Cryptanalysis and design for a family of plaintext-non-delayed chaotic ciphers

Plaintext non-delayed chaotic cipher (PNDCC) means that in the diffusion equation, plaintext has no delay terms while ciphertext has a feedback term. In existing literature, chaotic cipher diffusions invariably take this form. Since its introduction, PNDCC has attracted attention but also doubts. Designers of chaotic ciphers usually claim PNDCC security by statistical tests, while rigorous cryptographic proofs are absent. Thus, it is necessary to re-examine its design rationale and empirical security. To address this issue, we present a typical example of a three-stage permutation-diffusion-permutation PNDCC, which contains multiple security vulnerabilities. Although all of its statistical indicators show good performance, we are able to break it using four different attacks. The first is a differential attack based on homogeneous operations; the second is an S-PTC attack; the third is a novel impulse-step-based differential attack (ISBDA), proposed in this paper, and the fourth is a novel chain attack, also introduced here. These results demonstrate that the fulfilment of statistical criteria is not a sufficient condition for the security of PNDCC. Then, based on a mathematical model of multi-stage PNDCC, we show that the proposed chain attack can successfully break a class of multi-stage PNDCCs. The key technique of the chain attack depends on how to reveal all permutations. To address this key problem, we summarize the chaining rules and show that, from the attacker's perspective, if the same decryption chain can be reconstructed then all permutations can be deciphered. To that end, the entire diffusion process can be broken by solving a system of simultaneous equations. Finally, as a secure improvement, we propose a new scheme termed plaintext-delayed chaotic cipher (PDCC) that can resist various cryptanalytic attacks.