Design, Hardware Implementation on FPGA and Performance Analysis of Three Chaos-Based Stream Ciphers

Abstract

In this paper, we come up with three secure chaos-based stream ciphers, implemented on an FPGA board, for data confidentiality and integrity. To do so, first, we performed the statistical security and hardware metrics of certain discrete chaotic map models, such as the Logistic, Skew-Tent, PWLCM, 3D-Chebyshev map, and 32-bit LFSR, which are the main components of the proposed chaotic generators. Based on the performance analysis collected from the discrete chaotic maps, we then designed, implemented, and analyzed the performance of three proposed robust pseudo-random number generators of chaotic sequences (PRNGs-CS) and their corresponding stream ciphers. The proposed PRNGs-CS are based on the predefined coupling matrix M. The latter achieves a weak mixing of the chaotic maps and a chaotic multiplexing technique or XOR operator for the output function. Therefore, the randomness of the sequences generated is expanded as well as their lengths, and divide-and-conquer attacks on chaotic systems are avoided. In addition, the proposed PRNGs-CS contain polynomial mappings of at least degree 2 or 3 to make algebraic attacks very difficult. Various experimental results obtained and analysis of performance in opposition to different kinds of numerical and cryptographic attacks determine the high level of security and good hardware metrics achieved by the proposed chaos system. The proposed system outperformed the state-of-the-art works in terms of high-security level and a high throughput which can be considered an alternative to the standard methods.

1. Introduction

As we increasingly rely on intelligent and interconnected devices in every aspect of our lives (residences, transports, hospitals, factories, …), how do we protect potentially billions of these connected devices from passive and active attacks that could compromise personal privacy or threaten public safety? We all live today in a cyber world. For that, most of the world’s web traffic (digital multimedia content such as images and videos, emails) is encrypted because of security threats.

The revised eSTREAM project, September 2008, contains seven stream ciphers that fall into two profiles. Profile 1 contains HC-128, Rabbit, Salsa20/12, and SOSEMANUK stream ciphers, which are best suited for software applications requiring high throughput. Profile 2 contains Grain, MICKEY 2.0, and Trivium stream ciphers, which are particularly suitable for hardware applications with constrained resources and limited power consumption [1,2]. However, these days, most of these stream ciphers are weak against various attacks and then can’t be used to secure exchanged and stored data [3]. Likewise, 5G Security uses the NEA3-128 algorithm for privacy and the NIA3-128 algorithm for integrity. Both NEA3-128 and NIA3-128 are based on ZUC stream cipher [4]. However, many published researchers [5,6] noticed that there are some weaknesses and vulnerabilities in the ZUC algorithm for differential power analysis attacks (SCA), Chosen IV attacks, etc.

For this, we use chaos-based stream ciphers, which are very secure against cryptographic attacks because chaotic signals are intrinsically secure and have high nonlinearity [7]. The security of a stream cipher relies heavily on the pseudo-random number generator (PRNG), which acts as the primary component in the system.

There has been a development of various cryptosystems in recent years that employ chaotic systems and maps, including those for the generation of pseudo-random numbers and encryption. Some of them have issues with security or poor computational performance [8,9,10,11,12,13,14,15,16]. Moreover, some of these cryptosystems are not well-suited for use on smart devices with limited resources, such as low memory, limited processing capabilities, and energy efficiency issues [17,18,19].

Devices used in the Internet of Things are low-power and resource constrained, so for these devices, hardware implementation of cryptosystems is more suitable than the software implementation. It is noteworthy that currently, there are only a limited number of chaotic systems that have been implemented on Field-Programmable Gate Array (FPGA) boards [20,21,22,23,24]. FPGAs are used for various reasons, including Speed (FPGAs can perform certain operations much faster than microprocessors), customizability, power efficiency, flexibility, and parallelism. A new lightweight chaos-based stream cipher, using two nonlinear feedback shift registers (NLFSR), was proposed by Ding et al. [25] in 2019. The results obtained indicate the good cryptographic characteristics of their stream cipher. To provide security in multimedia applications dealing with high voluminous data, several effective chaos-based encryption systems using four combined chaotic maps (Logistic, Arnold, Lorenz, and Chebyshev) published by Abdelfatah et al. [26] in 2020 and a novel medical image encryption system based on the Logistic-Tent map, Arnold’s scrambling, and a special nonlinear function based LFSR was proposed by Subhrajyoti et al. [27] in 2021. Experimental works reveal that the proposed cryptosystems have good prospects for real-time image encryption. In 2022, Jun et al. [28] developed a highly secure stream cipher based on the analog–digital hybrid chaotic system consisting of the Chen chaotic system and a modified three-dimensional Logistic map. The proposed stream cipher has the advantages of huge key space, virtually infinite cycle length, and tight security.

We propose in this research work to design, and implement on an FPGA board, three chaos-based stream ciphers and evaluate their performance, in terms of security against statistical attacks, and cryptographic attacks, as well as in terms of hardware metrics, including throughput and efficiency. The proposed solutions cope with the trade-offs between security, performance, and cost, and have a better level of security compared to standard methods (thanks to the high non-linearity of chaotic systems).

The remainder of this article is organized as follows: In Section 2, we introduce, implement, and evaluate the statistical and hardware performance of some discrete chaotic maps used here, specifically Logistic, Skew-Tent (STM), PWLCM, 3D-Chebyshev (3D-Ch), and a Linear Feedback Shift Register (LFSR) as the basis for the chaos-based stream ciphers design proposed in this work. Based on the performance results of the studied chaotic maps, we designed, implemented, and analyzed in Section 3 three-stream encryption methods that utilize three secure pseudo-chaotic number generators (PRNGs-CS), known as LSP-PRNG, LST-PRNG, and LSPT-PRNG, by combining different chaotic maps such as the Logistic map, STM, PWLCM, and 3D-Ch map. Then, we present the results of the experiments in terms of security evaluation and hardware metrics of the proposed PRNGs-CS and their corresponding stream ciphers. Finally, Section 4 summarizes the whole article.

Notice that, for the proposed chaotic systems, in all statistical experiments, 100 random secret keys are utilized to produce 100 different sequences of 3,125,100 32-bit samples. However, just 3,125,000 samples were utilized per sequence (i.e., ${10}^8$ bits). While the system internally generates the first 100 samples per sequence for each key, they are not employed to deviate from the transitional phase.

2. Study of Used Discrete Chaotic Maps: Statistical Test and Hardware Metrics

In information security, chaotic maps are used in stream ciphers [7,29], block ciphers [30,31], hashing [32], steganography, and digital watermarking [33,34]. They can replace traditional pseudo-random number generators such as maximum length PN sequences, and Gold and Kasami generators. However, the use of these chaotic maps alone in practical data security applications is not secure, as we will see in this paragraph.

