Abstract-According to the postulation of Shannon's theoretical unbreakable cryptography, in practice, a pseudo-random bit sequence (PRBS) often acts as a "one-time padding" key sequence, therefore should be of good statistical properties, complex structure meanwhile simpleness in implementation. To meet these needs, a spatiotemporal chaotic map is digitized to develop a highly paralleled PRBS generator that accommodates to FPGA (Field Programmable Gate Array) implementation in present paper. Certain interleaving and truncating processes are introduced into the PRBS generator to avoid the degradation due to digitization. Owing to the exceptional properties of spatiotemporal chaos like the sensitivity to initial conditions and parameters, the mixing and ergodicity characters, and the intrinsic feature of operational parallelism, the proposed PRBS generator not only has good performance in terms of statistical properties, but also has high product throughput being realized by FPGA hardware. The PRBS generator has successfully passed several performance assessments including widely used FIPS 140-2 test and extremely rigorous NIST 800-22 test. An effort of integrating the proposed algorithm into a Xilinx Spartan-III XC3S400 FPGA is also reported. Elementary hardware simulation results show that the throughput of the PRBS generator chip reaches high up to 512 Mbps under a running condition of 50 MHz clock frequency.
I. INTRODUCTION
Chaos is an ubiquitous nature phenomena that widely exists in nonlinear systems. It has many exceptional good properties such as the sensitivity to initial conditions and parameters, the pseudo-randomness, the topological transitivity, etc., which has a close relationship with cryptography [2] . Thereby, since the idea of incorporating chaotic map into cryptology was explicitly brought out in 1989 [1] , it has sparkled an avalanche of researches on chaos based encryption for more than one decade [2] , [3] , [12] .
Just like traditional cryptology that grounds on number theory, chaos based cryptology also can be subdivided into two groups, namely, block cipher and stream cipher. Stream cipher is based on the hypothesis of provably unbreakable onetime system that found in Shannon's master piece [4] , where plain-text is encrypted by modular addition to a key sequence of random numbers that is used only once. Since securely distributing the key sequence (which theoretically should be longer than the plain-text) is difficult, the idea of "one-time padding" has not been widely accepted and applicable in practice. To solve this problem, people use short keys to generate long random numbers that used as pads. Therefore, in practical applications, the stream cipher uses a function to generate the random keys when required to replace the direct dissemination of the pads. However, the generation of random number with good properties is not an easy task. Many mathematicians, computer experts as well as engineers have been striving with it over the years. As a result, a number of techniques for arithmetically generating random key-streams have been put forward, among them chaos based methods show incomparable preponderance.
Theoretically, chaos based Pseudo-Random Number Generators (PRNG) is proofed with good randomness and infinite period as well, whilst the nonlinear characters significantly enhance the complexity of the PRNGs' structures. Additionally, the widely existing chaotic functions provide countless options that broadly increases the pseudo-random number generating methods. Therefore, many Chaotic Pseudo-Random Number Generators (CPRNG) have been proposed in the literature [7] - [9] , but hardware realization, especially, the chip implementation is still a great challenge.
Compared with software implementation which most of the current chaos based PRNG adopted, chip realization can significantly increase the throughput, meanwhile, enhance the security. Moreover, the designed chip is intended to be integrated into embedded devices such as mobile phone, handhold computer or PDA (Personal Data Assistant) that accomplish secure mobile applications. However, due to the limitation of power consumption, volume and memory capacity, even to a CPRNG algorithm that has been well-run on a personal computer, it is still a great challenge to tailor it to chip realization.
In [13] a Random Number Generator (RNG) based on neighborhood-of-four cellular automata is presented. The design makes use of a 4-input lookup tables in Xilinx FPGA to fully utilize the hardware and can generate 64-bit-long random numbers at a frequency as high as 230 MHz. Another FPGA implementation of PRNG is introduced in [14] . The design uses a genetic algorithm to generate a set of PRNGs and has been implemented on an XESS XSV800 Virtex prototyping board. Literature [15] The rest of the paper is organized as follows. Section II first briefly introduces the spatiotemporal chaotic model that used in our paper, then the proposed PRBS generating scheme is presented in detail. Section III reports the performance assessment of the PRBS generator in terms of both FIPS 140-2 and NIST 800-22, then, in section IV, FPGA implementation is detailed. Finally, section V concludes the whole paper.
II. PSEUDO-RANDOM BIT SEQUENCE GENERATOR USING SPATIOTEMPORAL CHAOS

A. A brief introduction to spatiotemporal chaos
General chaotic maps illustrate the evolution of dynamic systems with respect to time. The chaotic behavior only presents temporally. The so-called spatiotemporal chaos means that a dynamic system exhibits chaotic behavior not only temporally but also spatially.
