Due to their significant correlation and redundancy, conventional block cipher cryptosystems are not efficient in encrypting multimedia data. Stream ciphers based on Cellular Automata (CA) can provide a more effective solution. The CA have recently gained recognition as a robust cryptographic primitive, being used as pseudorandom number generators in hash functions, block ciphers and stream ciphers. CA have the ability to perform parallel transformations, resulting in high throughput performance. Additionally, they exhibit a natural tendency to resist fault attacks. Few stream cipher schemes based on CA have been proposed in the literature. Though, their encryption/decryption throughput is relatively low, which makes them unsuitable for multimedia communication. Trivium and Grain are efficient stream ciphers that were selected as finalists in the eSTREAM project, but they have proven to be vulnerable to differential fault attacks. This work introduces a novel and scalable stream cipher named CeTrivium, whose design is based on CA. CeTrivium is a 5-neighborhood CA-based stream cipher inspired by the designs of Trivium and Grain. It is constructed using three building blocks: the Trivium (Tr) block, the Nonlinear-CA (NCA) block, and the Nonlinear Mixing (NM) block. The NCA block is a 64-bit nonlinear hybrid 5-neighborhood CA, while the Tr block has the same structure as the Trivium stream cipher. The NM block is a nonlinear, balanced, and reversible Boolean function that mixes the outputs of the Tr and NCA blocks to produce a keystream. Cryptanalysis of CeTrivium has indicated that it can resist various attacks, including correlation, algebraic, fault, cube, Meier and Staffelbach, and side channel attacks. Moreover, the scheme is evaluated using histogram and spectrogram analysis, as well as several different measurements, including the correlation coefficient, number of samples change rate, signal-to-noise ratio, entropy, and peak signal-to-noise ratio. The performance of CeTrivium is evaluated and compared with other state-of-the-art techniques. CeTrivium outperforms them in terms of encryption throughput while maintaining high security. CeTrivium has high encryption and decryption speeds, is scalable, and resists various attacks, making it suitable for multimedia communication.

The Real-time Transport Protocol (RTP) [

The block ciphers require the input data to be divided into specific block sizes. If the data are not the required size, padding is applied before encryption to make the data a multiple of the block size. However, this process can pose several threats when using SRTP [

Stream ciphers are a class of symmetric key encryption schemes that use a secret key to generate a sequence of random bits, known as the “keystream”. These keystream bits are then combined with the plaintext using the XOR operation. Stream ciphers encrypt/decrypt data one bit or byte at a time, rather than in fixed-size blocks. This design allows them to be more efficient in encrypting large amounts of multimedia data and can also help to preserve data quality. They are known for their efficiency, speed, and limited error propagation [

In 2004, the eSTREAM project [

Trivium was designed to be a more secure and efficient replacement for DES and aimed to promote the development of new stream ciphers. After being selected as a finalist in the eSTREAM project, it was further accepted as the ISO standard. It uses a combination of three Linear Feedback Shift Registers (LFSRs) to generate a keystream. Trivium is a highly efficient stream cipher that requires minimal computational resources. It offers high encryption and decryption speeds and can be easily adapted to various block sizes. Additionally, it has low power consumption, making it suitable for portable and embedded devices. Despite its advantages, in both theoretical and practical studies reported in the literature, Trivium was found to be insecure against Differential Fault Analysis (DFA) and fault injection attacks [

Cellular Automata (CA) [

Recent research has highlighted the effectiveness of CA as a robust cryptographic primitive. CA can serve as one-way functions whose inverse is challenging to determine [

Several stream cipher schemes based on CA have been proposed in the literature [

The NIST (National Institute of Standards and Technology) [

The remainder of the paper is organized as follows. Related work is discussed in

A Pseudorandom Number Generator (PRNG) is a crucial component of stream ciphers, as it forms the basis of the keystream used to encrypt and decrypt plaintext. Many stream cipher schemes have been proposed in the literature based on different techniques for generating pseudorandom numbers, such as shift registers, DNA encoding, noise sources, tree party machines, and chaotic maps. However, as discussed in [

A speech encryption scheme was proposed in [

A speech encryption scheme was proposed in [

A stream cipher scheme was proposed in [

In [

On the basis of the Henon-Tent chaotic pseudorandom number generation technique, an audio encryption scheme was proposed in [

An audio encryption scheme was proposed in [

Few CA-based stream cipher schemes have been introduced in the literature. Sandip and Dipanwita developed a stream cipher called NOCAS [