In the following, we first consider the discrete equations of the 1-D chaotic maps used (we also give the original equations of these chaotic maps in Appendix A): Logistic, Skew-Tent, PWLCM, and the 3D-Chebyshev map and the primitive polynomial expression of an LFSR of 32-bit. Then we present the statistical security performance (in terms of NIST test, histogram, and Chi-square test) and hardware metrics of these chaotic maps, the 32-bit LFSR, and also for the 3D-Chebyshev chaotic map coupled with the 32-bit LSFR used. The results of these statistical tests indicate the degree of randomness of the generated sequences.

2.1. Discrete Equations of the Chaotic Maps and the 32-Bit LFSR Used

We give below the discrete equations of the chaotic maps, and the 32-bit LFSR used to design the proposed chaotic systems:

Discrete Logistic map

The logistic map, created by Pierre Verhulst in 1845, was initially designed as a model for population growth [35]. Due to the recurrence equation’s simplicity, Ulam and Von Neumann in 1947 used the logistic map as a pseudo-random number generator [36]. Since then, it has been widely used in cryptographic applications. When the control parameter value is set to 4, the discrete Logistic map equation is as follows:

$$XL\left(n\right)=\left\{\begin{array}{cc}⌊\frac{XL(n-1)\left[2^N-XL(n-1)\right]}{2^{N-2}}⌋& ifXL(n-1)\ne \left[3\times 2^{N-2}-1,2^{N-1}\right]\\ & \\ 3\times 2^{N-2}-1& ifXL(n-1)=3\times 2^{N-2}\\ & \\ 2^N-1& ifXL(n-1)=2^{N-1}\end{array}\right.$$

(1)

where $XL\left(n\right)$ is an integer that falls within the range $[1,2^N-1]$ with $N=32$ as the precision used and $\lfloor Z\rfloor$ (Floor function) returns the highest integer that is less than or equal to Z.

Discrete Skew-Tent map

The Skew-Tent map is a piecewise linear map, the equation of the discretized Skew-Tent map is defined by:

$$XS\left(n\right)=\left\{\begin{array}{cc}⌊\frac{2^N\times XS(n-1)}{P_s}⌋& if0<XS(n-1)<P_s\\ & \\ ⌊2^N\times \frac{\left[2^N-XS(n-1)\right]}{2^N-P_s}⌋& if{P}_s<XS(n-1)<2^N\\ & \\ 2^N-1& otherwise\end{array}\right.$$

(2)

where $XS\left(n\right)$ is an integer that falls within the range $[1,2^N-1]$ and $P_s$ is the Skew-Tent map’s control parameter, with a value in the range $[1,2^N-1]$.

Discrete PWLCM map

Another piecewise linear chaotic map is the Piecewise Linear Chaotic Maps (PWLCM); due to its good cryptographic characteristics, compared to the other chaotic maps studied in this section, the PWLCM map is commonly employed in data encryption. The discrete PWLCM map’s equation is as follows:

$$XP\left(n\right)=\left\{\begin{array}{cc}⌊\frac{2^N\times XP\left(n-1\right)}{P_p}⌋& if0<XP\left(n-1\right)<P_p\\ & \\ ⌊2^N\times \frac{\left[XP\left(n-1\right)-P_p\right]}{2^{N-1}-P_p}⌋& if{P}_p<XP\left(n-1\right)<2^{N-1}\\ & \\ ⌊2^N\times \frac{\left[2^N-XP\left(n-1\right)-P_p\right]}{2^{N-1}-P_p}⌋& if{2}^{N-1}<XP\left(n-1\right)<2^N-P_p\\ & \\ ⌊2^N\times \frac{\left[2^N-XP\left(n-1\right)\right]}{P_p}⌋& if{2}^N-P_p<XP\left(n-1\right)<2^N\\ & \\ 2^N-1& otherwise\end{array}\right.$$

(3)

where $P_p$ is the PWLCM map’s control parameter, with a value in the range $[1,2^{N-1}-1]$ and $XP$ belongs to the same interval as $XS$ and $XL$.

Discrete 3D-Chebyshev map

The discrete 3D-Chebyshev (third order) map is given by:

$$XT\left(n\right)=⌊2^{\left(-2N+2\right)}\times \left(4\times {\left(XT-2^{\left(N-1\right)}\right)}^3-3\times 2^{\left(2N-2\right)}\times \left(XT-2^{\left(N-1\right)}\right)\right)+2^{\left(N-1\right)}⌋$$

(4)

where $1\le XT\left(n\right)\le 2^N-1$.

32-bit LFSR based on primitive polynomial with internal feedback (Galois implementation)

The 32-bit LFSR with maximum length feedback used in our work is defined by the following primitive polynomial:

$$Q\left(x\right)=x^{32}+x^{22}+x^2+x+1$$

(5)

Its circuit diagram is shown in Figure 1. The sequences generated (random outputs) are periodic of period equal to $2^{32}$− 1 = 4,294,967,295.

2.2. Statistical Performance: NIST, Histogram, and Chi-Square Test

NIST statistical test

The NIST test is widely considered one of the most effective standards for evaluating the randomness of binary data [37]. This test is a statistical package consisting of 188 proposed tests and sub-tests (15 different tests in total) for evaluating the randomness of binary sequences of arbitrary length. These tests focus on different kinds of non-randomness that can be present in sequences. A p-value is calculated for each test to show the results of the test. A p-value $\ge 0.01$ indicates that the sequence was considered random with 99% confidence. A p-value $\le 0.01$ implies the conclusion that the sequence is not random with 99% confidence.

Histogram and Chi-square test analysis

Another key property of any robust pseudo-chaotic number generator is to provide a uniform distribution in the whole phase space. To assert the uniformity of generated sequences, it is necessary to apply on them the chi-square test ${\chi }^2$ given by the following formula:

$${\chi }_{exp}^2=\sum _{i=0}^{N_c-1}\frac{{\left(O_i-E_i\right)}^2}{E_i}$$

(6)

where $N_c=1000$ represents the number of classes, $O_i$ represents the number of calculated samples in the $ith$ class $E_i$, where the class $E_i$ is the expected number of samples of a uniform distribution, which is equal to $Ns/N_c$.

To confirm the uniformity of a produced sequence, the experimental chi-square value must be smaller than the theoretical value ${\chi }_{exp}^2<{\chi }_{th}^2$. Furthermore, if the experimental chi-square value is less than the theoretical one, the resulting sequence is more uniform.

At the top of Figure 2a–f, from left to right, we present the proportion achieved versus the test for the discrete Logistic map, Skew-Tent map, PWLCM, 3D-Chebyshev map, 32-bit LFSR, and 3D-Chebyshev map coupled with a 32-bit LFSR respectively (see Figure 3). As we can see, the sequences generated by the discrete chaotic maps alone and the 32-bit LFSR do not successfully pass all NIST tests, and some are far from the acceptance criterion of a test indicated by the red line. In addition, we note that the PWLCM map outperforms the other chaotic maps studied, in terms of several tests passed. Moreover, obtained results for the generated sequences by the coupled 3D- Chebyshev map with the 32-bit LFSR show that all NIST tests, except the Block-frequency test, have passed, demonstrating that the coupled technique with the 32-bit LFSR improves the cryptographic properties of the 3D-Chebyshev map (this is true for any type of chaotic map).

