**Robustness and Security of H**∞**-Synchronizer in Chaotic Communication System**

Takami Matsuo, Yusuke Totoki and Haruo Suemitsu *Oita University, Dannoharu, Oita Japan*

## **1. Introduction**

28 Will-be-set-by-IN-TECH

442 Challenges and Paradigms in Applied Robust Control

Walters, C. (1986). Adaptive Management of Renewable Resources. *MacMillan Publishing Co.* Weitzman, M. (2002). Landing fees vs harvest quotas with uncertain fish stocks. *Journal of*

Wilen, J., Homans, F. (1998). What do regulators do? Dynamic behavior of resource managers

in the North Pacific Halibut Fishery 1935-1978. *Ecological Economics 24*(2-3), 289–298

*environmental economics and management 43*(2), 325–338

Zhou, K., Doyle, J. (1998). Essentials of Robust Control. *Prentice Hall*

In recent years, a large amount of work on chaos-based cryptosystems has been published (Kocarev (2001); Millérioux et al. (2008)). A general methodology for designing chaotic and hyperchaotic cryptosystems has been developed using the control systems theory (Grassi et al. (1999); Liao et al. (1999); Yang et al. (1997a;b)). The chaotic communication system is closely related to the concept of chaos synchronization. An overview of chaotic secure communication systems can be found in (Yang (2004)). He classified the continuous-time chaotic secure communication systems into four generations. In the third generation, the combination of the classical cryptographic technique and chaotic synchronization is used to enhance the degree of security. Specifically, Yang *et al.* proposed a new chaos-based secure communication scheme in an attempt to thwart the attacks (Yang et al. (1997a;b)). They have combined both conventional cryptographic method and synchronization of chaotic systems. Their cryptographic method consists of an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key signal for the encryption function, and a decrypter that estimates the key signal. The approach has a limitation since the cryptosystem design may fail if different chaotic circuits are utilized. So far, this generation has the highest security in all the chaotic communication systems had been proposed and has not yet broken. From the control theoretic perspective, the transmitter and the receiver in the chaotic communication system can be considered as the nonlinear plant and its observer, respectively. Grassi *et al.* proposed a nonlinear-observer-based decrypter to reconstruct the state of the encrypter (Grassi et al. (1999); Liao et al. (1999)). They extended the Chua's oscillator to the observer-based decrypter. The cryptosystem does not require initial conditions of the encrypter and the decrypter belonging to the same basin of attraction. If we can design a decrypter without the knowledge of the parameters of the encrypter, the chaos-based secure communication systems are not secure, because the parameters of the encrypter is selected as static secret keys in the cryptosystem. Parameter identification and adaptive synchronization methods may be effective for intruders in building reconstruction mechanisms, even when a synchronizing system is not available. Therefore, it is important for secure issues to investigate whether adaptive identifiers without the system information of encrypter can be constructed or not. We have recently designed an observer-based chaotic communication system combining the cryptosystems proposed by Grassi *et al.* (Grassi et al. (1999)) and by Liao *et al.* (Liao et al. (1999)) that allows us to assign the relative degree and the zeros of its encrypter system (Matsuo et al. (2004)). Specifically, we constructed three cryptosystems based on

a Chua's circuit by assigning its relative degree and zeros. The cryptosystem consists of

to get the key basin width. If the EFA function has numerous minima and a needle-like basin, the security level of the cryptosystem is high. In this case, the evolutionary optimization techniques such as the particle swarm optimization cannot find the secret key using the EFA function (Nomura et al. (2011)). Anstett *et al.* proposed a general framework based on identifiability for the cryptanalysis of chaotic cryptosystems (Anstett et al. (2006)). They also pointed out that cryptosystems involving polynomial nonlinearities are weak against a

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 445

In this chapter, we propose an *H*∞ synchronizer in order to improve the robustness of chaotic communication systems with respect to delays in the transmission line based on the standard linear H∞ control theory. To begin with, we derive an error system between the encrypter and the decrypter and reduce the design problem of the cryptosystem to the stabilization problem of a generalized plant in the robust control theory. Next, we give a synchronizer parameterization and an *H*∞ synchronizer based on the robust control theory. Furthermore, the decrypter dynamics is designed via the linear controller parameterization to make the decrypter robust against disturbances in transmission line and/or sensitive to modeling errors of the decrypter. We present two design requirements on the robustness and the security. We need to design the free parameter such that both the requirements are satisfied. Since we cannot get this solution simultaneously, we design the dynamical compensator so as to satisfy the robustness requirement and then check the sensitivity to the key parameter mismatches whether the parameters in encrypter may play the role of the secret key or not, numerically. Finally, the proposed system is compared with that proposed by Grassi et al. using MATLAB

known plaintext attack.

simulations.

 *A B C D* 

The following notation is used (Doyle et al. (1989)) :

F*l*(*G*, *Q*) : lower linear fractional transformation

the adaptive decrypter as a tool for ciphertext-only attacks.

**2. Observer-based chaotic communication system with free dynamics**

Grassi *et al.* (Grassi et al. (1999)) proposed a nonlinear-observer-based cryptosystem that is an extension of the cryptosystem proposed by Yang *et al.* (Yang et al. (1997b)). The cryptographic method consists of an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key signal for the encryption function, and a decrypter that estimates the key signal. The transmitted signal through a public channel contains the nonlinear function that is equivalent to that of the encrypter. We add a dynamic compensator in the transmitted signal to the observer-based chaotic communication system proposed by Grassi *et al.* Figure 1 shows the relationship among the encrypter, the observer-based decrypter and the adaptive decrypter where we use

The cryptosystem consists of an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key

> *x*˙ = *Ax* + *b*<sup>2</sup> *f*(*x*) + *b*2*en* (1) *v* = *P*(*s*)*x* (2) *y* = *v* + *en* + *f*(*x*) (3)

signal for the encryption function, and a decrypter that estimates the key signal.

The chaotic encrypter is described by the following equations:

:<sup>=</sup> *<sup>C</sup>*(*sI* <sup>−</sup> *<sup>A</sup>*)−1*<sup>B</sup>* <sup>+</sup> *<sup>D</sup>*

• **Part 1 : dynamic encrypter**

an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key signal for the encryption function, and a decrypter that estimates the key signal. The proposed cryptosystem allows us to assign the relative degree and the zeros of the encrypter dynamics by selecting an output vector that generates a transmitted signal as partial states of the encrypter. As in (Fradkov et al. (1997; 2000)), we can design an adaptive decrypter for minimum-phase systems with its relative degree 1. Therefore, the encrypter dynamics should be design such that its relative degree is more than two and its zeros are unstable so as to fail to synchronize the cryptosystem adaptively. At the same time, the designed cryptosystem should be robust with respect to uncertainties of the transmission lines such as a time delay, and noises. Suykens *et al.* (Suykens et al. (1997a;b)) presented a nonlinear H∞ synchronization method for chaotic Lur'e systems based on the dissipativity of nonlinear systems to minimize the influence of the exogenous input such as the message signal and channel noises.

However, many proposed systems with robustness against parameter uncertainties and signal uncertainties are difficult to implement in practice with a reasonable degree of security. The basic difference between the conventional cryptography and the chaos cryptography is that the conventional encryption is defined discrete sets and the chaos encryption is defined on continuous sets. This makes the keyspace behavior of chaotic systems vary different that of conventional systems. Due to the continuous-value property, keys in chaotic cryptosystems form a key basin around the actual secret key.

When one key is very close to the real one, it could decrypt part or all of the ciphertext (Alvarez et al. (2006)). To avoid brute-force attacks, a secret parameter should be sensitive enough to guarantee the so-called avalanche property: even when the smallest change occurs in the parameter, the ciphertext will change dramatically (Alvarez et al. (2006)).

Various attacks such as the nonlinear forecasting, the return map, the adaptive parameter estimation, the error function attack (EFA), and inverse computation based on the chosen cipher attack, are proposed to recover messages from the chaotic ciphers (Zhou (2005)). Short (Parke et al. (2001); Short (1994; 1996)) and Guojie *et al.* (Guojie et al. (2003)) have proposed the attack strategies against chaotic communication systems. Short analyzed only the encrypter by using the nonlinear forecasting method that belongs to ciphertext-only attack when the attacker does not know the structure of the encryption system. They discussed the secure property of chaos communication based on chaotic parameter modulation from the chosen-ciphertext attack under the Kerckhoff principle (Guojie et al. (2003)). Guojie *et al.* discussed the secure property of chaos communication based on chaotic parameter modulation from the chosen-ciphertext attack under the Kerckhoff principle. We proposed chaotic communication systems using the adaptive control and robust control technologies (Matsuo et al. (2004; 2008)).

Wang *et al.* (Wang et al. (2004)) presented the error function attack to evaluate system security as an efficient cryptanalysis tool based on the public-structure and known-plaintext cryptanalysis. By defining the EFA function, an eavesdropper can scan the whole keyspace to find out the proper key that satisfies the EFA function with zero value. Since keys that are not identical with but are very close to the real one can be used to synchronize the two systems very well, a key basin around the actual secret key is formed. Once the eavesdropper knows the key basin, the correct key can be easily obtained through some optimization algorithms. To evaluate the security performance, Wang *et al.* also defined the key basin width by the distance between two trial keys located on the two sides of the key basin. The narrower than the whole keyspace the key basin width is, the higher the security of the cryptosysytem is. However, a systematic approach to get the key basin width is lacking. The brute-force-like calculations are needed to draw the shape of the EFA function. Thus, a considerable computing time is needed 2 Will-be-set-by-IN-TECH

an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key signal for the encryption function, and a decrypter that estimates the key signal. The proposed cryptosystem allows us to assign the relative degree and the zeros of the encrypter dynamics by selecting an output vector that generates a transmitted signal as partial states of the encrypter. As in (Fradkov et al. (1997; 2000)), we can design an adaptive decrypter for minimum-phase systems with its relative degree 1. Therefore, the encrypter dynamics should be design such that its relative degree is more than two and its zeros are unstable so as to fail to synchronize the cryptosystem adaptively. At the same time, the designed cryptosystem should be robust with respect to uncertainties of the transmission lines such as a time delay, and noises. Suykens *et al.* (Suykens et al. (1997a;b)) presented a nonlinear H∞ synchronization method for chaotic Lur'e systems based on the dissipativity of nonlinear systems to minimize the influence of the exogenous

However, many proposed systems with robustness against parameter uncertainties and signal uncertainties are difficult to implement in practice with a reasonable degree of security. The basic difference between the conventional cryptography and the chaos cryptography is that the conventional encryption is defined discrete sets and the chaos encryption is defined on continuous sets. This makes the keyspace behavior of chaotic systems vary different that of conventional systems. Due to the continuous-value property, keys in chaotic cryptosystems

