function B min B max B ¯ P(%) Δ B Δ P %
Structure 1101155128.1050.047.963.11
Structure 2 with n r = 899156127.7049.888.223.21
Structure 2 with n r = 2499154127.8849.958.023.13
Abdoun et al. Structure MD 1 [47]100154127.9549.988.033.13
Abdoun et al. Structure MD 2- n r = 8 [47]103157127.9749.998.013.13
Abdoun et al. Structure MD 2- n r = 24 [47]100157127.8849.957.943.10
SHA3-256 [13]101153128.0550.028.013.13
SHA2-256 [27]104154128.0150.007.943.10
Xiao et al. [51]--63.8549.885.784.52
Lian et al. [52]--63.8549.885.794.52
Zhang et al. [53]468063.9149.925.584.36
Wang et al. [84]--63.9849.985.534.33
Xiao et al. [67]--64.0150.015.724.47
Deng et al. [85]--63.9149.925.584.36
Deng et al. [68]--63.8449.885.884.59
Yang et al. [69]--64.1450.115.554.33
Xiao et al. [70]--64.0950.075.484.28
Amin et al. [86]--63.8449.885.584.37
Li et al. [71]458163.8849.905.374.20
Wang et al. [72]--63.9049.935.644.41
Akhavan et al. [87]428363.9149.925.694.45
Huang [73]--63.8849.915.754.50
Li et al. [74]--63.8049.845.754.49
Wang et al. [88]448264.1550.115.764.50
Li et al. [3]--63.5649.667.425.80
Li et al. [75]--63.9749.985.844.56
He et al. [4]458364.0350.025.604.40
Jiteurtragool et al. [89]438162.8449.095.634.40
Teh et al. [10]--64.0150.015.614.38
Chenaghlu et al. [90]--64.1250.095.634.41
Akhavan et al. [91]438263.8949.915.774.50
Nouri et al. [92]--64.0850.065.724.72
Xiao et al. [76]478363.9249.945.624.39
Yu-Ling et al. [77]--64.1750.145.744.49
Xiao et al. [78]--64.1850.145.594.36
Li et al. [79]--64.0750.065.744.48
Li et al. [80]--63.8949.915.644.41
Ren et al. [93]--63.9249.945.784.52
Guo et al. [94]--63.4049.537.136.35
Yu et al. [95]45.681.863.9849.985.734.47
Zhang et al. [96]--64.4349.465.574.51
Jiteurtragool et al. [89]101153126.7549.517.983.12
Chenaghlu et al. [90]101168128.0850.038.123.21
Teh et al. [97]--64.0050.005.444.25
Li et al. [82]458464.2750.215.594.36
Ahmad et al. [81]458263.8749.905.584.36
Lin et al. [83]--64.1050.085.584.36
Table 17. Comparison of the statistical results of diffusion effect for the proposed structures with the standard SHA-3 for | h | = 512 bits.
Table 17. Comparison of the statistical results of diffusion effect for the proposed structures with the standard SHA-3 for | h | = 512 bits.
Hash Function B min B max B ¯ P (%) Δ B Δ P %
Structure 1217293256.2050.0411.202.18
Structure 2 with n r = 8214291255.9049.9811.372.22
Structure 2 with n r = 24215296255.5349.9011.412.23
SHA3-512 [13]221288255.8249.9611.082.16
Table 18. Comparison of average B i and H D i ( % ) for the sensitivity of the hash value to the message of the two proposed structures with the standard SHA-3 for | h | equal to 256 and 512 bits.
Table 18. Comparison of average B i and H D i ( % ) for the sensitivity of the hash value to the message of the two proposed structures with the standard SHA-3 for | h | equal to 256 and 512 bits.
Length of Hash Values B i H D i %
Structure 1256137.6053.75
512266.0051.95
Structure 2256128.0050.00
n r = 8512204.4039.92
Structure 2256134.6052.57
n r = 24512254.2049.64
SHA-3 [13]256124.0048.43
512248.0048.43
Table 19. Comparison of NCpB of the two proposed structures with the standard SHA-3 for | h | equal to 256 and 512 bits.
Table 19. Comparison of NCpB of the two proposed structures with the standard SHA-3 for | h | equal to 256 and 512 bits.
Message LengthStructure 1Structure 2 with n r = 8Structure 2 with n r = 24SHA-3
256512256512256512256512
513124.33172.4730.2454.6128.2075.0413.5359.39
102460.68103.4224.4557.6451.7878.3032.1248.83
204893.56107.6624.4342.3227.0857.9927.1041.22
409653.2898.4833.3855.1935.2754.3215.9213.82
10 4 63.51101.8722.4442.4930.7147.8213.2813.43
10 6 50.3093.6721.2140.1224.5646.166.9212.95
Table 20. Comparison of NCpB of Structures 1 and 2 with 256-bit and 512-bit hash values length with the standards SHA-3 and SHA-2 and with some chaos-based hash functions and.
Table 20. Comparison of NCpB of Structures 1 and 2 with 256-bit and 512-bit hash values length with the standards SHA-3 and SHA-2 and with some chaos-based hash functions and.
Hash FunctionStructure 1Structure 2 with n r = 8Structure 2 with n r = 24SHA-3SHA-2
256512256512256512256512256512
NCpB50.3093.6721.2140.1224.5646.166.9212.9511.8713.72
Hash function Structure MD 1 [47] Structure MD 2 [47]Wang [84]Akhavan [87]Teh [10]
n r = 8 n r = 24
NCpB30.85 15.2416.25122.4105.528.45

5. Conclusions and Future Work

In this paper, we have designed and realized the two proposed keyed CNN hash functions, conducted analysis of the computing performance, and performed security. These two structures are based on the Sponge construction and have two hash output lengths, i.e., 256 and 512 bits. The results of analysis in terms of cryptanalytical attacks and statistical analyses are similar to those obtained by the standard hash algorithm SHA-3. For the computing performance term, the results of our two proposed structures are less than the standard hash algorithm SHA-3 due to the sequential implementation. For a parallel implementation using 50 output neurons [66], the computing performance of Structure 2 with n r = 8 will be better than SHA-3. Then, the proposed keyed-Sponge CNN hash functions can be used in Digital Signature, Message Authentication, and Data Integrity applications.