At the bottom of Figure 2g–l, we give the corresponding histogram for each chaotic map, the 32-bit LFSR, and the coupled 3D-Chebyshev map with the 32-bit LFSR. We notice that, visually, the histograms obtained by the chaotic maps are not uniform, except for the 32-bit LFSR and the discrete 3D-Chebyshev coupled with the 32-bit LFSR. This observation is asserted by the obtained experimental and theoretical results of the chi-square tests given in

Table 1. Chi-square results on the tested histograms.

Chi-Square Test	Logistic	STM	PWLCM	3D-Ch	LFSR	3D-Ch with LFSR
${\chi }_{exp}^2$	38,698.41	1113.45	1146.92	41,865.00	989.48	999.48
${\chi }_{th}^2$ (1000, 0.05)	1073.64	1073.642	1073.64	1073.64	1073.64	1073.64

.

2.3. Hardware Metrics

We interpret the implementation of the chaotic maps in regard to the resources utilized (area, DSPs), the speed (WNSi, Max. Freq., throughput), and the efficiency (throughput-to-slices ratio). Furthermore, we give the power consumption.

$$Max.Freq.=\frac{1}{Ti-WNSi}\left(MHz\right).$$

(7)

where $Ti$ is the target clock period (ns) used during the implementation run “i” and $WNSi$ is the Worst Negative Slack (ns) of the target clock used during the implementation run “i” and must be positive, and very close to zero.

The data Throughput is calculated by Equation (8).

$$Throughput=N\times Max.Freq.\left(Mbps\right).$$

(8)

The Efficiency is calculated by using Equation (9).

$$Efficiency=\frac{Throughput}{Slices}\left(Mbps/Slices\right).$$

(9)

The chaotic systems implementation was carried out on the Xilinx-manufactured PYNQ-Z2 FPGA board. To implement the chaotic systems, the code was written in VHDL using 32-bit fixed-point data format, then synthesized and implemented using Xilinx Vivado design suite (V.2017.2). The Vivado design suite tools are a set of tools provided by Xilinx for designing and implementing digital circuits on FPGA boards. These tools enable the complete design flow from creating the RTL design, to implementation, synthesis, and programming of the FPGA. The Vivado design suite includes a powerful integrated development environment (IDE) that allows users to easily design, debug, and test their designs. It also includes various features such as timing analysis, power analysis, and design exploration, which can help in fine-tuning the design for optimal performance and power consumption. As illustrated in Figure 4, we present a summary of the various stages of the conception flow that were executed using Vivado for evaluating the metrics of the discrete Skew-Tent map as an example of demonstration. Note that the same steps for all studied chaotic systems were repeated since Design entry up to configuration bitstream generation.

The areas of the implementations of the chaotic systems on FPGA are compared using slices, Flip-Flops (FFs), and lookup tables (LUTs), which are the basic logic block of Xilinx FPGAs. Latency, maximum frequency, and throughput together determine execution speed. The efficiency parameter represents the throughput-to-slices ratio and provides a general understanding of the implementation’s hardware performance as measured by the hardware metrics.

All designs have been tested after place and route using simulation to ensure the correct functionality and produce one sample at each clock cycle.

At the end of the Place & Route process, we get the hardware metrics of chaotic systems implemented on the PYNQ-Z2 FPGA chip.

Table 2. Hardware metrics of studied chaotic maps, the 32-bit LFSR, and the 3D-Chebyshev map coupled with the 32-bit LFSR.

			Logistic Map	STM	PWLCM	3D-Ch Map	32-Bit LFSR	3D-Ch with LFSR
Resources used	Area	LUTs	77/0.14%	2830/5.32%	7374/13.86%	286/0.05%	2/< 0.01%	319/0.60%
		FFS	49/0.05%	57/0.05%	63/0.06%	47/0.04%	62/0.06%	71/0.07%
		Slices *	33/0.25%	853/6.41%	2171/16.32%	87/0.65%	16/0.12%	99/0.74%
	DSPs		4/1.82%	0/0.00%	0/0.00%	12/5.45%	0/0.00%	12/5.45%
Speed	WNSi (ns)		0.102	0.059	0.108	0.031	6.078	0.096
	Ti (ns)		12	28	31.2	22	8	21.6
	Max. Freq. (MHz)		84.04	35.78	32.16	45.51	520.29	46.50
	Throughput (Mbps)		2689.52	1145.27	1029.20	1456.59	16,649.32	1488.09
Efficiency (Mbps/Slices)			81.500	1.342	0.476	16.742	1040.58	15.031
Power (W)			0.083	0.070	0.105	0.048	0.118	0.055

* Note: Each slice contains four 6-input LUTs and 8 flip-flops.

, resume the obtained hardware metrics of studied chaotic maps, the 32-bit LFSR, and the 3D-Chebyshev map coupled with the 32-bit LFSR.

In terms of computing performance, the PWLCM is slower when compared to other chaotic maps and uses approximately three times more hardware resources than the Skew-Tent map. Moreover, the obtained values for the discrete Logistic map show that a high throughput characterizes the Logistic map compared to the throughput of the other studied chaotic maps and uses fewer hardware resources. Furthermore, the 3D-Chebyshev map coupled with the 32-bit LFSR achieves a throughput of approximately 1.5 Gbps.

3. Proposed Chaos-Based Stream Ciphers Based on Secure PRNGs of Chaotic Sequences

Based on statistical results obtained in the previous Section 2, we can confirm that chaotic maps cannot be used alone as a secure PRNG-CS. The question is how to combine some of them to build PRNGs-CS secure against statistical and cryptanalytic attacks, and efficient, in terms of hardware cost, throughput, and efficiency. A compromise between security and effectiveness is usually made, and it is first about the degree of security required for a given application.

In this section, we created three secure pseudorandom number generators (PRNGs), known as LSP-PRNG, LST-PRNG, and LSPT-PRNG, by combining different mathematical maps such as the Logistic map, Skew-Tent map, PWLCM map, and 3D-Chebyshev map. We also examined the stream cipher systems associated with each PRNG.

3.1. Block Diagram of Stream Ciphers Based on Secure PRNGs-CS

Figure 5 depicts a stream encryption/decryption system’s block diagram. The stream cipher method uses the XOR function for both encryption and decryption, by combining the keystream with the plaintext for encryption and with the ciphertext for decryption.

The security of such a system relies entirely on the PRNG-CS keystream. An encryption/decryption system is considered unconditionally secure when the keystream is perfectly random and the period is infinite (a so-called one-time pad).

