Information Sciences 563 (2021) 183–195

Contents lists available at ScienceDirect

Information Sciences
journal homepage: www.elsevier.com/locate/ins

Decidable characterizations of dynamical properties for additive

cellular automata over a finite abelian group with applications
to data encryption
Alberto Dennunzio a, Enrico Formenti b, Darij Grinberg c, Luciano Margara d
a
Dipartimento di Informatica, Sistemistica e Comunicazione, Università degli Studi di Milano-Bicocca, Viale Sarca 336/14, 20126 Milano, Italy
b
Université Côte d’Azur, CNRS, I3S, France
c
Mathematisches Forschungsinstitut Oberwolfach, Schwarzwaldstr. 9-11, 77709 Oberwolfach-Walke, Germany
d
Department of Computer Science and Engineering, University of Bologna, Cesena Campus, Via Sacchi 3, Cesena, Italy

a r t i c l e i n f o a b s t r a c t

Article history: Additive cellular automata over a finite abelian group are a wide class of cellular automata
Received 4 July 2020 (CA) that are able to exhibit the complex behaviors of general CA and are often exploited
Received in revised form 28 December 2020 for designing applications in different practical contexts. We provide decidable character-
Accepted 8 February 2021
izations for Additive CA of the following important properties defining complex behaviors
Available online 16 February 2021
of complex systems: injectivity, surjectivity, equicontinuity, sensitivity to the initial condi-
tions, topological transitivity, and ergodicity. Since such properties describe the main fea-
Keywords:
tures required by real systems, the decision algorithms from our decidability results are
Cellular automata
Additive cellular automata
then important tools for designing proper applications based on Additive CA. Indeed, we
Decidability describe how our results can be exploited in some emblematic applications of cryptosys-
Complex systems tems, a paradigmatic and nowadays crucial applicative domain in which Additive CA are
Data encryption extensively used. We deal with methods for data encryption and, namely, we propose some
strong modifications to the existing schemes in order to increase their security level and
make attacks much harder.
Ó 2021 Elsevier Inc. All rights reserved.

1. Introduction

Cellular automata (CA) are widely known formal models that find application in several disciplines and their different sub-
domains (for recent results and an up-to date bibliography on CA see for instance [20,1,16,9,10,14], while for simulations of
complex systems by CA see for instance [26,4,25,22,21]). This is essentially due to three reasons: the huge variety of distinct
CA dynamical behaviors; the emergence of complex behaviors from simple local interactions; the ease of their implemen-
tation (even at a hardware level).
In practical applications one needs to know if the CA used for modelling a certain system exhibits some specific property.
However, this can be a severe issue. Indeed, Jarkko Kari proved a strong result stating (roughly speaking) that all non-trivial
dynamical behaviors are undecidable [28]. From this seminal result, a long sequence followed.
Luckily, the undecidability issue can be tackled by imposing some constraints on the model. In the specific case of this
paper, the alphabet and the global updating map are constrained to be a finite abelian group and an additive function,

E-mail addresses: [email protected] (A. Dennunzio), [email protected] (E. Formenti), [email protected]

(D. Grinberg), [email protected] (L. Margara)

https://doi.org/10.1016/j.ins.2021.02.012
0020-0255/Ó 2021 Elsevier Inc. All rights reserved.
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

