Next Article in Journal
A Systematic Literature Review of Information Privacy in Blockchain Systems
Previous Article in Journal
Threat Intelligence Extraction Framework (TIEF) for TTP Extraction
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Volume 5
Issue 3
10.3390/jcp5030064
Review Report
jcp-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Towards Analyzable Design Paradigms for Chaos-Based Cryptographic Primitives

J. Cybersecur. Priv. 2025, 5(3), 64; https://doi.org/10.3390/jcp5030064
by Abubakar Abba 1,*, Je Sen Teh 2,3,*, Mohd Najwadi Yusoff 4 and Adnan Anwar 2,3
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
J. Cybersecur. Priv. 2025, 5(3), 64; https://doi.org/10.3390/jcp5030064
Submission received: 25 June 2025 / Revised: 19 August 2025 / Accepted: 1 September 2025 / Published: 3 September 2025
(This article belongs to the Section Cryptography and Cryptology)

Round 1

Reviewer 1 Report (New Reviewer)

This manuscript presents a study on analyzable design paradigms for lightweight chaos-based cryptographic primitives, focusing on image encryption. The authors propose a minimalistic image encryption algorithm based on the substitution-permutation network (SPN) and a new chaos-based block cipher, the Chaos-based Feistel Block Cipher (CFBC), demonstrating their effectiveness through experimental evaluations.

In my opinion, the work presented demonstrates sufficient novelty and meaningful contributions. However, the manuscript exhibits certain deficiencies in multiple aspects. I therefore recommend that the authors further refine the manuscript in the following areas.

1). The abstract lacks clarity and detail. It should succinctly summarize the research gap, objectives, methodology, key findings, and the significance of the results. The current abstract fails to provide a comprehensive overview, leaving readers uncertain about the study's contributions. The authors should revise the abstract to clearly articulate the problem, the proposed solutions, and the implications of their findings.
2). The introduction lacks depth in discussing the research gap and motivating the study. The literature review is insufficient and fails to contextualize the current work within the broader field. The authors should provide a more thorough review of recent advances in chaos-based cryptography, highlighting the limitations of existing approaches and justifying the need for their research.
3). The methodology section lacks sufficient detail on experimental setup, parameter selection, and validation procedures. For instance, the choice of chaotic maps and their parameters is not adequately justified. The authors should provide a detailed description of how experiments were conducted, including the rationale behind parameter choices and the steps taken to ensure reproducibility.
4). The paper discusses several chaotic maps but does not provide a rigorous analysis of why certain maps were chosen over others. The authors should conduct a comparative analysis of different chaotic maps, evaluating their performance in terms of security, efficiency, and complexity. This analysis should be grounded in theoretical and empirical evidence.
5). While the authors analyze different SPN configurations, the discussion lacks depth in explaining why certain configurations outperform others. The ranking method used to evaluate SPN configurations should be more thoroughly justified, and the authors should provide a detailed explanation of the scoring criteria and their relevance to security.
6). The design of the CFBC is not adequately justified. The authors should provide a more detailed explanation of the round function, block shuffle pattern, and key schedule, demonstrating how these components contribute to the cipher's security. Additionally, the security analysis against differential cryptanalysis should be expanded to include a broader range of attack scenarios.
7). The experimental results are not sufficiently robust to support the authors' claims. The authors should conduct a more comprehensive set of experiments, including tests on larger and more diverse image datasets. Additionally, the statistical tests used to evaluate the ciphertexts should be more rigorously applied, and the results should be interpreted in the context of existing literature.
8). The comparison with existing chaos-based image ciphers is superficial and lacks depth. The authors should conduct a more thorough review of the literature, comparing their proposed algorithms with state-of-the-art methods in terms of security, efficiency, and practicality. This comparison should be grounded in empirical evidence and theoretical analysis. Authors should choose the latest high-quality designs for comparison, preferably the latest relevant work published in high-level journals such as ESWA and IEEE Trans.
9). The paper lacks rigorous security proofs and theoretical foundations for the proposed algorithms. The authors should provide formal security proofs, demonstrating the resistance of their algorithms to known attack vectors. This should include proofs of confidentiality, integrity, and authenticity, as well as analyses of potential vulnerabilities.
10). The authors do not adequately discuss the practical implications and real-world applications of their work. The manuscript should include a section on how the proposed algorithms can be integrated into existing cryptographic systems, highlighting potential use cases and benefits. Additionally, the authors should discuss any limitations or challenges associated with deploying their algorithms in real-world scenarios.
11). I suggest that the authors enhance the quality of the references by citing, introducing, analyzing, discussing, and comparing more high-level papers from SCI-indexed journals published by Elsevier, IEEE, Springer, and MDPI, rather than relying on short 3-page conference papers like "In Proceedings of the International Conference on Information Security and Cryptology. Springer, 2003, pp. 432–445." Additionally, papers published in journals such as Multimedia Tools and Applications, which have been removed from the SCI index due to the publication of low-quality articles, should be excluded from the reference list.

Author Response

Reviewer1:

In my opinion, the work presented demonstrates sufficient novelty and meaningful contributions. However, the manuscript exhibits certain deficiencies in multiple aspects. I therefore recommend that the authors further refine the manuscript in the following areas.

