Topological Study and Lyapunov Exponent
of a Secure Steganographic Scheme
Jacques M. Bahi, Nicolas Friot and Christophe Guyeux
∗
Computer Science Laboratory DISC, FEMTO-ST Institute, UMR 6174 CNRS, University of Franche-Comt´e, Belfort, France
Keywords:
Information Hiding, Steganography, Security, Topology, Lyapunov Exponent.
Abstract:
CI S
2
is a steganographic scheme proposed formerly, belonging into the small category of algorithms being
both stego and topologically secure. Due to its stego-security, this scheme is able to face attacks that take place
into the “watermark only attack” framework. Its topological security reinforce its capability to face threats in
other frameworks as “known message attack” or “known original attack”, in the Simmons’ prisoner problem.
In this research work, the study of topological properties of C I S
2
is enlarged by describing this scheme as
iterations over the real line, and investigating other security properties of topological nature as the Lyapunov
exponent, that have been reported as important in the field of information hiding security. Results show that
this scheme is able to withdraw a malicious attacker in the “estimated original attack” context too.
1 INTRODUCTION
The first fundamental work in information hiding se-
curity was realized by Cachin in the early ‘00s, in
the context of steganography (Cachin, 2004): at-
tempts of an attacker to make the distinction between
an innocent image and a stego-content was rewrit-
ten in this article as a hypothesis testing problem.
The basic properties of a stegosystem are defined by
Cachin using the notions of entropy, mutual informa-
tion, and relative entropy. At the same time, Mittel-
holzer has proposed the first theoretical framework
for analyzing the security in the second category of
algorithms studied by the information hiding commu-
nity, namely the digital watermarking (Mittelholzer,
1999). These efforts to bring a theoretical frame-
work for security in steganography and watermarking
have been followed up by Kalker, who tries to clarify
the concepts (robustness vs. security), and the clas-
sifications of watermarking attacks (Kalker, 2001).
This work has been deepened by Furon et al., who
have translated Kerckhoffs’ principle (Alice and Bob
shall only rely on some previously shared secret for
privacy), from cryptography to data hiding (Furon,
2002). They used Diffie and Hellman methodology,
and Shannon’s cryptographic framework (Shannon,
1949), to classify the watermarking attacks into cat-
egories, according to the type of information Eve has
∗
Authors in alphabetic order
access to (Perez-Freire et al., 2006), namely: Water-
marked Only Attack (WOA), Known Message Attack
(KMA), Known Original Attack (KOA), Constant-
Message Attack (CMA), and Estimated Original At-
tacks (EOA).
Levels of security have been recently defined in
these setups. The highest level of security in WOA
is called stego-security (Cayre et al., 2008), whereas
topological security tends to improve the ability to
withstand attacks in KMA, KOA, and CMA setups
(Guyeux et al., 2010). It has been previously es-
tablished that, in order to enlarge the knowledge of
the level of security of a steganographic scheme, the
quantity of disorder generated by the chaos of its
topological security can be measured evaluating the
well-known Lyapunov exponent (Mart´ınez-
˜
Nonthe
et al., 2011; Mao and Chen, 2011; Bahi et al., 2012).
The evaluation of this exponent allow to characterize
the ability of the scheme to face an attacker in the
context of an EOA.
The first contribution of this article consists in a
relation established between how fine is a topology
and the chaotic behavior of a dynamical system de-
scribed with this topology. The second contribution is
the security study of a previously released stego and
topologically secure steganographic scheme called
CI S
2
, on a new topological space, namely the real
line numbers R. On this new space, the topological
security of C I S
2
is firstly evaluated, and its Lyapunov
exponent is then computed, in order to quantify its
275
M. Bahi J., Friot N. and Guyeux C..
Topological Study and Lyapunov Exponent of a Secure Steganographic Scheme.
DOI: 10.5220/0004504202750283
In Proceedings of the 10th International Conference on Security and Cryptography (SECRYPT-2013), pages 275-283
ISBN: 978-989-8565-73-0
Copyright
c
2013 SCITEPRESS (Science and Technology Publications, Lda.)
level of disorder. Incidentally, this computation al-
lows to measure the resistance of the C I S
2
scheme
against a category of attacks called Estimated Origi-
nal Attack. This study follows a same canvas than a
previous work dealing with digital watermarking, but
it is conducted here for a steganographic scheme. To
achieve this work, a new semi-conjugacy model must
be written for the scheme C I S
2
, which is then estab-
lished and proven here.
This document is organized as follows. Notions
and firsts results concerning the mathematical theory
of chaos are introduced in the next section. Then,
in Section 3, security notions and classes of attacks
under consideration in the information hiding com-
munity are recalled. In Section 4, the steganographic
scheme studied in this document is presented, and the
formalization allowing its topological security evalu-
ation is given in the next section. This model is then
used in Section 6 to design a new semi-conjugacy al-
lowing its security study on a new space (Sect. 7),
and its Lyapunov exponent is finally evaluated in Sec-
tion 8. This paper ends by a conclusion section where
our contribution is summarized and intended future
researches are given.