respectively, giving rise to Additive CA over a finite abelian group (or, briefly, Additive CA). We stress that such requirements do
not prevent Additive CA at all from being successfully used for practical purposes. On the contrary, since Additive CA are able
to exhibit the complex behaviors of general CA, they are often exploited for designing many applications.
Decidable characterizations of the dynamical properties for Additive CA essentially exist only for the subclass of linear CA
(LCA) over ðZ=mZÞn , i.e., those with linear local rule defined by n  n matrices over ðZ=mZÞ (see [29,3,11] for results involving
any n P 1, while see [33,6,23] for n ¼ 1). The present paper provides decidable characterizations of injectivity, surjectivity,
equicontinuity, sensitivity to the initial conditions, topological transitivity, and ergodicity for Additive CA over a finite abe-
lian group. By means of an embedding of an Additive CA over a finite abelian group into a linear CA over a bigger alphabet
(which is a commutative ring), the proof technique essentially consists in lifting each of the above mentioned properties
from the linear CA to the additive one.
Let us emphasize the significance of our results in real-world scenarios. Since the properties under consideration often
describe the main features required by real systems to ensure a good functioning for themselves, the decision algorithms
derived from Theorems 4–7, and Corollary 3 are then important tools for designing proper applications based on Additive
CA. Indeed, applications involves systems that necessarily must exhibit one or more among the following features of com-
plex systems: reversibility, reachability, stability, instability, stronger form of instability, ergodicity, etc.. The formal proper-
ties investigated in this paper just describe these features. Namely, injectivity and surjectivity make reference to
reversibility, surjectivity alone is necessary to ensure any form of reachability, equicontinuity is just stability, sensitivity
to the initial condition is the most recognized form of instability, topological chaos is a stronger form of instability defined
by topological transitivity, denseness of periodic points, and sensitivity (see [24,5]), while transitivity alone is a form of
reachability, and the formal property of ergodicity just describes the ergodicity feature itself.
A paradigmatic and nowadays crucial applicative domain in which CA are extensively used is that of cryptosystems. We
then illustrate how our decidability results can be exploited in some emblematic cryptographic applications such as block
encryption and secret sharing schemes. In particular, since the choice of the local rule plays an important role to get a
method of high quality in several respects, the class of Additive CA is richer than LCA, injectivity and reversibility are equiv-
alent for general CA, and, furthermore, chaos, topological transitivity and ergodicity coincide for Additive CA over a finite
abelian group [12], we propose some strong modifications to the existing methods based on CA, namely, the use of Additive
CA instead of the simpler LCA and the addition of the decision algorithms from Theorems 6 and 7 whenever reversibility and
a transitivity/chaotic/ergodicity feature, respectively, is required by the system. Actually, cryptosystems always have to exhi-
bit such features. Indeed, as to encryption systems, reversibility allows recovering the original data from the encrypted ones,
while for general cryptosystems ergodicity and chaos ensure the confusion and diffusion conditions which in turn ensure an
appropriate degree of security [2,39].
Obviously, our results can be also exploited in all the scientific fields and all the applications where Additive CA are used.
The paper is structured as follows. Next section introduces all the necessary background and formal definitions. Section 3
recalls the known results about linear CA over ðZ=mZÞn . Section 4 contains the new results, while Section 5 illustrates their
impact in cryptographic applications. In the last section we draw our conclusions and provide some perspectives.
Acknowledgements
DG thanks the Mathematisches Forschungsinstitut Oberwolfach for its hospitality.

2. Background

Let S be a finite set. A configuration over S is a map from Z to S. We consider the following space of configurations
SZ ¼ fcj c : Z ! Sg.Each element c 2 SZ can be visualized as an infinite one-dimensional cell lattice in which each cell
i 2 Z contains the element ci 2 S. The space SZ is endowed with the standard Tychonoff metric d.
Let r 2 N and d : S2rþ1 ! S be any map. We say that d is a local rule of radius r.