When one key is very close to the real one, it could decrypt part or all of the ciphertext (Alvarez et al. (2006)). To avoid brute-force attacks, a secret parameter should be sensitive enough to guarantee the so-called avalanche property: even when the smallest change occurs in the

Various attacks such as the nonlinear forecasting, the return map, the adaptive parameter estimation, the error function attack (EFA), and inverse computation based on the chosen cipher attack, are proposed to recover messages from the chaotic ciphers (Zhou (2005)). Short (Parke et al. (2001); Short (1994; 1996)) and Guojie *et al.* (Guojie et al. (2003)) have proposed the attack strategies against chaotic communication systems. Short analyzed only the encrypter by using the nonlinear forecasting method that belongs to ciphertext-only attack when the attacker does not know the structure of the encryption system. They discussed the secure property of chaos communication based on chaotic parameter modulation from the chosen-ciphertext attack under the Kerckhoff principle (Guojie et al. (2003)). Guojie *et al.* discussed the secure property of chaos communication based on chaotic parameter modulation from the chosen-ciphertext attack under the Kerckhoff principle. We proposed chaotic communication systems using the adaptive control and robust control technologies

Wang *et al.* (Wang et al. (2004)) presented the error function attack to evaluate system security as an efficient cryptanalysis tool based on the public-structure and known-plaintext cryptanalysis. By defining the EFA function, an eavesdropper can scan the whole keyspace to find out the proper key that satisfies the EFA function with zero value. Since keys that are not identical with but are very close to the real one can be used to synchronize the two systems very well, a key basin around the actual secret key is formed. Once the eavesdropper knows the key basin, the correct key can be easily obtained through some optimization algorithms. To evaluate the security performance, Wang *et al.* also defined the key basin width by the distance between two trial keys located on the two sides of the key basin. The narrower than the whole keyspace the key basin width is, the higher the security of the cryptosysytem is. However, a systematic approach to get the key basin width is lacking. The brute-force-like calculations are needed to draw the shape of the EFA function. Thus, a considerable computing time is needed

parameter, the ciphertext will change dramatically (Alvarez et al. (2006)).

input such as the message signal and channel noises.

form a key basin around the actual secret key.

(Matsuo et al. (2004; 2008)).

to get the key basin width. If the EFA function has numerous minima and a needle-like basin, the security level of the cryptosystem is high. In this case, the evolutionary optimization techniques such as the particle swarm optimization cannot find the secret key using the EFA function (Nomura et al. (2011)). Anstett *et al.* proposed a general framework based on identifiability for the cryptanalysis of chaotic cryptosystems (Anstett et al. (2006)). They also pointed out that cryptosystems involving polynomial nonlinearities are weak against a known plaintext attack.

In this chapter, we propose an *H*∞ synchronizer in order to improve the robustness of chaotic communication systems with respect to delays in the transmission line based on the standard linear H∞ control theory. To begin with, we derive an error system between the encrypter and the decrypter and reduce the design problem of the cryptosystem to the stabilization problem of a generalized plant in the robust control theory. Next, we give a synchronizer parameterization and an *H*∞ synchronizer based on the robust control theory. Furthermore, the decrypter dynamics is designed via the linear controller parameterization to make the decrypter robust against disturbances in transmission line and/or sensitive to modeling errors of the decrypter. We present two design requirements on the robustness and the security. We need to design the free parameter such that both the requirements are satisfied. Since we cannot get this solution simultaneously, we design the dynamical compensator so as to satisfy the robustness requirement and then check the sensitivity to the key parameter mismatches whether the parameters in encrypter may play the role of the secret key or not, numerically. Finally, the proposed system is compared with that proposed by Grassi et al. using MATLAB simulations.

The following notation is used (Doyle et al. (1989)) :

$$\begin{array}{l} \mathcal{F}\_l(G, Q) : \text{lower linear fractional transformation} \\ \left[ \begin{array}{c} A \mid B \\ \overline{C} \mid D \end{array} \right] := \mathcal{C}(sI - A)^{-1}B + D \end{array}$$

### **2. Observer-based chaotic communication system with free dynamics**

Grassi *et al.* (Grassi et al. (1999)) proposed a nonlinear-observer-based cryptosystem that is an extension of the cryptosystem proposed by Yang *et al.* (Yang et al. (1997b)). The cryptographic method consists of an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key signal for the encryption function, and a decrypter that estimates the key signal. The transmitted signal through a public channel contains the nonlinear function that is equivalent to that of the encrypter. We add a dynamic compensator in the transmitted signal to the observer-based chaotic communication system proposed by Grassi *et al.* Figure 1 shows the relationship among the encrypter, the observer-based decrypter and the adaptive decrypter where we use the adaptive decrypter as a tool for ciphertext-only attacks.

The cryptosystem consists of an encryption function (the multi-shift cipher), a decryption function (the inverse of the encryption function), a chaotic encrypter that generates the key signal for the encryption function, and a decrypter that estimates the key signal.

#### • **Part 1 : dynamic encrypter**

The chaotic encrypter is described by the following equations:

$$
\dot{\mathbf{x}} = A\mathbf{x} + b\_2 f(\mathbf{x}) + b\_2 e\_n \tag{1}
$$

$$
v = P(s)\mathbf{x} \tag{2}$$

$$y = v + e\_{\mathbb{N}} + f(\mathbf{x})\tag{3}$$

where *e*ˆ*n* is a recovered signal of the plain text.

*p*ˆ(*t*) can be recovered by the following equations:

Using the estimated signals *K*ˆ(*t*) and *e*ˆ*n*(*t*) by the decrypter, the estimate of the plaintext

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 447

where *K*ˆ is an estimate of the stream key signal and *d* is the decryption function given by *<sup>p</sup>*ˆ(*t*) = *<sup>q</sup>*(··· *<sup>q</sup>*(*q*(*e*ˆ*n*(*t*), <sup>−</sup>*K*ˆ(*t*)),−*K*ˆ(*t*)), ···), <sup>−</sup>*K*ˆ(*t*)).

If the transmitted signal is disturbed by an additional disturbance *w*(*t*), the signal is rewritten

When some of parameters of the dynamic encrypter are unknown, the dynamic decrypter constructed by a receiver based on the information of the encrypter has parametric

uncertainties. The decrypter used by any receivers including intruders is given by

*x*ˆ = *A*˜*x*ˆ + ˜

*<sup>e</sup>*ˆ*<sup>n</sup>* <sup>=</sup> *<sup>y</sup>*˜ <sup>−</sup> (*v*<sup>ˆ</sup> <sup>+</sup> ˜

*<sup>f</sup>*(*x*ˆ) = *<sup>y</sup>*˜ <sup>−</sup> (*v*<sup>ˆ</sup> <sup>+</sup> ˜

knows all parameters of the encrypter. On the other hand, a decrypter used by an intruder has uncertainties in the encrypter dynamics, the nonlinear function, and the synchronizer. In this chapter, we assume that the intruder knows the *H*<sup>∞</sup> synchronizer, *P*(*s*) = *P*˜(*s*) but does not know the values of *<sup>A</sup>*, *<sup>b</sup>*2, *i.e.* <sup>Δ</sup>(*t*) �<sup>=</sup> 0, and the nonlinear function, *i.e. f*(·) �<sup>=</sup> ˜

Defining the estimation error of the decrypter as *e*(*t*) = *x*ˆ(*t*) − *x*(*t*), we have the following

˙

*p*ˆ(*t*) = *d*(*e*ˆ*n*(*t*), *K*ˆ(*t*)) (10) *K*ˆ(*t*) = *kTx*ˆ (11)

*y*˜(*t*) = *v*(*t*) + *en*(*t*) + *f*(*x*(*t*)) + *ω*(*t*) (12)

*b*2*ey* (13)

*f*(*x*ˆ)) (15)

*f*(*x*ˆ)). (18)

*<sup>f</sup>*(·), *<sup>P</sup>*(*s*) = *<sup>P</sup>*˜(*s*) since he

*f*(·).

*v*ˆ = *P*˜(*s*)*x*ˆ (14)

*b*<sup>2</sup> in the encrypter dynamics as Δ, the perturbed nonlinear

*x*ˆ = *Ax*ˆ + *b*1Δ + *b*2*ey* (16) *<sup>v</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>P</sup>*˜(*s*)*x*ˆ, *ey* <sup>=</sup> *<sup>y</sup>*˜ <sup>−</sup> *<sup>v</sup>*<sup>ˆ</sup> (17)

*e*˙(*t*) = *Ae*(*t*) + *b*1Δ(*t*) + *b*2*ω*(*t*) − *b*2*ξ*(*t*) (19) *ξ*(*t*) = *P*(*s*)*e* (20)

*<sup>f</sup>*(*x*), and the perturbation of the *<sup>H</sup>*<sup>∞</sup> synchronizer as *<sup>P</sup>*˜(∗), we assume that

• **Part 4 : decryption function**

**3. Design of** *H*∞**-synchronizer**

Denoting the uncertainties of *A*˜, ˜

the decrypter with the uncertainties is given by

˙

*<sup>e</sup>*ˆ*<sup>n</sup>* <sup>=</sup> *ey* <sup>−</sup> ˜

A decrypter used by an authorized user satisfies <sup>Δ</sup>(*t*) = 0, *<sup>f</sup>*(·) = ˜

function of *f*(*x*) as ˜

error system:

by

**3.1 Error equations and generalized system**

Fig. 1. Chaotic cryptosystem configuration.

where *y* is the transmitted signal that includes the nonlinear function, *P*(*s*) is a transfer function that lets a decrypter synchronize the encrypter, and *s* = *<sup>d</sup> dt*. We call this transfer function *P*(*s*) a synchronizer.

