Ann. Physik 6 (1997) 381-394 Annalen der Physik 0 Johann Ambrosius Barth 1997 Discrete chaotic cryptography Zbigniew Kotulski and Janusz Szczepanski Polish Academy of Sciences, Institute of Fundamental Technological Research, PL-00-049 Warszawa, Swietokrzyska 21, Poland Received 13 January 1997, accepted 20 February 1997 Abstract. In the paper we propose a new method of constructing cryptosystems utilising a nonpredictability property of discrete chaotic systems. We formulate the requirements for such systems to assure their safety. We also give examples of practical realisation of chaotic cryptosystems, using a generalisation of the method presented in [7]. The proposed algorithm of encryption and decryption is based on multiple iteration of a certain dynamical chaotic system. We assume that some part of the initial condition is a plain message. As the secret key we assume the system parameter(s) and additionally another part of the initial condition. Keywords: Discrete chaotic systems; Cryptography; Secure communications. 1 Introduction Recently the theory of chaos has proved to be one of the most rapidly developing fields of research in physics, mathematics, engineering sciences, economics and many other areas. It is a tool for analysis of the complicated nature of non-linear phenomena coming from theoretical models and experimental observations. First ideas concerning chaos can be found in early papers of Sinai [32], Oseledec [20], Ornstein [19] and Pesin [25], but people working in applied sciences started their interest in the theory after publication of Lorenz’ paper about thermal convection in the atmosphere [16]. The development of this field of research is also connected with computational possibilities given by progress in computer technology. Theoretical analysis was supported by possibility of observation and visualisation of strange attractors [28, 371, calculating Lyapunov exponents [2, 3 11, describing and plotting bifurcation diagrams and transition to chaos [3-5, 26, 301 for many dynamical systems. The word “chaos” was introduced by Li and Yorke in their theoretical paper [14]. At present, several definitions of chaos are used. The most popular seems to be the one connected with the concept of Lyapunov exponents. We say that a system is chaotic if in some region of the phase space it has positive Lyapunov exponents [331. It follows from the definition of Lyapunov exponents that chaos in the system implies “exponential” divergence of trajectories. To describe a dynamical system more precisely, we also need some other important properties [24], like ergodicity, mixing, stationarity-stability, etc. Such properties have been extensively investigated in the theory of abstract dynamical systems since the late thirties [lo, 117. They give us information about properties of the system like 382 Ann. Physik 6 (1997) nonseparability of the phase space (ergodicity), asymptotic independence of the states (mixing), conservation in time of global properties (stability), etc. On the other hand, cryptography is a permanent field of interest at all times. At present secret communication plays an increasing role in many fields of common life like banking, industry, commerce, telecommunication, etc. The idea of encryption is to modify the message in such a way that its content can be reconstructed only by a legal recipient. The earliest applications of chaotic systems in cryptography were connected with encrypting messages with the modulation of trajectories of continuous dynamical systems [17, 231. The method is strongly connected with the concept of synchronisation of two chaotic systems [9, 221 and controlling chaos [8, 17, 211. In this paper we try to point out that chaos as well as the other properties of discrete dynamical systems can be successfully applied in constructing cryptosystems. We formulate some general properties needed for a chaotic cryptosystem to assure its safety. We also give examples of practical realisation of such “robust” cryptosystems. 