PRNG-CS takes as input a secret key (K) and an initial value (IV) utilized to defeat a known plaintext attack. The IV changes with each new session and can only be used once. Therefore, generated sequences in different sessions using the same secret key will differ. Note that stream ciphers are used to continuously cipher data, such as selective video encryption or network communications. Below we will describe the proposed secure PRNGs-CS in detail.

3.2. Architectures Description of the Proposed PRNGs-CS

All the proposed secure PRNGs-CS have the same general design, though different internal states and just slightly different output functions. In this section, we describe in detail the architectures of the proposed secure PRNGs-CS and perform their security analysis and hardware metrics.

3.2.1. The Proposed LSP-PRNG

Figure 6 shows the architecture of the proposed LSP-PRNG. Its internal state is formed by three weakly coupled discrete chaotic maps: Logistic map, Skew-Tent, and Piecewise Linear Chaotic Map (PWLCM). The output function is based on chaotic multiplexing techniques.

The proposed LSP-PRNG takes a secret key K and an initialization vector $IV$ as input and computes initial values $XL\left(0\right)$, $XS\left(0\right)$ and $XP\left(0\right)$ of the three chaotic maps: Logistic, Skew-Tent, and PWLCM respectively. The $IV$ of the system supplies the initial vectors of the three chaotic maps: $IVL$, $IVS$, and $IVP$ each are of size N = 32 bits, and the secret key K provides all the initial conditions and parameters of the chaotic maps and the parameters of the coupling matrix M, as summarized in

Table 3. The initial conditions and parameters that form the secret key.

Symbol	Definition
$XL0$, $XS0$, and $XP0$	Initial conditions of the chaotic maps: Logistic, Skew-Tent, and PWLCM respectively, ranging from 1 to $2^N-1$.
$P_s$	Skew-Tent map’s control parameter, in the range $[1,2^N-1]$.
$P_p$	PWLCM map’s control parameter, in the range $[1,2^{N-1}-1]$.
${ϵ}_{ij}$	The coupling matrix’s parameters, in the range $[1,2^k]$ where $k\le 5$.

.

The size of the secret key, noted $\left|K1\right|$, of the proposed LSP-PRNG is given by

$$\left|K1\right|=\left|XL0\right|+\left|XS0\right|+\left|XP0\right|+\left|P_s\right|+\left|P_p\right|+\left(6\times \left|{ϵ}_{ij}\right|\right)=189bits$$

(10)

(see below the form of the Matrix M containing ${ϵ}_{ij}$) where $\left|XL0\right|=\left|XS0\right|=\left|XP0\right|=\left|P_s\right|=32bits$, $\left|P_p\right|=31bits$, and $\left|{ϵ}_{ij}\right|=5bits$.

The key space of the secret key is $2^{189}$ different combinations which are large enough to make the brute-force attack infeasible [38]. Indeed, it is commonly agreed upon that a key space of at least $2^{128}$ is required to make the brute-force attack infeasible.

The secret key K provides initial conditions and parameters for chaotic maps as follows:

$$\left\{\begin{array}{c}XL0=K\left(0to31\right)\hfill \\ XS0=K\left(32to63\right)\hfill \\ XP0=K\left(64to95\right)\hfill \\ P_s=K\left(96to127\right)\hfill \\ P_p=K\left(128to158\right)\hfill \\ {ϵ}_{12}=K\left(159to163\right)\hfill \\ {ϵ}_{13}=K\left(164to168\right)\hfill \\ {ϵ}_{21}=K\left(169to173\right)\hfill \\ {ϵ}_{23}=K\left(174to178\right)\hfill \\ {ϵ}_{31}=K\left(179to183\right)\hfill \\ {ϵ}_{32}=K\left(184to188\right)\hfill \end{array}\right.$$

(11)

The initial values $XL\left(0\right)$, $XS\left(0\right)$, and $XP\left(0\right)$ of the three chaotic maps are calculated as follows:

$$\left\{\begin{array}{c}XL\left(0\right)=\mathrm{mod}(\left(XL0+IVin\right),2^N)\hfill \\ XS\left(0\right)=\mathrm{mod}(\left(XS0+IVin\right),2^N)\hfill \\ XP\left(0\right)=\mathrm{mod}(\left(XP0+IVin\right),2^N)\hfill \end{array}\right.$$

(12)

where:

$$IVin=IVL\oplus IVS\oplus IVP$$

(13)

and

$$\left\{\begin{array}{c}IVL=IV\left(0to31\right)\hfill \\ IVS=IV\left(32to63\right)\hfill \\ IVP=IV\left(64to95\right)\hfill \end{array}\right.$$

(14)

The function that controls the internal state creates a loose connection between the chaotic maps, generating future samples of $XLC\left(n\right)$, $XSC\left(n\right)$, and $XPC\left(n\right)$. The output sequence $X\left(n\right)$ is then created by applying a chaotic switching method to these samples (see Figure 6).

This equation describes how the coupling system works:

$$\left[\begin{array}{c}XLC\left(n\right)\\ XSC\left(n\right)\\ XPC\left(n\right)\end{array}\right]=M\times \left[\begin{array}{c}XL\left(n\right)\\ XS\left(n\right)\\ XP\left(n\right)\end{array}\right]$$

(15)

where:

$$M=\left[\begin{array}{ccc}{M}_{11}& {ϵ}_{12}& {ϵ}_{13}\\ {ϵ}_{21}& M_{22}& {ϵ}_{23}\\ {ϵ}_{31}& {ϵ}_{32}& M_{33}\end{array}\right]$$

(16)

with ${ϵ}_{ij}$ are the weakly coupling parameters, and $M_{11}=(2^N-{ϵ}_{12}-{ϵ}_{13})$; $M_{22}=(2^N-{ϵ}_{21}-{ϵ}_{23})$; $M_{33}=(2^N-{ϵ}_{31}-{ϵ}_{32})$.

$XL\left(n\right)$, $XS\left(n\right)$, and $XP\left(n\right)$ are denoted as the maps output values at instant n of the: Logistic, Skew-Tent, and PWLCM map, respectively, defined as follows:

The first three outputs of the matrix M, $XLC\left(1\right),XSC\left(1\right),XPC\left(1\right)$are given by the following equation:

$$\left[\begin{array}{c}XLC\left(1\right)\hfill \\ XSC\left(1\right)\hfill \\ XPC\left(1\right)\hfill \end{array}\right]=M\times \left[\begin{array}{c}XL\left(1\right)\hfill \\ XS\left(1\right)\hfill \\ XP\left(1\right)\hfill \end{array}\right]$$

(17)

with:

$$XL\left(1\right)=Logistic\left\{\mathrm{mod}\left(XL\left(0\right),2^N\right)\right\}$$

(18)

$$XS\left(1\right)=STM\left\{\mathrm{mod}\left(XS\left(0\right),2^N\right),P_s\right\}$$

(19)

$$XP\left(1\right)=PWLCM\left\{\mathrm{mod}\left(XP\left(0\right),2^N\right),P_p\right\}$$

(20)