Our future work will focus on the Extendable-Output Functions (XOFs), based on the keyed-Sponge CNN (CNN-SHAKE), where the proposed structures can produce hash outputs with variable length (as per user request). In addition, we will design and realize a new CNN structure based on the Duplex construction (CNN-DUPLEX) that will be useful for Authenticated Encryption with Associated Data (AEAD) applications.

Author Contributions

Conceptualization, N.A. and S.E.A.; methodology, N.A.; software, N.A.; validation, N.A., S.E.A., and R.A.; writing—original draft preparation, N.A. and S.E.A.; writing—review and editing, N.A. and T.M.H.; supervision, S.E.A., R.A., O.D., and M.K.; funding acquisition, T.M.H. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded by the Vietnam National Foundation for Science and Technology Development (NAFOSTED) under Grant No. 102.04-2018.06.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Datcu, O.; Macovei, C.; Hobincu, R. Chaos Based Cryptographic Pseudo-Random Number Generator Template with Dynamic State Change. Appl. Sci. 2020, 10, 451. [Google Scholar] [CrossRef] [Green Version]
  2. Abdoun, N. Design, Implementation and Analysis of Keyed Hash Functions Based on Chaotic Maps and Neural Networks. Ph.D. Thesis, Nantes University, Nantes, France, 2019. [Google Scholar]
  3. Li, Y.; Xiao, D.; Deng, S.; Han, Q.; Zhou, G. Parallel Hash function construction based on chaotic maps with changeable parameters. Neural Comput. Appl. 2011, 20, 1305–1312. [Google Scholar] [CrossRef]
  4. He, B.; Lei, P.; Pu, Q.; Liu, Z. A method for designing hash function based on chaotic neural network. In Proceedings of the International Workshop on Cloud Computing and Information Security (CCIS), Shanhai, China, 9–11 November 2013; pp. 229–233. [Google Scholar]
  5. Levy, D. Chaos theory and strategy: Theory, application, and managerial implications. Strateg. Manag. J. 1994, 15, 167–178. [Google Scholar] [CrossRef]
  6. Rosenblatt, F. The perceptron: A probabilistic model for information storage and organization in the brain. Psychol. Rev. 1958, 65, 386. [Google Scholar] [CrossRef] [PubMed] [Green Version]
  7. Lorenz, E.N. Deterministic nonperiodic flow. J. Atmos. Sci. 1963, 20, 130–141. [Google Scholar] [CrossRef] [2.0.CO;2" target='_blank'>Green Version]
  8. Hilborn, R.C. Chaos and Nonlinear Dynamics: An Introduction for Scientists and Engineers; Oxford University Press: Oxford, UK, 2001. [Google Scholar]
  9. Hoang, T.M.; Assad, S.E. Novel Models of Image Permutation and Diffusion Based on Perturbed Digital Chaos. Entropy 2020, 22, 548. [Google Scholar] [CrossRef]
  10. Teh, J.S.; Samsudin, A.; Akhavan, A. Parallel chaotic hash function based on the shuffle-exchange network. Nonlinear Dyn. 2015, 81, 1067–1079. [Google Scholar] [CrossRef]
  11. National Institute of Standards and Technology; PUB FIPS. 180-4. Secure Hash Standard. Federal Information Processing Standards Publication 180-4; U.S. Department of Commerce: Washington, DC, USA, 2012.
  12. Stevens, M.M.J. Attacks on Hash Functions and Applications. Ph.D. Thesis, Leiden University, Leiden, The Netherlands, 2012. [Google Scholar]
  13. Dworkin, M.J. SHA-3. Standard: Permutation-Based Hash and Extendable-Output Functions; PUB FIPS 202; Information Technology Laboratory National Institute of Standards and Technology: Gaithersburg, MD, USA, 2015. [Google Scholar] [CrossRef]
  14. Bertoni, G.; Daemen, J.; Peeters, M.; Van Assche, G. Cryptographic Sponge Functions. Submiss. NIST (Round 3). 2011, pp. 1–93. Available online: http://sponge.noekeon.org/ (accessed on 14 January 2011).
