At 12:37 AM 9/6/97 PDT, Nobuki Nakatuji wrote:

GCC(Gao's Chaos Cryptosystem) GCC uses the newest chaos logic and is conventional cryptosystem stream cipher encryption. It is high speed and allows variable-length keys, making it very reliable and suitable for use in multimedia. http://www.iisi.co.jp/reserch/GCC-over.htm [Products using it, user-friendliness, etc.]

Good user interfaces and high speed are important, but not enough. How strong is the cypher? Where is the academic research behind it? What is the algorithm? Why should we trust it? Who else has tested it? Other people have built cyphers based on chaotic systems, and found they were weak when analyzed properly. Building good cryptosystems is difficult. The web page doesn't give any details about the algorithm, except saying that it uses chaos and strange attractors, uses variable-length keys, and has a structure that uses XOR of the stream cypher with the plaintext. It does say the algorithm has a 0-1 balance of 0.5/0.5 (which any good cryptosystems do) and has a medium-sized state space (2**96). It claims that because it's a one-way stream cypher, that makes it safe against chosen plaintext attacks. That's not true. Choose a plaintext of all zeros, and that gives you the output of the chaotic system which you can analyze for patterns. If you know the structure of the chaotic system, you can analyze the mathematics to see how to find the state space, and how to find the future output from the current output and the state space - if the algorithm is strong, this is difficult, but if the algorithm is weak, this is easy. If you don't publish the algorithm, nobody can prove that it's strong, and in the world of cryptosystems, that means nobody will trust it, because we know how weak many other strong-looking algorithms are.