Das et al. proposed a stream cipher called CASTREAM [

NOCAS, CAvium, and CASTREAM adopt 3-neighborhood CA in their designs. As proven in [

In [

Cellular automata can be described as a mathematical representation of a discrete system that comprises a grid of cells, where each cell has two possible states (0, 1) [^{th}

The value of the cell is determined by its current state and the states of adjacent left and right neighbors. Therefore, ECA is called a 3-neighborhood cellular automaton. At time instant

For ECA, where each cell can store one of two values (0 or 1) and the transition function operates on three cells, the function ^{3 }= 8 various combinations of inputs. As a result, there are 2^{8 }= 256 types of outputs. Therefore, there are

Because rows in CA have a limited number of cells, the boundaries of the rows do not have the complete set of neighbors required by the update function. To address this issue, several approaches exist. A null boundary is used when the values of the extremities’ neighbors are hardcoded as zero. On the other hand, a cyclical or periodic boundary is applied by connecting the extremities’ neighbors to each other. Hybrid CA involve more than one rule in generating the next state [

Previous studies have explored the diffusion, confusion and randomness characteristics of cellular automata rules with 3-, 4-, and 5-neighborhood configurations. The results showed that increasing the neighborhood radius of cellular automata improves the effectiveness of CA in various cryptographic properties. 5-neighborhood CA have a high diffusion rate and are therefore appropriate for high-speed applications [

In the eSTREAM project, the Trivium stream cipher [^{64} bits. The cipher uses a secret key and an Initialization Vector (IV), each of which is 80 bits in length. The cipher’s structure is dependent on three shift registers, which collectively comprise 288 bits. These shift registers have specific sizes of 93, 84, and 111 bits. The feedback for each shift register is generated by combining AND and XOR operations, as illustrated in

The three registers of Trivium are initialized by loading the secret key and the initialization vector, along with a sequence of predetermined zeros and ones. After 1152 iterations, Trivium produces a stream of pseudorandom bits. The keystream is generated by performing XOR operations on specific bits within the three shift registers. Trivium is specifically designed for applications that have limited resources and power. However, as a widely adopted cipher and cryptosystem, it has been the subject of various attacks that undermine its security. These include several differential analysis techniques described in the literature [

Grain-128 [

The feedback function

The nonlinear filter function is defined as:

This section specifies the details of the design of the proposed stream cipher. A high-level block diagram of the construction is shown in

CeTrivium is constructed using three main building blocks, namely, the Tr, NCA, and NM blocks. The Tr block has the same structure as the Trivium stream cipher explained in

The authors in [^{th}

The nonlinear mixing block NM is a nonlinear, balanced, and reversible Boolean function [

where

As shown in

The positions of the 16 taps selected from the two blocks are designated to influence the output of the nonlinear mixing function by all the bits in fewer iterations.

The Trivium cipher is vulnerable to fault injection and side channel attacks [

The CeTrivium cipher operates in two phases: the initialization phase and the keystream generation phase. In the initialization phase, the cipher is initialized with secret keys

To initialize the algorithm, the Tr block is loaded with an 80-bit secret key and an 80-bit initialization vector, and the NCA block is loaded with a 64-bit secret key as follows:

Then, the internal state of the cipher is refreshed 1152 times (rotating the Trivium registerers over 4 full cycles). After each clock cycle, the registers in the Tr block are rotated, and the cells of the NCA block are updated according to the 5-neighborhood CA rules. Moreover, the output of NCA block ^{th} bit (most significant bit) of the NM block’s output is combined through XOR operation with the outputs of the Tr and NCA blocks. This XORed value is the keystream output

Before updating the bits of the NCA and Tr blocks, the taps in the Tr block at positions 163, 181, 207, 235, 21, 73, 111, and 132 are XORed with the taps in the NCA block at positions 2, 10, 18, 26, 34, 42, 50 and 58, respectively, to update the corresponding bits in the NCA block. The initialization phase is iterated 1152 times before producing any keystream to ensure that all bits are affected by the IV and the keys. The initialization phase algorithm is shown in

10 : If |

20 : |

For 288 iterations, the generated keystream bits in the initialization phase are suppressed and are not accessible as output. This number of iterations is sufficient to change all 288 and 64 state bits in the Tr and CA blocks, respectively. Furthermore, the generated keystream bit is influenced by all 320 state bits.