Definition 1 (Cellular Automaton). A one-dimensional CA based on a radius r local rule d is a pair SZ ; F , where F : SZ ! SZ is
the global transition rule defined as follows:

8c 2 SZ ; 8i 2 Z; F ðc Þi ¼ dðc ir ; . . . ; c iþr Þ: ð1Þ

We stress that the local rule d completely determines the global rule F of a CA. We also recall that any map F : SZ ! SZ is
the global transition rule of a CA if and only if F is (uniformly) continuous and F  r ¼ r  F, where r : SZ ! SZ is the shift map
defined as 8c 2 SZ ; 8i 2 Z; rðcÞi ¼ ciþ1 . From now on, when no misunderstanding is possible, we identify a CA with its global
rule. Moreover, whenever an ergodic property is considered for CA, l is the well-known Haar measure over the collection M
of measurable subsets of SZ , i.e., the one defined as the product measure induced by the uniform probability distribution over
S.
For the definitions of the standard dynamical properties under consideration as equicontinuity, sensitivity to the initial con-
ditions, topological transitivity, ergodicity, and all the other topological mixing and ergodic conditions, we address the reader
for instance to [31,11].
184
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

2.1. Additive and linear cellular automata

Let us introduce the background of Additive CA. The alphabet S will be a finite abelian group G, with group operation +,
neutral element 0, and inverse operation . In this way, the configuration space GZ turns out to be a finite abelian group, too,
where the group operation of GZ is the componentwise extension of + to GZ . With an abuse of notation, we denote by the
same symbols þ; 0, and  the group operation, the neutral element, and the inverse operation, respectively, both of G and
GZ . Observe that + and  are continuous functions in the topology induced by the metric d. A configuration c 2 GZ is said
to be finite if the number of positions i 2 Z with c i – 0 is finite.


Definition 2 (Additive Cellular Automata). An Additive CA over a abelian finite group G is a CA GZ ; F where the global
Z Z Z
transition map F : G ! G is an endomorphism of G .
The sum of two Additive CA F 1 and F 2 over G is naturally defined as the map on GZ denoted by F 1 þ F 2 and such that

8c 2 G Z ; ðF 1 þ F 2 Þðc Þ ¼ F 1 ðc Þ þ F 2 ðc Þ
Clearly, F 1 þ F 2 is an Additive CA over G.
We now recall the notion of linear CA, an important subclass of Additive CA. We stress that, whenever the term linear is
Z
involved, the alphabet S is Kn , where K ¼ Z=mZ for some positive integer m. Both Kn and ðKn Þ become K-modules in the
obvious (i.e., entrywise) way.
2rþ1
A local rule d : ðKn Þ ! Kn of radius r is said to be linear if it is defined by 2r þ 1 matrices Ar ; . . . ; A0 ; . . . ; Ar 2 Knn as
follows:
X
r
8ðxr ; . . . ; x0 ; . . . ; xr Þ 2 ðKn Þ2rþ1 ; dðxr ; . . . ; x0 ; . . . ; xr Þ ¼ A i  xi :
i¼r

Definition 3. (Linear Cellular Automata (LCA)) A linear CA (LCA) over Kn is a CA based on a linear local rule.
h i hh ii
Let Kn X; X 1 and Kn X; X 1 denote the set of Laurent polynomials and the set of Laurent series, respectively, with coef-
Z
ficients in Kn . A configuration c 2 ðKn Þ can be associated with the Laurent series
2X 1 i 3
2 1 3 ci X
c ðXÞ 6 i2Z 7
X i 6
. 7 6
6.
7
hh
7
iin hh ii
Pc ð XÞ ¼ 6
c i X ¼ 4 .. 7 1
ffi Kn X; X 1 :
5¼6
6
.. 7 2 K X; X
7
i2Z 4X n i 5
cn ð X Þ ci X
i2Z

Then, if F is the global rule of a LCA defined by Ar ; . . . ; A0 ; . . . ; Ar , one finds

P F ðc Þ ð X Þ ¼ A  P c ð X Þ
where
X
r h inn
A¼ Ai X i 2 K X; X 1
i¼r

is the the matrix associated with the LCA F. In this way, for any integer t > 0 the matrix associated with F t is At , and then
P F t ðcÞ ð X Þ ¼ At  P c ð X Þ.