Four kinds of mathematical models are usually used to represent spatiotemporal chaotic systems. They are partial differential equation (PDE), coupled ordinary differential equation, coupled mapped lattice (CML) and cellular automata respectively, among which the CML is most widely used due to its appropriate tradeoff between the calculational complexity and the representative of original system. CML shares many characters possessed by one-dimensional chaotic systems such as sensitivity to initial values and parameters, mixing properties and ergodicity, which makes it suitable for applications of encryption and random number generation. Furthermore, since all evolutional rules on each lattice of the spatiotemporal chaotic system are similar and simultaneous, the operational parallelism of CML is also very good. Therefore, a pseudo-random number generator employing CML would achieve high operation speed.
In this paper, a bi-directional coupled chaotic map lattice described by equation (1) is used.
(1) where n and i (i = 1, 2, ..., L) are respectively temporal and spatial indexes of discrete lattices, ε is the couple coefficient, and L is the number of the total spatial lattices. Here, for simplicity, choose f (x) = 4x(1 − x) and let ε = 0.5. The boundary conditions are chosen such that x n (0) = x n (L) and x n (L+1) = x n (1). For the detail of the spatiotemporal chaotic system described by equation (1), one is referred to [10] .
B. Spatio-temporal chaos based PRBS generator
To obtain a PRBS using system (1), each output of the lattice for per iteration, x n+1 (i), is subject to a bit-extraction process. Since each x n+1 (i) ∈ (0, 1), and the x n+1 (i) can be expressed as
..}, is just the bit sequence produced by one lattice at instant n + 1. L lattices of outputs are then further combined to yield a longer bit sequence. If we only extract the first m bits from above sequence for every lattice, then, in each round of operation, we can obtain m × L bits.
The algorithm described previously has one significant flaw: it operates in continuous domain which is not suitable for hardware implementation. To tackle this problem, we digitize all operands to make the algorithm work on digital realm.
Suppose all calculations of the proposed PRBS generator are performed in m-bit precision, and all numbers involved could be represented as m-bit-long integers, i.e., x n (i) ∈ {0, 1, ..., 2 m − 1}. Then, equation (1) can be modified to operate on finite integer set. Let f (x) = 4x(2 m − x), x ∈ {0, 1, ..., 2 m − 1} be a modified Logistic map and let ε = 0.5, new spatiotemporal chaotic map would be:
where i = 1, 2, ..., L is the index of lattice. Boundary conditions are x n (0) = x n (L) and x n (L+1) = x n (1). Sequentially output each x n+1 (i) in binary form to get a long bit sequence. Since in above mentioned PRBS generating scheme only integers and some simple arithmetic and logic operations are used, it is easy to be implemented on a chip. However, due to the finite precision of the practical computerization, each pseudo-random number has to be presented in finite digit, therefore, performance degradation of digital implementation is unavoidable. The significant degradation is the appearance of period in the generated pseudo-random number sequences. Theoretically, if we had a computer with infinite computational precision, we could generate aperiodic chaotic pseudo-random number sequence through a chaotic map. But if we realize one chaotic map in finite precision, the nonlinear map may no longer be chaotic and it shows a kind of stabilization instead, which leads to random cycle length appeared in the generated sequence. Numerical simulation shows that the cycle length is dependent on computational precision and relies heavily on initial values of map [11] . In other words, suppose we digitize numbers in one map in N bits and the upper boundary of the loop length is denoted with M , then the M (N ) dependence is scattered in an unknown manner obeying the relations 0 < M < (1/N ) −β , β = 0.68 ± 0.05. Many people have found such a problem and want to solve it, but unfortunately till now there is no systematic theory has been found, only several engineering remedies have been proposed to deal with the problem such as using higher finite precision, cascading multiple chaotic systems, and the perturbation-based algorithm [12] .
To avoid above mentioned problem of performance degradation, several amendments have to be made on our original PRBS generating scheme using formula (2). 1) Only insignificant v (v < m) bits of x n+1 (i) is subject to output. Because insignificant bits are more random than those significant bits, a mod 2 v operation is introduced to extract the insignificant v bits, i.e.,
2) Interleave all the outputs of L lattices for each round of iteration. Suppose at instant n + 1, the outputs are y n+1 (1)=b
v , the interleaved output should be b
3) Randomly select initial values. Since improper selection of initial conditions of digitized chaotic maps would lead to the appearance of short cycles in the generated pseudo-random number sequence, it is important to set right initial values for maps of each lattice. Experimental results show that randomly selecting L integers to initialize x 0 (1), ..., x 0 (L) could avoid the synchronization of the lattices, thus, could escape from the degeneracy of bit sequence.
A key point to employ spatiotemporal chaos is worth emphasizing: because in a spatiotemporal chaotic dynamic system, each lattice is coupled with others, the disturb of one map could swiftly propagate to all others, sequence generated by such system would have longer period than those generated by non-spatiotemporal chaotic systems.
The whole digital version of the PRBS generating algorithm is summarized in Fig.1 . To balance computational complexity and operating efficiency, the parameters used hereafter for FPGA implementation and software simulations are all set as follows: L = 16, v = 16, m = 32. To random binary sequences that are subject to test following assumptions are made [6] :
• Uniformity: The occurrence of zeros and ones are of equal probabilities, i.e., if a sequence is of length n, the expected number of ones (or zeros) is n/2.