The keystream generation process begins on the 289^{th} iteration, immediately following the initialization phase. The processes of the keystream generation are similar to those of the initialization phase, except that the feedback line from the keystream to the Tr block is removed, as shown in

36 : |

In this section, security analysis for the proposed stream cipher is provided to show how it resists different cryptanalytic attacks that can be performed against stream ciphers.

Statistical testing is a widely employed method to evaluate the output quality of stream ciphers or random number generators. The NIST test suite [

Sl. No. | Test name | Status | |
---|---|---|---|

1 | Longest run of ones | 0.32438 | Pass |

2 | Frequency | 0.87823 | Pass |

3 | Cumulative sums | 0.91831 | Pass |

4 | Runs | 0.71926 | Pass |

5 | Non-overlapping template | 0.56575 | Pass |

6 | Block frequency | 0.68061 | Pass |

7 | FFT | 0.31018 | Pass |

8 | Random excursions | 0.79454 | Pass |

9 | Binary matrix rank | 0.48355 | Pass |

10 | Overlapping template | 0.69689 | Pass |

11 | Random excursions variant | 0.85493 | Pass |

12 | Linear complexity | 0.87474 | Pass |

13 | Serial | 0.54301 | Pass |

14 | Approximate entropy | 0.76159 | Pass |

15 | Maurer’s universal | 0.86901 | Pass |

The first four tests, as shown in

We implemented the CeTrivium cipher using MATLAB and generated different bit streams of length 10^{8} bits. The test suite was then used to divide the input into 100 keystreams of size 10^{6}.

K = 0x5C5C50ED00C48388EA9B0FB7C2047AF6B94E

IV = 0xEBA02E379817D636A144

The results for all tests show that the

Linear correlations between keystream bits and internal state bits can potentially reveal the cipher state. The characteristic that signifies a cipher’s ability to resist correlation attacks is called as resiliency. A function that is balanced and demonstrates immunity to ^{nd}-order correlation immune.

As explained in [^{−72}. Detecting such a correlation would require at least 2^{144} bits of keystream that is not feasible in practice. The nonlinear mixing block NM is a resilient Boolean function [

Algebraic attacks involve identifying a set of equations and then solving them. An algebraic attack depends on the algebraic degree of an encryption algorithm. Increasing the number of nonlinear terms in an encryption algorithm makes it more difficult to attack. As proved in [^{207}. For every iteration, four new variables are generated into the Boolean function, consequently increasing both the algebraic degree and overall complexity.

Trivium stream ciphers are vulnerable to algebraic attacks because of their simple algebraic structure. In [^{42.2} Trivium computations. Therefore, to prevent algebraic attacks, the output of the NCA block is XORed with the outputs of the Tr and NM blocks to generate the keystream. Therefore, CeTrivium can resist algebraic attacks.

A fault attack can be considered an active attack on a cryptosystem [

Unfortunately, studies introduced in [

The cube attack is a form of cryptanalysis attack in which the attacker aims to derive a system of polynomial equations in relation to the unknown bits of the secret key using the output keystream bits of the cipher and a set of IVs [

The effectiveness of cube attacks is contingent upon the algebraic degree of the keystream. As explained above, CeTrivium reaches an algebraic degree of at least 73 after 18 cycles. Additionally, after every cycle, the algebraic degree increases by 4, making it grow rapidly. In addition, the secret key and initialization vector size of 352 further contributes to the complexity of calculating the maxterms. Therefore, CeTrivium can resist cube attacks.

In [

In CeTrivium, there is feedback from the Tr block to the NCA block that is used to update 8 bits in it. Therefore, moving backward from the right-adjacent sequence to determine the left-hand side of the temporal sequence is not possible. Additionally, because a nonlinear mixing function is used with the NCA block to produce keystream bits, the attacker cannot find a relation between the initial state and the keystream. Hence, CeTrivium is resistant to the Meier-Staffelbach attack.