Then, if $2\le n\le N_s$, ($N_s$ represents the number of samples desired), the three outputs of the matrix M are governed by Equation (15), with:

$$XL\left(n\right)=Logistic\left\{\mathrm{mod}\left(XLC(n-1),2^N\right)\right\}$$

(21)

$$XS\left(n\right)=STM\left\{\mathrm{mod}\left(XSC(n-1),2^N\right),P_s\right\}$$

(22)

$$XP\left(n\right)=PWLCM\left\{\mathrm{mod}\left(XPC(n-1),2^N\right),P_p\right\}$$

(23)

The obtained multiplexed samples of the sequence $X\left(n\right)$ are controlled by the chaotic sample $X_{th}\left(n\right)$ and a threshold T:

$$X\left(n\right)=\left\{\begin{array}{cc}mod\left(\left(XPC\left(n\right)+XLC\left(n\right)\right),2^N\right)\hfill & if0<X_{th}\left(n\right)<T\hfill \\ \hfill & \\ XSC\left(n\right)\hfill & otherwise\hfill \end{array}\right.$$

(24)

where $X_{th}\left(n\right)=XPC\left(n\right)\oplus XSC\left(n\right)$ and $T=0.8\times 2^N$.

3.2.2. The Proposed LST-PRNG

The design of the proposed LST-PRNG is given in Figure 7. The internal state of the system is constructed by weakly coupling three discrete chaotic maps: Logistic map, STM, and 3D-Ch coupled with an LFSR. The latter can improve the 3D Chebyshev periodicity and its uniformity, as shown in Section 2. The output function is based on modulo addition and XOR operations.

Compared with the architecture in Figure 6, the proposed LST-PRNG architecture has better hardware performance because the hardware performance of the 3D Ch map is better than those of the PWLCM map. Moreover, using 3D Ch increases the robustness of the system against algebraic attacks.

The size of the secret key of the proposed LST-PRNG is:

$$\left|K2\right|=\left|XL0\right|+\left|XS0\right|+\left|XT0\right|+\left|P_s\right|+(6\times \left|{ϵ}_{ij}\right|)+\left|Q0\right|=190bits$$

(25)

where $\left|XT0\right|=\left|Q0\right|=32bits$; and $XT0$, $Q0$ are the initial conditions of the 3D Ch and the Linear Feedback Shift Register (LFSR), respectively.

The key space contains $2^{190}$ different values, which is large enough to make brute-force attacks infeasible.

The initial values $XL\left(0\right)$, $XS\left(0\right)$ and $XT\left(0\right)$ of the used chaotic maps are given by:

$$\left\{\begin{array}{c}XL\left(0\right)=\mathrm{mod}(\left(XL0+IVin\right),2^N)\\ XS\left(0\right)=\mathrm{mod}(\left(XS0+IVin\right),2^N)\\ XT\left(0\right)=\mathrm{mod}(\left(XT0+IVin\right),2^N)\end{array}\right.$$

(26)

where:

$$IVin=IVL\oplus IVS\oplus IVT$$

(27)

and $IVL$, $IVS$ and $IVT$ are provided by the initial value $IV$ as follows:

$$\left\{\begin{array}{c}IVL=IV\left(0to31\right)\\ IVS=IV\left(32to63\right)\\ IVT=IV\left(64to95\right)\end{array}\right.$$

(28)

Using the output samples of $XLC\left(n\right)$, $XSC\left(n\right)$ and $XTIC\left(n\right)$, the coupling matrix M (defined in (16)) produces the output sequence $X\left(n\right)$ as shown in Figure 7. The internal system is governed by the following equations.

$$\left[\begin{array}{c}XLC\left(n\right)\hfill \\ XSC\left(n\right)\hfill \\ XTIC\left(n\right)\hfill \end{array}\right]=M\times \left[\begin{array}{c}XL\left(n\right)\hfill \\ XS\left(n\right)\hfill \\ XTI\left(n\right)\hfill \end{array}\right]$$

(29)

with:

$$XTI\left(n\right)=XT\left(n\right)\oplus Q\left(n\right)$$

(30)

and $XL\left(n\right)$, $XS\left(n\right)$, and $XT\left(n\right)$ are denoted as the maps output values at instant n of the: Logistic, Skew-Tent, and 3D-Ch map, respectively.

The first three outputs of the matrix M, $XLC\left(1\right),XSC\left(1\right),XTIC\left(1\right)$are given by:

$$\left[\begin{array}{c}XLC\left(1\right)\\ XSC\left(1\right)\\ XTIC\left(1\right)\end{array}\right]=M\times \left[\begin{array}{c}XL\left(1\right)\hfill \\ XS\left(1\right)\hfill \\ XTI\left(1\right)\hfill \end{array}\right]$$

(31)

with:

$$XTI\left(1\right)=XT\left(1\right)\oplus Q\left(1\right)$$

(32)

and:

$$XL\left(1\right)=Logistic\left\{\mathrm{mod}\left(XL\left(0\right),2^N\right)\right\}$$

(33)

$$XS\left(1\right)=STM\left\{\mathrm{mod}\left(XS\left(0\right),2^N\right),P_s\right\}$$

(34)

$$XT\left(1\right)=3D-Ch\left\{\mathrm{mod}\left(XT\left(0\right),2^N\right)\right\}$$

(35)

Then, for $n\ge 2$ and $n\le N_s$, the matrix M output is given by Equation (29), with:

$$XL\left(n\right)=Logistic\left\{\mathrm{mod}\left(XLC(n-1),2^N\right)\right\}$$

(36)

$$XS\left(n\right)=STM\left\{\mathrm{mod}\left(XSC(n-1),2^N\right),P_s\right\}$$

(37)

$$\left\{\begin{array}{c}XT\left(n\right)=3D-Ch\left\{\mathrm{mod}\left(XTIC\left(n-1\right),2^N\right)\right\}\\ & \\ XTI\left(n\right)=XT\left(n\right)\oplus Q\left(n\right)\end{array}\right.$$

(38)

Finally the output $X\left(n\right)$ is calculated by (see Figure 7):

$$X\left(n\right)=\mathrm{mod}\left(\left(XLC\left(n\right)+XTIC\left(n\right)\right),2^N\right)\oplus XSC\left(n\right)$$

(39)

3.2.3. The Proposed LSPT-PRNG

Some applications (military, industrial, etc.) need to sacrifice hardware metrics for maximum security. For this purpose, we propose the LSPT-PRNG architecture shown in Figure 8. The proposed generator was studied, implemented in Matlab code, and published in [30], but it only performs security analysis, currently focusing on hardware metrics.

3.3. Security Analysis and Hardware Metrics of the Proposed PRNGs-CS

3.3.1. PRNGs-CS Resilience against Statistical Attacks

A set of tests should be applied to assess the statistical cryptographic characteristic of the generated sequences by the proposed PRNGs-CS. Each test checks for a particular feature, such as the correlation between generated sequences or their uniformity, and the composite results of these tests give an insight into the level of randomness of the generated sequences. The statistical properties of the generated sequences are closely linked to the pseudo-chaotic behavior of these sequences. The National Institute of Standards and Technology (NIST) test, among other tests (TestU01, DieHARD), serves as a reference for quantifying and comparing the statistical effects of pseudo-random sequences.