2 Discrete dynamical systems - a tool for cryptography The essence of encryption is a transformation of a plain message such that the inverse operation on the ciphertext (decryption) is impossible without some additional information. The information is some decryption algorithm (which is usually known) and its parameters (the secret key). Dynamical systems with chaos seem to be good candidates for constructing such algorithms. During iteration, the initial condition of such a dynamical system is being transformed in a very non-regular way. Therefore, if we consider the initial value of the system as a plaintext, the system’s parameters as a secret key and the state variable after several inverse iterations as a ciphertext then it is almost impossible to restore the initial value of the system without knowledge of the exact values of the parameters. If we additionally separate the initial condition into two parts, one of them treated as a plaintext and the other as a secret key, the method can be even stronger. The details of such a method are presented in Section 5. In this section we try to formulate some general conditions that should be satisfied by a dynamical system in order to obtain a safe cryptosystem. Then constructing a particular algorithm we verify the general properties of the transformations (dynamical systems) applied, instead of testing a number of plain and ciphertexts to check the power of the method. To ensure a complicated structure of trajectories of the dynamical system proposed for the encryption algorithm, we postulate that, except of being chaotic, the system should be ergodic or, preferably, mixing. Now we explain the effect of these properties on encryption the message, which makes any reasonable attack impossible. A discrete dynamical system [6, 241 is a couple ( X , rp), where X is the state space (for our purpose, the state space is usually the unit interval or the Cartesian product of two unit intervals) and rp is some continuous transformation from X to X , which is the generator of the semigroup of iterations. The trajectory of an initial state xo is the set of elements of X obtained by iteration x,+1 = cp(xn), n = 0,1,2, ... . (2.1) The definition of chaos is closely related to the concept of Lyapunov exponents. Let x E X , v E T,X (the tangent space at x) and D@(x)(v) is the derivative of the n-th iteration of rp at x in direction v. Then the Lyapunov exponent is the limit Z. Kotulski and J. Szczepaxkki, Discrete chaotic cryptography 1 = n+cc lim -1n n I1 ~ c p f l ( x ) ( v11 ), where 11 11 is the norm in the tangent space T,X. AX," 383 (2.2) The Lyapunov exponents exist under some general conditions concerning smoothness of sp [6, 201. The number of different Lyapunov exponents at x is at most equal to the dimension of the tangent space. We say that the dynamical system is chaotic in some region if for almost all points (with respect to some invariant measure, equivalent to Lebesgue measure) in this region there exist positive Lyapunov exponents. Chaos in a dynamical system makes the trajectories very unstable; starting from two very close initial conditions, after some iterations, we come to quite different final states (trajectories diverge exponentially). More precisely, for a one-dimensional dynamical system ( R ty), where ty is C', if at some point x E R, Ax > 0 (in one dimension the direction v is determined by the space itself) then In the above, Un,,fi,is some neighbourhood of x. Exponential divergence of trajectories leads to interesting dynamical systems not only in the finite dimensional case but also in infinite dimensional spaces [18, 341. To introduce the concept of ergodicity we assume that for the dynamical system ( X , q) there exists a pinvariant measure p, p(X)< 00,that is, a measure which satisfies In the above, o(X)is the a-algebra of measurable subsets of X . We say that the dynamical system ( X , p) is ergodic if the measure of every pinvariant subset B of the space X (that is, cp(B) C B ) is 0 or p(X). The ergodicity implies that the space X cannot be nontrivially (with respect to the measure p) divided into several parts. Therefore, if some trajectory starts from any point xo E X,it never localises in a smaller region, and knowing the final state of the system we can never restore the region (smaller than X) where the trajectory started. The next important characteristic of trajectories is the mixing property. We say that the system has the mixing property if for any two sets A , B E o ( X ) the following condition is satisfied: lim p(cp-'(A) n B ) = p ( A ) p ( B ). n-oo (2.5) In the above p-" ( A ) is the pre-image of the set A under the n-th iteration of 9. The mixing property means that the trajectories of the system have some stochastic property. If we assume the measure p to be probabilistic one then the iterations of p make each set A (asymptotically) statistically independent from B. In other words, if we start our trajectory at some point xo E X then after sufficiently many iterations we reach any region of the space X with the same probability. This means that for any final state x, and sufficiently large n, any initial state xo is p-equiprobable. 