#### • **Part 2 : encryption function**

Given a plaintext signal *p*(*t*), the ciphertext *en*(*t*) is given by

$$e\_{\boldsymbol{\theta}}(t) = e\_{\boldsymbol{\theta}}(p(t), \boldsymbol{\mathsf{K}}(t)) \tag{4}$$

where *K*(*t*) is a stream key signal that is generated by the encrypter dynamics and is given by the following equation:

$$\mathbf{K}(t) = \mathbf{k}^T \mathbf{x}.\tag{5}$$

The signal *en* is a generic encryption function that makes use of the key signal and we choose a encryption function as the following *n*-shift cipher:

$$\begin{aligned} e\_n(p(t), \mathcal{K}(t)) &= q(\cdot \cdot \cdot q(q(p(t), \mathcal{K}(t)), \mathcal{K}(t)), \cdot \cdot \cdot), \mathcal{K}(t)) \\ q(\boldsymbol{x}, k) &= \begin{cases} (\boldsymbol{x} + \boldsymbol{k}) + 2\boldsymbol{h}, & -2\boldsymbol{h} \le (\boldsymbol{x} + \boldsymbol{k}) \le -\boldsymbol{h} \\ (\boldsymbol{x} + \boldsymbol{k}), & -\boldsymbol{h} < (\boldsymbol{x} + \boldsymbol{k}) < \boldsymbol{h} \\ (\boldsymbol{x} + \boldsymbol{k}) - 2\boldsymbol{h} & \boldsymbol{h} \le (\boldsymbol{x} + \boldsymbol{k}) \le 2\boldsymbol{h} \end{cases} \end{aligned}$$

• **Part 3 : dynamic decrypter with free dynamics** Given the encrypter, the decrypter used by an authorized user is the following observer:

$$
\dot{\mathfrak{X}} = A\mathfrak{X} + b\_2 e\_y \tag{6}
$$

$$\mathfrak{d} = P(\mathfrak{s})\mathfrak{k} \tag{7}$$

$$e\_{\mathcal{Y}} = \mathcal{Y} - \mathcal{\vartheta} = P(s)(\mathfrak{x} - \mathfrak{x}) + e\_{\mathfrak{n}} + f(\mathfrak{x}) \tag{8}$$

$$\mathfrak{A}\_{\mathfrak{n}} = \mathfrak{y} - (\mathfrak{v} + f(\mathfrak{x})) \tag{9}$$

where *e*ˆ*n* is a recovered signal of the plain text.

#### • **Part 4 : decryption function**

4 Will-be-set-by-IN-TECH

where *y* is the transmitted signal that includes the nonlinear function, *P*(*s*) is a transfer

where *K*(*t*) is a stream key signal that is generated by the encrypter dynamics and is given

The signal *en* is a generic encryption function that makes use of the key signal and we

*en*(*p*(*t*),*K*(*t*)) = *q*(··· *q*(*q*(*p*(*t*),*K*(*t*)),*K*(*t*)), ···), *K*(*t*))

Given the encrypter, the decrypter used by an authorized user is the following observer:

(*x* + *k*) + 2*h*, −2*h* ≤ (*x* + *k*) ≤ −*h* (*x* + *k*), −*h* < (*x* + *k*) < *h* (*x* + *k*) − 2*h h* ≤ (*x* + *k*) ≤ 2*h*

*x*ˆ = *Ax*ˆ + *b*2*ey* (6) *v*ˆ = *P*(*s*)*x*ˆ (7) *ey* = *y* − *v*ˆ = *P*(*s*)(*x* − *x*ˆ) + *en* + *f*(*x*) (8) *e*ˆ*<sup>n</sup>* = *y* − (*v*ˆ + *f*(*x*ˆ)) (9)

User

(n-shift cipher) Decryption function

Chaotic dynamics Estimator for key signal and

(Observer-based decrypter)

*en*(*t*) = *en*(*p*(*t*), *K*(*t*)) (4)

*K*(*t*) = *kTx*. (5)

Estimate of cipher text

Recovered plain text

*dt*. We call this transfer

Estimate of key signal

cipher text

Administrator Encryption function (n-shift cipher)

Plain text

Key signal

Intruder

Fig. 1. Chaotic cryptosystem configuration.

function *P*(*s*) a synchronizer. • **Part 2 : encryption function**

by the following equation:

Chaotic dynamics (Generator for key and transmitted signals)

Adaptive synchronizer Adaptive decrypter

function that lets a decrypter synchronize the encrypter, and *s* = *<sup>d</sup>*

Given a plaintext signal *p*(*t*), the ciphertext *en*(*t*) is given by

choose a encryption function as the following *n*-shift cipher:

*q*(*x*, *k*) =

˙

• **Part 3 : dynamic decrypter with free dynamics**

⎧ ⎨ ⎩

Cipher text

Using the estimated signals *K*ˆ(*t*) and *e*ˆ*n*(*t*) by the decrypter, the estimate of the plaintext *p*ˆ(*t*) can be recovered by the following equations:

$$
\hat{p}(t) = d(\hat{e}\_n(t), \hat{\mathbb{K}}(t)) \tag{10}
$$

$$
\hat{\mathbb{K}}(t) = k^T \mathfrak{x} \tag{11}
$$

where *K*ˆ is an estimate of the stream key signal and *d* is the decryption function given by

$$\phi(t) = q(\cdot \cdot \cdot q(q(\ell\_n(t), -\ddot{\mathsf{K}}(t)), -\ddot{\mathsf{K}}(t)), \cdot \cdot \cdot), -\ddot{\mathsf{K}}(t)).$$

## **3. Design of** *H*∞**-synchronizer**

#### **3.1 Error equations and generalized system**

If the transmitted signal is disturbed by an additional disturbance *w*(*t*), the signal is rewritten by

$$
\vec{y}(t) = \upsilon(t) + e\_{\text{\tiny{e}}}(t) + f(\text{x}(t)) + \omega(t) \tag{12}
$$

When some of parameters of the dynamic encrypter are unknown, the dynamic decrypter constructed by a receiver based on the information of the encrypter has parametric uncertainties. The decrypter used by any receivers including intruders is given by

$$
\dot{\mathfrak{X}} = \tilde{A}\mathfrak{X} + \tilde{b}\_2 e\_y \tag{13}
$$

$$
\mathfrak{d} = \mathfrak{P}(\mathfrak{s})\mathfrak{f} \tag{14}
$$

$$\mathfrak{E}\_{\mathfrak{n}} = \mathfrak{F} - \left(\mathfrak{d} + \tilde{f}(\mathfrak{k})\right) \tag{15}$$

Denoting the uncertainties of *A*˜, ˜ *b*<sup>2</sup> in the encrypter dynamics as Δ, the perturbed nonlinear function of *f*(*x*) as ˜ *<sup>f</sup>*(*x*), and the perturbation of the *<sup>H</sup>*<sup>∞</sup> synchronizer as *<sup>P</sup>*˜(∗), we assume that the decrypter with the uncertainties is given by

$$
\dot{\hat{x}} = A\hat{x} + b\_1\Delta + b\_2e\_y \tag{16}
$$

$$
\mathfrak{d} = \tilde{P}(s)\mathfrak{k}, \ e\_{\mathfrak{Y}} = \mathfrak{Y} - \mathfrak{d} \tag{17}
$$

$$\mathfrak{e}\_{\mathfrak{n}} = \mathfrak{e}\_{\mathfrak{Y}} - \tilde{f}(\mathfrak{X}) = \mathfrak{y} - (\mathfrak{v} + \tilde{f}(\mathfrak{X})).\tag{18}$$

A decrypter used by an authorized user satisfies <sup>Δ</sup>(*t*) = 0, *<sup>f</sup>*(·) = ˜ *<sup>f</sup>*(·), *<sup>P</sup>*(*s*) = *<sup>P</sup>*˜(*s*) since he knows all parameters of the encrypter. On the other hand, a decrypter used by an intruder has uncertainties in the encrypter dynamics, the nonlinear function, and the synchronizer. In this chapter, we assume that the intruder knows the *H*<sup>∞</sup> synchronizer, *P*(*s*) = *P*˜(*s*) but

does not know the values of *<sup>A</sup>*, *<sup>b</sup>*2, *i.e.* <sup>Δ</sup>(*t*) �<sup>=</sup> 0, and the nonlinear function, *i.e. f*(·) �<sup>=</sup> ˜ *f*(·). Defining the estimation error of the decrypter as *e*(*t*) = *x*ˆ(*t*) − *x*(*t*), we have the following error system:

$$
\dot{e}(t) = Ae(t) + b\_1 \Delta(t) + b\_2 \omega(t) - b\_2 \xi(t) \tag{19}
$$

$$
\xi(t) = P(s)e\tag{20}
$$

Δ

*w*

*ξ*

*u*

*<sup>o</sup>*(*s*), *Q*(*s*)) (25)

⎦ (26)

⎤

*w*

*Gi*(*s*), *i* = 1, 2

*G*(*s*)

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 449

*Po*(*s*)

*Go*(*s*)

*Po*(*s*)

*AK* + *H*0*C*<sup>2</sup> + *B*2*F*<sup>0</sup> −*H*<sup>0</sup> *B*<sup>2</sup> *F*<sup>0</sup> *K*<sup>0</sup> *I* −*C*<sup>2</sup> *I* 0

For any choice of *K*0, we can obtain the parameterization of *K*(*s*) as follows (Matsuo et al.

�

*F*<sup>0</sup> s.t. *AK* + *B*2*F*<sup>0</sup> is stable *H*<sup>0</sup> s.t. *AK* + *H*0*C*<sup>2</sup> is stable.

Since *Po*(*s*) is a stabilizing compensator for each *Q*(*s*) ∈ *RH*∞, (25) is one of the parameterization of stabilizing compensators. This LFT form is equal to the Youla parameterization when the static output feedback gain, *K*0, is selected as zero. When the generalized plant can be stabilized by a static output feedback gain, *i.e.* there exists an output feedback gain *K*<sup>0</sup> such that *AK* is stable, we can set *H*<sup>0</sup> = 0, *F*<sup>0</sup> = 0. In this case, the

*eK*,*e*˜*<sup>n</sup>*

*cT*

*z*

(1998)):

where

*e*

Fig. 2. Generalized plant and synchronizer in the chaotic communication system.

*y*

Fig. 3. Generalized plant and controller in the robust control theory.

*Po*(*s*) = <sup>F</sup>*l*(*P*˜

*<sup>Q</sup>*(*s*) = �

⎡ ⎣

> *Ac*<sup>22</sup> *Bc*<sup>2</sup> *Cc*<sup>2</sup> *Dc*<sup>2</sup>

*AK* = *A* + *B*2*K*0*C*<sup>2</sup>

*Ac*<sup>22</sup> : stable

*P*˜ *<sup>o</sup>*(*s*) =

We assign the estimation error of the key signal *eK* or that of cipher text *e*˜*<sup>n</sup>* to the controlled output as follows:

$$\begin{aligned} e\_K(t) &= \hat{K}(t) = k^T e(t) \\ \tilde{e}\_n &= \hat{e}\_n - e\_n = \tilde{y} - \hat{v} - \tilde{f}(\hat{\mathfrak{x}}) - e\_n \\ &= -\tilde{\xi} + (f(\mathfrak{x}) - \tilde{f}(\hat{\mathfrak{x}})) + \omega \end{aligned}$$

If lim*t*→<sup>∞</sup> *<sup>ω</sup>*(*t*) = 0,lim*t*→∞(*f*(*x*) <sup>−</sup> ˜ *f*(*x*ˆ)) = 0 and lim*t*→<sup>∞</sup> *e*(*t*) = 0, then the plaintext can be recovered by the decrypter ,lim*t*→∞(*en*(*t*) − *e*ˆ*n*(*t*)) = 0. Since *<sup>f</sup>*(·) = ˜ *f*(·) for authorized users, we have

$$\begin{aligned} |\tilde{e}\_{\mathfrak{H}}| &\le |\mathfrak{f}| + |f(\mathfrak{x}) - f(\mathfrak{x})| + |w| \\ &\le |P(s)e| + \gamma ||e|| + |w|. \end{aligned}$$

Thus, if lim*t*→<sup>∞</sup> *w*(*t*) = 0 and lim*t*→<sup>∞</sup> *e*(*t*) = 0, then we attain the recover the plaintext, *i.e.* lim*t*→∞(*en*(*t*) − *e*ˆ*n*(*t*)) = 0.