Phase space test

We draw in Figure 9a–c the phase space or mapping of sequences X1, X2, and X3 generated by the suggested LSP-PRNG, LST-PRNG, and LSPT-PRNG, respectively, and created by 3,125,000 samples. In Figure 9d–f, we present the mapping of 1000 samples (a zoom) selected randomly from X1, X2, and X3, respectively.

Already, from Figure 9d–f, The area seems chaotic, indicating a lack of association between nearby sample results.

Histogram and Chi-square tests

A fundamental characteristic of a secure PRNG-CS is that the generated sequences are equally distributed. Histograms of the produced sequences X1, X2, and X3 are shown in Figure 10. Their uniformities are visually observed.

The chi-square test, as defined by Equation (6), should be used to check visual uniformity results.

Table 4. Chi-Square test.

Chi-Square Test Value	LSP-PRNG	LST-PRNG	LSPT-PRNG
${\chi }_{th}^2$	1073.6426	1073.6426	1073.6426
${\chi }_{exp}^2$	941.5878	896.3603	915.5385

shows the experimental and theoretical chi-square tests for sequences X1, X2, and X3 generated by LSP-PRNG, LST-PRNG, and LSPT-PRNG, respectively.

The experimental chi-square test values are lower than the theoretical values for all proposed PRNGs-CS, confirming the uniformity of the histograms.

NIST test

A further important effect of a secure PRNG-CS is that the generated sequences must pass the NIST statistical tests (previously defined in Section 2). The results obtained show that the sequences generated by the proposed PRNGs-CS pass all 15 statistical tests, as shown in Figure 11 and

Table 5. p-values and Proportion results of NIST test for the proposed PRNGs-CS.

Test	LSP-PRNG		LST-PRNG		LSPT-PRNG
	p-Value	Prop. (%)	p-Value	Prop. (%)	p-Value	Prop. (%)
Frequency test	0.494	100	0.475	98	0.115	97
Block-frequency test	0.760	99	0.319	99	0.851	97
Cumulative-sums test (2)	0.757	100	0.691	98	0.394	96.500
Runs test	0.367	100	0.883	98	0.988	98
Longest-run test	0.983	99	0.936	100	0.437	98
Rank test	0.720	98	0.972	99	0.658	98
FFT test	0.575	98	0.475	97	0.475	99
Nonperiodic-templates (148)	0.527	99.115	0.489	99.074	0.484	99.054
Overlapping-templates	0.596	99	0.911	100	0.384	100
Universal	0.335	98	0.335	99	0.035	97
Approximty entropie	0.475	99	0.367	100	0.262	100
Random-excursions (8)	0.352	99.792	0.471	98.242	0.371	99.107
Random-excursions-variant (18)	0.468	98.611	0.367	98.438	0.374	98.710
Serial test (2)	0.460	99	0.900	99.500	0.647	99.500
Linear-complexity	0.401	99	0.554	99	0.071	99

.

Key sensitivity analysis (using Hamming Distance)

Key sensitivity is a critical property for PRNGs. Of course, a slight modification in the secret key should result in a significant difference in the output sequence. To prove this property, for all proposed PRNGs-CS, we compute the Hamming Distance between two sequences produced $(S_1,S_2)$ that are just the LSB (Least Significant Bit) of parameter $P_s$ different. Compute the mean Hamming Distance HD among the two generated sequences for five random secret keys. $H_D\left(S_1,S_2\right)$ is illustrated by the formula below:

$$H_D\left(S_1,S_2\right)=\frac{1}{Nb}\underset{}{\sum _{i=1}^{Nb}}\left(S_1\left(i\right)\oplus S_2\left(i\right)\right)$$

(40)

where $Nb$ is the number of bits in a produced sequence.

Table 6. Values of HD for the proposed PRNGs-CS.

PRNG-CS	HD %
LSP-PRNG	50.0022
LST-PRNG	50.0004
LSPT-PRNG	50.0012

illustrates the average Hamming distance values for the proposed LSP-PRNG, LST-PRNG, and LSPT-PRNG. These values are relative to the optimal value of $50\%$. This result demonstrates the high sensibility of the secret key of the proposed PRNGs-CS.

3.3.2. Hardware Metrics of the Proposed PRNGs-CS

We quantify the performance of the proposed PRNGs-CS implementation in regard to the resources utilized, the speed, the efficiency, and the power consumption.

Table 7. Harware metrics comparison of the proposed PRNGs-CS using ZYNQ PYNQ-Z2 FPGA.

			PRNGs-CS
			LSP-PRNG	LST-PRNG	LSPT-PRNG
Resources used	Area	LUTs	10,400/19.55%	3525/6.63%	11,391/21.41%
		FFs	349/0.33%	434/0.41%	480/0.45%
		Slices	3096/23.28%	1024/7.70%	3337/25.09%
	DSPs		13/5.91%	25/11.36%	28/12.73%
Speed	WNSi (ns)		0.022	0.056	0.072
	Ti (ns)		31.60	26.20	32.30
	Max. Freq. (MHz)		31.66	38.24	31.09
	Throughput (Mbps)		1013.36	1224	995.14
Efficiency (Mbps/Slices)			0.32	1.20	0.29
Power (W)			0.146	0.083	0.162

lists the results of our three proposed PRNGs-CS designs.

We can observe that the LST-PRNG consumes the minimum slice at 1024 slices, and the LSPT-PRNG consumes the maximum slice at 3337 slices. All proposed PRNGs-CS offer high speed. 1013.36 Mbps, 1224 Mbps, and 995.14 Mbps for LSP-PRNG, LST-PRNG, and LSPT-PRNG respectively. The LST-PRNG offers the best throughput. Additionally, the LST-PRNG architecture offers lower power consumption (83 mW) compared to LSP-PRNG and LSPT-PRNG. The LST-PRNG design is ideal for IoT applications, and its efficiency is 1.20 Mbps/Slices.

We perform below a comparison of hardware metrics with several chaotic and non-chaotic systems for various stream ciphers based on the PRNGs-CS proposed above.

3.4. Performance Analysis of Stream Ciphers Based on Proposed PRNGs-CS

In this section, we first evaluate the security of stream ciphers (SC) based on the proposed PRNGs-CS using well-known cryptanalytic analysis. We then provide hardware metrics and compare them to several released systems.

3.4.1. Cryptanalytic Analysis

To evaluate the security of the proposed chaos-based stream cipher against the most common attacks, we perform key sensitivity and statistical analysis on various encrypted images below.