2 THE MATHEMATICAL
THEORY OF CHAOS
2.1 Notations and Terminologies
In what follows, B denotes the Boolean set {0,1}, S
n
stands for the n
th
term of a sequence S, V
i
is for the
i
th
component of a vector V, and J0;NK is the inte-
ger interval {0,1,...,N}. Furthermore, the following
definitions will be used in this document.
Definition 1. The discrete Boolean metric is the ap-
plication δ
:
B −→ B defined by δ(x,y) = 0 ⇔ x = y.
Definition 2. The vectorial negation is the function
f
0
:
B
N
−→ B
N
defined by f
0
(b
0
,··· ,b
N−1
)
=
(
b
0
,··· ,b
N−1
), where x is the negation of the Boolean
x.
Definition 3. A strategy adapter is a sequence which
elements belong into J1,kK, where k ∈ N
∗
. The set of
all strategies having terms in J1,kK is denoted by S
k
.
Definition 4. For k ∈ N
∗
, the initial function is the
map i
k
:
S
k
−→ J1,kK defined by i
k
(S
n
)
n∈N
= S
0
.
Definition 5. Let k ∈ N
∗
. The shift function is the map
σ
k
:
S
k
−→ S
k
defined by σ
k
(S
n
)
n∈N
= (S
n+1
)
n∈N
.
It is now possible to give some recalls in the field
of the mathematical topology (Schwartz, 1980) to
make this document self contained.
2.2 The Chaotic Dynamical Systems
Let (X ,τ) be a topological space and f a continuous
function on (X ,τ).
Definition 6. f is said to be topologically transitive
if, for any pair of open sets U,V ⊂ X , there exists
k > 0 such that f
k
(U) ∩V 6= ∅.
Definition 7. (X , f) is regular if the set of periodic
points is dense in X .
It is now possible to introduce the well-established
mathematical definition of chaos (Devaney, 1989).
Definition 8. A function f
:
X −→ X is said to be
chaotic on X if it is regular and topologically transi-
tive.
If the topological space is indeed a metric space
(X ,d), then the sensibility of the system under iter-
ations, regarding its initial conditions, can be quanti-
fied as follows.
Definition 9. f has sensitive dependence on initial
conditions if there exists δ > 0 such that, for any x ∈ X
and any neighborhood V of x, there exist y ∈ V and
n > 0 such that d
f
n
(x), f
n
(y)
> δ. δ is called the
constant of sensitiveness of f.
This property is implied by both the regularity and
transitivity presented above (Banks et al., 1992). And
so, when f is chaotic, fundamentally different behav-
iors are possible for the system, and they occur in an
unpredictable way.
Let us state now some basic results that surpris-
ingly cannot be found in the literature. To simplify
the presentation, some notations must be firstly intro-
duced: X
τ
will stand for the topological space (X , τ),
whereas V
τ
(x) is the set of neighborhoods of x for the
topology τ (in unambiguous cases, we will simply use
V (x)).
Theorem 1. Let X be a set, and τ,τ
′
two topologies on
X such that τ
′
is finer than τ. Let f
:
X → X , continue
for both τ and τ
′
.
If (X
τ
′
, f) is chaotic in the sense of Devaney, then
(X
τ
, f) is also chaotic.
Proof 1. Let ω
1
,ω
2
two open sets of τ. Then ω
1
,ω
2
∈
τ
′
, because τ
′
is finer than τ. As f is τ
′
−transitive,
then ∃n ∈ N,ω
1
∩ f
(n)
(ω
2
) = ∅. As a consequence,
f is τ−transitive.
Let us now establish the regularity of (X
τ
, f), i.e.,
for all x ∈ X and all τ−neighborhood V of x, there
exists a periodic point for f in V. Let x ∈ X , and
V ∈ V
τ
(x) a τ− neighborhood of x. By definition of
a neighborhood, ∃ω ∈ τ,x ∈ ω ⊂ V. However τ ⊂ τ
′
,
so ω ∈ τ
′
, and then V ∈ V
τ
′
(x). But (X
τ
′
, f) is regular,
So there exists a periodic point for f in V, and the
regularity of (X
τ
, f) is proven.
SECRYPT2013-InternationalConferenceonSecurityandCryptography
276
Let us finally recall another topological quantita-
tive property of chaos:
Definition 10. A function f is said to be expansive if
∃ε > 0,∀x 6= y, ∃n ∈ N, d( f
n
(x), f
n
(y)) > ε.
Sometimes, instead of trying to prove properties
directly on the system itself, it is preferable to reduce
the initial problem to another one whose character-
istics are known or appear more accessible. Such a
reduction tool is called, in the mathematical theory of
chaos, the semi-conjugacy.
2.3 The Topological Semi-conjugacy
Definition 11. The discrete dynamical system (X , f)
is topologically semi-conjugate to the system (Y ,g)
if it exists a function ϕ
:
X −→ Y , both continuous
and onto, such that:
ϕ◦ f = g◦ ϕ,
that is, which makes commutative the following dia-
gram (Formenti, 1998).