Comment 1:

The abstract lacks clarity and detail. It should succinctly summarize the research gap, objectives, methodology, key findings, and the significance of the results. The current abstract fails to provide a comprehensive overview, leaving readers uncertain about the study's contributions. The authors should revise the abstract to clearly articulate the problem, the proposed solutions, and the implications of their findings.

Response 1:

Thank you for this valuable feedback. We have thoroughly revised the entire abstract to clearly address the research gap, objectives, methodology, key findings, and significance of our work. It now provides a clearer explanation of the following:

  • Research Gap: Chaos-based ciphers have not seen mainstream adoption, in part because many continue to rely on "security through obscurity" and overly complex constructions that hinder formal analysis.
  • Objectives: To demonstrate that chaos-based ciphers can be designed using conventional symmetric-key paradigms, enabling rigorous security analysis and avoiding unnecessarily convoluted structures.
  • Methodology and key findings:
    • We begin with a substitution-permutation network (SPN) to design a minimalistic chaos-based image cipher and show that it meets standard evaluation criteria.
    • We find that simple low-dimensional chaotic maps suffice for eliminating statistical biases, and that the choice of chaotic maps has little impact on performance.
    • We then propose a chaos-based block cipher built on a Feistel structure (CFBC) and demonstrate how classical cryptanalysis (differential analysis) can be applied to evaluate its security.
  • Significance: Our findings highlight that chaos-based ciphers can benefit from structure and transparency rather than complexity, potentially paving the way for their wider acceptance and integration into mainstream cryptographic research.

 Comment 2:

The introduction lacks depth in discussing the research gap and motivating the study. The literature review is insufficient and fails to contextualize the current work within the broader field. The authors should provide a more thorough review of recent advances in chaos-based cryptography, highlighting the limitations of existing approaches and justifying the need for their research.

Response 2:

We appreciate the reviewer’s comments regarding the introduction and literature review.

We have tweaked the second paragraph to clearly outline the research gap: the limited adoption of chaos-based ciphers due to their reliance on obscure and overly complex designs. This motivates the study by proposing a shift toward analyzable, conventionally structured cryptographic constructions.

The literature review and discussion of related work have been presented in Section 3, rather than in the introduction. This section offers a detailed comparison with recent developments in chaos-based cryptography, explicitly highlighting the limitations of existing designs.

To aid the reader, we have added a reference at the end of the introduction pointing to Section 3, where the comprehensive review and contextualization of related work is provided.

Comment 3:

The methodology section lacks sufficient detail on experimental setup, parameter selection, and validation procedures. For instance, the choice of chaotic maps and their parameters is not adequately justified. The authors should provide a detailed description of how experiments were conducted, including the rationale behind parameter choices and the steps taken to ensure reproducibility.

Response 3:

We have gone through the methodology sections (Sections 4 and 5) to ensure that the experimental setup has been clearly described.

For the SPN experiments, Sections 4.1 and 4.2 describe how the experiments were performed (steps involved in the SPN encryption, how we rank the designs). We have included more details about the ranking process in Section 4.2. In terms of the choice of chaotic maps, we focus on simple 1D maps as the goal of the research is to show there is no need for complex ones. We have added statements at the end of Section 3 and in Section 4 to reflect this.  We have also included additional information about the parameter selection for the chaotic maps in first paragraph (Section 4).

Section 5 details all the steps involved in the CFBC encryption process and experimental design. We have added statements to indicate which chaotic map was used, and the corresponding parameters in first paragraph of Section 5. Our focus to show, for the first time, that we can derive provable security bounds for a chaos-based cipher (Section 5.2). We improved this section with some explanations of how different computing precision can impact resistance to differential cryptanalysis.

Comment 4:

The paper discusses several chaotic maps but does not provide a rigorous analysis of why certain maps were chosen over others. The authors should conduct a comparative analysis of different chaotic maps, evaluating their performance in terms of security, efficiency, and complexity. This analysis should be grounded in theoretical and empirical evidence.

Response 4:

Thank you for your comment. As emphasized throughout the paper, our focus is on demonstrating that simple, well-known 1D chaotic maps, such as the tent map and logistic map, are sufficient for constructing effective chaos-based ciphers. Rather than identifying the best or optimal chaotic map, our goal is to show that complex, high-dimensional maps are not necessary to achieve desired cryptographic properties. This is discussed in multiple sections of the paper, including our analysis where we demonstrate that changing the underlying chaotic map yields minimal impact on the statistical performance of the cipher (Section 4.4). These maps have already been extensively studied in prior work, and our contribution is in showcasing their practicality within structured, analyzable designs.

We have added and highlighted statements throughout the paper to enforce our narrative and justify why we only use simple maps in the study.

Comment 5:

While the authors analyze different SPN configurations, the discussion lacks depth in explaining why certain configurations outperform others. The ranking method used to evaluate SPN configurations should be more thoroughly justified, and the authors should provide a detailed explanation of the scoring criteria and their relevance to security.