In Side-Channel Attacks (SCAs), attackers attempt to extract information from devices executing cipher algorithms, such as power consumption and emissions of electromagnetic radiation. In [

As explained in [

The memory/time/data tradeoff attacks on stream ciphers have a complexity of O (2^{β}^{/2}), where

The authors in [

In this section, the quality of the CeTrivium stream cipher for encrypting audio signals is demonstrated. MATLAB 2022a was used to implement CeTrivium on a personal computer that has an Intel Core i5-10210U CPU running at @ 2.1 GHz, 8 GB of random access memory (RAM) and a 64-bit Windows 11 Professional operating system. The proposed scheme was applied to a variety of uncompressed (.wav) audio files with different sizes and characteristics (speeches, music, songs, etc.). In order to assess the security of CeTrivium, common measurements were adopted, including histogram, spectrogram, correlation coefficient, Signal-to-Noise Ratio (SNR), Number of Samples Change Rate (NSCR), Peak Signal-to-Noise Ratio (PSNR), entropy, and throughput. In all experiments, the secret key and initial vector described in

Histogram analysis is employed to calculate the distribution of values and to assess the quality of encrypted audio signals. An encryption scheme that can resist statistical attacks encrypts the audio signal into random noise-like signals with equally probable sample values. Histograms of the plain audio files and the corresponding encrypted audio files are shown in

A spectrogram is a graphical depiction that displays the frequency spectrum of an audio file over time. It can be useful for identifying patterns or features in the signal. It is created by breaking the audio samples into smaller segments and then using the Fourier transform to calculate the magnitude of the frequency spectrum for each segment. Spectrogram analysis is an essential tool for evaluating the quality of the encryption scheme. An encryption scheme of high quality would produce an encrypted signal that appears to be random noise when viewed as a spectrogram.

In

Correlation analysis is a statistical method used to assess the robustness of an encryption scheme against various types of statistical attacks. It typically examines the correlation between corresponding segments of the original and encrypted audio files, using the correlation coefficient as the metric. A secure encryption algorithm should convert the original data into a signal that resembles random noise with low correlation. A small correlation coefficient signifies that there is little or no similarity between the original and encrypted audio files. The correlation coefficient

Audio file | Size | Duration | Corr. Coeff. | SNR | PSNR |
---|---|---|---|---|---|

Audio-1 | 62.5 | 2.6 | 0.0021 | −18.2903 | −96.7764 |

Audio-2 | 413.3 | 9.6 | −0.0035 | −23.0901 | −86.0367 |

Audio-3 | 129.1 | 3.0 | −0.0027 | −19.0861 | −86.0266 |

Audio-4 | 200.4 | 4.1 | 0.0047 | −16.6352 | −98.5542 |

Audio-5 | 338.9 | 13.9 | 0.0045 | −18.2351 | −99.3138 |

Audio-6 | 525.3 | 33.6 | −0.0012 | −18.8313 | −86.2838 |

SNR is a measure of signal quality and is commonly employed to evaluate the quality of cipher schemes. It determines the level of noise in the encrypted audio signal relative to the original signal. Cryptanalysts often try to add more noise to the encrypted signal to make it harder to extract useful information from it. The signal-to-noise ratio for the plain and encrypted audio signals is computed as follows:

A higher negative SNR value indicates a stronger encryption scheme. The results of the SNR test for CeTrivium are shown in

PSNR can be used to evaluate the effectiveness of encryption schemes. It measures the strength of the original, unencrypted signal compared to the strength of the encrypted signal. The calculation of PSNR is performed as follows:

Information entropy analysis is used to determine the level of uncertainty or randomness in a signal. It is used for evaluating encryption algorithms, where a higher entropy value of the encrypted signal indicates greater unpredictability and makes it more difficult to break the encryption using statistical attacks. The entropy of a signal can be calculated as follows:

Audio file | Entropy | NCSR (%) | Throughput | |
---|---|---|---|---|

Plain | Encrypted | |||

Audio-1 | 5.1355 | 6.6057 | 100 | 675.6 |

Audio-2 | 3.8802 | 6.5531 | 100 | 888.7 |

Audio-3 | 4.8868 | 6.6102 | 100 | 662.4 |

Audio-4 | 4.3005 | 6.6060 | 100 | 648.0 |

Audio-5 | 4.8414 | 6.6326 | 100 | 746.9 |

Audio-6 | 4.5561 | 6.6136 | 99.99 | 905.3 |

NSCR is a testing method used to evaluate the robustness of ciphering schemes. It measures the percentage of sample values that have changed between the encrypted and original signals. The NSCR test determines how effectively an encryption algorithm has protected the original audio data by comparing the original and encrypted samples.