For each controlled output, the generalized plant in Fig. 2 is defined as:

• When the controlled output is *eK*, the generalize plant is

$$G\_1(s) = \begin{bmatrix} \frac{A \ \begin{bmatrix} b\_1 & b\_2 \end{bmatrix} - b\_2}{k^I} \\ I \end{bmatrix} \begin{array}{c} 0 \\ 0 \\ 0 \end{array} \tag{21}$$

• When the controlled output is the upper bound of |*e*˜*n*|, the generalize plant is

$$\mathbf{G}\_2(s) = \begin{bmatrix} \frac{A \ \begin{bmatrix} b\_1 & b\_2 \end{bmatrix} - b\_2}{k^T} \\\ I \end{bmatrix}. \tag{22}$$

#### **3.2 Synchronizer parameterization**

To design the synchronizer based on the static output-feedback-based controller, we rewrite the generalized plant as in Fig.2. Since we can select the input of the synchronizer as arbitrary scalar signal, the signal in Eq.(2) is chosen as *v*(*t*) = *P*(*s*)*x*(*t*) = *Po*(*s*)*cTx*(*t*), where *c* is an arbitrary vector.

We call a stabilizing compensator *Po*(*s*) for the generalized plant *G*(*s*) the synchronizer of the chaotic cryptosystem. The design problem of the synchronizer is summarized as follows:

Given a generalized plant *G*(*s*) as in Fig. 2, parameterize all synchronizer *P*(*s*) that internally stabilize *G*(*s*).

We consider the *n*-th order generalized plant in Fig.3, where (*A*, *B*2) is stabilizable and (*A*, *C*2) is detectable;

$$\mathbf{G}\_{o}(\mathbf{s}) = \begin{bmatrix} \mathbf{G}\_{11} \ \mathbf{G}\_{12} \\ \mathbf{G}\_{21} \ \mathbf{G}\_{22} \end{bmatrix} = \begin{bmatrix} A \begin{bmatrix} B\_{1} & B\_{2} \\ \hline C\_{1} \ D\_{11} & D\_{12} \\ C\_{2} \ D\_{21} & 0 \end{bmatrix} \end{bmatrix} \tag{23}$$

and the *p*-th order dynamic stabilizing compensator,

$$P\_0(\mathbf{s}) = \begin{bmatrix} \frac{A\_{\mathbf{c}} \| B\_{\mathbf{c}}}{\mathbf{C}\_{\mathbf{c}} \| D\_{\mathbf{c}}} \end{bmatrix}. \tag{24}$$

Fig. 2. Generalized plant and synchronizer in the chaotic communication system.

Fig. 3. Generalized plant and controller in the robust control theory.

For any choice of *K*0, we can obtain the parameterization of *K*(*s*) as follows (Matsuo et al. (1998)):

$$\begin{aligned} P\_o(s) &= \mathcal{F}\_l(\bar{P}\_o(s), Q(s)) \\ \bar{P}\_o(s) &= \begin{bmatrix} A\_K + H\_0 \mathbb{C}\_2 + B\_2 F\_0 \big|\, -H\_0 \, B\_2 \\ \hline \end{bmatrix} \\ Q(s) &= \begin{bmatrix} A\_{c2} \, \middle|\, B\_{c2} \\ \hline \mathbb{C}\_{c2} \, \middle|\, D\_{c2} \end{bmatrix} \\ A\_K &= A + B\_2 K\_0 \mathbb{C}\_2 \end{aligned} \tag{26}$$

where

6 Will-be-set-by-IN-TECH

We assign the estimation error of the key signal *eK* or that of cipher text *e*˜*<sup>n</sup>* to the controlled


Thus, if lim*t*→<sup>∞</sup> *w*(*t*) = 0 and lim*t*→<sup>∞</sup> *e*(*t*) = 0, then we attain the recover the plaintext, *i.e.*

*A* [*b*<sup>1</sup> *b*2] −*b*<sup>2</sup> *k<sup>T</sup>* 0 0 *I* 0 0

*A* [*b*<sup>1</sup> *b*2] −*b*<sup>2</sup> *<sup>k</sup><sup>T</sup>* [0 1] <sup>−</sup><sup>1</sup> *I* 0 0

⎤

⎤

⎦ (21)

⎦ . (22)

⎦ (23)

. (24)

*f*(*x*ˆ) − *en*

*f*(*x*ˆ)) = 0 and lim*t*→<sup>∞</sup> *e*(*t*) = 0, then the plaintext can be

*f*(*x*ˆ)) + *ω*

*<sup>e</sup>*˜*<sup>n</sup>* <sup>=</sup> *<sup>e</sup>*ˆ*<sup>n</sup>* <sup>−</sup> *en* <sup>=</sup> *<sup>y</sup>*˜ <sup>−</sup> *<sup>v</sup>*<sup>ˆ</sup> <sup>−</sup> ˜

<sup>=</sup> <sup>−</sup>*<sup>ξ</sup>* + (*f*(*x*) <sup>−</sup> ˜

*eK*(*t*) = *K*ˆ(*t*) = *kTe*(*t*)

output as follows:

Since *<sup>f</sup>*(·) = ˜

lim*t*→∞(*en*(*t*) − *e*ˆ*n*(*t*)) = 0.

**3.2 Synchronizer parameterization**

internally stabilize *G*(*s*).

arbitrary vector.

is detectable;

If lim*t*→<sup>∞</sup> *<sup>ω</sup>*(*t*) = 0,lim*t*→∞(*f*(*x*) <sup>−</sup> ˜

recovered by the decrypter ,lim*t*→∞(*en*(*t*) − *e*ˆ*n*(*t*)) = 0.

*f*(·) for authorized users, we have

• When the controlled output is *eK*, the generalize plant is

*Go*(*s*) =

and the *p*-th order dynamic stabilizing compensator,

�

*G*<sup>11</sup> *G*<sup>12</sup> *G*<sup>21</sup> *G*<sup>22</sup>

*Po*(*s*) =

For each controlled output, the generalized plant in Fig. 2 is defined as:

*G*1(*s*) =

*G*2(*s*) =

• When the controlled output is the upper bound of |*e*˜*n*|, the generalize plant is

⎡ ⎣

To design the synchronizer based on the static output-feedback-based controller, we rewrite the generalized plant as in Fig.2. Since we can select the input of the synchronizer as arbitrary scalar signal, the signal in Eq.(2) is chosen as *v*(*t*) = *P*(*s*)*x*(*t*) = *Po*(*s*)*cTx*(*t*), where *c* is an

We call a stabilizing compensator *Po*(*s*) for the generalized plant *G*(*s*) the synchronizer of the chaotic cryptosystem. The design problem of the synchronizer is summarized as follows: Given a generalized plant *G*(*s*) as in Fig. 2, parameterize all synchronizer *P*(*s*) that

We consider the *n*-th order generalized plant in Fig.3, where (*A*, *B*2) is stabilizable and (*A*, *C*2)

� = ⎡ ⎣

� *Ac Bc Cc Dc*

*A B*<sup>1</sup> *B*<sup>2</sup> *C*<sup>1</sup> *D*<sup>11</sup> *D*<sup>12</sup> *C*<sup>2</sup> *D*<sup>21</sup> 0

�

⎤

⎡ ⎣

> *Ac*<sup>22</sup> : stable *F*<sup>0</sup> s.t. *AK* + *B*2*F*<sup>0</sup> is stable *H*<sup>0</sup> s.t. *AK* + *H*0*C*<sup>2</sup> is stable.

Since *Po*(*s*) is a stabilizing compensator for each *Q*(*s*) ∈ *RH*∞, (25) is one of the parameterization of stabilizing compensators. This LFT form is equal to the Youla parameterization when the static output feedback gain, *K*0, is selected as zero. When the generalized plant can be stabilized by a static output feedback gain, *i.e.* there exists an output feedback gain *K*<sup>0</sup> such that *AK* is stable, we can set *H*<sup>0</sup> = 0, *F*<sup>0</sup> = 0. In this case, the

the error system sensitive to Δ. Design the free parameter *Q*(*s*) such that for a given *γ*1,

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 451

However, since the generalized plant does not have a direct term from the uncertainty Δ to the transmitted signal *y*˜, (35) cannot be hold for all *ω* ∈ [0, ∞). Therefore, to satisfy the security requirement, we change the transmitted signal *y*˜ and the feedback term in the

*y*˜(*t*) = *v*(*t*) + *en*(*t*) + *f*(*x*(*t*)) + *ω*(*t*) + *c<sup>T</sup> Ab*<sup>2</sup>

In this case, the estimation error of the cipher text includes the direct term from the

*f*(*x*ˆ)) + *w* + Δ�

*x*˙ = *Ax* + *b*<sup>2</sup> *f*(*x*1) + *b*2*en* (36)

*y* = *P*(*s*)*x* + *en* + *f*(*x*) (37)

(*Ga* − *Gb*)(|*x*<sup>1</sup> + 1|−|*x*<sup>1</sup> − 1|)

⎤ ⎦

> ⎤ ⎦

⎡ ⎣ *x*1 *x*2 *x*3

We select the parameters in the Chua's circuit given by Liao *et al.* (Liao et al. (1999)) as *p*<sup>1</sup> = 10,*p*<sup>2</sup> = 13.14,*p*<sup>3</sup> = 0.07727,*Ga* = −1.28, and *Gb* = −0.69. The initial conditions are given by

*f*(*x*ˆ) generates

*b*2

We need to design the free parameter such that both the requirements are satisfied. Since we cannot get this solution, we design the dynamical compensator so as to satisfy the robustness requirement, and then check the security requirement whether the error system is sensitive to the modeling errors of the decrypter, *i.e.* the designed cryptosystem is secure against to

We design a robust cryptosystem via Chua's circuits as in Yang *et al.* (Yang et al. (1997b)) and in Fradkov *et al.* (Fradkov et al. (2000)), and carry out simulations using MATLAB/Simulink.