Response 5:

The performance evaluation of the different substitution-permutation (SP) network configurations is based on widely accepted statistical security metrics commonly used in the field of image encryption, e.g. entropy, correlation coefficient, NPCR (Number of Pixels Change Rate), and UACI (Unified Average Changing Intensity). The SPN configurations all perform similarly, with only trivial differences between them. Therefore, we have added a statement in Section 4.4 (paragraph 2) to highlight that the SP or PS configurations have the optimal trade-off.

For the ranking, each metric’s individual performance was scaled linearly between 0 and 100, where a value of 100 corresponds to the ideal or optimal result specific to that metric (e.g., maximum entropy, minimum correlation, maximum NPCR and UACI values reflective of strong diffusion and confusion). Aggregating these scaled scores allows us to quantify the overall security level achieved by each SPN configuration in a normalized manner. We believe that this ranking method provides a transparent, reproducible approach for selecting effective SPN configurations.

We have included this explanation in Section 4.2.

Comment 6:

The design of the CFBC is not adequately justified. The authors should provide a more detailed explanation of the round function, block shuffle pattern, and key schedule, demonstrating how these components contribute to the cipher's security. Additionally, the security analysis against differential cryptanalysis should be expanded to include a broader range of attack scenarios.

Response 6:

We thank the reviewer for this comment. The design of the CFBC cipher is intentionally designed based on the well-established Feistel construction, which is known for its flexibility and analyzability. We have clearly stated in Section 5 that CFBC adopts the generalized Feistel network (GFN), and we provide an appropriate reference to justify this choice of design paradigm.

The rationale behind specific design decisions is as follows:

  • Block size and structure: A 128-bit block size is standard in modern symmetric-key ciphers. We adopt eight branches (k = 8), resulting in 16-bit sub-blocks. While many GFNs use 4- or 8-bit S-boxes, we use chaotic maps for substitution, represented with 32-bit fixed-point arithmetic, and extract the 16 least significant bits to enhance sensitivity to input changes and ensure sufficient nonlinearity.
  • Round function and block shuffle: The substitution operation is implemented using simple chaotic maps (as detailed earlier in the paper) and a block shuffle pattern based on prior work [47], which has been demonstrated to provide effective diffusion across rounds.
  • Key schedule: Our design employs a straightforward key schedule that generates subkeys per round. Since the focus of this work is not on key schedule design, but rather on demonstrating that chaos-based components can be embedded into classical structures and remain analysable, we intentionally keep the key schedule simple.
  • Security analysis: The differential cryptanalysis provided in the paper is a proof-of-concept to illustrate that classical cryptanalysis techniques remain applicable when chaos-based operations are used within conventional frameworks. We agree that a broader security analysis—e.g. against linear or boomerang cryptanalysis—would be a valuable direction for future work. However, we emphasise that CFBC is not intended for deployment, but rather as an illustrative cipher to challenge the notion that chaos-based ciphers must have a complex design to be secure.

To address this comment, we have added clarification in Section 5 to reiterate the design rationale and highlight the intended scope of CFBC as a demonstrative construct rather than a deployment-ready cipher. We also provide justification for having 8 branches of 16-bit subblocks both at the beginning of Section 5 and further explanations about why we went with 32-bit precision in Section 5.2. We also added clarification about why we focus mainly on differential cryptanalysis in Section 5.2.

Comment 7:

The experimental results are not sufficiently robust to support the authors' claims. The authors should conduct a more comprehensive set of experiments, including tests on larger and more diverse image datasets. Additionally, the statistical tests used to evaluate the ciphertexts should be more rigorously applied, and the results should be interpreted in the context of existing literature.

Response 7:

We thank the reviewer for this comment. The central claim of our work is not that the proposed ciphers outperform existing schemes, but rather that simple, low-dimensional chaotic maps embedded within conventional cryptographic structures (such as substitution-permutation and Feistel networks) are sufficient to meet widely accepted statistical security criteria in image encryption. This challenges the notion that complexity or high-dimensional chaotic maps are necessary for effective design.

To support this, we used standard evaluation metrics (entropy, correlation, NPCR, UACI), applied in line with common practice in chaos-based cryptography literature. Our experiments were performed on benchmark image datasets such as Lena, cameraman, peppers and other samples for fair comparison with other chaos-based ciphers, obtained from the SC-SIPI 'Miscellaneous' image dataset, sourced from the USC-SIPI Image Database. These test images are commonly used in the field as in the existing literature (10.1038/s41598-025-95511-y., 10.1007/s11042-024-19771-y).

The statistical tests were rigorously applied following established methodologies. The results are interpreted relative to what is typically accepted in the field, demonstrating that our simple design choices lead to comparable security performance.

We have modified the “Contributions” section (second paragraph) in the Introduction to reiterate the goal of this paper.

Comment 8:

The comparison with existing chaos-based image ciphers is superficial and lacks depth. The authors should conduct a more thorough review of the literature, comparing their proposed algorithms with state-of-the-art methods in terms of security, efficiency, and practicality. This comparison should be grounded in empirical evidence and theoretical analysis. Authors should choose the latest high-quality designs for comparison, preferably the latest relevant work published in high-level journals such as ESWA and IEEE Trans.

