BASIC PRINCIPLES FOR CONSTRUCTING MIXING FUNCTIONS BASED ON THE SIMPLEST LINEAR AND NONLINEAR MAPPINGS

S. Grybniak


Introduction
Cryptographic functions are used in information security tasks. There are a large number of diverse functions used in cryptography, based on various algorithms for their construction. The need to implement information protection in systems with limited computational resources leads to the need for the development of new cryptographic algorithms. The main properties of functions used in these algorithms are the properties of scattering and mixing [1].
From a mathematical point of view, encryption in information systems is often presented as the implementation of various transformations G : X X → on sets of finite messages The practical implementation of mixing functions for large values of requires overcoming significant difficulties associated with describing and setting mixing parameters, developing mathematical and software support, and developing new mathematical models and methods.
Analysis of publications on the research topic One of the most common mathematical methods used to construct mixing functions are nonlinear dynamics methods [2 -5]. This can be explained by the fact that both in cryptography and in nonlinear systems, a nonlinear transformation of the space of the source information (phase space) is performed. On the one hand, this transformation is fully determined, on the other hand, it has aperiodic ergodicity and extreme sensitivity to initial conditions [6,7], which allows for the generation of a pseudorandom chaotic sequence possessing characteristics that coincide with the basic requirements of cryptography. The structure of discrete-time dynamical systems is relatively simple, computer implementation is convenient, and computation speed is high. However, the values of the elements of the resulting chaotic sequence in phase space are distributed non-uniformly, i.e., insufficiently mixed, which leads to security risks [8].
On the other hand, permutation functions based on linear operators (perhaps with an additional modulus comparison operation) mix the elements of the phase space well [9]. Such permutation functions were first constructed and used by L. Hill [10,11]. The main advantages of the Hill cipher are resistance to complete enumeration even with relatively small key sizes, simplicity, and speed of application. However, there is a significant disadvantage inherent in all cryptographic functions with pronounced linear operation properties: vulnerability to chosen plaintext attacks. In this regard, to increase cryptostrength, nonlinear operations must be added to linear ciphers. Combining linear operations, as in the Hill cipher, with nonlinear ones led to the creation of substitution-permutation networks (for example, the Feistel network [12]). Currently, methods for constructing mixing functions that use superpositions of linear and nonlinear operations are still actively used [13].

Purpose and Objectives of the Research
The main objective of this article is to demonstrate the possibility of constructing mixing functions based on simple linear and nonlinear mappings. Specifically, a permutation operator is proposed as a linear mapping, and the classical tent map is suggested as a nonlinear mapping. Other objectives include conducting correlation analysis of the constructed mappings, sensitivity analysis, cycle length analysis, exploring the possibility of generalizing algorithms for constructing mixing functions and applying them to image encryption.

Auxiliary results
Next, we will use the classical Tent mapping [14]: , and mapping q -Tent ( q -an odd number): These mappings have identical properties (they differ from each other by extension/compression) and are interconnected by the relations: Let us note some important properties of the Tent mapping.
( q is an odd number), then the numerator is uniquely restored p , namely, is an even number, or is an odd number. Thus, if p is an even number, then the preimage is uniquely restored from the image. Property 2. The set of proper fractions with even numerators and odd denominators is invariant under the tTent mapping; on this set, the Tent mapping is reversible. As will be shown later, the use of mapping ( ) q f x is more convenient than mapping ( ) f x , firstly, from a computational point of view, and secondly, the fraction / p q can be reduced, and such a reduction is not desirable for the future algorithm.
Also note that the future algorithm requires that computational procedures using the awning mapping be performed without rounding, and hence exclusively with ordinary fractions. The point is that a chaotic system cannot be implemented on a computer because of the finiteness of the number of states. Each subsequent state of the system must not coincide with any previous state of the trajectory. Otherwise (for example, as a result of rounding) the trajectory turns into a cyclic orbit or degenerates into a stationary point, as in the tent mapping. Consider the sequence generated by the Tent mapping We use the EXEL package. Pick a starting ( The first impression is that the problem arose because the number 2 / 3 is not represented as a terminating decimal. Then pick 0 0.4 x = . Theoretically etc. However, as a result of calculations, we obtain Exactly the same results will be obtained in calculations in the MAPLE package (and in other similar packages) if we set 0 HFloat(evalf ( For any other initial values 0 x , we will again receive (54) The reason for such incorrect calculations can be explained by the fact that the number from the segment [0, 1] is represented in the computer in binary notation as a finite sum of numbers of the form On the computers where the iterated sequence was calculated, the maximum order turned out to be 53.
If the q -tent mapping is used on a subset of even natural numbers, then the permutation operator is defined on the set of vectors with components consisting of single-digit natural numbers. The linear permutation operator is defined by a permutation matrix consisting of zeros and ones, with exactly one unit in each row and column. This operator is invertible, and the inverse matrix is equal to the transpose of the original matrix. Thus, both the tent map operator and the permutation operator bijectively map the aforementioned sets onto themselves.

Main result
Let us introduce the following notation. Let there be sets of finite messages X . Let the message be some number x X ∈ , 10 m x < . Let's take this message as: where Mm m × dimension permutation matrix. Obviously, the inverse operator is also a permutation operator: Based on nonlinear operators ( ) x , Where 2 10 1 m q =⋅ − . These operators map one-to-one X → X . Back to them The mixing algorithm is defined by the formula ( , , ) y G x T M = , where the mixing function: Inverse function: Also the mixing function.
The mixing function can also be considered as an encryption function, in which the parameter T and matrix M are the keys.
Naturally, the superposition of mixing functions is a mixing function, i.e.