X
f
−−−−→ X
ϕ
y
y
ϕ
Y −−−−→
g
Y
In this case, the system (Y ,g) is called a factor of
the system (X , f).
Various dynamical behaviors are inherited by sys-
tems factors (Formenti, 1998). They are summarized
in the following proposition:
Proposition 1. Let (Y ,g) a factor of the system
(X , f). Then:
1. for all j 6 k, p ∈ Per
k
( f) =⇒ ϕ(p) ∈ Per
j
(g),
where Per
n
(h) stands for the set of points of pe-
riod n for the iteration function h.
2. (X , f) regular =⇒ (Y ,g) regular,
3. (X , f) transitive =⇒ (Y ,g) transitive.
So if (X , f) is chaotic as defined by Devaney, then
(Y ,g) is chaotic too.
2.4 The Lyapunov Exponent
Some dynamical systems are very sensitive to small
changes in their initial conditions, which is illustrated
by both the constants of sensitiveness to initial condi-
tions and of expansiveness introduced respectively in
Definitions 9 and 10. However, these variations can
quickly take enormous proportions, grow exponen-
tially, and none of these constants can illustrate that.
Alexander Lyapunov has examined this phenomenon
and introduced an exponent that measures the rate at
which these small variations can grow.
Definition 12. Given f
:
R −→ R, the Lyapunov ex-
ponent of the system composed by x
0
∈ R and x
n+1
=
f(x
n
) is defined by:
λ(x
0
) = lim
n→+∞
1
n
n
∑
i=1
ln
f
′
x
i−1
.
Consider a dynamical system with an infinitesimal
error on the initial condition x
0
. When the Lyapunov
exponent is positive, this error will increase exponen-
tially (situation of chaos), whereas it will decrease if
λ(x
0
) 6 0.
Let us now recall the information hiding security
framework developed this last decade.
3 INFORMATION HIDING
SECURITY
In the prisoner problem of Simmons (Simmons,
1984), Alice and Bob are in jail, and they want to de-
vise an escape plan by exchanging hidden messages
in innocent-looking cover contents. These messages
are to be conveyed to one another by a common war-
den, Eve, who over-drops all contents and can choose
to interrupt the communication if they appear to be
stego-contents.
In the steganography framework, in the context
of the Simmons’ prisoner problem, attacks have been
classified in (Cayre et al., 2008) as follows:
• A Watermark-Only Attack WOA occurs when an
attacker has only access to several watermarked
contents.
• A Known-Message Attack (KMA) occurs when
an attacker has access to several pairs of water-
marked contents and corresponding hidden mes-
sages.
• A Known-Original Attack KOA is when an at-
tacker has access to several pairs of watermarked
contents and their corresponding original ver-
sions.
• A Constant-Message Attack CMA occurs when
the attacker observes several watermarked con-
tents and only knows that the unknown hidden
message is the same in all contents.
• Finally, an Estimated Original Attacks (EOA) oc-
curs when the attacker has access to an estimation
of the original host signal, with possibly some es-
timation errors.
TopologicalStudyandLyapunovExponentofaSecureSteganographicScheme
277
In the framework of WOA, the stego-
security (Cayre et al., 2008) is relevant to evaluate
the security of information hiding processes. It is the
highest security level in WOA setup. To recall it, the
following notations must firstly be introduced: K is
the set of embedding keys, p(X) is the probabilistic
model of N
0
initial host contents, p(Y|K
1
) is the
probabilistic model of N
0
watermarked contents.
Furthermore, it is supposed in this context that each
host content has been watermarked with the same
secret key K
1
and the same embedding function e.
It is now possible to define the notion of stego-
security:
Definition 13 (Stego-Security). In the Watermark-
Only Attack framework, the embedding function e is
stego-secure if and only if:
∀K
1
∈ K, p(Y|K
1
) = p(X).
In the other frameworks (KOA, KMA, and CMA),
the topological security should be investigated (Friot
et al., 2011). In this article, we focus more specifically
on this topological security, which is recalled below.
To check whether an information hiding scheme
S is topologically secure or not, S must be written
as an iterate process x
n+1
= f(x
n
) on a metric space
(X ,d). This formulation is always possible (Bahi and
Guyeux, 2010). So,
Definition 14 (Topological Security). An information
hiding scheme S is said to be topologically secure on
(X ,d) if its iterative process has a chaotic behavior
according to Devaney.
Thus a data hiding scheme is secure if it is un-
predictable. Its iterative process must satisfy the De-
vaney’s chaos property and its level of topological se-
curity increases with the number of chaotic properties
satisfied by it.
This new concept of security for data hiding
schemes has been proposed in (Bahi and Guyeux,
2010) as a complementary approach to the existing
framework. It contributesto the reinforcementof con-
fidence into existing secure data hiding schemes. Ad-
ditionally, the study of security in KMA, KOA, and
CMA setups is realizable in this context. Finally,
this framework can replace stego-security in situa-
tions that are not encompassed by it. In particular,
this framework is more relevant to give evaluation of
data hiding schemes claimed as chaotic.