The ideal NSCR value is 100%, indicating that all sample values have changed during the encryption process. A high NSCR value indicates that the encryption algorithm can efficiently protect the plain audio and is considered highly secure. Conversely, a low NSCR value suggests that the encryption algorithm has not adequately protected the original audio data and is considered less secure. NSCR can be computed as follows:

The NSCR test results for various audio files are shown in

Method | Key space | Corr. | SNR | PSNR | Entropy | NSCR | Throughput |
---|---|---|---|---|---|---|---|

Proposed | 2^{352} |
0.0036 | −19.1 | 5.3 | 6.6 | 100 | 754.4 |

CARPenter | 2^{256} |
0.0013 | −17.3 | 5.4 | 6.5 | 100 | 27.8 |

Pentavium | 2^{288} |
0.0038 | −14.4 | 6.2 | 6.3 | 100 | 79.3 |

AES | 2^{256} |
0.0097 | −1.44 | 8.8 | 6.4 | 99.60 | 9.6 |

[ |
2^{744} |
0.0233 | −34.7 | 62.3 | – | 99.99 | – |

[ |
2^{512} |
0.0034 | −11.6 | 48.5 | 5.4 | 99.99 | 521.3 |

[ |
2^{477} |
0.0029 | −23.8 | – | – | – | – |

[ |
2^{249} |
0.0174 | –29.9 | 4.2 | 4.9 | 99.99 | – |

[ |
2^{928} |
0.0005 | −38.0 | 4.2 | 6.5 | 100 | 32.9 |

[ |
2^{149} |
0.0038 | −16.0 | 4.3 | 6.1 | 99.98 | 213.2 |

[ |
2^{1488} |
0.0094 | −12.4 | 97.9 | 6.6 | 100 | 16.3 |

The size of the key space in an encryption scheme might be sufficiently large to resist brute-force attacks. A key space smaller than 2^{128} is not considered sufficiently secure [^{128}.

As shown in

This work introduces a new stream cipher called CeTrivium, which is based on a hybrid nonlinear CA. CeTrivium is composed of three building blocks: the Tr block, which is structured similarly to the Trivium cipher; the NCA block, which is a nonlinear hybrid 5-neighborhood CA; and the NM block, which is a nonlinear, balanced, and reversible function that combines the outputs of the Tr and NCA blocks to generate the keystream. The NIST statistical test suite was used to evaluate the quality of keystreams. The ^{−72}, which requires at least 2^{144} bits of keystream to detect correlation, which is not feasible. After 18 cycles, the algebraic degree of CeTrivium is 73, which indicates resistance to the algebraic attack and makes performing a fault attack infeasible. The algebraic degree of the keystreams increases by 4 every cycle, making it grow rapidly. This increase in complexity makes it difficult to compute the maxterms and thus helps prevent cube attacks. Because the total number of bits that define the internal state of CeTrivium is 352, it is difficult to perform a data/memory/time/tradeoff attack. Due to using the nonlinear blocks and the nonlinear mixing function, the CeTrivium cipher is robust against side-channel attacks. The scheme is evaluated using histogram and spectrogram analysis, which demonstrates the alterations in encrypted signals compared to orignal signals. In addition, the results for different measurements, such as the correlation coefficient, NSCR, and entropy, confirm the high quality of encryption. The measured SNR and PSNR values show high levels of noise in the encrypted files, which implies resistance to attacks. CeTrivium was compared to other state-of-the-art schemes. We found that it has a higher entropy and NSCR, which indicates that it is more resistant to attacks. Moreover, the encryption throughput of the proposed stream cipher is much higher. We can conclude that CeTrivium has the necessary cryptographic security properties and performance to make it suitable for real-time multimedia transmission. In future work, CeTrivium will be implemented in hardware, and different mixing functions will be adopted to enhance its security performance.

The authors are grateful for the reviewer’s valuable comments that improved the manuscript.

The authors received no specific funding for this study.

The authors confirm contribution to the paper as follows: study conception and design: Osama Younes, Umar Albalawi; data collection: Abdulmohsen Alharbi, Ali Yasseen, Faisal Alshareef, Faisal Albalawi; carrying out coding and experiments: Osama Younes, Abdulmohsen Alharbi, Ali Yasseen, Faisal Alshareef, Faisal Albalawi; analysis and interpretation of results: Osama Younes, Umar Albalawi, Abdulmohsen Alharbi, Ali Yasseen, Faisal Alshareef, Faisal Albalawi; draft manuscript preparation: Osama Younes, Umar Albalawi, Abdulmohsen Alharbi, Ali Yasseen, Faisal Alshareef, Faisal Albalawi; All authors reviewed the results and approved the final version of the manuscript.

Data available on request from the authors.

The authors declare that they have no conflicts of interest to report regarding the present study.