3. Known results about additive and linear CA

Let us start sensitivity and equicontinuity for LCA over Kn . First of all, we remind that a dichotomy between sensitivity
and equicontinuity holds for LCA. Moreover, these properties are characterized by the behavior of the powers of the matrix
associated with a LCA.


Z
Proposition 1 [15]. Let ðKn Þ ; F be a LCA over Kn and let A be the matrix associated with F. The following statements are
equivalent:

1. F is sensitive to the initial conditions;

2. F is not equicontinuous;

185
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

n o
 
3.  A1 ; A2 ; A3 ; . . .  ¼ 1.

The decidability result concerning sensitivity and equicontinuity has been recently reached in [13] by means of a deep
algebra result and the decidability of sensitivity and equicontinuity for the subclass of LCA over Kn with associated matrix
in Frobenius normal form [15].

Theorem 1 [13]. Sensitivity and equicontinuity are decidable for LCA over Kn .
It is well-known that injectivity and surjectivity are decidable for general CA. As to LCA over Kn , there was also provided a
characterization of these properties in terms of the determinant of the matrix associated with a LCA (the decidability of such
characterization follows from the fact that injectivity and surjectivity are decidable for LCA over K, see [27]).

Theorem 2 ([3,29]). Injectivity and surjectivity are decidable for LCA over Kn . In particular, a LCA F over Kn is injective (resp.,
surjective) if and only if the determinant of the matrix associated with F is the Laurent polynomial associated with an injective
(resp., surjective) LCA over K.
The decidability of chaos, ergodicity, topologically transitivity, and other ergodic and mixing properties for LCA over Kn
has been recently proved in [11]. Furthermore in [12], we showed the equivalence of all the mixing and ergodic properties for
Additive CA over a finite abelian group. Summarizing, the following holds.

Theorem 3 ([11,12]). Let F be any Additive CA over a finite abelian group. The following statements are equivalent: (1) F is
chaotic; (2) F is ergodic; (3) F is topologically transitive; (4) F is surjective and for every integer t > 0 it holds that F t  I is surjective
(I is the identity map); (5) F is topologically mixing; (6) F is weak topologically transitive; (7) F is totally transitive; (8) F is weakly
ergodic mixing; (9) F is ergodic mixing.
Moreover, all the previously mentioned properties are decidable for LCA over Kn . In particular, when K ¼ Z=pk Z, given any LCA
F over Kn , all the previous statements are equivalent to the following condition:


kt  
detð AmodpÞ – 0 and det Ap 1  In modp – 0 for all t 2 f1; . . . ; ng;

where A is the matrix associated with F; In is the n  n identity matrix, and the operator modp over a matrix means that all coef-
ficients appearing inside that matrix are taken modulo p.

4. From linear to additive CA

In this section we are going to prove that sensitivity, equicontinuity, topological transitivity, and all the properties equiv-
alent to the latter are decidable also for Additive CA. For each of them we will reach the decidability result by extending the
analogous one obtained for LCA to the wide class of Additive CA. In a similar way, we provide a decidable characterization of
injectivity and surjectivity for Additive CA.
We recall that the local rule d : G2rþ1 ! G of an Additive CA of radius r over a finite abelian group G can be written as
X
r
8ðxr ; . . . ; xr Þ 2 G2rþ1 ; dðxr ; . . . ; xr Þ ¼ di ðxi Þ ð2Þ
i¼r

where the functions di are endomorphisms of G.

The fundamental theorem of finite abelian groups states that every finite abelian group G is isomorphic to hi¼1 Z=ki Z
where the numbers k1 ; . . . ; kh are powers of (not necessarily distinct) primes and  is the direct sum operation. Hence,
0
the global rule F of an Additive CA over G splits into the direct sum of a suitable number h of Additive CA over subgroups
0    0
G1 ; . . . ; Gh0 with h 6 h and such that gcd jGi j; jGj j ¼ 1 for each pair of distinct i; j 2 1; . . . ; h . Each of them can be studied
separately and then the investigation of the dynamical behavior of F can be carried out by combining together the results
obtained for each component.
Let us illustrate the application of the fundamental theorem of finite abelian group to Additive CA by means of the
following.