  15. Gauravaram, P.; Knudsen, L.R.; Matusiewicz, K.; Mendel, F.; Rechberger, C.; Schläffer, M.; Thomsen, S.S. Grøstl-a SHA-3 candidate. In Proceedings of the Dagstuhl Seminar Proceedings, Dagstuhl, Germany, 29 March–3 April 2009. [Google Scholar]
  16. Wu, H. The Hash Function JH. Submiss. NIST (Round 3) 2011, 6. [Google Scholar] [CrossRef]
  17. Ferguson, N.; Lucks, S.; Schneier, B.; Whiting, D.; Bellare, M.; Kohno, T.; Callas, J.; Walker, J. The Skein hash function family. Submiss. NIST (Round 3) 2010, 7, 3. [Google Scholar]
  18. Aumasson, J.P.; Meier, W.; Phan, R.C.W.; Henzen, L. The Hash Function BLAKE; Springer: Berlin/Heidelberg, Germany, 2014. [Google Scholar]
  19. Lucks, S. Design Principles for Iterated Hash Functions. IACR Cryptol. EPrint Arch. 2004, 2004, 253. [Google Scholar]
  20. Merkle, R.C.; Charles, R. Secrecy, Authentication, and Public Key Systems; Stanford University: Stanford, CA, USA, 1979. [Google Scholar]
  21. Damgård, I.B. A design principle for hash functions. In Lecture Notes in Computer Science, Proceedings of the Conference on the Theory and Application of Cryptology; Springer: New York, NY, USA, 1989; pp. 416–427. [Google Scholar]
  22. Dunkelman, O.; Biham, E. A framework for iterative hash functions: Haifa. In Proceedings of the 2nd NIST Cryptographich Hash Workshop, University of California, Santa Barbara, CA, USA, 24–25 August 2006; Volume 22. [Google Scholar]
  23. Nandi, M.; Paul, S. Speeding up the wide-pipe: Secure and fast hashing. In Lecture Notes in Computer Science, Proceedings of the Indocrypt, Hyderabad, India, 12–15 December 2010; Springer: Berlin/Heidelberg, Germany, 2010; Volume 6498, pp. 144–162. [Google Scholar]
  24. Bertoni, G.; Daemen, J.; Peeters, M.; Van Assche, G. Sponge functions. In Proceedings of the ECRYPT Hash Workshop, Barcelona, Spain, 24–25 May 2007. Number 9. [Google Scholar]
  25. Rivest, R. The MD5 Message-Digest Algorithm; Retrieved August 31. RFC 1321 2020. [Google Scholar] [CrossRef] [Green Version]
  26. FIPS PUB. Secure hash standard. Public Law 1995, 100, 235. [Google Scholar]
  27. Standard, S.H.; FIPS, P. 180-2. August 2002, 1, 72. [Google Scholar]
  28. Abdoun, N.; El Assad, S.; Hammoud, K.; Assaf, R.; Khalil, M.; Deforges, O. New keyed chaotic neural network hash function based on sponge construction. In Proceedings of the 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST), Cambridge, UK, 11–14 December 2017; pp. 35–38. [Google Scholar]
  29. Duval, S.; Leurent, G. Lightweight MACs from Universal Hash Functions. In Lecture Notes in Computer Science, Proceedings of the International Conference on Smart Card Research and Advanced Applications, Rague, Czech Republic, 11–13 November 2019; Springer: Cham, Switzerland, 2019. [Google Scholar]
  30. Luykx, A.; Preneel, B.; Tischhauser, E.; Yasuda, K. A MAC Mode for Lightweight Block Ciphers. In Lecture Notes in Computer Science, Proceedings of the Fast Software Encryption, Bochum, Germany, 20–23 March 2016; Springer: Berlin/Heidelberg, Germany, 2016. [Google Scholar]
  31. Gong, Z.; Hartel, P.; Nikova, S.; Tang, S.H.; Zhu, B. TuLP: A Family of Lightweight Message Authentication Codes for Body Sensor Networks. J. Comput. Sci. Technol. 2014, 29, 53–68. [Google Scholar] [CrossRef]
  32. Jean-Philippe, A.; Bernstein, D. SipHash: A fast short-input PRF. In Lecture Notes in Computer Science, Proceedings of the Progress in Cryptology-INDOCRYPT, Kolkata, India, 9–12 December 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 489–508. [Google Scholar]
  33. Aumasson, J.P.; Henzen, L.; Meier, W.; Naya-Plasencia, M. Quark: A lightweight hash. In Lecture Notes in Computer Science, Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems CHES, Santa Barbara, CA, USA, 17–20 August 2010; Springer: Berlin/Heidelberg, Germany, 2010; Volume 6225, pp. 1–15. [Google Scholar]
  34. Guo, J.; Peyrin, T.; Poschmann, A. The PHOTON family of lightweight hash functions. In Lecture Notes in Computer Science, Proceedings of the Advances in Cryptology–CRYPTO 2011, Santa Barbara, CA, USA, 14–18 August 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 222–239. [Google Scholar]
  35. Bogdanov, A.; Knežević, M.; Leander, G.; Toz, D.; Varıcı, K.; Verbauwhede, I. SPONGENT: A Lightweight Hash Function. In Lecture Notes in Computer Science, Proceedings of the Cryptographic Hardware and Embedded Systems–CHES 2011, Nara, Japan, 28 September–1 October 2011; Springer: Berlin/Heidelberg, Germany, 2011; pp. 312–325. [Google Scholar]
  36. El Assad, S.; Noura, H. Generator of Chaotic Sequences and Corresponding Generating System. U.S. Patent 8,781,116, 15 July 2014. [Google Scholar]
  37. Bashir, I.; Ahmed, F.; Ahmad, J.; Boulila, W.; Alharbi, N. A Secure and Robust Image Hashing Scheme Using Gaussian Pyramids. Entropy 2019, 21, 1132. [Google Scholar] [CrossRef] [Green Version]
  38. Bertoni, G.; Daemen, J.; Peeters, M.; Van Assche, G. On the Security of the Keyed Sponge Construction. In Proceedings of the Symmetric Key Encryption Workshop, Lyngby, Denmark, 16–17 February 2011; Volume 2011, pp. 1–15. [Google Scholar]