Response 8:

Thank you for this comment. We would like to reiterate that our goal is not to propose new ciphers that outperform all existing schemes in every aspect, but to demonstrate that simple, analyzable chaos-based constructions can perform comparably to complex designs in standard statistical tests commonly used in literature. We opted for a quantitative comparison with prior work using the same set of metrics commonly used in chaos-based cryptography to demonstrate our point. Our comparison already includes empirical evidence (statistical testing) and theoretical analysis (e.g. security against differential cryptanalysis).

Comment 9:

The paper lacks rigorous security proofs and theoretical foundations for the proposed algorithms. The authors should provide formal security proofs, demonstrating the resistance of their algorithms to known attack vectors. This should include proofs of confidentiality, integrity, and authenticity, as well as analyses of potential vulnerabilities.

Response 9:

Our paper does not aim to propose a provably secure cryptosystem with formal guarantees such as confidentiality, integrity, or authenticity proofs. In fact, symmetric-key encryption schemes, especially block ciphers, rarely come with such formal proofs in practice. Instead, their security is typically evaluated based on resistance to known cryptanalytic attacks and statistical performance, which is the approach we adopt and that we hope future chaos-based designs will adopt.

Our primary goal is to demonstrate that simple, transparent constructions can perform comparably to more complex chaos-based schemes under the standard statistical evaluations commonly used in literature. We do not claim our proposed schemes are production-ready or provably secure but rather aim to encourage designs that are more amenable to analysis and cryptanalytic scrutiny. We have made modifications throughout the paper to make this narrative clearer to the readers.

Comment 10:

The authors do not adequately discuss the practical implications and real-world applications of their work. The manuscript should include a section on how the proposed algorithms can be integrated into existing cryptographic systems, highlighting potential use cases and benefits. Additionally, the authors should discuss any limitations or challenges associated with deploying their algorithms in real-world scenarios.

Response 10:

Thank you for the suggestion. As noted in our earlier responses, the primary aim of this paper is not to propose deployment-ready cryptographic algorithms or detail practical integration. Instead, our focus is on demonstrating that simple, chaos-based designs can achieve comparable statistical performance to more complex schemes, while remaining analyzable using standard cryptanalytic methods.

We acknowledge that practical deployment considerations, such as integration into existing systems, performance optimisation, and resource constraints, are important but lie outside the scope of this foundational and conceptual study.

We have added statements to the conclusion to highlight these points.

Comment 11:

I suggest that the authors enhance the quality of the references by citing, introducing, analyzing, discussing, and comparing more high-level papers from SCI-indexed journals published by Elsevier, IEEE, Springer, and MDPI, rather than relying on short 3-page conference papers like "In Proceedings of the International Conference on Information Security and Cryptology. Springer, 2003, pp. 432–445." Additionally, papers published in journals such as Multimedia Tools and Applications, which have been removed from the SCI index due to the publication of low-quality articles, should be excluded from the reference list.

Response 11:

Thank you for the valuable feedback regarding the quality of references cited in our manuscript. We fully acknowledge the importance of grounding our work in high-impact, rigorously peer-reviewed literature from reputable SCI-indexed journals published by established publishers such as Elsevier, IEEE, Springer, and MDPI.

As of the time of writing this paper, all the works we covered and used for analysis and comparative evaluation were published in journals ranked in JCR Tier 1 (Q1) or Tier 2 (Q2), as detailed in Table 1, “Analysis of Recent Chaos-Based Cryptographic Algorithms.” We recognize that some of these journals may have since lost their SCI indexing or changed status, but at the time of publication for the corresponding papers, they were considered high-quality venues within the relevant research community.

Furthermore, to maintain the rigor of our references, we have excluded the only conference paper originally cited as mentioned in your comment.

Reviewer 2 Report (New Reviewer)

The provided manuscript is well structured and presented in the informative form. The results of the work are good explained from the methodological point of view. Everything is described according to the best practices of the academic level studies.
The provided results of the study are interesting for readers. The proposed components of chaotic cipher and the estimation fit to novelty requirements.
But there are few recommendations that should be taken into account that are connected with the meeting the requirements of MDPI template.

1. Please use semicolon in Keywords section instead of the comma (only semicolon is a valid punctuation symbol for MDPI Keywords). Word 'Cryptography' can be replaced by 'Lightweight Cryptography'. Please also consider extending the Keywords and adding more words from the work, including 'Cryptographic Primitives' and 'Feistel constructions' (or Feistel functions).

2. Section 2 can be renamed to provide in the title the information about your role in the obtaining this information. Since it is the general information the section name can be chosen as 'Analysis of primitives and metrics for substitution-based image encryption' or some other specific and informative. The same for subsections with the short titles.
It is possible to extend subsection 2.1 with adding of 1-2 sentences with clarification before considering of each new term to make it more clear for wider range of readers (it would not be redundant in case of such specific knowledge). For subsection 2.2 it is possible to add some section conclusion to make the entire section text more logically integral. It is recommended to add more citations here since this is the known information.

3. The same for section 4, the word 'Analysis of' can be added at the beginning of title. The table 2 is confusing, because it is simply the listing. Comments for tables 1 and 2 should be placed before the table. The comment text should fit the MDPI requirements.
Some analysis after tables 3-6 is required to summarize the considered scores for images.

