Constructing Keyed Hash Algorithm Using Enhanced Chaotic Map with Varying Parameter

A keyed hash algorithm is proposed based on 1-D enhanced quadratic map (EQM) with varying parameter. ,ree measures, including assigning unique one-time keys, key expansion, and hash length extension, are taken to enhance its security. First, the message is transformed into a parameter sequence for the EQM to be absorbed, and then the extended keys are generated as the initial values of the EQM. Finally, the EQM is iterated with redundant loops to transform the variable values into a hash value.,e algorithm is so flexible that it can generate hash value with different lengths of 256, 512, 1024, or more bits through a parameter switcher, and redundant loops can eliminate the transient effect of chaos and mitigate the increasing threat of the side-channel attack. Security evaluations and comparison demonstrated its practicability and reliability.


Introduction
Hash algorithm is widely used for assuring data integrity in cryptography [1]; it can map a message with arbitrary length to a hash value with fixed length. If the input message is unknown, it is extremely difficult to reconstruct via its hash value. In theoretical cryptography, the security level of a hash algorithm could be defined by three properties [2]: preimage resistance, second preimage resistance, and collision resistance. None of the existing hash algorithms is secure absolutely. Even if a hash algorithm has not been broken up to now, a successful attack against a weakened variant may result in its abandonment, such as the theoretical weaknesses of SHA-1 were found in 2005 [3], a successful attack on MD5 in 2008 [4], and Google announced a collision in SHA-1 in 2017 [5]. Although some recognized hash algorithms, such as SHA-2, SHA-3, and SM3, are still secure up to now, however, all kinds of attacks on them are going on and on [6].
Many hash algorithms based on chaotic maps have been proposed [7]; however, some 1-D chaotic maps, such as logistic map and tent map, are typically insecure or slow, and most of these hash algorithms have been broken successfully.
Xiao et al. [8] constructed a hash algorithm based on the piecewise linear chaotic map with changeable parameter; however, Guo et al. [9] analyzed its weakness and utilized weak keys to construct a collision successfully. Kwok and Tang [10] designed a hash algorithm based on a high-dimension chaotic map, and a compression function was developed according to the diffusion and confusion properties of the chaotic map; however, Deng et al. [11] analyzed the potential flaws in this hash algorithm and took corresponding measures to enhance the influence of a single-bit change in the message on the changes in the final hash value. Liu et al. [12] proposed a keyed hash function using a hyperchaotic system with time-varying parameter perturbation, which is flexible and has a larger key space. Teh et al. [13] designed a keyed hash function based on the logistic map with fixed point representation. Li et al. designed four 128-bit parallel hash functions based on cross-coupled map lattices [14], tent map [15], circular shifts [16], and dynamic S-box [17] with varying parameters.
An attacker can crack the hash value of a short password using a precomputed rainbow table [18]. Petr et al. [19] designed a secure and efficient hash function with extra  padding against rainbow table attacks to block rainbow table  attacks by adding additional identification information to  extend the key length. Herein, we design a novel keyed hash algorithm and take three measures to resist some known attacks. We use a preencoding process to obtain the Unicode of each character in the message, transform it into a parameter sequence for the EQM to absorb, output the extended keys to serve as initial values, and use the generation process to generate a hash value with flexible length by the EQM. Redundant iterations are deliberately designed, which can both eliminate the transient effect of the chaotic map and mitigate the increasing threat of the side-channel attack. Performance evaluation demonstrated the effectiveness and flexibility of the proposed hash algorithm. e remainder of the paper is organized as follows: Section 2 briefly introduces the EQM. Section 3 presents the hash algorithm. In Section 4, we present the experimental evaluation, and in Section 5, we present our conclusion.

The EQM
e classical quadratic map can be expressed using equation (1) [20]: where the control parameter c ∈ [0, 2] and state variable x ∈ [−2, 2]. e bifurcation diagram, phase diagram, and Lyapunov exponent shown in Figure 1 demonstrate that equation (1) has abundant bifurcations and dense windows; hence, the distribution of state points is not uniform, and its randomness is not good.