*ey* <sup>=</sup> *<sup>y</sup>*˜ <sup>−</sup> *<sup>v</sup>*<sup>ˆ</sup> <sup>−</sup> *<sup>c</sup>TA*˜ ˜

*<sup>n</sup>* <sup>=</sup> *<sup>ξ</sup>* + (*f*(*x*) <sup>−</sup> ˜

In particular, when there is a perturbation in the nonlinear function, *<sup>f</sup>*(*x*) �<sup>=</sup> ˜

uncertainty to the transmitted signal as follows:

*e*˜ �

The chaotic encrypter based on the Chua's circuit is given by

*f*(*x*1) = *Gbx*<sup>1</sup> +

⎡ ⎣

⎡ ⎣ −*p*<sup>1</sup> 0 0

*A* =

*b*<sup>2</sup> =

1 2

−*p*<sup>1</sup> *p*<sup>1</sup> 0 1 −1 1 0 −*p*<sup>2</sup> −*p*<sup>3</sup>

> ⎤ ⎦ , *x* =

the direct term from the uncertainty to the transmitted signal.

decrypter *ey* as

attacks by intruders.

**4.1 Encrypter based on Chua's circuit**

**4. Simulations**

*σ*{*T*1(*jω*)} > *γ*1, for *ω* ∈ [0, ∞). (35)

parameterization of all stabilizing compensators is as follows (Matsuo et al. (1998)):

$$P\_o(\mathbf{s}) = \mathcal{F}\_l(\tilde{P}\_o(\mathbf{s}), \mathbf{Q}(\mathbf{s})) \tag{27}$$

$$\mathbf{K} = \mathbf{K}\_0 + \mathbf{Q}(\mathbf{s})(I + \mathbf{C}\_2(\mathbf{s}I - A\_K)^{-1}\mathbf{B}\_2\mathbf{Q}(\mathbf{s}))^{-1} \tag{28}$$

where

$$
\tilde{P}\_o(s) = \begin{bmatrix}
\frac{A\_K}{0} \begin{array}{c|cc}
0 & B\_2 \\
\hline
0 & K\_0 & I \\
\end{array}
\end{bmatrix}.
\tag{29}
$$

In Fig. 2, since *C*<sup>2</sup> is replace to *cT*, where *c<sup>T</sup>* can be selected as an arbitrary vector, there exists a scalar *<sup>k</sup>*<sup>0</sup> such that *Ak* <sup>=</sup> *<sup>A</sup>* <sup>−</sup> *<sup>b</sup>*2*k*0*c<sup>T</sup>* is stable, as long as (*A*, *<sup>b</sup>*2) is stabilizable. In this case, we can set *H*<sup>0</sup> = 0, *F*<sup>0</sup> = 0. The parameterization of all synchronizers in Fig. 2 is obtained as follows (Matsuo et al. (1998)):

$$P\_o(\mathbf{s}) = \mathcal{F}\_l(\tilde{P}\_o(\mathbf{s})\_\prime Q(\mathbf{s})) \tag{30}$$

where *Q*(*s*) ∈ *RH*<sup>∞</sup> and

$$
\tilde{P}\_o(s) = \begin{bmatrix}
\frac{A\_k \ \begin{matrix} 0 \ -b\_2 \end{matrix}}{\mathbf{0} \ \begin{matrix} k\_0 \ \mathbf{1} \\ \mathbf{1} \ \mathbf{0} \end{matrix}}
\end{bmatrix}.\tag{31}
$$

We call this parameterization a synchronizer parameterization. By selecting *Po*(*s*) as constant gain *k*<sup>0</sup> *i.e. Q*(*s*) = 0, the proposed cryptosystem is equivalent to that proposed by Grassi *et al.*

## **3.3 Design problem of** *H*∞ **synchronizer**

The input-output relation of the generalized plant *G*(*s*) = *G*1(*s*) or *G*2(*s*) from the exogenous input [Δ *w*] to the controlled output *z* is given by

$$z = \mathcal{F}\_l(G(s), P(s)) \left[\Delta(s) \ w(s)\right]^T \tag{32}$$

$$= \begin{bmatrix} T\_1(s) \ T\_2(s) \end{bmatrix} \begin{bmatrix} \Delta(s) \ w(s) \end{bmatrix}^T \tag{33}$$

The free dynamics *Q*(*s*) is designed to make the decrypter robust against the disturbances in the transmission line of sensitive to the modeling errors of the decrypter by intruders. We present two design specifications:

1. **Robustness requirement:** The proposed decrypter can recover the plain text by the transmitted signals when the generalized plant with the synchronizer is internally stable. Moreover, the *H*∞ synchronizer has an additional synchronization property with respect to plant uncertainties. To recover plain texts, the decrypter should be robust with respect to time delay uncertainties in the transmission line. Design the free parameter *Q*(*s*) such that for a given *γ*2,

$$\|T\_2(s)\| < \gamma\_2. \tag{34}$$

2. **Security requirement:** To attain the secure cryptosystem, the decrypter of the intruder should not synchronize the encrypter. Therefore, The free parameter *Q*(*s*) is designed to the error system sensitive to Δ. Design the free parameter *Q*(*s*) such that for a given *γ*1,

$$
\underline{\sigma}\{T\_1(j\omega)\} > \gamma\_1,\text{ for }\omega\in[0,\infty).\tag{35}
$$

However, since the generalized plant does not have a direct term from the uncertainty Δ to the transmitted signal *y*˜, (35) cannot be hold for all *ω* ∈ [0, ∞). Therefore, to satisfy the security requirement, we change the transmitted signal *y*˜ and the feedback term in the decrypter *ey* as

$$\begin{aligned} \tilde{y}(t) &= v(t) + e\_{\mathbb{H}}(t) + f(\mathfrak{x}(t)) + \omega(t) + c^T A b\_2 \\ e\_{\mathbb{Y}} &= \tilde{y} - \mathfrak{d} - c^T \tilde{A} \tilde{b}\_2 \end{aligned}$$

In this case, the estimation error of the cipher text includes the direct term from the uncertainty to the transmitted signal as follows:

$$\vec{e}'\_n = \xi + (f(\mathfrak{x}) - \bar{f}(\mathfrak{x})) + w + \Delta'$$

In particular, when there is a perturbation in the nonlinear function, *<sup>f</sup>*(*x*) �<sup>=</sup> ˜ *f*(*x*ˆ) generates the direct term from the uncertainty to the transmitted signal.

We need to design the free parameter such that both the requirements are satisfied. Since we cannot get this solution, we design the dynamical compensator so as to satisfy the robustness requirement, and then check the security requirement whether the error system is sensitive to the modeling errors of the decrypter, *i.e.* the designed cryptosystem is secure against to attacks by intruders.

#### **4. Simulations**

8 Will-be-set-by-IN-TECH

*<sup>o</sup>*(*s*), *Q*(*s*)) (27)

⎦ . (29)

*<sup>o</sup>*(*s*), *Q*(*s*)) (30)

⎦ . (31)

�*<sup>T</sup>* (32)

�*<sup>T</sup>* (33)

�*T*2(*s*)� < *γ*2. (34)

<sup>=</sup> *<sup>K</sup>*<sup>0</sup> <sup>+</sup> *<sup>Q</sup>*(*s*)(*<sup>I</sup>* <sup>+</sup> *<sup>C</sup>*2(*sI* <sup>−</sup> *AK*)−1*B*2*Q*(*s*))−<sup>1</sup> (28)

⎤

parameterization of all stabilizing compensators is as follows (Matsuo et al. (1998)):

⎡ ⎣

*Po*(*s*) = <sup>F</sup>*l*(*P*˜

⎡ ⎣

*AK* 0 *B*<sup>2</sup> 0 *K*<sup>0</sup> *I* −*C*<sup>2</sup> *I* 0

*Ak* 0 −*b*<sup>2</sup> 0 *k*<sup>0</sup> 1 <sup>−</sup>*c<sup>T</sup>* 1 0

We call this parameterization a synchronizer parameterization. By selecting *Po*(*s*) as constant gain *k*<sup>0</sup> *i.e. Q*(*s*) = 0, the proposed cryptosystem is equivalent to that proposed by Grassi *et al.*

The input-output relation of the generalized plant *G*(*s*) = *G*1(*s*) or *G*2(*s*) from the exogenous

The free dynamics *Q*(*s*) is designed to make the decrypter robust against the disturbances in the transmission line of sensitive to the modeling errors of the decrypter by intruders. We

1. **Robustness requirement:** The proposed decrypter can recover the plain text by the transmitted signals when the generalized plant with the synchronizer is internally stable. Moreover, the *H*∞ synchronizer has an additional synchronization property with respect to plant uncertainties. To recover plain texts, the decrypter should be robust with respect to time delay uncertainties in the transmission line. Design the free parameter *Q*(*s*) such

2. **Security requirement:** To attain the secure cryptosystem, the decrypter of the intruder should not synchronize the encrypter. Therefore, The free parameter *Q*(*s*) is designed to

*<sup>z</sup>* <sup>=</sup> <sup>F</sup>*l*(*G*(*s*), *<sup>P</sup>*(*s*)) �

*T*1(*s*) *T*2(*s*)

⎤

Δ(*s*) *w*(*s*)

� � Δ(*s*) *w*(*s*)

In Fig. 2, since *C*<sup>2</sup> is replace to *cT*, where *c<sup>T</sup>* can be selected as an arbitrary vector, there exists a scalar *<sup>k</sup>*<sup>0</sup> such that *Ak* <sup>=</sup> *<sup>A</sup>* <sup>−</sup> *<sup>b</sup>*2*k*0*c<sup>T</sup>* is stable, as long as (*A*, *<sup>b</sup>*2) is stabilizable. In this case, we can set *H*<sup>0</sup> = 0, *F*<sup>0</sup> = 0. The parameterization of all synchronizers in Fig. 2 is obtained as

*Po*(*s*) = <sup>F</sup>*l*(*P*˜

*P*˜ *<sup>o</sup>*(*s*) =

*P*˜ *<sup>o</sup>*(*s*) =

= �

where

follows (Matsuo et al. (1998)):

**3.3 Design problem of** *H*∞ **synchronizer**

present two design specifications:

that for a given *γ*2,

input [Δ *w*] to the controlled output *z* is given by

where *Q*(*s*) ∈ *RH*<sup>∞</sup> and

We design a robust cryptosystem via Chua's circuits as in Yang *et al.* (Yang et al. (1997b)) and in Fradkov *et al.* (Fradkov et al. (2000)), and carry out simulations using MATLAB/Simulink.