Example 1. Let F be an Additive CA over G ffi Z=2Z  Z=16Z  Z=32Z  Z=5Z  Z=5Z  Z=49Z. Then, F splits into the direct
sum of 3 Additive CA F 1 ; F 2 , and F 3 over Z=2Z  Z=16Z  Z=32Z; Z=5Z  Z=5Z, and Z=49Z, respectively. Hence, F is
topological transitive iff both F 1 ; F 2 , and F 3 are topological transitive, while F is sensitive to initial conditions iff at least one
Additive CA among F 1 ; F 2 , and F 3 is sensitive to the initial conditions.
Three different situations can occur.

(S1) G ffi Z=pk Z.The alphabet G turns out to be a cyclic group and Additive CA over Z=pk Z are just LCA over Z=pk Z. Decid-
able characterizations of all the dynamical properties under consideration have been provided a few decades ago [33].

186
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

 n  n
(S2) G ffi Z=pk Z with n > 1.Again, Additive CA over G coincide with LCA over G, but G ¼ Z=pk Z is not a cyclic group
and this makes the investigation of the dynamical properties much more difficult than the case n ¼ 1. However, as
recalled in Section 3, we recently succeeded in showing decidable characterizations of sensitivity, equicontinuity, transi-
tivity, and ergodicity, while a characterization of injectivity and surjectivity had been already exhibited.
(S3) G ffi ni¼1 Z=pki Z.In this situation (Z=2Z  Z=16Z  Z=32Z of Example 1), the group G is once more not cyclic and F
turns out to be a subsystem of a suitable LCA. Therefore, the study of the dynamical behavior of F is even harder than
in situation (S2). We do not even know easy checkable characterizations of basic properties like surjectivity or injectivity
so far. We will provide them in the sequel as we stated at the beginning of this section.

Assumption Hence, without loss of generality, in the sequel we can assume that

G ¼ Z=pk1 Z  . . .  Z=pkn Z
with k1 P k2 P . . . P kn in order to reach our goal.
ðiÞ ðiÞ
For any i 2 f1; . . . ; ng let us denote by eðiÞ 2 GZ the bi-infinite configuration such that e0 ¼ ei and ej ¼ 0 for every integer
j – 0.


Definition 4. Let GZ ; F be an Additive CA over G. We say that eðiÞ 2 GZ spreads under F if for every ‘ 2 N there exists k 2 N
 
such that F k eðiÞ j – 0 for some integer j with jjj > ‘.

hh ii
Remark 1. Whenever we consider P eðiÞ ð X Þ 2 G X; X 1 , we will say that P eðiÞ ð X Þ spreads under F if for every ‘ 2 N there
exists k 2 N such that P F k ðeðiÞ Þ ð X Þ has at least one component with a non null monomial of degree which is greater than ‘
in absolute value. Clearly, P eðiÞ ð X Þ spreads under F if and only if eðiÞ spreads under F.
 
b ¼ Z=pk1 Z n . Define the map w : G ! G
Let G b as follows

i i
8h 2 G; 8i ¼ 1; . . . ; n; wðhÞ ¼ h pk1 ki ;
i
where, for a sake of clarity, we stress that h denotes the i-th component of h, while pk1 ki is just the ðk1  ki Þ-th power of p.

b Z as the componentwise extension of w, i.e.,

Definition 5. We define the function W : GZ ! G

 
8c 2 G Z ; 8j 2 Z; WðcÞj ¼ w cj :
b Z ) is associated with the Lau-
It is easy to check that W is continuous and injective. Since every configuration c 2 GZ (or G
hh ii hh ii
b X; X 1 ), with an abuse of notation we will sometimes consider W as map from
rent series P c ð X Þ 2 G X; X 1 (or G
hh ii hh ii
G X; X 1 to G b X; X 1 with the obvious meaning.

 n
For any Additive CA over G, we are now going to define a LCA over Z=pk1 Z associated with it. With a further abuse of
notation, in the sequel we will write pm with m 2 N even if this quantity might not exist in Z=pk Z. However, we will use it
0 0
only when it multiplies pm for some integer m0 > m. In such a way pm m is well-defined in Z=pk Z and we will note it as pro-
0
duct pm  pm .