4. The testing with NIST is provided only in 5.1, but this is one of key criteria that proves the cryptographic strength of the proposed sequence of substitutions and permutations within cipher.
Together with the explanations of practical results this part can be additionally explained in the Discussion section before the Conclusion (that also can be extended).

5. Please also consider following comments and recommendations.
- From the title of article it is not clear what the result is proposed in the work.
- Please ensure the explanation for all abbreviations before the first use (in abstract: CBC, and then there are in the main text). It should be done once within the paper. The Abbreviations section is optional, but can be added after conclusion (it depends on the preferences of authors).
- The beginning of the abstract can be reformulated and extended to ensure smooth movement from the motivation in first two sentences (that are ok) to the drawbacks of known solutions and the proposed results. The phrase 'to facilitate cryptanalysis efforts' is confusing (is it fits to the goal of the work?).
- The part of the sentences in the text can be reformulated and rephrased to improve the readability (e.g. 'As such, we study'). The 'Evidence' can be replaced by 'Proof' in the contribution definition.
- Abbreviation chaos-based Feistel cipher (CFBC) requires clarification and verification (is it correct?).
- Please remove redundent dot (line 56).
- It is reasonable to increase the size of figures 1 and 2 with adding comments for a) and b) parts. The same for figures 3 and 5 (increase the size).
- Please remove 'An' from title of section 3 (line 210).
- Please extend the comment texts for tables and figures with the short comments. Also please ensure that there is the dot at the end (is missed in the most comments).
- Please update correct numeration of sections (4 and 5 instead of 3 and 4 at the end of Introduction, lines 92-93).
- Please recheck the correctness of punctuation in enumerations (lines 80-87, 259-284, 294-343, 387-393, 413-419, and 487-506). If the colon is used, each item in enumeration should starts as the regular text (not capital) and should be ended by semicolon. Otherwise before the enumeration a dot should be used instead of a colon. Also, MDPI template provides the possibility to use the enumirations without the colons.
- No italic or other ways to highlight the items (including bold highlighting) of enumeration exists in MDPI templates.

Author Response

The provided manuscript is well structured and presented in the informative form. The results of the work are good explained from the methodological point of view. Everything is described according to the best practices of the academic level studies.

The provided results of the study are interesting for readers. The proposed components of chaotic cipher and the estimation fit to novelty requirements.

But there are few recommendations that should be taken into account that are connected with the meeting the requirements of MDPI template.

Comment 1:

Please use semicolon in Keywords section instead of the comma (only semicolon is a valid punctuation symbol for MDPI Keywords). Word 'Cryptography' can be replaced by 'Lightweight Cryptography'. Please also consider extending the Keywords and adding more words from the work, including 'Cryptographic Primitives' and 'Feistel constructions' (or Feistel functions).

Response 1:

Thank you for your thoughtful suggestion. We have revised the Keywords section in accordance with the MDPI formatting guidelines by replacing all commas with semicolons. We have since modified our paper to move away from the “lightweight” narrative. Therefore, we have not included the term “lightweight” in the keywords. We have have expanded the keyword list to include “Feistel constructions”

Comment 2:

Section 2 can be renamed to provide in the title the information about your role in the obtaining this information. Since it is the general information the section name can be chosen as 'Analysis of primitives and metrics for substitution-based image encryption' or some other specific and informative. The same for subsections with the short titles.

It is possible to extend subsection 2.1 with adding of 1-2 sentences with clarification before considering of each new term to make it more clear for wider range of readers (it would not be redundant in case of such specific knowledge). For subsection 2.2 it is possible to add some section conclusion to make the entire section text more logically integral. It is recommended to add more citations here since this is the known information.

Response 2:

Additional citations have been added as recommended. We appreciate your suggestions. However, we have respectively maintained the section and subsection titles in line with the established conventions commonly observed in the literature of chaos-based cryptographic research. It is common in this research domain for Section 2 or “Preliminaries” to introduce chaotic maps.

Comment 3:

The same for section 4, the word 'Analysis of' can be added at the beginning of title. The table 2 is confusing, because it is simply the listing. Comments for tables 1 and 2 should be placed before the table. The comment text should fit the MDPI requirements.

Some analysis after tables 3-6 is required to summarize the considered scores for images.

Response 3:

Changes have been made for Section 4. ‘Analysis of’ is added at the beginning as suggested.

Table 2 describe the list of basic configurations for the fundamental encryption operations, namely Substitution and Permutation which were used to examines and studies the comparison configurations of the Substitution-Permutation Network (SPN) design paradigm.

The comment text is placed before the Table1 and Table2 to fit the MDPI requirements as suggested.

 Section 4.4 summarizes the result for the experiment which includes table 3 – 6. We have included some additional statements to emphasise the relevance of our findings.

Comment 4:

The testing with NIST is provided only in 5.1, but this is one of key criteria that proves the cryptographic strength of the proposed sequence of substitutions and permutations within cipher.

Together with the explanations of practical results this part can be additionally explained in the Discussion section before the Conclusion (that also can be extended).

Response 4:

We thank the reviewer for the suggestion. Section 5.1 already demonstrates that the proposed block cipher does not exhibit statistical biases, as verified by the NIST statistical test suite. The primary contribution of our work is to show that it is possible to design a chaos-based block cipher that not only passes statistical testing but is also analysable using standard cryptanalytic techniques, such as differential cryptanalysis. Rather than expanding the Discussion section, we have chosen to emphasise this point in the Conclusion to better align with the main message of the paper.