384 Ann. Physik 6 (1997) The properties of dynamical systems like chaos, ergodicity and mixing make them "random" - studying finite dimensional distributions in the state space we cannot distinguish whether the system is chaotic or stochastic [13]. So, all the properties of stochastic encryption desirable for cryptography also hold for encryption with the use of discrete chaotic dynamical systems. 3 Discrete chaotic cryptography The idea of encryption of texts using discrete chaotic dynamical systems was introduced in [7]. The authors propose the application of the well-known "tent map" as an algorithm of encryption and decryption. The tent map F is the following transformation of the interval [0, 11 onto itself xn for 0 5 X,?5 a , for a < X, 5 1 . lmm>In the above, a is a parameter determining the location of the top of the tent. The inverse tent transformation F 1is the following: F is a two-to-one map and F' is a one-to-two map. If we take the n-th iteration of F or of F-' then F" is 2"-to-one and F" is one-to-2"; moreover X = F " ( F " ( X ) ) is satisfied for every X from the interval [0, 11. The cryptosystem considered in [7] is the following: The secret key is the parameter a of the tent map; The message is some number P E (0, 1); it is the initial value of the encryption transformation; The encryption procedure is the n-fold iteration of the inverse tent map with the initial value P, the ciphertext C is a result of that transfornation: c = F ( P )= F-*(F-'( ...P(P))); (3.3) The decription procedure is the image of C under the n-th iteration of the tent transformation F: P . = F"(C) = P(F(...P(C))) (3.4) In the above cryptosystem the value of C can be generated randomly as one of 2" possible values but the value of P is uniquely restored. To specify the algorithm, one must simultaneously fix a sufficient number PI of iterations, to obtain a safe cryptosystem (that is, to make the ciphertexts statistically independent for close keys), fix the size of the ciphertext to guarantee exact decryption of the message of a given number of digits and select the correct area of keys to 385 Z. Kotulski and J. Szwepanski, Discrete chaotic cryptography have a uniform distribution of possible ciphertexts over (0, 1). The details can be found in [7]. In this cryptosystem the secret key is chosen to be the parameter a of the tent map. It turns out that in the presented piecewise linear model, the trajectories are sensitive to the changes of a. In general, the selection of internal parameters of discrete dynamical systems determines their qualitative properties, like periodicity, aperiodicity, existence of chaos, ergodicity, etc. However, dependence of the properties on the parameters can be very complicated and non-regular [ 3 ] and the selection of the value of the parameter appropriate for being used as a secret key can be very involved. Even if we find a parameter for which the system is chaotic, we cannot be sure that it is chaotic for some other close parameters, Moreover, if we have two close values of the parameter guaranteeing chaos, we cannot predict the speed of divergence of two trajectories for the same initial condition and the two values of the parameter. In the next section we propose some modification of the above cryptosystem to make use of the essence of chaos and we extend the key space from parameters to both parameters and initial values of dynamical systems. 