• Scalability: Any subsequences should have the same statistic characters with the sequence they randomly extracted from, i.e., any test applicable to a sequence can also be applied to the subsequences.
• Consistency: The behavior of a generator must be consistent across starting values (seeds). Under above framework, several tests have been performed on the PRBS generated by our proposed scheme.
A. FIPS 140-2 test
One simple but practical and widely used test standard for PRBS is FIPS 140-2 [5] that is specified by National Institute of Standards and Technology (NIST) in the United States. It consists of 4 kinds of tests on a total of 16 items. More specifically, a single stream of 20,000 consecutive bits should be subjected to the following 4 tests, namely, Monobit test, Poker test, Runs test, and Long run test. For the detail of FIPS 140-2 standard, one is referred to [5] .
One inspecting result on a typical bit sequence generated by the aforementioned PRBS generator is listed in Table. I. Referenced eligible ranges are also shown in the same table.
B. more rigorous test: NIST 800-22
More rigorous tests are performed using NIST 800-22 test suite [6] . The NIST 800-22 test suite issued by NIST of the United States is a statistical package used for testing the randomness of (arbitrarily long) binary sequences produced by either hardware or software based pseudo-random number generators. A statistical test is formulated to test a specific null hypothesis, H o . Associated with this null hypothesis is the alternative hypothesis H a . In NIST 800-22 tests, the H o is that the bit sequence being tested is random, correspondingly, the H a is that the sequence is not random. Whether the proposed PRBS generator is or is not producing random values is based on the sequence subject to test. Statistical hypothesis testing is a conclusion-generation procedure that has two possible outcomes, either accept H o (the sequence is random) or accept H a (the sequence is non-random). The acceptance of either H o or H a is also a statistical decision procedure, therefore, a statistical confidence interval should be set first before a test is performed. Commonly used value to calculate a confidence interval is the probability α which will indicate that the sequence is not random when it really is random. So if a statistical test result falls in the confidence interval derived from α, one has 1 − α confidence to believe it is true. In cryptography common values of α are about 0.01. The NIST 800-22 test suite consists of a set of 16 tests focusing on a variety of different types of non-randomness that could exist in a sequence. Some tests may be decomposed into a variety of sub-tests, therefore, total 189 items exist in Table. II [6] .
In our experiments, 1,000 sets of bit sequence that each contains 1,000,000 bits are subject to test. Set α = 0.01, according to formula (5), the confidence interval (0.9806, 0.9994) was worked out.
Other parameters used in the test are shown in Table. III. For each type of test, after complex statistical analysis provided by the NIST 800-22 suite was performed, a percentage called P-value can be derived from the test data. The test whose Pvalue falls in the confidence interval succeeds. The test results are shown in Fig.2 (numbers on the figure is accordant with those in Table. II). It shows that all 16 tests were passed.
IV. FPGA IMPLEMENTATION
We have made an effort on the implementation of the aforesaid chaotic encryption algorithm on a Spartan-III series FPGA, XC3S400. The XC3S400 FPGA is a high-performance, low-cost device with abundant logic resources which includes: 288K-bit block RAMs, 56K-bit distributed RAMs, 264 user In this design, we choose boundary scan mode, among many other data loading modes, to write the configuration data into the FPGA. We use VHDL (VHSIC Hardware Description Language), a hardware description language, to programme the PRBS generating algorithm, compile and synthesis the program by using Xilinx ISE (Integrated Synthesis Environment) logic design tools to form the configuration data. To receive the generated bit sequence from FPGA device, a USB port is used in our implementation. The FPGA evaluation board used in our experiment is shown in Fig.3 . The algorithm is realized highly parallel. If we set the parameters of the spatiotemporal chaotic system as L = 16, v = 16, the computational precision m = 32, and the system clock of the chip to 50 MHz, for every 25 clock circle, 16 bits random numbers would be produced from each lattice. Therefore, the total throughput of bits is about 16 × 16 × 50/25 = 512 Mbps. The throughput of bits depends on the maximum clock frequency of the chip and the routes of chaotic maps. If one increases clock frequency to 200 MHz, the throughput of bits may reach high up to 16 × 16 × 200/25 = 2 Gbps.
V. CONCLUSION
A spatiotemporal chaos based PRBS generating scheme that accommodates to FPGA chip implementation is introduced in the present paper. The proposed scheme can simultaneously generate multiple pieces of bit sequences. The generated bit sequences have passed the commonly used FIPS 140-2 test and the rigorous NIST 800-22 test, showing the excellent performance of the scheme. A design and implementation of the proposed scheme on a Xilinx Spartan-III XC3S400 FPGA was also performed. Some rudimental experiments also have been done. Further work includes the comprehensive tests on the designed chip and many other optimization issues will be 