In the EOA framework, the evaluation of the Lya-
punov exponent, which is the subject of this research
work, is relevant to quantify the level of security of
steganographic processes proven to be topologically
secure. Indeed, the Lyapunov exponent participates
to the measurement of this topological security. In an
EOA setup, the attacker has only access to estimations
of the original content. With just this knowledge, he
or she should not be in measure to recover any in-
formation about the secret message or the secret key.
The topological security, with the two other notions
of sensibility and expansiveness introduced in Defi-
nitions 9 and 10, are relevant to face attacks in this
context. However, these two topological properties
give no precise quantification of the security of the
scheme, which justifies the consideration of the Lya-
punov exponent.
4 THE STEGANOGRAPHIC
SCHEME CI S
2
To explain how to use chaotic iterations for informa-
tion hiding, we must firstly define the significance of
a given coefficient, and the notion of most and least
significant coefficients (MSCs and LSCs).
We first notice that terms of the original content x
that may be replaced by terms taken from the secret
message y are less important than other ones: they
could be changed without be perceived as such. For
a given host content x, MSCs are then ranks of x that
describe the relevant part of the image, whereas LSCs
translate its less significant parts. These two defini-
tions are illustrated on Figure 1, where the LSCs cor-
respond to the last three bits of each pixel.
(a) Original.
(b) MSCs. (c) LSCs (×17).
Figure 1: Most and least significant coefficients of Lena.
The steganographicscheme C I S
2
that generalizes
the watermarking scheme based on chaotic iterations
can now be recalled. In this part the following nota-
tions will be used: x
0
∈ B
N
is the N LSCs of a given
cover media C, m
0
∈ B
P
is the secret message to em-
SECRYPT2013-InternationalConferenceonSecurityandCryptography
278
bed into x
0
, S
p
∈ S
N
is the place strategy, S
c
∈ S
P
is
the choice strategy, and lastly S
m
∈ S
P
is the mixing
strategy.
The steganographic scheme is defined by
∀(n,i, j) ∈ N
∗
× J0;N − 1K × J0;P − 1K:
x
n
i
=
(
x
n−1
i
if S
n
p
6= i
m
S
n
c
if S
n
p
= i,
and
m
n
j
=
m
n−1
j
if S
n
m
6= j
m
n−1
j
if S
n
m
= j.
where
m
n−1
j
is the Boolean negation of m
n−1
j
.
The new LSCs of the stego-content are the
Boolean vector y = x
P
∈ B
N
.
5 TOPOLOGICAL MODEL FOR
CI S
2
AND SECURITY
ANALYSIS ON X
2
In this section is recalled the topology used in order
to model the steganographic scheme C I S
2
by a dis-
crete dynamical system in a topological space (De-
vaney, 1989).
Let
F
:
J0;N − 1K × B
N
× J0;P − 1K × B
P
−→ B
N
(k,x,λ,m) 7−→
δ(k, j).x
j
+
δ(k, j).m
λ
j∈J0;N−1K
where + and . are the Boolean addition and product
operations.
Consider the phase space X
2
defined as follow:
X
2
= S
N
× B
N
× S
P
× B
P
× S
P
, where S
N
and S
P
are
the sets introduced in Section 2.1.
The map G
f
0
:
X
2
−→ X
2
is defined by:
G
f
0
S
p
,x,S
c
,m,S
m
=
σ
N
(S
p
),F (i
N
(S
p
),x, i
P
(S
c
),m), σ
P
(S
c
),G
f
0
(m,S
m
),
σ
P
(S
m
)
.
Then CI S
2
can be described by the iterations of the
following discrete dynamical system:
X
0
∈ X
2
and X
k+1
= G
f
0
(X
k
).
By comparing X
2
and X
1
, it has been proven
in (Friot et al., 2011) that:
Proposition 1. X
2
has, at least, the cardinality of the
continuum.
A new distance has been defined on X
2
as fol-
low: ∀X,
ˇ
X ∈ X
2
, if X = (S
p
,x,S
c
,m,S
m
) and
ˇ
X =
(
ˇ
S
p
, ˇx,
ˇ
S
c
, ˇm,
ˇ
S
m
), then:
d
2
(X,
ˇ
X) =
d
B
N
(x, ˇx) + d
B
P
(m, ˇm)+
d
S
N
(S
p
,
ˇ
S
p
) + d
S
P
(S
c
,
ˇ
S
c
) + d
S
P
(S
m
,
ˇ
S
m
), where:
• d
B
N
(E,
ˇ
E) =
N−1
∑
k=0
δ(E
k
,
ˇ
E
k
) ∈ J0;NK,
• and d
S
N
(S,
ˇ
S) =
9
N
∞
∑
k=1
|S
k
−
ˇ
S
k
|
10
k
∈ [0;1]
are respectively distances on B
N
and S
N
(∀N ∈ N
∗
).