4 General formulation of the method As in the previous section, we propose a method of encryption of the plaintext (which is a number from the unit interval) using as an algorithm inverse iterations of some dynamical system with chaos. In our method we apply a two-dimensional dynamical system, dividing the initial condition into two parts. One of them (the initial condition of the first co-ordinate of the system) is the secret key, the other one (second co-ordinate) is the plaintext. Both co-ordinates are iterated; the first, independently of the second, in a chaotic way; the second is also iterated with some dependence on the first co-ordinate at each step. Under certain assumptions on the dynamical system, we have an exponential divergence of the second co-ordinate (ciphertext) depending on the distance of both keys and plaintexts. This phenomenon is an example of a more general effect of transferring chaos (ergodicity, periodicity) from some subsystem to an extended system [35,361. Before given the general formulation of the method, let us illustrate the idea of including the secret key into the initial condition by some elementary one-dimensional example. Assume that y: [0, 11 -+ [O, 11 is a chaotic map with positive Lyapunov exponent A. Let P E ( 0 , l ) be the message to encrypt. Let us fix some natural number n and the secret key k E (0,l). Let C be some selected pre-image of P under the = P. The ciphertext C of P is map y", that is a point such that y " ( C ) = y"(y-"(P)) defined as C = C k (mod 1). Now decrypting the text one calculates P= y"(C-k) (having in mind modulo 1 operation). Trying to break the system with a known ciphertext one postulates some value of the secret key, say k l . Using our algorithm one obtains the message P1=y"(C-kl). Assume the key k , is very close to k, I k - ICI I< Assume that n=30. Then, since the dynamical system is chaotic, from (2.3) one obtains + I P - P I I=[ if yn(C- k ) - y"(C - k l ) I> en(1-c) I k - kl I= 0.5 A - E = 1.558, which is a reasonable value for many dynamical systems. (44 386 Ann. Physik 6 (1997) Now let us define a general scheme of cryptosystem using the essence of chaotic “hiding” of messages. Consider a two-dimensional dynamical system ( X , @) where X is the Cartesian product of two unit intervals: @ : [0, 11 x [0, 11 --t [0, I] x [0, 11 . (44 Let k E ( 0 , l ) be the secret key and C E ( 0 , l ) be the ciphertext. To specify the cryptosystem let us define the map @ as @k C ) = I P ( k M C 1k M 4 l * (4.3) Define T ( C ,k ) := x ( C ,k)cp(k) . (4.4) To complete the cryptosystem, we define encryption of the plaintext as n inverse iterations of the map @ and the ciphertext as the second co-ordinate of a pre-image under cFn,preceded and followed by two maps (4.13), (4.13a), respectively. We assume that q is a chaotic map with some positive Lyapunov exponent i and the map x is separated from 0, that is, it satisfies the following condition: Under the above conditions, the second co-ordinate of @, that is, r, exhibits exponential divergence of trajectories with respect to values of k in the following sense. - ~ , m is some natural number, deFirst we fix an accuracy c0 (say ~ ~ = 1 0where pending on the computer’s performance) of the possible attack on the secret key k, that is. for any other possible k , . Next we choose a parameter E sufficiently close to 1, to make the number I3 (Q)= 1 - 1 small enough to satisfy S(&o) = 1 - 1 << 1 d - C ) 1 k -k, 1 (4.7) for all keys k from some uncountable subset K C [0, I] ( K is a set with positive Lebesgue measure, consisting of points which are candidates for secret keys) and kl satisfying (4.6). Then we have where k and kl are two keys satisfying condition (2.3). To assure the correctness of the encryption procedure we must assume some additional conditions on Taking into account (4.5), we assume x. L. Kotulski and J. Szczepahki, Discrete chaotic cryptography 387 The one step pre-image of the pair (plaintext P, key k) by the map @ should satisfy the following equalities: P(k-1) = k , X(P-l,k-I)cp(~-l)= P , (4.10) for some pair kl, P-l.From (4.9) we have (4.11) Then kl<P<k (4.12) and to assure the existence of such a P-1, the map x(.,k-1) should transform the interval (BIZ,k-1) onto the interval (1, 1). Then, after fixing the secret key k, to initialise the encryption procedure we must map (to satisfy (4.12)) the initial state of the transformation - the plaintext P - into the interval (kl, k). In the encryption and decryption procedures we use the following two proportional transformations: (4.13) and its inverse: TLl : [ k l , k ]--+ [0, 1) , P=Tr( I F P' )-----k(l-l) 1 1-I' (4.13a) In the encryption procedure, Tk is applied at the beginning to map the plaintext into the required interval, and T;-: (k+ is defined further in this section) is applied at the end of the procedure to spread the result