#### **4.1 Encrypter based on Chua's circuit**

The chaotic encrypter based on the Chua's circuit is given by

$$
\dot{\mathbf{x}} = A\mathbf{x} + b\_2 f(\mathbf{x}\_1) + b\_2 e\_n \tag{36}
$$

$$y = P(s)\mathbf{x} + e\_{\mathbb{N}} + f(\mathbf{x})\tag{37}$$

$$\begin{aligned} f(\mathbf{x}\_1) &= G\_b \mathbf{x}\_1 + \frac{1}{2} (\mathbf{G}\_a - \mathbf{G}\_b) (|\mathbf{x}\_1 + \mathbf{1}| - |\mathbf{x}\_1 - \mathbf{1}|) \\\ A &= \begin{bmatrix} -p\_1 & p\_1 & 0 \\ 1 & -1 & 1 \\ 0 & -p\_2 & -p\_3 \end{bmatrix} \\\ b\_2 &= \begin{bmatrix} -p\_1 \\ 0 \\ 0 \end{bmatrix}, \mathbf{x} = \begin{bmatrix} \mathbf{x}\_1 \\ \mathbf{x}\_2 \\ \mathbf{x}\_3 \end{bmatrix} \end{aligned}$$

We select the parameters in the Chua's circuit given by Liao *et al.* (Liao et al. (1999)) as *p*<sup>1</sup> = 10,*p*<sup>2</sup> = 13.14,*p*<sup>3</sup> = 0.07727,*Ga* = −1.28, and *Gb* = −0.69. The initial conditions are given by

*kT*

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

time[s]

right : the recovered plaintext by the *H*∞-synchronizer.

**4.6 Security performance of** *H*∞**-synchronizer**

consider the following parameter mismatches:

˜ *f*(*x*1) = *G*˜

*A*˜ =

⎡ ⎣

time[s]

*eK*

*e*

Fig. 4. Generalized plant *G*1(*s*).

−0.5 0 0.5 1

−0.5 0 0.5 1

delay than the Grassi-type.

recovered plain text

plain text

(*sI* <sup>−</sup> *<sup>A</sup>*)−1*b*<sup>2</sup>

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 453

−0.5 0 0.5 1

−0.5 0 0.5 1

recovered plain text

Fig. 5. The plaintext and the recovered plaintext in the nominal transmission line. Above left : the plaintext for the Grassi-type decrypter. Above right : the plaintext for the

*H*∞-synchronizer. Below left : the recovered plaintext by the Grassi-type decrypter. Below

Figs. 6 and 7 show the responses of the Grassi-type decrypter and the *H*∞-type decrypter for the generalized plant *G*1(*s*)in the presence of the time delay *L* = 0.1 in the transmission line, respectively. The responses of the *H*∞-type decrypter for the generalized plant *G*2(*s*) in the presence of the time delay *L* = 0.1 in the transmission line is almost same as that for the generalized plant *G*1(*s*). The *H*∞-type decrypter has a better robust performance to the time

We assume that intruders have parameter mismatches in the decrypter. In this simulation, we

⎤ ⎦ *f*(*x*ˆ))

*<sup>b</sup>*)(|*x*<sup>1</sup> + 1|−|*x*<sup>1</sup> − 1|)

*<sup>v</sup>*<sup>ˆ</sup> <sup>=</sup> *<sup>P</sup>*(*s*)*x*ˆ, *<sup>e</sup>*ˆ*<sup>n</sup>* <sup>=</sup> *<sup>y</sup>* <sup>−</sup> (*v*<sup>ˆ</sup> <sup>+</sup> ˜

−*p*<sup>1</sup> *p*<sup>1</sup> 0 1 −1 1 0 −*p*˜2 −*p*<sup>3</sup>

*bx*<sup>1</sup> + 1 2 (*G*˜ *<sup>a</sup>* <sup>−</sup> *<sup>G</sup>*˜

**4.5 Robustness of** *H*∞**-synchronizer against time delay in transmission line**

plain text

*W*(*s*)

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

time[s]

time[s]

*w*

−*ξ*

*x*1(0) = 1.1, *x*2(0) = 0, *x*3(0) = 0 *x*ˆ1(0) = 0, *x*ˆ2(0) = 0, *x*ˆ3(0) = 0

The encryption function is 30-shift cipher, the parameter *h* is equal to 1 and the key signal *K*(*t*) is the second state variable *x*2, *i.e.*

$$K(t) = \begin{bmatrix} 0 \ 1 \ 0 \end{bmatrix} x(t).$$

Moreover, we select *<sup>c</sup><sup>T</sup>* <sup>=</sup> <sup>−</sup> � 011 � .

MATLAB has a built-in music file, handel.mat, with a short segment of Handel's *Messiah*. We use it as the plaintext signal.

#### **4.2 Grassi-type system**

In the encrypter presented by Grassi *et al.* (Grassi et al. (1999)), the dynamic synchronizer is simplified as *Po*(*s*) = *k*<sup>0</sup> = 0.8.

## **4.3 Design of** *H*∞**-synchronizer**

The generalized plant *G*1(*s*) in designing the *H*<sup>∞</sup> synchronizer is shown in Fig. 4. The weighting function *<sup>W</sup>*(*s*) in the exogenous signal is selected as *<sup>W</sup>*(*s*) = <sup>10</sup> <sup>×</sup> 2.1*Ls Ls*+<sup>1</sup> , *L* = <sup>1</sup> <sup>×</sup> <sup>10</sup>−<sup>3</sup> and *<sup>γ</sup>* <sup>=</sup> 0.75 so as to stabilize the error system with time delay uncertainties. The *H*∞ synchronizer is obtained by using MATLAB LMI toolbox as follows:

$$\begin{aligned} P(s) &= \begin{bmatrix} \frac{a\_k}{c\_k} \frac{b\_k}{d\_k} \\\ a\_k \end{bmatrix} \\ a\_k &= 10^5 \begin{bmatrix} -0.8762 & 1.9816 & -0.3890 & 0.0685 \\ 2.0890 & -4.7937 & 0.9380 & -0.1581 \\ -0.4425 & 1.0122 & -0.2074 & 0.0331 \\ -2.2132 & 5.3464 & -1.0531 & -0.0258 \end{bmatrix}, \\ b\_k &= 10^5 \begin{bmatrix} 2.2024 & -0.0009 & 0.0114 \\ -5.3148 & 0.0046 & 0.0005 \\ 1.1245 & 0.0083 & 0.0008 \\ 5.8935 & 0.0186 & -0.1098 \end{bmatrix}, \\ c\_k &= 10^3 \begin{bmatrix} -0.0549 \ 0.2164 & -0.4198 \ -5.4334 \end{bmatrix}, \\ d\_k &= \begin{bmatrix} 0 \ 0 \ 0 \end{bmatrix}. \end{aligned}$$

## **4.4 Nominal performance of** *H*∞**-synchronizer**

Figs. 5,6, and 7 show the responses of the Grassi-type decrypter and the *H*∞-type decrypter of the nominal system. Fig 5 shows the plaintext and recovered signal for each decrypter. Fig 6 shows the transmitted signal and the estimation error of decrypter for each decrypter. Fig 7 shows the cipher text and the percentage error of the recovered signal for each decrypter. The nominal system means that the communication system has neither time delay nor parameter mismatches between the encrypter and the decrypter. The speed of response of the *H*∞-type decrypter is faster than that of the Grassi-type.

Fig. 4. Generalized plant *G*1(*s*).

10 Will-be-set-by-IN-TECH

*x*1(0) = 1.1, *x*2(0) = 0, *x*3(0) = 0 *x*ˆ1(0) = 0, *x*ˆ2(0) = 0, *x*ˆ3(0) = 0 The encryption function is 30-shift cipher, the parameter *h* is equal to 1 and the key signal *K*(*t*)

010 �

MATLAB has a built-in music file, handel.mat, with a short segment of Handel's *Messiah*.

In the encrypter presented by Grassi *et al.* (Grassi et al. (1999)), the dynamic synchronizer is

The generalized plant *G*1(*s*) in designing the *H*<sup>∞</sup> synchronizer is shown in Fig. 4. The weighting function *<sup>W</sup>*(*s*) in the exogenous signal is selected as *<sup>W</sup>*(*s*) = <sup>10</sup> <sup>×</sup> 2.1*Ls*

<sup>1</sup> <sup>×</sup> <sup>10</sup>−<sup>3</sup> and *<sup>γ</sup>* <sup>=</sup> 0.75 so as to stabilize the error system with time delay uncertainties. The

2.2024 −0.0009 0.0114 −5.3148 0.0046 0.0005 1.1245 0.0083 0.0008 5.8935 0.0186 −0.1098

Figs. 5,6, and 7 show the responses of the Grassi-type decrypter and the *H*∞-type decrypter of the nominal system. Fig 5 shows the plaintext and recovered signal for each decrypter. Fig 6 shows the transmitted signal and the estimation error of decrypter for each decrypter. Fig 7 shows the cipher text and the percentage error of the recovered signal for each decrypter. The nominal system means that the communication system has neither time delay nor parameter mismatches between the encrypter and the decrypter. The speed of response of the *H*∞-type

−0.8762 1.9816 −0.3890 0.0685 2.0890 −4.7937 0.9380 −0.1581 −0.4425 1.0122 −0.2074 0.0331 −2.2132 5.3464 −1.0531 −0.0258

<sup>−</sup>0.0549 0.2164 <sup>−</sup>0.4198 <sup>−</sup>5.4334 �

⎤ ⎥ ⎥ ⎦ ,

,

⎤ ⎥ ⎥ ⎦ ,

*x*(*t*).

*Ls*+<sup>1</sup> , *L* =

*K*(*t*) = �

011 � .

*H*∞ synchronizer is obtained by using MATLAB LMI toolbox as follows:

�

⎡ ⎢ ⎢ ⎣

⎡ ⎢ ⎢ ⎣

000 � .

is the second state variable *x*2, *i.e.*

Moreover, we select *<sup>c</sup><sup>T</sup>* <sup>=</sup> <sup>−</sup> �

**4.2 Grassi-type system**

We use it as the plaintext signal.

simplified as *Po*(*s*) = *k*<sup>0</sup> = 0.8.

**4.3 Design of** *H*∞**-synchronizer**

*P*(*s*) =

� *ak bk ck dk*

*ak* = 105

*bk* = 105

*ck* = 103 �

*dk* = �

**4.4 Nominal performance of** *H*∞**-synchronizer**

decrypter is faster than that of the Grassi-type.

Fig. 5. The plaintext and the recovered plaintext in the nominal transmission line. Above left : the plaintext for the Grassi-type decrypter. Above right : the plaintext for the *H*∞-synchronizer. Below left : the recovered plaintext by the Grassi-type decrypter. Below right : the recovered plaintext by the *H*∞-synchronizer.

## **4.5 Robustness of** *H*∞**-synchronizer against time delay in transmission line**

Figs. 6 and 7 show the responses of the Grassi-type decrypter and the *H*∞-type decrypter for the generalized plant *G*1(*s*)in the presence of the time delay *L* = 0.1 in the transmission line, respectively. The responses of the *H*∞-type decrypter for the generalized plant *G*2(*s*) in the presence of the time delay *L* = 0.1 in the transmission line is almost same as that for the generalized plant *G*1(*s*). The *H*∞-type decrypter has a better robust performance to the time delay than the Grassi-type.