  39. Chang, D.; Dworkin, M.; Hong, S.; Kelsey, J.; Nandi, M. A Keyed Sponge Construction with Pseudorandomness in the Standard Model. In Proceedings of the Third SHA-3 Candidate Conference, Washington, DC, USA, 19–21 March 2012; pp. 1–11. [Google Scholar]
  40. Mennink, B.; Reyhanitabar, R.; Vizár, D. Security of Full-state Keyed Sponge and Duplex: Applications to Authenticated Encryption. In Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, 29 November–3 December 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 465–489. [Google Scholar]
  41. Andreeva, E.; Daemen, J.; Mennink, B.; Van Assche, G. Security of keyed sponge constructions using a modular proof approach. In Lecture Notes in Computer Science, Proceedings of the International Workshop on Fast Software Encryption, Istanbul, Turkey, 8–11 March 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 364–384. [Google Scholar]
  42. Naito, Y.; Yasuda, K. New Bounds for Keyed Sponges with Extendable Output: Independence between Capacity and Message Length. In Lecture Notes in Computer Science, Proceedings of the International Conference on Fast Software Encryption, Bochum, Germany, 20–23 March 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 3–22. [Google Scholar]
  43. Bertoni, G.; Daemen, J.; Peeters, M.; Van Assche, G. Permutation-based encryption, authentication and authenticated encryption. In Proceedings of the Directions in Authenticated Ciphers, (DIAC 2012), Stockholm, Sweden, 5–6 July 2012. [Google Scholar]
  44. Gaži, P.; Pietrzak, K.; Tessaro, S. The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. In Lecture Notes in Computer Science, Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA, 16–20 August 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 368–387. [Google Scholar]
  45. Daemen, J.; Mennink, B.; Van Assche, G. Full-state keyed duplex with built-in multi-user support. In Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Hong Kong, China, 3–7 December 2017; Springer: Cham, Switzerland, 2017; pp. 606–637. [Google Scholar]
  46. Mennink, B. Key Prediction Security of Keyed Sponges. IACR Trans. Symmetric Cryptol. 2018, 2018, 128–149. [Google Scholar]
  47. Abdoun, N.; El Assad, S.; Deforges, O.; Assaf, R.; Khalil, M. Design and security analysis of two robust keyed hash functions based on chaotic neural networks. J. Ambient Intell. Humaniz. Comput. 2020, 11, 2137–2161. [Google Scholar] [CrossRef]
  48. El Assad, S. Chaos based information hiding and security. In Proceedings of the 2012 International Conference for Internet Technology And Secured Transactions, London, UK, 10–12 December 2012; pp. 67–72. [Google Scholar]
  49. Lee, S.H.; Kwon, K.R.; Hwang, W.J.; Chandrasekar, V. Key-dependent 3D model hashing for authentication using heat kernel signature. Digit. Signal Process. 2013, 23, 1505–1522. [Google Scholar] [CrossRef]
  50. Bellare, M.; Namprempre, C. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Lecture Notes in Computer Science, Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, 3–7 December 2000; Springer: Berlin/Heidelberg, Germany, 2000; pp. 531–545. [Google Scholar]
  51. Xiao, D.; Liao, X.; Deng, S. One-way Hash function construction based on the chaotic map with changeable-parameter. Chaos Solitons Fractals 2005, 24, 65–71. [Google Scholar] [CrossRef]
  52. Lian, S.; Sun, J.; Wang, Z. Secure hash function based on neural network. Neurocomputing 2006, 69, 2346–2350. [Google Scholar] [CrossRef]
  53. Zhang, J.; Wang, X.; Zhang, W. Chaotic keyed hash function based on feedforward–feedback nonlinear digital filter. Phys. Lett. A 2007, 362, 439–448. [Google Scholar] [CrossRef]
  54. Preneel, B. Analysis and Design of Cryptographic Hash Functions. Ph.D. Thesis, Katholieke Universiteit te Leuven, Leuven, Belgium, 1993. [Google Scholar]
  55. Shannon, C.E. Communication theory of secrecy systems. Bell Syst. Tech. J. 1949, 28, 656–715. [Google Scholar] [CrossRef]
  56. Feistel, H. Cryptography and computer privacy. Scienfitic Am. 1973, 228, 15–23. [Google Scholar] [CrossRef]
  57. Mironov, I. Hash Functions: Theory, Attacks, and Applications; Microsoft Research, Silicon Valley Campus: Mountain View, CA, USA, November 2005. [Google Scholar]
  58. Bakhtiari, S.; Safavi-Naini, R.; Pieprzyk, J. Cryptographic Hash Functions: A Survey; Centre for Computer Security Research, Department of Computer Science, University of Wollongong: Wollongong, NSW, Australia, 1995. [Google Scholar]
  59. Flajolet, P.; Gardy, D.; Thimonier, L. Birthday paradox, coupon collectors, caching algorithms and self-organizing search. Discret. Appl. Math. 1992, 39, 207–229. [Google Scholar] [CrossRef] [Green Version]
  60. Chen, S.; Jin, C. Preimage Attacks on Some Hashing Modes Instantiating Reduced-Round LBlock. IEEE Access 2018, 6, 44659–44665. [Google Scholar] [CrossRef]
  61. Hash Length Extension Attacks|Java Code Geeks-2017. Available online: https://www.javacodegeeks.com/2012/07/hash-length-extension-attacks.html (accessed on 7 November 2017).