over all the interval (0,1). During decryption we do this in the opposite order. The steps of both procedures are listed at the end of this section. To clarify the formulation of the method, let us write down some steps of decryption. The first one is given in (4.3), the second one is and generally, the n-th iteration is QiH(k,C ) = [cp"(k),X(T"-'(C,k),cp"-'(k))cp"(k)l> (4.15) where P-' (C, k) is the second co-ordinate of the two-dimensional map @"-' (k, c). To verify the inequality (4.8) we substitute 388 Ann. Physik 6 (1997) Without loss of generality we can assume cpn(k)2 cpfl(kl).Then, taking into account assumption (4.9), we obtain the estimate where the last inequality follows from (2.3), applied to the map q~ at k, and (4.7). To keep the divergence property of the cryptosystem we should select the function x in such a way that it is sensitive to the second parameter (the secret key). Examples of such functions are given in the next section. To summarise let us write down the scheme of the method and the steps of encryption and decryption in our algorithm. 0.0 0.2 0.4 0.6 0.8 1 .o k Fig. 1 The plot of the map satisfying conditions from Example 2. Here: 2. Kotulski and J. Szczepanski, Discrete chaotic cryptography 38Y Scheme of the method 0 Select the chaotic (ergodic or mixing) map p; Choose the appropriate secret key k; Fix the natural number n, adequate for k; Generate the sequence of choices of pre-images (Fig. 1); Choose the number 1 and the appropriate function x. Encryption of P 0 0 Calculate P’=Tk (P) - see (4.13); Do the following n times: - (k-1, P L I )= @-I ( k ,PI),where the pre-image k-1 = cp-’(k) is selected according to the sequence of choices of pre-images generated in the “Scheme of the method”; - ( k )P’):= (k-, PL1); Calculate C = T;’ (P’), where now k is the n-th pre-image under p of the original secret key k (in the decryption procedure this point is called k+) and P‘ is the second co-ordinate of the n-th pre-image under @ of the initial point (k, I”). Decryption of C 0 0 0 0 Take the secret key k and the sequence of choices of pre-images; Calculate kPn, applying n inverse iterations of p to the secret key k, selecting the pre-images at each step according to the known rule; Calculate C’ = Tk-,(C); Do the following n times: - ( k l ,c;)= @(k& C’); - (/Ln1 C‘) := (k-1, Cl,); Calculate P = Tll(C’), where C is the second co-ordinate of the last step of the above iteration. In the cryptosystem defined above the part decrypting a given ciphertext can be considered, in some sense, as a multiplicative perturbation of the dynamical system p transforming the secret key k. Therefore, if make a small perturbation, which corresponds to the assumption that the constant 1 in (4.6) is close to 1, then we expect some properties of the dynamical system p are transferred to the system T.We have in mind, in particular, ergodicity and mixing property. Their effect on the safety of the cryptosystem has been explained in Section 2. The property of the conservation of ergodicity and mixing under multiplicative perturbations of dynamical systems can be studied independently for various classes of systems. Some results useful for our purposes were obtained in [29], where the family of the unimodal maps y,(x) = ax( 1 - x),0 < a 5 4, was considered. An area was found in the space of parameters a for which the map ya is ergodic. Examples of maps satisfying the required conditions are considered in the following section. 390 Ann. Physik 6 (1997) 0.9 x ( C k) 0.8 -.. n7 0.00 0.20 0.60 0.40 .O0 0.80 C Fig. 2 The draft plot of the function x(C, k) defined in Example 1. (1=0.8, k=0.6). 5 A practical realisation To illustrate the theory presented in the previous section let us consider some examples. In all of them the maps applied have the postulated properties like chaos and ergodicity or mixing property. Therefore the sufficient safety property for cryptosysterns, that is, non-separability in the plaintext space, sensitivity to secret key changes and statistical independence in the ciphertext space, is guaranteed. The first example is based on a map which is chaotic and ergodic. Example 1 To construct a concrete example of a discrete chaotic cryptosystem Q, we must define the functions q and As follows from the general considerations of the previous section, to ensure the safety of the cryptosystem, we have to