Correlation analysis
To perform a correlation analysis, we will conduct an experimental test. Let's put 4 m = , Consider three mixing functions:  It can be seen that there is no linear relationship between the sequences , however, a significant dependence (nonlinear) in the first two cases can be observed on the charts (Fig. 1).

Sensitivity analysis
Let there be two messages 0 0 , x y X ∈ , whose numeric representations differ by only one character. Consider successive transformations of these messages under the action of the mixing function  (Fig. 2, 3 and 4).  (Fig. 6).

Analysis of period lengths
The mixing function ( ) G x maps a finite set X into yourself. This means that for any x X ∈ iterative sequence will be periodic, with a period of 10 1 m − at most. When constructing mixing functions, it is important to know how the set is partitioned into subsets defined by periodic orbits. It is important to know the number of these sets and their sizes, i.e. minimum, average and maximum lengths of periodic orbits, and the number of orbits. The presence of a large number of orbits with short lengths is dangerous, because it leads to the formation of patterns.
It is most preferable to have a single long orbit passing through almost all space. An ensemble of single-type orbits of medium length may also be suitable.
Let us again consider the function 3 M M with previously introduced parameter values 1 T , 2 T , 1 M , 2 M . And let us set the task: to find all subsets of the set X , defined by periodic orbits.
Numerical analysis shows that the mapping 3 ( ) G x has three fixed points, four periodic orbits of length 2, one orbit of lengths 3, 4, 6, 16, 17, 19, 319, 9604 each. Table 1 lists the points generating the corresponding periodic orbits. Note that the two longest orbits contain 9923 points, which is more than 99 % of the total number of points in the set X . Such a distribution of mapping cycles testifies to the good diffusion properties of the mixing function, built on the simplest basic principles. On Fig. 7 shows graphs of functions

Modification options for the mixing mapping
When constructing a mixing function: hacking the permutation function would require brute force, i.e. exhaustive search of all possible options. And to break the superposition of two mixing functions, exhaustive search is required when 7 m ≥ . However, the mixing properties of a linear operator can be further enhanced using Hill's algorithm, namely, instead of a permutation matrix, take any m m × matrix, ensuring only that the value of its determinant is not divisible by 2 or 5. Let A is such a matrix. Then the operator: maps X into X unambiguously [10]. The number of suitable matrices is more than ( 1) 10 m m− . On the one hand, only single-digit numbers can be used as elements of the matrix A (since calculations are done modulo 10), on the other hand, matrices with determinants equal to zero, even, or divisible by five should be discarded. It should be noted that (mod10) = M x M x , so the Hill-modified algorithm is a generalization of the above algorithm.
Another way to modify the algorithm is related to dividing the original message into blocks and applying different shuffling functions to different blocks. Moreover, after the first shuffling, it is possible to perform a second division and shuffle again, which generalizes the application of the superposition operation of shuffling functions. For example, let 16 m = . First, we divide the message into blocks 4-8-4 and apply three mixing functions to each block. Then we divide the resulting message into blocks 8-8 and again apply a pair of new mixing functions to each block. In total, there are possible options for using permutation matrices 2 3 16 , for breaking the mixing operator built using mixing functions, a complete enumeration of options is required.

Mixing images
Let's apply the mixing function to encrypt images. Let's take the classical image "Lena" (Fig. 8, a), which consists of 10 561 2 × pixels. Let's build 10 561 2 × matrix that encodes the image. Matrix elements are calculated to 16 decimal places. Round off the matrix elements to two decimal places, thus obtaining a truncated image (Fig. 8, b). Then round the matrix elements to one decimal place (Fig. 8, c). In the last case a significant loss of information is noticeable, the quality of the image has significantly deteriorated. ⋅ blocks of these in each array. For each element of a block, i.e. eight-digit numbers, apply the mixing function. We will get a new set of blocks of two arrays, from which we will compose matrices, and output images that are encoded by these matrices. We will get two mixing images of truncated (to two decimal places and to one decimal place) "Lena" images ( Fig. 9, a and 10, a).
The same mixing function was applied to each block of both arrays. Parameters of the mixing function: 1

Conclusions
In this article, the possibility of using simple principles of dynamic systems theory in computer cryptography has been studied. The main problem with using chaotic systems in computer calculations is that the number of possible states in a computer is finite. Therefore, computer models of chaos are only an approximation of true chaotic behavior. Such an approximation can only convey the property of the original system in the initial iterations. Due to the sensitivity of the system to initial conditions, the trajectories of the original and approximated systems diverge very quickly, with each trajectory of the approximated system becoming periodic.
However, the use of the diffusion properties of nonlinear dynamic systems in spaces with a finite number of states is possible. Moreover, even with the simplest nonlinear mapping, the Tent map, it is possible to construct mixing functions that uniquely map the state space to itself, with good diffusion properties. Superpositions of the nonlinear Tent mapping and the permutation linear mapping (more generally, the Hill mapping) were used for this purpose. For the constructed functions, a correlation analysis, sensitivity analysis, and most significantly, an analysis of cycle lengths that divide the state space into non-intersecting subsets were performed in the case of spaces with a finite number of states. As a result, the expected good diffusion properties of these mixing functions were confirmed. The possibility of using these functions for image encryption was demonstrated. These functions can also be applied in local networks, simplifying mixing and encryption algorithms, which should significantly reduce computation time without losing network cryptostability. Based on the obtained mixing functions, it is planned to construct cryptographic hash functions in the future.