  62. Aoki, K.; Sasaki, Y. Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In Advances in Cryptology-CRYPTO 2009; Springer: Berlin/Heidelberg, Germany, 2009; pp. 70–89. [Google Scholar]
  63. Seok, B.; Park, J.; Park, J.H. A lightweight hash-based blockchain architecture for industrial IoT. Appl. Sci. 2019, 9, 3740. [Google Scholar] [CrossRef] [Green Version]
  64. Arora, S.; Barak, B. Computational Complexity: A Modern Approach; Cambridge University Press: New York, NY, USA, 2009. [Google Scholar]
  65. Mansour, Y.; Nisan, N.; Tiwari, P. The computational complexity of universal hashing. Theor. Comput. Sci. 1993, 107, 121–133. [Google Scholar] [CrossRef] [Green Version]
  66. Przytula, K.W.; Prasanna, V.K.; Lin, W.M. Parallel implementation of neural networks. J. VLSI Signal Process. Syst. Signal Image Video Technol. 1992, 4, 111–123. [Google Scholar] [CrossRef]
  67. Xiao, D.; Liao, X.; Wang, Y. Parallel keyed hash function construction based on chaotic neural network. Neurocomputing 2009, 72, 2288–2296. [Google Scholar] [CrossRef]
  68. Deng, S.; Li, Y.; Xiao, D. Analysis and improvement of a chaos-based Hash function construction. Commun. Nonlinear Sci. Numer. Simul. 2010, 15, 1338–1347. [Google Scholar] [CrossRef]
  69. Yang, H.; Wong, K.W.; Liao, X.; Wang, Y.; Yang, D. One-way hash function construction based on chaotic map network. Chaos Solitons Fractals 2009, 41, 2566–2574. [Google Scholar] [CrossRef]
  70. Xiao, D.; Liao, X.; Wang, Y. Improving the security of a parallel keyed hash function based on chaotic maps. Phys. Lett. A 2009, 373, 4346–4353. [Google Scholar] [CrossRef]
  71. Li, Y.; Xiao, D.; Deng, S. Secure hash function based on chaotic tent map with changeable parameter. High Technol. Lett 2012, 18, 7–12. [Google Scholar]
  72. Wang, Y.; Du, M.; Yang, D.; Yang, H. One-Way Hash Function Construction Based on Iterating a Chaotic Map. In Proceedings of the International Conference on Computational Intelligence and Security Workshops 2007, Heilongjiang, China, 15–19 December 2007; pp. 791–794. [Google Scholar]
  73. Huang, Z. A more secure parallel keyed hash function based on chaotic neural network. Commun. Nonlinear Sci. Numer. Simul. 2011, 16, 3245–3256. [Google Scholar] [CrossRef]
  74. Li, Y.; Deng, S.; Xiao, D. A novel Hash algorithm construction based on chaotic neural network. Neural Comput. Appl. 2011, 20, 133–141. [Google Scholar] [CrossRef]
  75. Li, Y.; Xiao, D.; Deng, S.; Zhou, G. Improvement and performance analysis of a novel hash function based on chaotic neural network. Neural Comput. Appl. 2013, 22, 391–402. [Google Scholar] [CrossRef]
  76. Xiao, D.; Liao, X.; Deng, S. Parallel keyed hash function construction based on chaotic maps. Phys. Lett. A 2008, 372, 4682–4688. [Google Scholar] [CrossRef]
  77. Yu-Ling, L.; Ming-Hui, D. One-way hash function construction based on the spatiotemporal chaotic system. Chin. Phys. B 2012, 21, 060503. [Google Scholar]
  78. Xiao, D.; Shih, F.Y.; Liao, X. A chaos-based hash function with both modification detection and localization capabilities. Commun. Nonlinear Sci. Numer. Simul. 2010, 15, 2254–2261. [Google Scholar] [CrossRef]
  79. Li, Y.; Xiao, D.; Li, H.; Deng, S. Parallel chaotic Hash function construction based on cellular neural network. Neural Comput. Appl. 2012, 21, 1563–1573. [Google Scholar] [CrossRef]
  80. Li, Y.; Xiao, D.; Deng, S. Keyed hash function based on a dynamic lookup table of functions. Inf. Sci. 2012, 214, 56–75. [Google Scholar] [CrossRef]
  81. Ahmad, M.; Khurana, S.; Singh, S.; AlSharari, H.D. A simple secure hash function scheme using multiple chaotic maps. 3D Res. 2017, 8, 13. [Google Scholar] [CrossRef]
  82. Li, Y.; Li, X.; Liu, X. A fast and efficient hash function based on generalized chaotic mapping with variable parameters. Neural Comput. Appl. 2017, 28, 1405–1415. [Google Scholar] [CrossRef]
  83. Lin, Z.; Guyeux, C.; Yu, S.; Wang, Q.; Cai, S. On the use of chaotic iterations to design keyed hash function. Clust. Comput. 2017, 22, 905–919. [Google Scholar] [CrossRef]
  84. Wang, Y.; Liao, X.; Xiao, D.; Wong, K.W. One-way hash function construction based on 2D coupled map lattices. Inf. Sci. 2008, 178, 1391–1406. [Google Scholar] [CrossRef]
  85. Deng, S.; Xiao, D.; Li, Y.; Peng, W. A novel combined cryptographic and hash algorithm based on chaotic control character. Commun. Nonlinear Sci. Numer. Simul. 2009, 14, 3889–3900. [Google Scholar] [CrossRef]
  86. Amin, M.; Faragallah, O.S.; El-Latif, A.A.A. Chaos-based hash function (CBHF) for cryptographic applications. Chaos Solitons Fractals 2009, 42, 767–772. [Google Scholar] [CrossRef]
  87. Akhavan, A.; Samsudin, A.; Akhshani, A. Hash function based on piecewise nonlinear chaotic map. Chaos Solitons Fractals 2009, 42, 1046–1053. [Google Scholar] [CrossRef]
  88. Wang, Y.; Wong, K.W.; Xiao, D. Parallel hash function construction based on coupled map lattices. Commun. Nonlinear Sci. Numer. Simul. 2011, 16, 2810–2821. [Google Scholar] [CrossRef]
  89. Jiteurtragool, N.; Ketthong, P.; Wannaboon, C.; San-Um, W. A Topologically Simple Keyed Hash Function Based on Circular Chaotic Sinusoidal Map Network. In Proceedings of the 2013 15th International Conference on Advanced Communications Technology (ICACT), Pyeong Chang, Korea, 27–30 January 2013; pp. 1089–1094. [Google Scholar]