choose a function q which is chaotic and ergodic. A good candidate is the logistic map defined as x. p(k) = 4k(l -k) for k E ( 0 , l ) . (5.1) For such a map (generally in the form q ( k ) = a k ( l - k ) , where a E (0,4]) it was proved [29] that in the neighbourhood of a = 4 “almost all” parameters a give an ergodic map. More precisely, a = 4 is the density point in the set of parameters a for which the map is ergodic. Therefore, if we select this density point as our parameter, then selecting as function x the transformation (Fig. 2) x ( C , k )= I for 0 5 C < kl 1 lo‘ k 1oc 91 m + glk(1-C T+T 1oc - 9 k 1 9k2(1-I) <l oo+ kl for kl 5 C 811 1-1) for++kl< 9k2(1-I) + + for loo kl for k C 5 1 < 1-1) C < s + k l + T 91k( 1- I ) 91k( 1-I) 5C<k (5.2) with E sufficiently close to 1, then the function r can also be considered as chaotic (see (4.8)) and ergodic in the following sense: the space of the second co-ordinate 391 Z. Kotulski and J. Szczepanski, Discrete chaotic cryptography (i.e. interval [0, 13) of the map @ cannot be divided into two nontrivial invariant subsets such that the trajectory F ( k , C ) starting from the initial condition (k, C ) will not stay in one of these subsets. This property is important to ensure the complexity of a possible attack on the method. To complete the cryptosystem one should define the rule of selecting one from two possible values of the map at each step of encryption. To do this optimally, one should generate randomly some binary sequence of length n (n is the number of inverse iterations during encryption) to decide which value of two pre-images is chosen. The second example is based on a chaotic map with mixing condition. Example 2 As the map transforming the secret key let us take some function p satisfying the following conditions: 1. p : ( 0 , l ) -+ ( 0 , l ) ; 2. The interval (0, 1) can be divided into finite (or infinite countable) number of intervals Al, Az, ... such that i = 1,2, ...; p(Ai) = (0, l ) , 3. At each Aithe map p is of class C2 and monotonic; 4. For some natural s and every i the following relationship is satisfied inf inf A~ htn./ 1 dp(‘)( k ) dk ___ = 6 > 1, where q(,’)is the s-th iteration of the map p; 5. sup sup 1 d29(kl1 dk: [ =p<oc. A, klik2EAt d 9 ( k 2 ) [x-] Then the map p has an invariant measure equivalent to the Lebesgue measure and is mixing (mixing implies ergodicity) [l, 12, 271. For our purpose we can assume s= 1. Moreover, the map is chaotic, which follows from assumption 3, ergodicity of p, the condition and the Birkhoff-Khinchin theorem [24]. The example of such a map is shown in Fig. 3. To complete the cryptosystem we take the function x in the following form: for 0 < k < $ 1 1 1” for 0 5 C < kl fork1 5 C < k forkIC51 (5.4a) 392 Ann. Physik 6 (1997) Fig. 3 The illustration of the method of selecting the pre-images. Here p(k) = 4k(l - k ) . Let us assume that in the introductory step of encryption we generated the following sequence of symbols (I?, L), where L and R mean that the left (resp. right) pre-image is chosen. (For simplicity of notation we restricted this sequence to two elements. Generally it is of length n.) Thus, we have p-'(P) = {(PZ'(a(Pil(P)land next cp-'(cp,'(P)) = {cp,L(P), (P,X(P)l.Finally, we choose p,,!(P) (underlined on the plot), according to the symbols generated. . fori<k<l I for 0 5 C < kl 1 fork<C<l C (5.4b) Analogously, one should also define the rule of selecting the value of pre-image from the possible finite (or infinite countable) number of values. The next example uses a chaotic and mixing dynamical system for which the preimage set for any plaintext is infinite. Example 3 Consider a particular case of Example 2 with an infinite countable partition of the unit interval. Let q be the Gauss transformation defined as: The function x can be the same as in the previous examples; generation of the sequences determining the pre-images is equivalent to generation of random statistically independent natural numbers. Z. Kotulski and J. Szczepariski, Discrete chaotic cryptography 393 Example 4 Consider the simple one-dimensional cryptosystem defined in Section 4. To make it stronger, one can take as an extra secret key some parameter of the map y. This modification prevents breaking the secret key by solving a natural equation if both the plaintext and ciphertext are known. In such a case the cryptosystem has the power of the cryptosystem proposed in [7], additionally strengthened by the second secret key utilising the divergence property of chaos. 