To demonstrate that C I S
2
is another example of
topological chaos in the sense of Devaney, it has been
firstly established in (Friot et al., 2011) that,
Proposition 2. G
f
0
is continuous on (X
2
,d
2
).
Then it has been proven that (X
2
,G
f
0
) is topologi-
cally transitive, regular, and has sensitive dependence
on initial conditions. Then we have the result:
Theorem 1. G
f
0
is a chaotic map on (X
2
,d
2
) in the
sense of Devaney, and consequently the scheme C I S
2
is topologically secure.
Another theorem about the security of C I S
2
has
been established in (Friot et al., 2011).
Theorem 2. C IS
2
is stego-secure.
6 A TOPOLOGICAL
SEMI-CONJUGACY BETWEEN
X
2
AND R
In this section, by using a topologicalsemi-conjugacy,
we show that C I S
2
modeled by G
f
0
on X can be
described as iterations on a real interval. As our re-
searches are inspired by the work of (Bahi et al.,
2012), the proofs detailed in this document will fol-
low a same canvas. To do so, some notations and ter-
minologies must be introduced another time.
Let X
(N;P)
= S
N
× B
N
× S
P
× B
P
× S
P
. In what
follows and for easy understanding, we will assume
that N = 3 and P = 2. So N + P = 5 and NP
2
= 12.
However, an equivalent formulation of the following
can be easily obtained by replacing the bases 5 and
12 by any base (N + P) and (NP
2
). N has only to be
greater than P.
Definition 15. The function ψ
:
J1,NK × J1,PK ×
J1,PK → J0, NP
2
− 1K is defined by: ψ
S
i
p
,S
i
c
,S
i
m
=
(S
i
p
− 1)P
2
+ (S
i
c
− 1)P + (S
i
m
− 1).
TopologicalStudyandLyapunovExponentofaSecureSteganographicScheme
279
This function aims to convert a strategy of triplets in
a simple strategy of integers expressed in a different
base. Obviously, ψ is a bijective function, the reverse
operation will be denoted by ψ
−1
. The three projec-
tions of ψ
−1
are denoted by: ψ
−1
1
ψ
S
i
p
,S
i
c
,S
i
m
=
S
i
p
, ψ
−1
2
ψ
S
i
p
,S
i
c
,S
i
m
= S
i
c
, and
ψ
−1
3
ψ
S
i
p
,S
i
c
,S
i
m
= S
i
m
.
Table 1: Illustration of the function ψ (see Definition 15).
Base Base Base Base
N = 3 P = 2 P = 2 NP
2
= 12
S
i
p
S
i
c
S
i
m
ψ
S
i
p
,S
i
c
,S
i
m
1 1 1 0
1 1 2 1
1 2 1 2
1 2 2 3
2 1 1 4
2 1 2 5
2 2 1 6
2 2 2 7
3 1 1 8
3 1 2 9
3 2 1 10
3 2 2 11
Definition 16. Let us define ϕ
:
X
(3;2)
=
S
3
× B
3
× S
2
× B
2
× S
2
−→
h
0,2
5
h
, as fol-
lows. If
S
p
,E,S
c
,M,S
m
=
(S
0
p
,S
1
p
,. . .)
(E
0
,E
1
,E
2
,E
3
);(S
0
c
,S
1
c
,. . .);(M
0
,M
1
); (S
0
m
,S
1
m
,. . .)
,
then ϕ
S
p
,E,S
c
,M,S
m
is the real number:
• whose integral part e is
2
∑
k=0
2
4−k
E
k
+
4
∑
k=3
2
4−k
M
k−3
, that is, the binary
digits of e are E
0
E
1
E
2
M
0
M
1
.
• whose decimal part s is equal to: s =
0,ψ
S
0
p
,S
0
c
,S
0
m
ψ
S
1
p
,S
1
c
,S
1
m
ψ
S
2
p
,S
2
c
,S
2
m
.. .
=
∑
+∞
k=1
12
−k
S
k−1
. s is thus expressed in base 12.
ϕ realizes the association between a point of X
(3;2)
and a real number into
h
0,2
5
h
. We must now trans-
late the steganographic process CI S
2
, which is repre-
sented by G
f
0
iterations on this real interval. To do so,
two intermediate functions over
h
0,2
5
h
denoted by e
and s must be introduced.
Definition 17. Let x ∈
h
0,2
5
h
and:
• e
0
,. . . , e
4
the binary digits of the integral part of x:
⌊x⌋ =
4
∑
k=0
2
4−k
e
k
.
• (s
k
)
k∈N
the digits of x, expressed in base 12,
where the chosen decimal decomposition of x is
the one that does not have an infinite number of
11: x = ⌊x⌋ +
+∞
∑
k=0
s
k
12
−k−1
.
e and s are thus defined as follows:
e
:
h
0,2
5
h
−→ B
3
× B
2
x 7−→ ((e
0
,e
1
,e
2
);(e
3
,e
4
))
and
s
:
h
0,2
5
h
−→ J0,11K
N
x 7−→ (s
k
)
k∈N
We are now able to define the function g, whose
goal is to translate the steganographic process C I S
2
represented by G
f
0
on an interval of R.