  90. Chenaghlu, M.A.; Jamali, S.; Khasmakhi, N.N. A novel keyed parallel hashing scheme based on a new chaotic system. Chaos Solitons Fractals 2016, 87, 216–225. [Google Scholar] [CrossRef]
  91. Akhavan, A.; Samsudin, A.; Akhshani, A. A novel parallel hash function based on 3D chaotic map. EURASIP J. Adv. Signal Process. 2013, 2013, 126. [Google Scholar] [CrossRef] [Green Version]
  92. Nouri, M.; Khezeli, A.; Ramezani, A.; Ebrahimi, A. A dynamic chaotic hash function based upon circle chord methods. In Proceedings of the 6th International Symposium on Telecommunications (IST), Tehran, Iran, 6–8 November 2012; pp. 1044–1049. [Google Scholar]
  93. Ren, H.; Wang, Y.; Xie, Q.; Yang, H. A novel method for one-way hash function construction based on spatiotemporal chaos. Chaos Solitons Fractals 2009, 42, 2014–2022. [Google Scholar] [CrossRef]
  94. Guo, X.F.; Zhang, J.S. Keyed one-way Hash function construction based on the chaotic dynamic S-Box. Acta Phys. Sin. 2006, 55, 4442–4449. [Google Scholar]
  95. Yu, H.; Lu, Y.F.; Yang, X.; Zhu, Z.L. One-Way Hash Function Construction Based on Chaotic Coupled Map Network. In Proceedings of the 2011 Fourth International Workshop on Chaos-Fractals Theories and Applications, Hangzhou, China, 19–22 October 2011; pp. 193–197. [Google Scholar]
  96. Zhang, H.; Wang, X.F.; Li, Z.H.; Liu, D.H. One way hash function construction based on spatiotemporal chaos. Acta Phys. Sin. 2005, 54, 4006–4011. [Google Scholar]
  97. Teh, J.S.; Tan, K.; Alawida, M. A chaos-based keyed hash function based on fixed point representation. Clust. Comput. 2019, 22, 649–660. [Google Scholar] [CrossRef]
Figure 1. General architecture of the Sponge construction.
Figure 1. General architecture of the Sponge construction.
Entropy 22 01012 g001
Figure 2. The three types of keyed-Sponge functions.
Figure 2. The three types of keyed-Sponge functions.
Entropy 22 01012 g002
Figure 3. General architecture of the two proposed keyed-Sponge CNN hash functions.
Figure 3. General architecture of the two proposed keyed-Sponge CNN hash functions.
Entropy 22 01012 g003
Figure 4. Padding rule in the two proposed keyed-Sponge CNN hash functions of the input message M.
Figure 4. Padding rule in the two proposed keyed-Sponge CNN hash functions of the input message M.
Entropy 22 01012 g004
Figure 5. Structure of the i th Chaotic System used in the two proposed structure of keyed-Sponge CNN hash functions.
Figure 5. Structure of the i th Chaotic System used in the two proposed structure of keyed-Sponge CNN hash functions.
Entropy 22 01012 g005
Figure 6. Detailed architecture of the i th chaotic function in the proposed two-layered KSCNN hash function.
Figure 6. Detailed architecture of the i th chaotic function in the proposed two-layered KSCNN hash function.
Entropy 22 01012 g006
Figure 7. Detailed architecture of the k th neuron at the input layer of the two proposed KSCNN hash functions.
Figure 7. Detailed architecture of the k th neuron at the input layer of the two proposed KSCNN hash functions.
Entropy 22 01012 g007
Figure 8. Detailed architecture of the k th neuron at the output layer of the proposed two-layered KSCNN hash functions.
Figure 8. Detailed architecture of the k th neuron at the output layer of the proposed two-layered KSCNN hash functions.
Entropy 22 01012 g008
Figure 9. Detailed structure of NL Functions block.
Figure 9. Detailed structure of NL Functions block.
Entropy 22 01012 g009
Figure 10. Detailed architecture of the i th chaotic function in the proposed keyed-Sponge hash function based on one-layered NL CNN.
Figure 10. Detailed architecture of the i th chaotic function in the proposed keyed-Sponge hash function based on one-layered NL CNN.
Entropy 22 01012 g010
Figure 11. Hash value distribution for Structure 1 with | h | = 256 bits. (a) ASCII values of message M, (b) Hexadecimal hash value h of M, (c) Zero message, and (d) Hexadecimal hash value h of the zero message.
Figure 11. Hash value distribution for Structure 1 with | h | = 256 bits. (a) ASCII values of message M, (b) Hexadecimal hash value h of M, (c) Zero message, and (d) Hexadecimal hash value h of the zero message.
Entropy 22 01012 g011
Figure 12. Histogram of B i for Structure 1 with | h | = 256 bits, and J = 2048 tests.
Figure 12. Histogram of B i for Structure 1 with | h | = 256 bits, and J = 2048 tests.
Entropy 22 01012 g012
Figure 13. Histogram of B i for Structure 1 with | h | = 512 bits, and J = 2048 tests.
Figure 13. Histogram of B i for Structure 1 with | h | = 512 bits, and J = 2048 tests.
Entropy 22 01012 g013
Figure 14. Comparison of hashing throughput for Structures 1 and 2 - n r = 8/24 rounds with | h | = 256/512 bits.
Figure 14. Comparison of hashing throughput for Structures 1 and 2 - n r = 8/24 rounds with | h | = 256/512 bits.
Entropy 22 01012 g014
Table 1. Characteristics of the two proposed keyed-Sponge hash functions based on CNN.
Table 1. Characteristics of the two proposed keyed-Sponge hash functions based on CNN.
Hash FunctionCharacteristics
Definitionr (bits),c (bits) | h | (bits)
Structure 1-256 (M)KSCNN[512] (M ‖ 01, 256)1088512256
Structure 2-256 (M)
Structure 1-512 (M)KSCNN[1024] (M ‖ 01, 512)5761024512
Structure 2-512 (M)
Table 2. Theoretical values of ω with respect to the number of tests J for | h | = 256 bits.