6 Conclusions and remarks In the paper we presented a general method of constructing cryptosystems with application of discrete chaotic dynamical systems. Our approach made it possible to construct cryptosystems and verify their safety by methods of the theory of abstract dynamical systems. Since the theory is quite well developed and still extensively investigated, we have a very strong tool available. A general theory of discrete chaotic cryptosystems is a kind of theoretical model. In practice, preparing concrete computer implementations, one should take into account the usual computational conditions. Since numbers in numerical computations have finite representation, one must assume a size of computed values (key, plaintext, ciphertext) such that both the iterations and inverse iterations (after fixing the sequence of choices of pre-images) can be performed uniquely and such that one can obtain the required number of significant digits of plaintext in the decryption process. In other words, one must fix the information rate R R= plaintext size ciphertext size (6.1) appropriate for the algorithm applied and the computer used. To summarise, let us remark that the proposed algorithm is very fast. It requires only n iterations of some relatively simple maps, where the number n must be some compromise between safety of the method and accuracy of the computer arithmetics. Usually 201n1100. 7 References [ l ] R. Adler, Lecture notes in mathematics, 318 (1973) 1-5 [2] G. Benettin, L. Galgani, J.M. Strelcyn, Phys. Rev. A14 (1976) 2338 [3] P. Collet, J . 2 Eckmann, Iterated maps on the interval as dynamical systems. A. Jaffe, D. Ruelle, (eds.). Birkhauser, Boston, 1980 [4] M. J. Feigenbaum, J. Stat. Phys. 19 (1978) 25 [5] M. J. Feigenbaum, J. Stat. Phys. 21 (1979) 669 [6] J. Guckenheimer, P. Holmes, Non-linear oscillations, dynamical systems, and bifurcations of vector fields. Applied Mathematical Sciences 42, Springer, New York 1983 [7] T. Habutsu, Y. Nishio, I. Sasase, S. Mori, A secret key cryptosystem by iterating a chaotic map, EUROCRYPT’91, p. 127 [8] S. Hayes, C. Grebogi, E. Ott, Physical Review Letters 70 (1993) 3031 [9] Lj. Kocarev, K.S. Halle, K. Eckert, L.O. Chua, U. Parlitz, Intl. J. Bifurc. & Chaos 2 (1992) 709 [lo] A.N. Kolmogorov, Usp. Mat. Nauk 5 (1938) 52 [ I l l A.N. Kolmogorov, DAN SSSR 119 (1958) 861 394 Ann. Physik 6 (1997) A. A. Kosjakin, E.A. Sandler, Matiematika 3 (1972) 32 Z Kotulski, W. Szemplinska-Stupnicka, J. Trebicki, On semi-stochastic model of deterministic chaos in a non-linear oscillator, (to appear) T.-Y. Li, J.A. Yorke, American Mathematical Monthly 82 (1975) 985 H.B. Lin, Chaos, World Sc. Publ. Corp. 1984 E.N. Lorenz, J. Atmos. Sci. 20 (1963) 130 W. Martienssen, B. Hubinger, R. Doerner, Ann. Physik 4 (1995) 35 L. Nirenberg, Topics in non-linear functional analysis. Lecture Notes, Courant Institute of Mathematical Sciences, New York Univ., New York 1974 D. Omstein, Adv. in Math. 4 (1970) 337 V.I. Oseledec, Trans. Moscow Math. SOC.19 (1968) 197 E. Ott, C. Grebogi, J.A. Yorke, Physical Review Letters 64 (1990) 1196 U. Parlitz, L.O. Chua, Lj. Kocarev, K.S. Halle, A. Shang, Intl. J. Bifurc. & Chaos 2 (1992) 973 L.M. Pecora, T.L. Caroll, Phys. Rev. Lett. 64 (1990) 821 W. Perry, Topics in ergodic theory. Cambridge Univ. Press, Cambridge, 1981 J.B. Pesin, Russ. Math. Surv. 32 (1977) 55 Y. Pomeau, Intermittancy: a simple mechanism of continuous transition from order to chaos. In: Bifurcation phenomena in mathematical physics and related topics. Reidel (1980) 155 W. A. Rochlin, Izv. A. N.SSSR, Math. Ser. 25 (1964) 499 D. Ruelle, F. Takens, Comm. Math. Phys. 20 (1971) 167; 23 (1971) 343 M.R. Rychlik, Ergod. Th. & Dynam. Sys. 8 (1988) 93 S. J. Shenker, Physica 5D (1982) 405 I. Shimada, T. Nagashima, Progress Theor. Phys. 61 (1979) 1605 J.G. Sinai, Doklady Ac. Sc. S. U. 124 (1959) 768 J.-M. Strelcyn, Colloquium Mathematicum 62 (1991) 331 J. Szczepaliski, Proc. Am. Math. SOC.116 (1992) 1041 J. Szczepariski, E. Wajnryb, Physical Review A 44 (1991) 3615 J. Szczepariski, E. Wajnryb, Chaos, Solitons & Fractals 5 (1995) 77 F. Takens, in: Rand D.A., Young L.-S. (eds.) Dynamical systems and turbulence. Springer Lecture Notes in Mathematics 898 (1980) 366

1/--страниц