Sensitivity analysis

A robust cryptosystem must also be sensitive to secret keys. In other words, a small change to the secret key will generate a completely different ciphered image. The sensitivity is typically determined by two criteria, NPCR (Number of Pixel Change Rate) and UACI (Unified Average Changing Intensity) [39]. We also apply the Hamming Distance (HD), which is measured in bits. In our view, the HD parameter is more accurate than NPCR and UACI criteria. The formulas for these parameters are given below, with $C_1$, and $C_2$ being the two encrypted images of the same original image P.

$$NPCR=\frac{1}{M\times N\times P}\sum _{i=1}^M\sum _{j=1}^N\sum _{p=1}^{P}D\left(i,j,p\right)\times 100\%$$

(41)

$$D\left(i,j,p\right)=\left\{\begin{array}{cc}1\hfill & if{C}_1\left(i,j,p\right)\ne C_2\left(i,j,p\right)\hfill \\ 0\hfill & if{C}_1\left(i,j,p\right)=C_2\left(i,j,p\right)\hfill \end{array}\right.$$

(42)

where M, N, and P are the width, height, and plane sizes (for a gray image, $P=1$; for an RGB color image, $P=3$) of $C_1$ and $C_2$.

The NPCR calculates the proportion of distinct pixel numbers in two encrypted images.

$$UACI=\frac{1}{M\times N\times P\times 255}\sum _{i=1}^M\sum _{j=1}^N\sum _{p=1}^P\left|C_1\left(i,j,p\right)-C_2\left(i,j,p\right)\right|\times 100\%$$

(43)

which computes the average intensity of differences between $C_1$ and $C_2$.

For a random image, the expected values of NPCR, UACI, and HD are $99.6094\%$, $33.4635\%$, and $50\%$, respectively. We have tested five color images with the same size $512\times 512\times 3$ and different features as shown in Figure 12.

Table 8. NPCR, UACI, and HD values.

Chaos-Based Stream Ciphers	Test	Lena	Peppers	Baboon	Barbara	Boats
LSP-SC	NPCR %	99.5966	99.6156	99.6206	99.6206	99.5966
	UACI %	33.4374	33.4900	33.4769	33.4863	33.4377
	HD %	49.9755	50.0010	49.9868	49.9868	49.9755
LST-SC	NPCR %	99.6059	99.6111	99.6181	99.5933	99.6199
	UACI %	33.4565	33.4634	33.4486	33.4971	33.4809
	HD %	50.0162	50.0079	50.0050	49.9926	50.0480
LSPT-SC	NPCR %	99.6159	99.6135	99.6056	99.6135	99.6159
	UACI %	33.4637	33.4453	33.4751	33.4373	33.4606
	HD %	50.0391	49.9834	49.9912	49.9834	49.9912

displays the NPCR, UACI, and HD values obtained for the original images of Lena, Peppers, Baboon, Barbara, and Boats. These findings show that the generated NPCR, UACI, and HD values are extremely near the optimal values. These results exhibit that the proposed chaos-based stream ciphers are highly sensitive to slight changes in the secret key.

Statistical analysis

To analyze the resilience of the proposed chaos-based stream cipher against most statistical attacks, we perform the following statistical analysis: histogram, chi-square, entropy, and correlation.

Histogram and chi-square tests

The histogram of the ciphered image plays a crucial role in determining the effectiveness of the encryption process. This indicates the pattern in which the gray levels of pixels in an encrypted image are arranged, and it should be highly similar to a uniform distribution. Figure 13 and Figure 14 show the results for Barbara and Boats of size 512 × 512 × 3 as an example, in (a) the plain images, (b) the cipher images by LSP-SC, (c) the cipher images by LST-SC, (d) the cipher images by LSPT-SC, and in (e–h) their histograms, respectively.

We can see that the histogram of the ciphered image is highly similar to a uniform distribution and vastly different from the original image. Using Equation (6), we perform a chi-square test on ciphered images to establish their uniformity statistically, where here: $N_c$ is the number of levels, which is equal to $2^8=256$.

As demonstrated in

Table 9. Chi-square test.

Chi-Square Test Value		Lena	Peppers	Baboon	Barbara	Boats
${\chi }_{th}^2$		293.2478	293.2478	293.2478	293.2478	293.2478
${\chi }_{exp}^2$	LSP-SC	240.8893	251.3581	257.1510	243.0104	240.6367
	LST-SC	221.4082	265.3704	241.5293	266.8132	228.1328
	LSPT-SC	264.9030	244.7487	260.0397	280.6595	254.4102

, the chi-square test results indicate that the histograms of the encrypted images tested are distributed uniformly, as he theoretical values are higher than the experimental ones.

Entropy analysis

The randomness of the encrypted image can be quantitatively measured through the entropy information provided by Shannon [40]:

$$H\left(C\right)=-\sum _{i=0}^{N_c-1}P\left(c_i\right)\times lo{g}_2\left(P\left(c_i\right)\right)$$

(44)

with $H\left(C\right)$ represents the entropy of the ciphered image and $P\left(c_i\right)$ denotes the probability of occurrence of each gray level ($c_i=0,1,\dots ,255$). When the probability is the same, the entropy reaches its peak value (=8). The encryption algorithm is more robust when the experimental entropy value is closer to the maximum value. The results of the entropy test on the original and ciphered images are displayed in

Table 10. Entropy results obtained.

Entropy		Lena	Peppers	Baboon	Barbara	Boats
Plain image		5.68222	7.66982	7.72644	7.69869	7.30541
Ciphered image	LSP-SC	7.99977	7.99976	7.99976	7.99977	7.99977
	LST- SC	7.99979	7.99975	7.99977	7.99975	7.99979
	LSPT- SC	7.99975	7.99977	7.99976	7.99973	7.99973

.

The entropies of the encrypted images are close to the optimal value; therefore, the stream cipher proposed in this study has a high level of robustness, as demonstrated by these results.

Correlation analysis

In an original image, correlation analysis can be used to measure the relationship between adjacent pixels in horizontal, vertical, and diagonal directions. This can be useful in identifying patterns and features in the image, such as edges and textures. An effective encryption process should result in ciphered images with minimal correlation and redundancy between adjacent pixels (as close to zero as possible). We carry out the following steps to evaluate the correlation: First, 8000 pairs of adjacent pixels are chosen at random from the test image, and then the correlation coefficients are calculated using the formula below.

$${\rho }_{xy}=\frac{Cov\left(x,y\right)}{\sqrt{D\left(x\right)}\sqrt{D\left(y\right)}}$$

(45)

where:

$$Cov\left(x,y\right)=\frac{1}{N}\sum _{i=1}^N\left[x_i-E\left(x\right)\right]\left[y_i-E\left(y\right)\right]$$

(46)

$$E\left(x\right)=\frac{1}{N}\sum _{i=1}^N{x}_i$$

(47)

$$D\left(x\right)=\frac{1}{N}\sum _{i=1}^N{\left[x_i-E\left(x\right)\right]}^2$$

(48)

The x and y are grayscale values of two pixels that are close to each other in the image under test. The results achieved are presented in

Table 11. Correlation coefficients of two adjacent pixels in the plain and ciphered images.