Comment 5:

Please also consider following comments and recommendations.

- From the title of article it is not clear what the result is proposed in the work.

Response 5:

Thank you for the suggestion. We have modified the title to be Towards Analyzable Design Paradigms for Chaos-Based Cryptographic Primitives to emphasize the main focus of our work: advancing design approaches that prioritize analyzability in chaos-based cryptography. The word “Towards” reflects that this paper is a foundational step in this direction rather than a final or complete solution.

We removed the term “lightweight” from the title because our work is not primarily about reducing resource consumption or optimizing efficiency. Instead, our goal is to demonstrate that chaos-based primitives can be constructed using well-understood cryptographic design paradigms that facilitate rigorous security analysis.

Comment 6:

Please ensure the explanation for all abbreviations before the first use (in abstract: CBC, and then there are in the main text). It should be done once within the paper. The Abbreviations section is optional, but can be added after conclusion (it depends on the preferences of authors).

Response 6:

Thanks for your observation. All abbreviations are explained before first use as recommended

Comment 7:

The beginning of the abstract can be reformulated and extended to ensure smooth movement from the motivation in first two sentences (that are ok) to the drawbacks of known solutions and the proposed results. The phrase 'to facilitate cryptanalysis efforts' is confusing (is it fits to the goal of the work?).

Response 7:

We have since made modifications to the abstract to make the narrative of the paper clearer.

Comment 8 :

The part of the sentences in the text can be reformulated and rephrased to improve the readability (e.g. 'As such, we study'). The 'Evidence' can be replaced by 'Proof' in the contribution definition.

Response 8:

We have changed the term “evidence” to “empirical proof”. We also looked at certain parts where the term “as such” was used and modified if appropriate.

Comment 9:

Abbreviation chaos-based Feistel cipher (CFBC) requires clarification and verification (is it correct?).

Response 9:

Yes, It is correct

Comment 10:

Please remove redundent dot (line 56).

Response 10:

It has been removed

Comment 11:

It is reasonable to increase the size of figures 1 and 2 with adding comments for a) and b) parts. The same for figures 3 and 5 (increase the size).

Response 11:

Corrections have been made to the figures as suggested.

Comment 12:

Please remove 'An' from title of section 3 (line 210).

Response 12:

It has been removed as suggested.

Comment 13:

Please extend the comment texts for tables and figures with the short comments. Also please ensure that there is the dot at the end (is missed in the most comments).

- Please update correct numeration of sections (4 and 5 instead of 3 and 4 at the end of Introduction, lines 92-93).

Response 13:

Thank you for the observation. It has been corrected and updated.

Comment 14:

Please recheck the correctness of punctuation in enumerations (lines 80-87, 259-284, 294-343, 387-393, 413-419, and 487-506). If the colon is used, each item in enumeration should starts as the regular text (not capital) and should be ended by semicolon. Otherwise before the enumeration a dot should be used instead of a colon. Also, MDPI template provides the possibility to use the enumirations without the colons.

- No italic or other ways to highlight the items (including bold highlighting) of enumeration exists in MDPI templates.

Response 14:

The mentioned lines were revisited and are in line with the MDPI enumeration punctuation rule template (https://www.mdpi.com/authors/layout) Specifically, Section 3.10 and as can be seen from the recent published articles by the MDPI Eg. 10.3390/cryptography9030052

Reviewer 3 Report (New Reviewer)

This manuscript tackles a long‑standing weakness of chaos‑based cryptography—over‑complex “security‑through‑obscurity” designs—by demonstrating that classical block‑cipher paradigms (SP‑network and generalized Feistel) combined with low‑dimensional chaotic maps already deliver the statistical and security properties expected from modern lightweight primitives.

It offers an explicit catalogue of design pitfalls visible in 14 recent chaos ciphers and a clear statement of how the present work overcomes them. A minimal SPN image cipher whose robustness is explored across four maps and five metrics. The new Chaotic Feistel Block Cipher (CFBC), built on a GFN with 128‑bit block/key size and analytically bounded differential probability rather than empirical estimates. The paper is therefore well‑motivated, carefully executed, and of real value to both the chaos‑crypto and lightweight‑crypto communities.

Before recommendation for acceptance, some matters should be addressed:

1. Add a small table that juxtaposes CFBC’s differential upper bound, throughput (cycles/byte) and memory footprint against standard lightweight ciphers such as ASCON (NIST LWC winner 2023), GIFT‑COFB and Tiny JAMBU. This will help readers see where CFBC sits among vetted designs.

  1. Literature review on recent advances in cryptography such as
    - "Hands-On Quantum Cryptography: Experimentation with the B92 Protocol Using Pulsed Lasers." Photonics. Vol. 12. No. 3. MDPI, 2025.

- "Cryptographic techniques in artificial intelligence security: A bibliometric review." Cryptography 9.1 (2025): 17.

Can be helpful.