Definition 18. g
:
h
0,2
5
h
−→
h
0,2
5
h
is such that g(x)
is the real number of
h
0,2
5
h
defined below:
• its integral part has a binary decomposition equal
to e
′
0
,. . . ,e
′
4
, with ∀i ∈ J0,2K:
e
′
i
=
e(x)
i
if i 6= ψ
−1
1
s
0
e(x)
2+ψ
−1
2
(
s
0
)
if i = ψ
−1
1
s
0
and ∀i ∈ J3, 4K:
e
′
i
=
e(x)
i
if i 6= ψ
−1
3
s
0
e(x)
i
+ 1 (mod 2) if i = ψ
−1
3
s
0
,
• whose decimal part is s(x)
1
,s(x)
2
,. . .
In other words, if x =
4
∑
k=0
2
4−k
e
k
+
+∞
∑
k=0
s
k
12
−k−1
,
then:
g(x) =
2
∑
k=0
2
4−k
e
k
δ(k,ψ
−1
1
(s
0
)) + 1 (mod 2)
+e
2+ψ
−1
2
(s
0
)
δ(k,ψ
−1
1
(s
0
))
+
4
∑
k=3
2
4−k
(e
k
+ δ(k,ψ
−1
3
(s
0
) (mod 2))
+
+∞
∑
k=0
s
k+1
12
−k−1
,
SECRYPT2013-InternationalConferenceonSecurityandCryptography
280
where δ is the discrete Boolean metric introduced in
Definition 1.
Numerous metrics can be defined on the set
h
0,2
5
h
, the most usual one being the Euclidian dis-
tance ∆(x,y) = |y− x|
2
. This Euclidian distance does
not reproduce exactly the notion of proximity induced
by our first distance d
2
on X
2
. Indeed d
2
is richer than
∆. This is the reason why we have to introduce the
following metric.
Definition 19. Given x,y ∈
h
0,2
5
h
, D denotes the
function from
h
0,2
5
h
2
to R
+
defined by: D(x,y) =
D
e
e(x),e(y)
+ D
s
s(x),s(y)
, where:
D
e
(e, ˇe) =
4
∑
k=0
δ(e
k
, ˇe
k
), and D
s
(s, ˇs) =
∞
∑
k=1
|s
k
− ˇs
k
|
12
k
.
Proposition 3. D is a distance on
h
0,2
5
h
.
PROOF. The three axioms defining a distance must be
checked.
• D > 0, because everything is positive in its def-
inition. If D(x,y) = 0, then D
e
(x,y) = 0, so the
integral parts of x and y are equal (they have
the same binary decomposition). Additionally,
D
s
(x,y) = 0, then ∀k ∈ N
∗
,s(x)
k
= s(y)
k
. In other
words, x and y have the same k−th decimal digit,
∀k ∈ N
∗
. And so x = y.
• Obviously, ∀x, y,D(x,y) = D(y,x).
• Finally, the triangle inequality is obtained due to
the fact that both δ and |x− y| satisfy it.
The convergence of sequences according to D is
not the same than the usual convergence related to the
Euclidian metric. For instance, if x
n
→ x according
to D, then necessarily the integral part of each x
n
is
equal to the integral part of x (at least after a given
threshold), and the decimal part of x
n
corresponds to
the one of x “as far as required”. D is richer and more
refined than the Euclidian distance, and thus is more
precise.
ϕ has been constructed in order to be continuous
and onto, so we obtained the following theorem:
Theorem 3. The steganographic process CI S
2
repre-
sented by
G
f
0
,X
2
can be considered as simple itera-
tions on R, which is illustrated by the semi-conjugacy
given below:
X
(3;2)
,d
2
G
f
0
−−−−→
X
(3;2)
,d
2
ϕ
y
y
ϕ
h
0,2
5
h
,D
−−−−→
g
h
0,2
5
h
,D
In other words, X
2
is somewhat approximately
equal to
h
0,2
N+P
h
.
It can be remarked that the function g is a piece-
wise linear function: it is linear on each interval hav-
ing the form
n
12
,
n+ 1
12
, n ∈ J0;2
5
× 12J, and its
slope is equal to 12. Let us justify these assessments:
Proposition 4. The process C I S
2
represented by g
defined on R has derivatives of all orders on
h
0,2
5
h
,
except on the 385 points in I defined by:
I =
n
12
.
n ∈ J0;2
5
× 12K
.
Furthermore, on each interval of the form
n
12
,
n+ 1
12
, with n ∈ J0;2
5
× 12J, g is a linear func-
tion having a slope equal to 12: ∀x /∈ I, g
′
(x) = 12.
PROOF. Let I
n
=
n
12
,
n+ 1
12
, with n ∈ J0;2
5
× 12K.