Image			Horizontal	Vertical	Diagonal
Lena	Plain image		0.97444	0.98468	0.96601
	Ciphered image	LSP−SC	0.01204	0.00549	0.00739
		LST−SC	−0.00414	0.00020	−0.00595
		LSPT−SC	−0.00770	0.00437	−0.03169
Peppers	Plain image		0.96216	0.96712	0.95239
	Ciphered image	LSP−SC	0.01803	−0.01284	0.00973
		LST−SC	−0.00927	−0.00896	−0.00004
		LSPT−SC	−0.00797	0.01538	−0.00102
Baboon	Plain image		0.95444	0.93200	0.91957
	Ciphered image	LSP−SC	−0.00380	−0.00371	−0.00347
		LST−SC	0.00374	−0.00295	−0.01533
		LSPT−SC	−0.01895	−0.00289	−0.00559
Barbara	Plain image		0.92453	0.97042	0.90707
	Ciphered image	LSP−SC	0.00939	−0.02223	0.00264
		LST−SC	−0.01218	−0.00765	0.01441
		LSPT−SC	−0.00748	0.00685	−0.00556
Boats	Plain image		0.96971	0.97280	0.94049
	Ciphered image	LSP−SC	−0.01362	0.00053	0.01487
		LST−SC	−0.01202	−0.00099	0.02195
		LSPT−SC	−0.01370	−0.00055	−0.01461

.

Table 11 indicates that the correlation coefficients for the original images are almost one, demonstrating that the pixels are highly related, On the other hand, for the encrypted images, the correlation coefficients are nearly zero, indicating that there is no correlation between the original and encrypted images. As a result, there is no similarity between the original and ciphered images, which demonstrates the high level of confusion achieved by the proposed chaos-based stream ciphers.

Based on the analysis of histogram, entropy, and correlation, the proposed chaos-based stream ciphers have a high capability to defend against statistical attacks.

3.4.2. Hardware Metrics

To quantify the performance of the proposed implementation of the chaos-based stream ciphers in regard to the resources utilized (area, DSPs), the speed (Max. Freq., Throughput), the efficiency, and the power consumption, we cipher just four pixels. The proposed PRNGs-CS produce at each clock cycle a 32-bit sample, and we used the least significant 8 bits for XORing with each pixel (8 bits) to generate the corresponding encrypted pixel. Hardware metrics results for the proposed chaos-based stream ciphers are shown in

Table 12. Hardware metrics results of the proposed chaos-based stream ciphers.

			Chaos-Based Stream Ciphers
			LSP-SC	LST-SC	LSPT-SC
Resources used	Area	LUTs	10,420/19.59%	3549/6.67%	11,416/21.46%
		FFs	448/0.42%	531/0.50%	577/0.54%
		Slices	3160/23.71%	1049/7.89%	3385/25.45%
	DSPs		13/5.91%	25/11.36%	28/12.73%
Speed	WNSi (ns)		0.050	0.060	0.149
	Ti (ns)		30.90	27.20	32.40
	Max. Freq. (MHz)		32.41	36.84	31.00
	Throughput (Mbps)		1037.27	1179.07	992.21
Efficiency (Mbps/Slices)			0.32	1.12	0.29
Power (W)			0.152	0.099	0.182

and, as expected, are linked to results for the various proposed PRNGs-CS.

Table 13. Comparison of hardware metrics usage among various chaotic and non-chaotic systems.

Cipher	Device	Frequency (MHz)		Slices	Throughput (Mbps)	Efficiency (Mbps/Slices)	Power (W)
		Clock Frequency	Max. Freq.
LSP-SC	PYNQ-Z2	125	32.41	3160	1037.27	0.32	0.152
LST-SC	PYNQ-Z2	125	36.84	1049	1179.07	1.12	0.099
LSPT-SC	PYNQ-Z2	125	31.00	3385	992.21	0.29	0.182
LST_RC-SC [7]	PYNQ-Z2	125	36.78	1186	1177.20	0.99	0.101
LWCB SC [20]	Zynq-7000	-	18.5	2363 LUTs	565	-	-
Lorenz’s chaotic System [21]	Virtex-II	50	15.598	1926	124	0.06	-
Chaos-ring [22]	Virtex-6	125	464.688	1050	464.688	0.44	-
Trivium [45]	Spartan 3	50	190	388	12,160	31.34	-
Grain-128 [46]	Virtex- II	50	181	48	181	3.77	-
Mickey-128 [46]	Virtex- II	50	200	190	200	1.05	-
ZUC stream cipher	PYNQ-Z2	125	79.52	246	2544.53	10.34	0.23

provides an overview of the hardware metrics comparison of the chaos-based stream ciphers proposed, the ZUC cipher, and chaotic and non-chaotic systems that are part of the eSTREAM project phase 2-focus hardware profile. It is hard to make sense of this comparison due to the varying characteristics of the used FPGAs. However, considering the clock rate of the FPGA board and the efficiency achieved, this comparison can be made. Therefore, with the exception of the Trivium and ZUC ciphers, the proposed chaos-based stream ciphers have competitive hardware performance when compared to most other chaotic and non-chaotic systems. Nevertheless, since 2007, several kinds of attacks have been launched against the eSTREAM cipher and ZUC stream cipher, revealing several vulnerabilities to cryptanalysis attacks [3,41,42,43,44].

Note: Nowadays, promising new fractional chaotic functions have appeared, which seem very robust against cryptographic attacks. We believe they deserve further study to build chaotic fractional systems for data security. The design of such fractional chaotic systems must deal with the trade-offs between safety, performance, and cost.

4. Conclusions

In this paper, we evaluate the statistical security and hardware metrics on a Xilinx PYNQ-Z2 FPGA board using VHDL of some chaotic maps, which are the basic components of the proposed PRNGs-CS. We first demonstrated that the studied chaotic maps have good hardware metrics but cannot be used alone as a secure PRNG. They are weak against statistical attacks and have recognized attractors. Furthermore, we have shown that XORing the output of a chaotic map with an LFSR improves the cryptographic properties of the coupled system. We then studied and implemented a new chaos-based stream cipher (SC) based on a proposed secure PRNGs-CS. The proposed chaotic systems use a weakly coupled matrix that prevents divide-and-conquer attacks on the initial vector (IV) and improves the randomness of the generated sequences. We then evaluated the cryptographic features of the proposed PRNGs-CS and analyzed their performance on hardware metrics. The achieved results show a high level of security on the one hand and good hardware metrics achieved by the proposed PRNGs-CS on the other hand. We then realized corresponding chaos-based stream ciphers and confirmed their resistance to cryptanalysis attacks. We also evaluated their hardware performance and compared them to several chaotic and non-chaotic systems. All the obtained results demonstrate that the proposed chaos-based stream ciphers are alternative candidates for data confidentiality and integrity.