  1. Figures. 1, 2, 5, 6 should be enhanced, the resolution is too low. The caption should also be expanded.
  2. In Figure. 4 you should write an expanded caption.
  3. Could the authors elaborate on how the finite‑precision implementation of the logistic map (e.g., fixed‑ or floating‑point word size) interacts with the differential‑probability bound they derive?

Figures. 1, 2, 5, 6 should be enhanced, the resolution is too low. The caption should also be expanded.

In Figure. 4 you should write an expanded caption.

Author Response

This manuscript tackles a long‑standing weakness of chaos‑based cryptography—over‑complex “security‑through‑obscurity” designs—by demonstrating that classical block‑cipher paradigms (SP‑network and generalized Feistel) combined with low‑dimensional chaotic maps already deliver the statistical and security properties expected from modern lightweight primitives.

It offers an explicit catalogue of design pitfalls visible in 14 recent chaos ciphers and a clear statement of how the present work overcomes them. A minimal SPN image cipher whose robustness is explored across four maps and five metrics. The new Chaotic Feistel Block Cipher (CFBC), built on a GFN with 128‑bit block/key size and analytically bounded differential probability rather than empirical estimates. The paper is therefore well‑motivated, carefully executed, and of real value to both the chaos‑crypto and lightweight‑crypto communities.

Before recommendation for acceptance, some matters should be addressed:

Comment 1:

Add a small table that juxtaposes CFBC’s differential upper bound, throughput (cycles/byte) and memory footprint against standard lightweight ciphers such as ASCON (NIST LWC winner 2023), GIFT‑COFB and Tiny JAMBU. This will help readers see where CFBC sits among vetted designs.

Response 1:

We thank the reviewer for this suggestion. However, we would like to clarify that the primary focus of our work is not on lightweight cryptography or resource-constrained implementations. Our goal is to demonstrate that chaos-based cryptographic primitives can be designed using well-studied and analyzable paradigms to achieve comparable security properties, rather than optimizing for efficiency or low resource usage.

We have since revised the paper’s title and narrative to better reflect this focus.

Comment 2:

Literature review on recent advances in cryptography such as

- "Hands-On Quantum Cryptography: Experimentation with the B92 Protocol Using Pulsed Lasers." Photonics. Vol. 12. No. 3. MDPI, 2025.

- "Cryptographic techniques in artificial intelligence security: A bibliometric review." Cryptography 9.1 (2025): 17.

Response 2:

We appreciate the reviewer’s suggestion to consider recent advances in cryptography, including topics such as quantum cryptography and AI security. However, the suggested papers, such as “Hands-On Quantum Cryptography: Experimentation with the B92 Protocol Using Pulsed Lasers” and “Cryptographic techniques in artificial intelligence security: A bibliometric review,” are not directly relevant to the focus of our work.

Comment 3:

Figures. 1, 2, 5, 6 should be enhanced, the resolution is too low. The caption should also be expanded.

In Figure. 4 you should write an expanded caption.

Response 3:

The figures are enhanced and Figure 4 caption is expanded as suggested

Comment 4:

Could the authors elaborate on how the finite‑precision implementation of the logistic map (e.g., fixed‑ or floating‑point word size) interacts with the differential‑probability bound they derive?

Response 4:

We thank the reviewer for this insightful and technically relevant question. Indeed, the finite-precision implementation of the logistic map, specifically the word size used in the fixed-point representation, plays a significant role in the resulting differential probability bound.

As with conventional cryptographic components such as S-boxes, increasing the number of bits in the internal representation expands the state space and can yield a lower differential probability. Similarly in our case, using a higher-precision fixed-point representation leads to finer granularity in the chaotic state transitions, particularly in the least significant bits, which tend to exhibit higher sensitivity to input differences. This sensitivity can contribute towards reduced differential probability, effectively enhancing resistance against differential attacks. Moreover, just like how swapping a 4-bit S-box for another can lead to different security bounds, we will also get varying differential properties with different chaotic maps.

In short, the differential bounds we present are tied to the chosen precision and the number of bits extracted from the chaotic state. Increasing this precision would likely tighten the bounds further.

We have included this discussion in Section 5.2.

Round 2

Reviewer 1 Report (New Reviewer)

My concerns are addressed.

I have no further comments.

Author Response

Thank you for taking the time to review our manuscript.

Reviewer 3 Report (New Reviewer)

The paper is now well-structured, clearly written, and presents a thoughtful and rigorous investigation into analyzable design paradigms for chaos-based cryptographic primitives. The statistical and cryptanalytic evaluations are now thorough and convincing.

There are some minor issues:

The text alternates between “cipherimage” and “cipher image”; choosing one form and using it consistently would improve readability.

Reference Completeness – Some benchmark cipher references in Tables 3–6 (e.g., [9], [42]–[44]) are not fully described in the surrounding text. Briefly summarizing them in the Results section (beyond just the Introduction) would help contextualize the comparisons.

There’s still need to cite recent advancements in the field such as:

  • "The quantum internet: A synergy of quantum information technologies and 6G networks." IET Quantum Communication 4.4 (2023): 147-166.
  • "A survey of quantum internet protocols from a layered perspective." IEEE Communications Surveys & Tutorials 26.3 (2024): 1606-1634.

None.