## **4.6 Security performance of** *H*∞**-synchronizer**

We assume that intruders have parameter mismatches in the decrypter. In this simulation, we consider the following parameter mismatches:

$$\begin{aligned} \mathfrak{d} &= P(\mathfrak{s}) \mathfrak{X} \; \mathfrak{E}\_{\mathfrak{u}} = \mathfrak{y} - (\mathfrak{d} + \tilde{f}(\mathfrak{X})) \\ \tilde{A} &= \begin{bmatrix} -p\_1 & p\_1 & 0 \\ 1 & -1 & 1 \\ 0 & -p\_2 & -p\_3 \end{bmatrix} \\ \tilde{f}(\mathfrak{x}\_1) &= \tilde{G}\_b \mathfrak{x}\_1 + \frac{1}{2} (\tilde{G}\_a - \tilde{G}\_b) (|\mathfrak{x}\_1 + 1| - |\mathfrak{x}\_1 - 1|) \end{aligned}$$

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

time[s]

right : the recovered plaintext by the *H*∞-synchronizer.

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

states of the decrypter with the *H*∞-synchronizer.

and *P*(*s*). Intruder A has the following parameter mismatch:

time[s]

time[s]

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3000

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

time[s]

time[s]

time[s]

−0.5 0 0.5 1

−0.5 0 0.5 1

−2000 −1000 0 1000 2000

> −0.5 0 0.5 1

estimation error

Fig. 9. The transmitted signal and the estimation error of the decrypter in the transmission line with delay time Above left : the transmitted signal(solid line) and the plain text(dotted line) of the Grassi-type decrypter. Above right : the transmitted signal(solid line) and the plain text(dotted line) of the decrypter with the *H*∞-synchronizer . Below left : the estimation errors of full states of the Grassi-type decrypter. Below right : the estimation errors of full

In this simulation, we select the candidates of the static secret keys as the parameters *p*2,*Ga*,*Gb*,

*<sup>b</sup>* = *Gb* = −0.69

*p*˜2 = 13.15, *p*<sup>2</sup> = 13.14 *<sup>G</sup>*˜ *<sup>a</sup>* <sup>=</sup> *Ga* <sup>=</sup> <sup>−</sup>1.28, *<sup>G</sup>*˜

*P*˜(*s*) = *P*(*s*).

transmitted signal

recovered plain text

Fig. 8. The plaintext and the recovered plaintext in the transmission line with delay time. Above left : the plaintext for the Grassi-type decrypter. Above right : the plaintext for the *H*∞-synchronizer. Below left : the recovered plaintext by the Grassi-type decrypter. Below

plain text

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 455

−0.5 0 0.5 1

−0.5 0 0.5 1

−0.5 0 0.5 1

estimation error

transmitted signal

recovered plain text

plain text

Fig. 6. The transmitted signal and the estimation error of decrypter in the nominal transmission line. Above left : the transmitted signal(solid line) and the plain text(dotted line) of the Grassi-type decrypter. Above right : the transmitted signal(solid line) and the plain text(dotted line) of the decrypter with the *H*∞-synchronizer . Below left : the estimation errors of full states of the Grassi-type decrypter. Below right : the estimation errors of full states of the decrypter with the *H*∞-synchronizer.

Fig. 7. The cipher text and the percentage error of the recovered signal in the nominal transmission line. Above left : the ciphertext in the Grassi-type decrypter. Above right : the ciphertext in the decrypter with the *H*∞-synchronizer. Below left : the percentage error of the recovered signal of the Grassi-type decrypter. Below right : the percentage error of the recovered signal of the decrypter with the *H*∞-synchronizer.

12 Will-be-set-by-IN-TECH

−2000 −1000 0 1000 2000

−0.005 0 0.005 0.01

> −1.5 −1 −0.5 0 0.5 1 1.5 2

relative error (%)

Fig. 7. The cipher text and the percentage error of the recovered signal in the nominal transmission line. Above left : the ciphertext in the Grassi-type decrypter. Above right : the ciphertext in the decrypter with the *H*∞-synchronizer. Below left : the percentage error of the recovered signal of the Grassi-type decrypter. Below right : the percentage error of the

en

estimation error

Fig. 6. The transmitted signal and the estimation error of decrypter in the nominal transmission line. Above left : the transmitted signal(solid line) and the plain text(dotted line) of the Grassi-type decrypter. Above right : the transmitted signal(solid line) and the plain text(dotted line) of the decrypter with the *H*∞-synchronizer . Below left : the estimation errors of full states of the Grassi-type decrypter. Below right : the estimation errors of full

transmitted signal

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3000

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −0.01

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −10

time[s]

time[s]

time[s]

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

states of the decrypter with the *H*∞-synchronizer.

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −30

time[s]

recovered signal of the decrypter with the *H*∞-synchronizer.

time[s]

time[s]

time[s]

−0.5 0 0.5 1

−1.5 −1 −0.5 0 0.5 1 1.5 2

relative error (%)

en

estimation error

transmitted signal

Fig. 8. The plaintext and the recovered plaintext in the transmission line with delay time. Above left : the plaintext for the Grassi-type decrypter. Above right : the plaintext for the *H*∞-synchronizer. Below left : the recovered plaintext by the Grassi-type decrypter. Below right : the recovered plaintext by the *H*∞-synchronizer.

Fig. 9. The transmitted signal and the estimation error of the decrypter in the transmission line with delay time Above left : the transmitted signal(solid line) and the plain text(dotted line) of the Grassi-type decrypter. Above right : the transmitted signal(solid line) and the plain text(dotted line) of the decrypter with the *H*∞-synchronizer . Below left : the estimation errors of full states of the Grassi-type decrypter. Below right : the estimation errors of full states of the decrypter with the *H*∞-synchronizer.

In this simulation, we select the candidates of the static secret keys as the parameters *p*2,*Ga*,*Gb*, and *P*(*s*). Intruder A has the following parameter mismatch:

$$\begin{aligned} \tilde{p}\_2 &= 13.15, p\_2 = 13.14 \\ \tilde{G}\_a &= G\_a = -1.28, \tilde{G}\_b = G\_b = -0.69 \\ \tilde{P}(s) &= P(s). \end{aligned}$$

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3000

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3000

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −0.01

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −10

time[s]

time[s]

time[s]

−2000 −1000 0 1000 2000

−0.005 0 0.005 0.01

> −1.5 −1 −0.5 0 0.5 1 1.5 2

relative error (%)

Fig. 13. The cipher text and the percentage error of the recovered signal in the transmission line with delay time. Above left : the ciphertext. Above right : the ciphertext. Below left : the percentage error of the recovered signal by Intruder A. Below right : the percentage error of

10.5 <sup>11</sup> 11.5 <sup>12</sup> 12.5 <sup>13</sup> 13.5 <sup>14</sup> 14.5 <sup>15</sup> 15.5 <sup>16</sup> <sup>0</sup>

p2

0.002 0.004 0.006 0.008 0.01 0.012 0.014 0.016 0.018 0.02

Fig. 14. The key basin of *p*<sup>2</sup> in EFA function for *H*<sup>∞</sup> synchronizer.

EFA function

en

estimation error

Fig. 12. The transmitted signals and the estimation errors of the intruders' decrypters. Above left : the transmitted signal(solid line) and the plain text(dotted line). Above right : the transmitted signal(solid line) and the plain text(dotted line). Below left : the estimation errors of full states by Intruder A. Below right : the estimation errors of full states by Intruder B.

transmitted signal

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 457

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −100

the recovered signal by Intruder B.

time[s]

time[s]

time[s]

−2000 −1000 0 1000 2000

> −0.5 0 0.5 1

> −1.5 −1 −0.5 0 0.5 1 1.5 2

relative error (%)

en

estimation error

transmitted signal

Fig. 10. The cipher text and the percentage error of the recovered signal in the transmission line with delay time. Above left : the ciphertext in the Grassi-type decrypter. Above right : the ciphertext in the decrypter with the *H*∞-synchronizer. Below left : the percentage error of the recovered signal of the Grassi-type decrypter. Below right :the percentage error of the recovered signal of the decrypter with the *H*∞-synchronizer.

Intruder B has the following parameter mismatches:

$$\vec{p}\_2 = p\_2 = 13.14, \\ \vec{G}\_a = -1.3, \vec{G}\_b = -0.65, \\ \mathcal{P}(s) = P(s).$$

Figs. 11,12, and 13 show the responses of the *H*∞-type decrypter used by the intruders A and B, respectively. The proposed synchronizer is sensitive to the parameter mismatches caused by Intruder A. The parameters in the dynamic encrypter may play the role of the secret key. However, Intruder A can identify the recovered wav file as the Handel's *Messiah* in spite of noisy sound. Fig. 14 shows the EFA function of the proposed *H*∞-type decrypter. Since the width of the key basin in EFA function is not so narrow, the cryptosystem is not so secure.

Fig. 11. The plaintext and the recovered plaintext by the intruders A and B. Above left : the plaintext. Above right : the plaintext. Below left : the recovered plaintext by Intruder A. Below right : the recovered plaintext by Intruder B.

14 Will-be-set-by-IN-TECH

−1.5 −1 −0.5 0 0.5 1 1.5 2

*<sup>b</sup>* = −0.65

−0.5 0 0.5 1

−0.5 0 0.5 1

recovered plain text

Fig. 11. The plaintext and the recovered plaintext by the intruders A and B. Above left : the plaintext. Above right : the plaintext. Below left : the recovered plaintext by Intruder A.

plain text

relative error (%)

Fig. 10. The cipher text and the percentage error of the recovered signal in the transmission line with delay time. Above left : the ciphertext in the Grassi-type decrypter. Above right : the ciphertext in the decrypter with the *H*∞-synchronizer. Below left : the percentage error of the recovered signal of the Grassi-type decrypter. Below right :the percentage error of the

> *p*˜2 = *p*<sup>2</sup> = 13.14, *<sup>G</sup>*˜ *<sup>a</sup>* <sup>=</sup> <sup>−</sup>1.3, *<sup>G</sup>*˜

Figs. 11,12, and 13 show the responses of the *H*∞-type decrypter used by the intruders A and B, respectively. The proposed synchronizer is sensitive to the parameter mismatches caused by Intruder A. The parameters in the dynamic encrypter may play the role of the secret key. However, Intruder A can identify the recovered wav file as the Handel's *Messiah* in spite of noisy sound. Fig. 14 shows the EFA function of the proposed *H*∞-type decrypter. Since the width of the key basin in EFA function is not so narrow, the cryptosystem is not so secure.