Hash Algorithm
Input: message M with n characters, which can be single-byte or multibyte, and theoretically, the length of the message can be infinite. A unique one-time 256-bit key is assigned according to each user's identification. Output: hash value H with len-bit. A hash algorithm H (M, len, key) can be described as follows: Step 1 (message pre-encoding): for each character m(i) ∈ M, i � 1, 2, . . . , n, transform it into a corresponding Unicode value using equation (3) to obtain r(i) and serve as varying parameter c of equation (2). It should be noted that even if M is a null string, we can pad four specific characters of "====" to it.
Step 4 (hash value generation): after iterating equation (2) 300 times to eliminate the transient process, continue to iterate it len/16 times using four initial values x r (1, n), x r (2, n), x r (3, n), and x r (4, n) with the salt sequence k ∈ s 1 , s 2 , . . . , s 16 as salt in turn to obtain four variable sequences x TS (j), y TS (j), z TS (j), and u TS (j), j ∈ [1, len/16]. Transform them into unsigned integers within the interval [0, 255] using equation (6) to generate two groups of hash value H 1 and H 2 in hexadecimal form using equation (7), and concatenate them to obtain the final hash value H � H 1 ||H 2 :  (2).
e flowchart of the proposed hash algorithm is shown in Figure 3.

Key Space.
e proposed hash algorithm has a one-time 256-bit external key K; hence, the key space S � 2 256 [22], which is large enough to resist the brute-force attack [23].

Hash Sensitivity to Message and Keys.
A good hash algorithm based on the chaotic map, should be very sensitive to any small change of the input message and initial conditions [12]. In the following tests, M1 represents the original input message, M2, M3, and M4 represent minor modifications to M1, and M5 represents a minor change to K. e original message M1: "as of 2018, the development of actual quantum computers is still in its infancy, but experiments have been carried out in which quantum computational operations were executed on a very small number of quantum bits. Both practical and theoretical research continue, and many national governments and military agencies are funding quantum computing research in additional effort to develop quantum computers for civilian, business, trade, and environmental and national security purposes, such as cryptanalysis. A small 16-qubit quantum computer exists and is available for experiments via the IBM quantum experience project." M2: replace the first character "A" of M1 with "a." M3: replace the last character "." of M1 with ",". M4: add a blank space to the end of M1. M5: change one bit to K. e 256-, 512-, and 1024-bit hash values in hexadecimal form are given in Table 1, and the results of Hamming distance demonstrate that any slight modifications on messages or key will lead to about 50% difference in the hash value.

Statistical Distribution of Hash Value.
e hash value generated by a good hash algorithm should be evenly distributed. Here, we use Figure 4 to show the distributions of the message M1 and hash values of H1 256 and H1 512 ; from Figure 4(a), we can find that the ASCII values of M1 are localized within some specified intervals, while the hash  In addition, we utilize the hash algorithm to calculate the 256-, 512-, and 1024-bit hash values of a null string; from Figure 5, we can infer that the distributions of hash values are also uniform.