Table 2. Theoretical values of ω with respect to the number of tests J for | h | = 256 bits.
Number of Hits ω
012332
J512451.7256.683.440.13 4.42 × 10 75
1024903.45113.376.890.27 8.84 × 10 75
20481806.91226.7413.780.54 1.76 × 10 74
Table 3. Theoretical values of ω with respect to the number of tests J for | h | = 512 bits.
Table 3. Theoretical values of ω with respect to the number of tests J for | h | = 512 bits.
Number of Hits ω
0123464
J512398.55100.0212.351.000.05 7.14 × 10 57
1024797.10200.0524.712.000.11 1.42 × 10 56
20481594.20400.1149.424.000.23 2.85 × 10 56
Table 4. Number of hits ω with respect to the number of rounds n r of Structure 2 for 2048 tests.
Table 4. Number of hits ω with respect to the number of rounds n r of Structure 2 for 2048 tests.
ω
012345
n r
| h |
2561181422014000
218152248100
4180223213100
8178724417000
1618252148100
24182421311000
5121159839652110
2155243952500
4159440144630
8160737167300
16160239547400
24160035946210
Table 5. Number of hits ω regarding the proposed structures with the two lengths of hash values for 2048 tests.
Table 5. Number of hits ω regarding the proposed structures with the two lengths of hash values for 2048 tests.
| h | ω
01234
Structure 125618062291300
51215724195160
Structure 225617872441700
n r = 851216073716730
Structure 225618242131100
n r = 2451216003994621
Table 6. Mean, mean/character, minimum, and maximum of the absolute difference d for the proposed structures with the two lengths of hash values and J = 2048 tests.
Table 6. Mean, mean/character, minimum, and maximum of the absolute difference d for the proposed structures with the two lengths of hash values and J = 2048 tests.
| h | MeanMean/CharacterMinimumMaximum
Structure 12562715.3984.8516953831
5125414.34169.1939117062
Structure 22562584.5180.7616543759
n r = 85125478.30171.1938746871
Structure 22562665.2483.2816423784
n r = 245125233.34163.5437676606
Table 7. Sensitivity of h to M for the proposed structures with | h | = 256 bits.
Table 7. Sensitivity of h to M for the proposed structures with | h | = 256 bits.
Message VariantsHash Values in Hexadecimal Format B i H D i %
Structure 11d53280d1f7a652977e7943472ea34a343746f09f6c8ea084f0b9d5009fecf467
22081268dee082e8b2a9cbaaa8156fad0595d6fbd83aea9a92a5c649d9e53a82e139.0054.29
39c0f5327df3f01a4311283caae6051a7780ca06d81d69dbfdfed57dec4a67db4128.0050.00
4c0a1b6e48295f620c2c42e1ed101023cbefecf6eca5d505d3355604fb8bb2db0142.0055.46
5e3edfd704f2befe9b54c6d000b1116316112b98cf0b6432f68ddf0ee6b829fcf133.0051.95
629f9cf09e3d0764b53c4a67a5450fc828fc78e12af51de43b6b77f978292cdb3146.0057.03
Average137.6053.75
Structure 21d3a15d8621f3fec42dca5abf7077091f96275130fcef4e21a1521d81470245ae
n r = 82346dd0bf7ac39dd0992e27b4fdef79e6aacda0d29733324ef3f26c1ca4d0b52813351.95
32ae7c91d1e34279fcc90fdee067837028045a922c786c55c0d6e0fb08b539190133.0051.95
482ed73ae08e2efe8498d795a2fe685a730a5c2fdaec6dd8cc8ad2171d7ee662b116.0045.31
53bae189d094240cf7ca3a5ffcf9846f056d078b4ba10f76d092b146290632a26137.0053.51
6145759fe7d944ed8adaa126d7d0107cef75326f757812c56872a39f50d7818cc121.0047.26
Average128.0050.00
Structure 21f39457de07d62bea3fb35b5698ec008e004db03197b77a7e30e821a6a8499119
n r = 242cb5dc81199de92b10ebf54d31185f37676ba5ca36d077d91723dda34150275e114054.68
39a0d013b3132a1db0ada8a5aa59ce1a49d38137760d7dc81cf91b77ff73545ac140.0054.68
4ef73910049a7a86ace7103c7d8f537fdfab9eab130c81f0d264c2b370400f67b122.0047.65
52087a2da6dcf4187ad407532ce2207c14673ff0e56d512fa35b76009bde698c6128.0050.00
6006b3905b48157204b5a2c0922cdb1a869a297e3add562abc442ff0a8f2dd941143.0055.85
Average134.6052.57
Table 8. A comparison of average B i and H D i ( % ) for the sensitivity of h to M.
Table 8. A comparison of average B i and H D i ( % ) for the sensitivity of h to M.
Length of Hash Values B i H D i %
Structure 1256137.6053.75
512266.0051.95
Structure 2256128.0050.00
n r = 8512204.4039.92
Structure 2256134.6052.57
n r = 24512254.2049.64
Table 9. Sensitivity of h to K for the two proposed structures with | h | = 256 bits.
Table 9. Sensitivity of h to K for the two proposed structures with | h | = 256 bits.