*P*˜(*s*) = *P*(*s*).

en

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −30

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

time[s]

time[s]

time[s]

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −30

time[s]

Intruder B has the following parameter mismatches:

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

time[s]

Below right : the recovered plaintext by Intruder B.

time[s]

recovered signal of the decrypter with the *H*∞-synchronizer.

time[s]

−1.5 −1 −0.5 0 0.5 1 1.5 2

−0.5 0 0.5 1

−0.5 0 0.5 1

recovered plain text

plain text

relative error (%)

en

Fig. 12. The transmitted signals and the estimation errors of the intruders' decrypters. Above left : the transmitted signal(solid line) and the plain text(dotted line). Above right : the transmitted signal(solid line) and the plain text(dotted line). Below left : the estimation errors of full states by Intruder A. Below right : the estimation errors of full states by Intruder B.

Fig. 13. The cipher text and the percentage error of the recovered signal in the transmission line with delay time. Above left : the ciphertext. Above right : the ciphertext. Below left : the percentage error of the recovered signal by Intruder A. Below right : the percentage error of the recovered signal by Intruder B.

Fig. 14. The key basin of *p*<sup>2</sup> in EFA function for *H*<sup>∞</sup> synchronizer.

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2

Robustness and Security of H∞-Synchronizer in Chaotic Communication System 459

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −2000

Fig. 17. The cipher text (top) and the percentage error of the recovered signal by Intruder C

In this chapter, we added an observer-based chaotic communication system proposed by Grassi *et al.* to a dynamical compensator in its transmitted signal to improve the robustness of the cryptosystem with respect to delays in the transmission line. The proposed chaotic system has a good robust performance with respect to the time delay in the transmission line.

Anstett,F.; Millerioux,G. & Bloch,G. (2006). Chaotic Cryptosystems : Cryptanalysis and Identifiability, *IEEE Trans. Circuits Syst. I*, Vol.53, No.12, pp.2673–2680 Alvarez,G. & Li, S. (2006). Some Basic Cryptographic Requirements for Chaos-Based Cryptosystems, *Int. J. of Bifurcation and Chaos*, Vol.16, No.8, pp.2129-2151 Cuomo,K.M. & Oppenheim,A.V. (1993). Synchronization of Lorenz-Based Chaotic Circuits

Dedieu,H. & Ogorzalek,M.J. (1997). Identifiability and Identification of Chaotic Systems Based on Adaptive Synchronization, *IEEE Trans. Circuits Syst. I*, Vol.44, pp.948-962 Doyle,J.C.; Glover,K.; Khargonekar,P.P. & Francis,B. A. (1989). State-Space Solutions to

Fradkov,A.L. & Markov,A.Y. (1997). Adaptive Synchronization of Chaotic Systems Based on

Fradkov,A.L., Nijmeijer,H., & Markov,A.Y. (2000). Adaptive Observer-Based Synchronization for Communication, *Int. J. of Bifurcation and Chaos*, Vol.10. No.12, pp.2807-2813 Grassi,G. & Mascolo,S. (1999). A System Theory Approach for Designing Cryptosystems Based on Hyperchaos, *IEEE Trans. Circuits Syst. I*, Vol.46, No.9, pp.1135-1138 Guojie,H. Zhengjin,F., & Ruiling,M. (2003). Chosen Cipher Attack on Chaos Communication

Kocarev,L. (2001). Chaos-Based Cryptography: a Brief Overview, *IEEE Circuits and Systems*

with Applications to Communications, *IEEE Trans. Circuits Syst. I*, Vol.40, pp.626-633

Standard *H*<sup>2</sup> and *H*<sup>∞</sup> Control Problems, *IEEE Trans. Automat. Contr.*, Vol.34, No.8,

Speed Gradient Method and Passification, *IEEE Trans. Circuits Syst. I*, Vol.44, No.10,

Based on Chaotic Synchronization, *IEEE Trans. Circuits Syst. I*, Vol.50, No.2,

Moreover, we checked the security in a point of parameters mismatch by an intruder.

time[s]

time[s]

−1.5 −1 −0.5 0 0.5 1 1.5 2

relative error (%)

(bottom).

**5. Conclusion**

**6. References**

pp.831-846

pp.905–912.

pp.275-279

*Magazine*, Vol.1, No.3, pp.6-21

en

To improve the security of the *H*<sup>∞</sup> synchronizer, we select the secret key as a element of *P*(*s*). Intruder C has the following parameter mismatch in the *H*∞ synchronizer:

$$\begin{aligned} \vec{p}\_2 &= p\_2 = 13.14\\ \tilde{G}\_a &= G\_a = -1.28, \tilde{G}\_b = G\_b = -0.691\\ \vec{P}(s) &= \begin{bmatrix} \vec{a}\_k \, \vert \, b\_k\\ \underline{c}\_k \, \vert \, d\_k \end{bmatrix} \\ \vec{a}\_k(1,1) &= a\_k(1,1) + 450 \end{aligned}$$

The parameter mismatch of the element *ak*(1, 1) is about 0.51%, because *ak*(1, 1) = −0.8762 × 105.

Figs. 15,16, and 17 show the responses of the *H*∞-type decrypter used by Intruder C. In this case, the decrypter with the parameter mismatch causes instability. The parameters in the *H*∞ synchronizer *P*˜(*s*) may play the role of the secret key.

Fig. 15. The plaintext (top) and the recovered plaintext by Intruder C (bottom).

Fig. 16. The transmitted signal (top) and the estimation error of decrypter by Intruder C (bottom).

Fig. 17. The cipher text (top) and the percentage error of the recovered signal by Intruder C (bottom).

## **5. Conclusion**

16 Will-be-set-by-IN-TECH

To improve the security of the *H*<sup>∞</sup> synchronizer, we select the secret key as a element of *P*(*s*).

The parameter mismatch of the element *ak*(1, 1) is about 0.51%, because *ak*(1, 1) = −0.8762 ×

Figs. 15,16, and 17 show the responses of the *H*∞-type decrypter used by Intruder C. In this case, the decrypter with the parameter mismatch causes instability. The parameters in the *H*∞

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1000

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −3000

<sup>0</sup> <sup>1</sup> <sup>2</sup> <sup>3</sup> <sup>4</sup> <sup>5</sup> <sup>6</sup> <sup>7</sup> <sup>8</sup> −1000

Fig. 16. The transmitted signal (top) and the estimation error of decrypter by Intruder C

time[s]

time[s]

Fig. 15. The plaintext (top) and the recovered plaintext by Intruder C (bottom).

time[s]

time[s]

*a*˜*k*(1, 1) = *ak*(1, 1) + 450

*<sup>b</sup>* = *Gb* = −0.69

Intruder C has the following parameter mismatch in the *H*∞ synchronizer:

*p*˜2 = *p*<sup>2</sup> = 13.14 *<sup>G</sup>*˜ *<sup>a</sup>* <sup>=</sup> *Ga* <sup>=</sup> <sup>−</sup>1.28, *<sup>G</sup>*˜

 *a*˜*<sup>k</sup> bk ck dk*

*P*˜(*s*) =

synchronizer *P*˜(*s*) may play the role of the secret key.

−0.5 0 0.5 1

−2000 −1000 0 1000 2000

estimation error

transmitted signal

recovered plain text

plain text

105.

(bottom).

In this chapter, we added an observer-based chaotic communication system proposed by Grassi *et al.* to a dynamical compensator in its transmitted signal to improve the robustness of the cryptosystem with respect to delays in the transmission line. The proposed chaotic system has a good robust performance with respect to the time delay in the transmission line. Moreover, we checked the security in a point of parameters mismatch by an intruder.

## **6. References**


18 Will-be-set-by-IN-TECH

460 Challenges and Paradigms in Applied Robust Control

Liao,T.L. & Huang,N.S. (1999). An Observer-Based Approach for Chaotic Synchronization

Matsuo,T. & Nakano,K. (1998). Robust Stabilization of Closed-Loop Systems by PID+Q

Matsuo,T., Suemitsu,H., & Nakano,K. (2004). Zeros and Relative Degree Assignments of

Matsuo,T.; Toshimitsu,Y.; & Suemitsu,H. (2008). *H*∞-Synchronizer for Chaotic Communication Systems, *Int.J. of Bifurcation and Chaos* Vol.18, No.4, pp.1175-1187 Millérioux,G.; Amigó,J. M. & Daafouz,J. (2008). A Connection between Chaotic and Conventional Cryptography, *IEEE Trans. on CAS–I*, Vol.55, No.6, pp.1695-1703 Nomura,T.; Irie,T.; Suemitsu,H. & Matsuo,T. (2011). Stochastic Security Testing for Chaotic

Parker,A.T. & Short,K.M. (2001). Reconstructing the keystream from a chaotic encryption

Short,K.M. (1994). Steps toward unmasking secure communications, *Int. J. Bifurcation and*

Short,K.M. (1996). Unmasking a modulated chaotic communications scheme, *Int. J. Bifurcation*

Suykens,J.A.K.; Vandewalle,J. & Chua, L.O. (1997a). Nonlinear H∞ Synchronization of Chaotic Lur'e Systems, *Int.J. of Bifurcation and Chaos*, Vol.7, No.6, pp.1323-1335 Suykens, J.A.K.; Curran, P.F.; Vandewalle, J. & Chua, L.O. (1997b). Robust Nonlinear H∞

Wang,X; Zhan,M.; Lai,C.-H. & Gang,H. (2004). Error Function Attack of Chaos Synchronization Based on Encryption Schemes, *Chaos*, Vol.14, No.1, pp.128-137 Yang,T. & Chua,L.O. (1997a). Impulsive Control and Synchronization of Nonlinear Dynamical

Yang,T.; Wu,C.W. & Chua,L.O. (1997b). Cryptography Based on Chaotic Systems, *IEEE Trans.*

Yang,T. (2004). A Sruvey of Chaotic Secure Communication Systems, *Int.J. of Comput. Cogn.*,

Zhou,J.; Pei,W.; Huang,J.; Song,A. & He,Z. (2005). Differential-like Chosen Cipher Attack on

A Spatiotemporally Chaotic Cryptosystem, nlin.CD/0506026

Controller, *Int. J. of Control*, Vol.70, No.4, pp.631-650

*Electronic Engineering*, Vol.6, No.5, in press

*Chaos* Vol.4, No.44, pp.959-977

pp.891-904

Vol.7, No.3, pp.645-664

Vol.2, No,2, pp.81-130

*Circuits Syst. I*, Vol.44, pp.469-472

*and Chaos*, Vol.6-, No.2, pp.367-375

scheme, *IEEE Trans. on CAS–I*, Vol.48, No.5 pp.624-630

No.9, pp.1144-1149

No.12, pp.4233-4247

with Applications to Secure Communications, *IEEE Trans. Circuits Syst. I*, Vol.46,

Adaptive Chaotic Communication Systems, *Int.J. of Bifurcation and Chaos*, Vol.14,

Communication Systems against Error Function Attack, *IEEJ Trans. on Electrical and*

Synchronization of Chaotic Lur'e Systems, *IEEE Trans. Circuits Syst. I*, Vol.44, No.10,

Systems and Application to Secure Communication, *Int. J. of Bifurcation and Chaos*,