Statistical Analysis of Confusion and Diffusion.
e hash value of a good hash algorithm should be confused and diffused completely [12], and the ideal result is that one-bit change to the input bits would lead to 50% change in the output bits. Here, we conducted a large number of experiments to analyze its performance. First, a random message M with the size of L � len × 50 is generated, and len-bit hash value is calculated. Second, a single bit in M is changed, and a new len-bit hash value is calculated. Two hash values are compared bit by bit to obtain the total number of changed bits. e experiment is repeated N = 5000 times with len = 256-bit, 512-bit, and 1024-bit, respectively. e corresponding histogram distribution of the total number of different bits is plotted in Figure 6, which demonstrates that the total numbers of changed bits concentrate around the ideal number 128-bit, 256-bit, and 512bit, i.e., about 50% bits are changed; hence, the results of diffusion and confusion are ideal. e following statistics are used to test the performance of the hash algorithm. Here, len is the length of the hash value, N is the number of tests, B i denotes the number of different bits between the hash values obtained in the i-th test, B min denotes the minimum number of different bits, B max denotes the maximum number of different bits, B denotes the mean changed bit number, P denotes the mean changed probability, ΔB denotes the standard deviation of numbers of changed bits, and ΔP denotes the standard deviation [13].
Tables 2-4 are statistical results obtained by changing one bit to M1 randomly and executing the hash algorithm N times to obtain hash values with different hash lengths of 256-, 512-, and 1024-bit. Every time, the total number of changed bits between the new and the original hash values is calculated.
Tables 5-7 are the comparison results with other hash algorithms, and the results demonstrate that, for all the values belonging to N, the mean changed bit number B is very close to the ideal number of changed bits len/2, from which we can infer that the hash algorithm has strong capability of confusion and diffusion. Meanwhile, the mean changed probability P is very close to the ideal value of 50%, which is one of the desired features of confusion. Another good feature of the hash algorithm is that both ΔP and ΔB  are very small for all the tests, which means that the confusion and diffusion capability is very stable.

Meet-in-the-Middle Attack.
To seek a collision, the meet-in-the-middle attack is conducted on intermediate variables, and a collision could be found if two intermediate variables match [22,23]. is type of attack is invalid for the proposed hash algorithm, due to the initial values of EQM serving as keys, which can make the inverse computation extremely difficult. Hence, the proposed hash algorithm can resist the meet-in-the-middle attack.

Collision Analysis.
To perform a collision analysis, message M1 with the length of L = 50 len is randomly generated, and its len-bit hash values are calculated and stored in ASCII form (8-bit per character). en, we randomly change one bit to M1, calculate its hash value, and compare two hash values to obtain the absolute difference d between two hash values using the following equation [12]: where e i and e i ′ denote the i-th ASCII character of two hash values and the function dec maps an ASCII character to its decimal value. e theoretical value of average absolute distance per character is 85.3333.
In Table 8, we present the minimum, maximum, and mean values of the absolute difference between two hash values, from which we can infer that when we set h = 256 and 512, the results of the proposed hash algorithm are as good as some existing hash algorithms, such as SHA-2, SHA-3, and other chaos-based hash algorithms. Table Resistance Analysis. Rainbow table is a practical example of space/time tradeoff; it uses more computer processing time at the cost of less storage when calculating a hash value on every attempt or less processing time and more storage when comparing to a simple lookup table with one entry per hash. Use of a key derivation function that employs a salt makes this attack ineffective [19]. In the proposed hash algorithm, we took two measures to make the rainbow table attack ineffective. (1) One-time keys: we assign different one-time keys by the key sequence sampled from noise to different users according to their identifications. (2) Random salt: as for equation (2), we add salt derived from the key in each iteration through perturbing the exponent k to make the rainbow table attack ineffective.

Computational Complexity.
e computational complexity [16] of the proposed hash algorithm depends on the

Conclusion
A novel hash algorithm is constructed based on the EQM; three measures, including assigning unique one-time keys adaptively, key expansion, and hash length extension, are taken to resist against the rainbow table attack. ree steps of message pre-encoding, message absorption, and generation of hash value are implemented. e hash algorithm is so flexible that it can be keyed or unkeyed and can generate 256-bit, 512-bit, 1024-bit, or longer hash value through a parameter switcher. Any characters, including single-byte and double-byte characters, can be transformed into a parameter sequence for EQM to absorb. Simulation results and performance analysis demonstrated the effectiveness and flexibility of the proposed hash algorithm. In the future, we intend to research chaos-based parallel hash algorithm that can resist attacks from the quantum computing.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.

Authors' Contributions
Hongjun Liu was the major contributor and contributed to algorithm design; Abdurahman Kadir contributed to algorithm optimization; Chao Ma was responsible for statistics of experimental results; and Chengbo Xu contributed to diagram design.