Author Response

The paper is now well-structured, clearly written, and presents a thoughtful and rigorous investigation into analyzable design paradigms for chaos-based cryptographic primitives. The statistical and cryptanalytic evaluations are now thorough and convincing.

There are some minor issues:

The text alternates between “cipherimage” and “cipher image”; choosing one form and using it consistently would improve readability.

We have checked the whole paper and found that "cipher image" only appears in the image rather than in the text itself. We have since corrected Figures 5 and 6 into "Cipherimage". 

Reference Completeness – Some benchmark cipher references in Tables 3–6 (e.g., [9], [42]–[44]) are not fully described in the surrounding text. Briefly summarizing them in the Results section (beyond just the Introduction) would help contextualize the comparisons.

We have modified Section 4.4 (p.g. 14, 15) to discuss the benchmark ciphers. We also tweaked the text to have better flow. All changes have been highlighted.

There’s still need to cite recent advancements in the field such as:

  • "The quantum internet: A synergy of quantum information technologies and 6G networks." IET Quantum Communication 4.4 (2023): 147-166.
  • "A survey of quantum internet protocols from a layered perspective." IEEE Communications Surveys & Tutorials 26.3 (2024): 1606-1634.

Thank you for the suggestions. We reviewed both papers and found that, although interesting, they are unrelated to the proposed work. Respectfully, we have decided to omit these references from our paper. 

This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.


Round 1

Reviewer 1 Report

Comment

This paper tries to tackle the problem in chaos-based cryptography by demonstrating the design of analyzable primitives using classical block cipher structures. The core ideas – minimalistic SPN for images and the analyzable CFBC block cipher – are good trials. The experimental evaluation is generally comprehensive. However, the authors should primarily substantiate the security claims of CFBC (especially the differential analysis), providing crucial missing methodological details, improving presentation clarity, and contextualizing the "lightweight" claim and comparisons. 

On the positive side, the application of classical paradigms (SPN, Feistel) to chaos-based primitives and the differential analysis of the logistic map are meaningful. The structure of the paper is also relative clear.

On the negative side, there are three problems to be enhanced.

  • The cryptanalysis of differential cryptanalysis in not so accurate. (Sec 5.2):While the approach is sound in principle, the actual security margin calculation (2^{-441}) is presented as conclusive. This needs significant qualification. The analysis is limited to the upper bound The actual probability for the identified characteristic could be lower, but this is not proven. More importantly, the existence of characteristics with higher probability than this bound cannot be ruled out by the described method (limited to 18 MSBs of fraction). A more rigorous exploration of the differential properties of the full 30-bit C-function or a stronger argument for why the identified bound is representative is crucial. Mentioning this as a provable upper bound requires stronger justification. On the other side, the way of counting active number of Sboxes may be not so accurate. There are also some other more accurate ways such as cluster more differentials.
  • The security against other typical cryptanalytic attacks can also be considered. For example, another important attack - linear cryptanalysis. Security against linear cryptanalysis is not analyzed. Given the structure, this should be addressed, at least preliminarily (e.g., estimating minimum number of active S-boxes for linear approximations).
  • The topic "Lightweight" does not matched very well.The term "lightweight" is used in the title and for CFBC, but no implementation results (hardware area, power, throughput) are provided to substantiate this claim compared to established lightweight ciphers (e.g., PRESENT, SPECK) or even AES. Either provide basic performance estimates (e.g., operation count, estimated gate count) or tone down the "lightweight" claim, focusing on "analyzable".

 

Reviewer 2 Report

The article concerns a new chaos-based algorithm for encrypting images using Feistel networks. The authors also discuss problems related to chaotic cryptography.

The subject of the article is interesting and current. However, the proposed solutions do not solve the problems that the authors have noticed. I mean, for example, the use of classical one-dimensional systems for encrypting data - this has been criticized many times due to, for example, a very small key space.

Below are more detailed comments:

Figures are not cited in the text, e.g. Figure 1.

What is the advantage of using the proposed measures related to the histogram over entropy or even the histogram itself? What new information do they carry in the context of statistical analysis?

I consider the introduction of new measures (tables 3-6), which show the extent to which a given value deviates from the ideal, unnecessary and even misleading for the reader. The reader who glances at the presented tables may be surprised that the UACI Score is equal to or close to 100. In addition, it makes it difficult to compare this work with other articles. Moreover, what do the SP operations etc. actually mean - I am not asking about the abbreviation but about the procedure behind them.

In other places, where the authors describe the algorithm steps, there is also a lack of details. They concern both the algorithm itself and the simulations performed.

The authors omit one of the fundamental problems related to cryptography, namely the key space. The logistic map and other classical one-dimensional chaotic systems generate values ​​suitable for encryption only for narrow parameter ranges. In the case of the logistic map, this is for the parameter r close to 4. Therefore, algorithms using such systems are susceptible to brute force attacks. There is also the issue of the occurrence of so-called fixed points, which, when selected as initial conditions (or points from the basin of attraction of these fixed points), will cause the proposed algorithms to malfunction. Many articles discuss these problems. For this reason, classic one-dimensional systems (e.g. logistic map) should not be used in encryption. They can be replaced by systems with robust chaos, which additionally do not generate fixed points.

The article contains language and punctuation errors.

Please see the Major comments section.

Back to TopTop