Message VariantsHash Values in Hexadecimal Format B i H D i %
Structure 11d53280d1f7a652977e7943472ea34a343746f09f6c8ea084f0b9d5009fecf467
2a3614a0d3d7d77cffbde676045f5abf4add0f46ec9ed08e293e2a96118bbb364124.0048.43
39cc68e614f3ce3161ece75dc8474d31f7a080fb30b7edf239334fd485cb5e8ca131.0051.17
45a2502125bc452c8d7ac3c4f20de5ee4f422219839bbfabf1a22923b2a87cb96130.0050.78
5ac84f96d784967e643d750f9c15184ab4e6a93c408bf5eca22585f99eb98fa31146.0057.03
Average132.7551.85
Structure 21d3a15d8621f3fec42dca5abf7077091f96275130fcef4e21a1521d81470245ae
n r = 825e148302c03950dffe19911bd144c5713ed1c8750bee6c8324b338e9cb2635ed121.0047.26
3f5d2f5ae0db1c67d5a85f47994ea894db129241c07a361a4c9cc1c90ec0fb1c1122.0047.65
418eae0eac4dcdedc01b8d55e231119e1d5286bb2fa08f107d8a13db82e984feb124.0048.43
5b56c8b1b210b34cb5a41948d7e1b16ba90614af2c1c4d64ee59e54790be40831128.0050.00
Average123.7548.33
Structure 21f39457de07d62bea3fb35b5698ec008e004db03197b77a7e30e821a6a8499119
n r = 242d920e5ea9ae97a63fc75bb205733bc329464c5c67f868620d4c081321797f8c614155.07
3dce025ba7f9fb1b72d2754eeeafb696740d691fd3129744bf6f549c25cd8b158115.0044.92
4c5e3e27affb359a4648039f8201e029213eb9345f730cf66b3aef40c805b65db119.0046.48
5182bb7760e4708c3464bbaed011154a9d903f06be1d73d9ea68dd3da7e9f7718130.0050.78
Average126.2549.31
Table 10. A comparison of average B i and H D i ( % ) for for the sensitivity of h to K.
Table 10. A comparison of average B i and H D i ( % ) for for the sensitivity of h to K.
Length of Hash Values B i H D i %
Structure 1256132.7551.85
512252.5049.31
Structure 2256123.7548.33
n r = 8512265.5051.85
Structure 2256126.2549.31
n r = 24512256.0050.00
Table 11. Statistical analysis of diffusion effect results for Structures 1 and 2, with the two lengths of hash values, and J = 2048 tests.
Table 11. Statistical analysis of diffusion effect results for Structures 1 and 2, with the two lengths of hash values, and J = 2048 tests.
Length of Hash Values
256512
Structure 1 B m i n 101217
B m a x 155293
B ¯ 128.10256.20
P50.0450.04
Δ B 7.9611.20
Δ P 3.112.18
Structure 2 B m i n 99214
n r = 8 B m a x 156291
B ¯ 127.70255.90
P49.8849.98
Δ B 8.2211.37
Δ P 3.212.22
Structure 2 B m i n 99215
n r = 24 B m a x 154296
B ¯ 127.88255.53
P49.9549.90
Δ B 8.0211.41
Δ P 3.132.23
Table 12. HT, HTH, and NCpB for Structures 1 and 2 with | h | = 256 bits and 2048 random tests.
Table 12. HT, HTH, and NCpB for Structures 1 and 2 with | h | = 256 bits and 2048 random tests.
MessageStructure 1 Structure 2 with n r = 8 Structure 2 with n r = 24
LengthHTHTHNCpB HTHTHNCpB HTHTHNCpB
5130.005827.41124.33 0.0019104.8130.24 0.0029100.6528.20
10240.010249.2560.68 0.0039115.7824.45 0.003972.1051.78
20480.019036.9093.56 0.0078115.9024.43 0.0087102.8627.08
40960.033652.0853.28 0.0156104.6733.38 0.017592.6435.27
10 4 0.084948.8463.51 0.0371124.7522.44 0.0419101.1030.71
10 6 8.266655.0550.30 3.5986130.4521.21 4.0537112.7024.56
Table 13. HHT, HTH, and NCpB for Structures 1 and 2 with | h | = 512 bits and 2048 random tests.
Table 13. HHT, HTH, and NCpB for Structures 1 and 2 with | h | = 512 bits and 2048 random tests.
MessageStructure 1 Structure 2 with n r = 8 Structure 2 with n r = 24
LengthHTHTHNCpB HTHTHNCpB HTHTHNCpB
5130.009719.68172.47 0.004353.1654.61 0.004341.6575.04
10240.018026.93103.42 0.007352.4257.64 0.008742.8778.30
20480.033626.84107.66 0.014165.6542.32 0.016152.7157.99
40960.069828.3098.48 0.027856.8755.19 0.033654.8554.32
10 4 0.162127.57101.87 0.071265.5042.49 0.076158.0247.82
10 6 15.616629.5393.67 6.629368.9740.12 7.803259.9546.16

Share and Cite

MDPI and ACS Style

Abdoun, N.; El Assad, S.; Manh Hoang, T.; Deforges, O.; Assaf, R.; Khalil, M. Designing Two Secure Keyed Hash Functions Based on Sponge Construction and the Chaotic Neural Network. Entropy 2020, 22, 1012. https://doi.org/10.3390/e22091012

AMA Style

Abdoun N, El Assad S, Manh Hoang T, Deforges O, Assaf R, Khalil M. Designing Two Secure Keyed Hash Functions Based on Sponge Construction and the Chaotic Neural Network. Entropy. 2020; 22(9):1012. https://doi.org/10.3390/e22091012

Chicago/Turabian Style

Abdoun, Nabil, Safwan El Assad, Thang Manh Hoang, Olivier Deforges, Rima Assaf, and Mohamad Khalil. 2020. "Designing Two Secure Keyed Hash Functions Based on Sponge Construction and the Chaotic Neural Network" Entropy 22, no. 9: 1012. https://doi.org/10.3390/e22091012

APA Style

Abdoun, N., El Assad, S., Manh Hoang, T., Deforges, O., Assaf, R., & Khalil, M. (2020). Designing Two Secure Keyed Hash Functions Based on Sponge Construction and the Chaotic Neural Network. Entropy, 22(9), 1012. https://doi.org/10.3390/e22091012

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop