**Cryptanalyses of Some Multimedia Encryption Schemes**

*Chengqing Li*

**Abstract: **Since early 1990s, chaos has been widely investigated to construct multimedia encryption scheme for its good cryptography-like characteristics, such as the ergodicity, mixing and exactness property and the sensitivity to initial conditions.
This thesis is concerned with the cryptanalyses of some recently-proposed chaos related multimedia encryption schemes. The security of the schemes against some familiar attack methods, such as brute-force attack, known/chosen-plaintext attack, is investigated in detail with theoretical analyses and experimental results.
The main achievements are as follows:

1. Based on a normalized encryption/decryption model, from a general perspective this thesis analyzes the security of permutation-only multimedia ciphers. It is pointed out that all permutation-only image ciphers are insecure against known/chosen-plaintext attacks in the sense that only O (log_L(MN)) known/chosen plain-images are enough to break the ciphers, where MN is the size of the image and L is the number of all possible different pixel values. Also, it is found that the attack complexity is only O(n(MN)^2), where n is the number of known/chosen plain-images used. A recently proposed permutation-only image cipher called hierarchical chaotic image encryption (HCIE) is served as a concretized example to show how the attack work. Experiments are shown to verify the feasibility of the known/chosen-plaintext attacks.

2. The security of a recently proposed chaos-based image encryption scheme called RCES (also called RSES) was analyzed and we found that it can be broken with only one or two known/chosen-plaintexts. In addition, the security of RCES against the brute-force attack was overestimated. Both theoretical and experimental analyses are given to show the performance of the suggested known/chosen-plaintext attacks.

3. This thesis analyzes the security of a new multistage encryption system (MES) recently proposed in ISCAS'2004. It is found that MES is insecure against a differential chosen-plaintext/ciphertext attack. Experiments are given to support the proposed attack. It is also pointed out that the security of MES against brute-force attacks is not sufficiently high.

4. This thesis analyzes the security of a new domino signal encryption algorithm(DSEA), and points out the following weaknesses: 1) its security against the brute-force attack was overestimated; 2) it is not sufficiently secure against ciphertext-only attacks, and only one ciphertext is enough to get some information about the plaintext and to break the value of a sub-key; 3) it is insecure against known/chosen-plaintext attacks, in the sense that the secret key can be recovered from a number of continuous bytes of only one known/chosen plaintext and the corresponding ciphertext. Experimental results are given to show the performance of the proposed attacks.

5. A comprehensive analysis on the security of two-dimensional circulation encryption algorithm (TDCEA) is presented. The following security problems are found: 1) there exist some essential security defects in TDCEA; 2) two known-plaintext attacks can break TDCEA; 3) the chosen-plaintext versions of the aforementioned two known-plaintext attacks can break TDCEA even with a smaller complexity and a better performance. Some experiments are given to show the security defects of TDCEA and the feasibility of the proposed known-plaintext attacks.

6. The security of two neural-network-based encryption schemes, which are proposed by Yen et al. and Zhou et al. respectively, are analyzed in detail. It is found that the former can be easily broken by known/chosen-plaintext attacks and the latter can be broken by a chosen-plaintext attack. Experimental analyses are given to support the feasibility of the proposed attacks.

7. Some insecure properties of a VoIP encryption scheme named hierarchical data security protection (HDSP) are pointed out, which are then used to develop known/chosen-plaintext attacks. The following facts are found: 1) given n known plaintexts, only about (50/2n)% of secret chaotic bits cannot be uniquely determined; 2) given only one specially-chosen plaintext, all secret chaotic bits can be uniquely derived; 3) the secret key can be derived with a practically small complexity even when only one plaintext is known(or chosen). Experiments are given to show the feasibility of the proposed attacks. In addition, it is found that the security of HDSP against the bruteforce attack is not practically strong.

**Category / Keywords: **

**Date: **received 9 Oct 2006

**Contact author: **cqli at ee cityu edu hk

**Available format(s): **PDF | BibTeX Citation

**Note: **The second submission.

**Version: **20061020:095714 (All versions of this report)

**Short URL: **ia.cr/2006/340

[ Cryptology ePrint archive ]