All the points of I
n
have the same integral part e and
the same decimal part s
0
: on the set I
n
, functions e(x)
and x 7→ s(x)
0
of Definition 17 only depend on n. So
all the images g(x) of these points x:
• Have the same integral part, which is e, except
probably the bit number s
0
. In other words, this
integer has approximately the same binary de-
composition than e, the sole exception being the
digit s
0
(this number is then either e + 2
12−s
0
or
e− 2
12−s
0
, depending on the parity of s
0
, i.e., it is
equal to e+ (−1)
s
0
× 2
12−s
0
).
• A shift to the left has been applied to the decimal
part y, losing by doing so the common first digit
s
0
. In other words, y has been mapped into 12 ×
y− s
0
.
To sum up, the action of g on the points of I is as
follows: first, make a multiplication by 12, and sec-
ond, add the same constant to each term, which is
1
12
e+ (−1)
s
0
× 2
12−s
0
− s
0
.
We are now able to evaluate the Lyapunov expo-
nent of our digital watermarking scheme based on
chaotic iterations, which is now described by the it-
erations on R of the g function introduced in Defini-
tion 18.
7 TOPOLOGICAL SECURITY OF
CI S
2
ON R
According to Theorem 1, CI S
2
represented by the
function G
f
0
on X
2
is topologically secure, that is to
TopologicalStudyandLyapunovExponentofaSecureSteganographicScheme
281
say
G
f
0
,X
2
is chaotic in the sense of Devaney. We
can deduce the same property for C I S
2
represented
by the g function on R for the order topology. Indeed
G
f
0
,X
2
and
g,[0, 2
5
[
D
are semi-conjugate by ϕ
as proven in the previous section. So
g,[0, 2
5
[
D
is a chaotic system according to Devaney, because
the semi-conjugacy preserves this character (Propo-
sition 1 in Section 2.3). However the topology gen-
erated by D is finer than the topology generated by
the Euclidean distance ∆, which is the order topology.
Finally, according to Theorem 1, we can affirm that
the steganographic process C IS
2
represented by g is
chaotic in the sense of Devaney for the order topology
on R.
Having these assertions in mind, we can formulate
the following theorem:
Theorem 2 The steganographic process C I S
2
repre-
sented by g on R is chaotic in the sense of Devaney,
when the usual topology of R is used (the order topol-
ogy).
This result is weaker than Theorem 1, which es-
tablish the chaotic property of C I S
2
for a finer topol-
ogy. It is as if the chaos observed using usual tools
like the Euclidian distance is still preserved when con-
sidering more powerful tools (higher resulution, i.e.,
finer topologies).
The result contained in Theorem 2 is however in-
teresting, as it confirms that the followed approach
does not lead to weaker properties. Indeed, this study
has taken place in a system other than the one usually
considered (X
2
instead of R), in order to be as closed
as possible to the final computer machines. By do-
ing so, we prevent from any loss of chaotic properties
when computing the scheme written in mathematical
terms. However, it might be feared that the choice of
a discrete mathematics approach leads to a disorder
of lower quality. In other words, we have achieved to
prevent from a situation of great disorder lost during
the computation into machines. However, the cost of
such achievement were probably to obtain a disorder
of poor quality. Theorem 2 proves exactly the con-
trary.
8 EVALUATION OF THE
LYAPUNOV EXPONENT
Let L =
x
0
∈
h
0,2
5
h.
∀n ∈ N,x
n
/∈ I
, where I is
the set of points in the real interval where g is not dif-
ferentiable (as it is explained in Proposition 4). Then,
Theorem 4. ∀x
0
∈ L, the Lyapunov exponent of
CI S
2
having x
0
for initial condition is equal to
λ(x
0
) = ln(12) > 0.
PROOF. g is piecewise linear, with a slop of 12
(g
′
(x) = 12 where the function g is differentiable).
Then ∀x ∈ L, λ(x) = lim
n→+∞
1
n
∑
n
i=1
ln
g
′
x
i−1
= lim
n→+∞
1
n
∑
n
i=1
ln|12| = lim
n→+∞
1
n
nln|12| =
ln12.
Remark 1. The set of initial conditions for which this
exponent is not calculable is countable. This is in-
deed the initial conditions such that an iteration value
will be a number having the form
n
12
, with n ∈ N.
Moreover, for a system having N + P cells (a number
of LSCs equal to N and a secret message to embed
of width equal to P), we will find, mutatis mutan-
dis, an infinite uncountable set of initial conditions
x
0
∈
0;2
N+P
such that λ(x
0
) = ln(NP
2
).
So, it is possible to make the Lyapunov exponent
of the scheme CI S
2
as large as possible, depending
on the number of least significant coefficients of the
cover media we decide to consider, and on the width
of the message to embed. As proven in (Guyeux et al.,
2010), a large Lyapunov exponent makes it impos-
sible to achieve the well-known “Estimated Original
Attacks” (Cayre et al., 2008).
9 CONCLUSIONS AND FUTURE
WORK
A new quantitative evaluation for the steganographic
scheme C I S
2
is now available: its Lyapunov expo-
nent is equal to ln(NP
2
), where N is the number of
least significant coefficients of the cover media and P
the width of the secret message to embed. This expo-
nent allows to quantify the amplification of the igno-
rance on the exact initial condition (the media with-
out watermark) after several iterations of the stegano-
graphic process. It illustrates the disorder generated
by iterations of the process, reinforcing its chaotic na-
ture. Thanks to its topological security, this scheme
is already able to face an attacker in the context
of Known-Message Attack, Known-Original Attack,
and Constant-Message Attack. In addition, this result
implies that it is also able to resist in the context of an
Estimated Original Attacks.
Using the semi-conjugacy described here, it will
be possible in a future work to compare the topologi-
cal behavior of C I S
2
on X
2
and R, and to explore the
topological security of the steganography scheme us-
ing this new topology. Then, an analogue study of the
SECRYPT2013-InternationalConferenceonSecurityandCryptography
282
two other topologically secure schemes cited here will
be conducted in order to compare these processes, be-
ing thus able to choose the best one according to the
type of applications under consideration. Finally, se-
curity in steganography context will be investigated
too, and topological security will be applied in this
framework.
REFERENCES
Bahi, J., Friot, N., and Guyeux, C. (2012). Lyapunov ex-
ponent evaluation of a digital watermarking scheme
proven to be secure. In IIH-MSP’2012, 8-th Int.
Conf. on Intelligent Information Hiding and Multi-
media Signal Processing, pages ***–***, Piraeus-
Athens, Greece. IEEE Computer Society. To appear.
Bahi, J. M. and Guyeux, C. (2010). A chaos-based approach
for information hiding security. arXiv N
o
0034939.
Banks, J., Brooks, J., Cairns, G., and Stacey, P. (1992). On
devaney’s definition of chaos. Amer. Math. Monthly,
99:332–334.
Cachin, C. (2004). An information-theoretic model for
steganography. Information and Computation, 192:41
– 56.
Cayre, F., Fontaine, C., and Furon, T. (2008). Kerckhoffs-
based embedding security classes for woa data hiding.
IEEE Transactions on Information Forensics and Se-
curity, 3(1):1–15.
Devaney, R. L. (1989). An Introduction to Chaotic Dynam-
ical Systems. Addison-Wesley, Redwood City, CA,
2nd edition.
Formenti, E. (1998). Automates cellulaires et chaos : de
la vision topologique la vision algorithmique. PhD
thesis,
´
Ecole Normale Suprieure de Lyon.
Friot, N., Guyeux, C., and Bahi, J. (2011). Chaotic iter-
ations for steganography - stego-security and chaos-
security. In SECRYPT’2011, Int. Conf. on Security
and Cryptography, pages ***–***, Sevilla, Spain. To
appear.
Furon, T. (2002). Security analysis. European Project IST-
1999-10987 CERTIMARK, Deliverable D.5.5.
Guyeux, C., Friot, N., and Bahi, J. (2010). Chaotic itera-
tions versus spread-spectrum: chaos and stego secu-
rity. In IIH-MSP’10, 6-th Int. Conf. on Intelligent In-
formation Hiding and Multimedia Signal Processing,
pages 208–211, Darmstadt, Germany.
Kalker, T. (2001). Considerations on watermarking security.
In Multimedia Signal Processing, 2001 IEEE Fourth
Workshop on, pages 201–206.
Mao, Y. and Chen, X. (2011). An encryption algorithm
of chaos based on sine square mapping. In Proceed-
ings of the 2011 Fourth International Symposium on
Computational Intelligence and Design - Volume 01,
ISCID ’11, pages 131–134, Washington, DC, USA.
IEEE Computer Society.
Mart´ınez-
˜
Nonthe, J. A., D´ıaz-M´endez, A., Cruz-Irisson,
M., Palacios-Luengas, L., Del-R´ıo-Correa, J. L., and
V´azquez-Medina, R. (2011). Cryptosystem with one
dimensional chaotic maps. In Proceedings of the
4th international conference on Computational intel-
ligence in security for information systems, CISIS’11,
pages 190–197, Berlin, Heidelberg. Springer-Verlag.
Mittelholzer, T. (1999). An information-theoretic approach
to steganography and watermarking. In Pfitzmann,
A., editor, Information Hiding, volume 1768 of Lec-
ture Notes in Computer Science, pages 1–16, Dresden,
Germany. Springer.
Perez-Freire, L., P´erez-gonzalez, F., and Comesa˜n, P.
(2006). Secret dither estimation in lattice-quantization
data hiding: A set-membership approach. In Delp,
E. J. and Wong, P. W., editors, Security, Steganogra-
phy, and Watermarking of Multimedia Contents, San
Jose, California, USA. SPIE.
Schwartz, L. (1980). Analyse: topologie g´en´erale et anal-
yse fonctionnelle. Hermann.
Shannon, C. E. (1949). Communication theory of secrecy
systems. Bell Systems Technical Journal, 28:656–715.
Simmons, G. J. (1984). The prisoners’ problem and the
subliminal channel. In Advances in Cryptology, Proc.
CRYPTO’83, pages 51–67.
TopologicalStudyandLyapunovExponentofaSecureSteganographicScheme
283