Definition 6. Let GZ ; F
be any Additive CA and let d : G2rþ1 ! G be its local rule defined, according to (2), by 2r þ 1

  nn
ðzÞ
endomorphisms dr ; . . . ; dr of G. For each z 2 fr; . . . ; r g, we define the matrix Az ¼ ai;j 2 Z=pk1 Z as
16i6n; 16j6n

ð zÞ  i
8i; j 2 f1; . . . ; ng; ai;j ¼ pkj ki  dz ej
 

The LCA associated with the Additive CA GZ ; F is b Z ; L , where L is defined by Ar ; . . . ; Ar or, equivalently, by
G
P h inn
A ¼ rz¼r Az X z 2 Z=pk1 Z X; X 1 .

Remark 2. Since every dz is an endomorphism of G, by construction A turns out to be well-defined.

187
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

Remark 3. The following diagram commutes

  
i.e., L  W ¼ W  F. Therefore we say that G b Z ; L is the LCA associated with GZ ; F via the embedding W. Let us stress that we
 
  

can not state that GZ ; F is topologically conjugated (i.e., homeomorphic) to G b Z ; L . Indeed, GZ ; F is a subsystem of Gb Z; L

and the subsystem condition alone is not enough in general to lift dynamical properties from a one system to the other one.
Despite this obstacle, in the sequel we will succeed in doing such a lifting.

4.1. Sensitivity and Equicontinuity for Additive Cellular Automata

Let us start with the decidability of sensitivity and equicontinuity.



Lemma 1. Let GZ ; F be any Additive CA. If for some i 2 f1; . . . ; ng the configuration eðiÞ 2 GZ spreads under F then GZ ; F is
sensitive to the initial conditions.

Proof. We prove that F is sensitive with constant e ¼ 1. Let eðiÞ 2 GZ be the configuration spreading under F. Choose arbitrar-
 
ily an integer ‘ 2 N and a configuration c 2 GZ . Let t 2 N and j R f‘; . . . ; ‘g be the integers such that F t eðiÞ j – 0. Consider
       
the configuration c 0 ¼ c þ rj eðiÞ . Clearly, it holds that dðc; c0 Þ < 2‘ and F t ðc0 Þ ¼ F t ðc Þ þ F t rj eðiÞ ¼ F t ðc Þ þ rj F t eðiÞ . So,
 t 0 t 
we get d F ðc Þ; F ðc Þ ¼ 1 and this concludes the proof. h
In order to prove the decidability of sensitivity, we need to deal with the following notions about Laurent polynomials.

Definition 7. Given any polynomial pðXÞ 2 Z=pk1 Z X; X1 , the positive (resp., negative) degree of pðXÞ, denoted by
þ 
deg ½pðXÞ (resp., deg ½pðXÞ) is the maximum (resp., minimum) degree among those of the monomials having both positive
(resp., negative) degree and coefficient which is not multiple of p. If there is no monomial satisfying both the required
þ 
conditions, then deg ½pð X Þ ¼ 0 (resp., deg ½pð X Þ=0).

 h inn

Lemma 2. Let Gb Z ; L be a LCA and let A 2 Z=pk1 Z X; X 1 be the matrix associated with L. If Gb Z ; L is sensitive then for every

integer m P 1 there exists an integer k P 1 such that at least one entry of Ak has either positive or negative degree with absolute
value which is greater than m.

h inn
Proof. We can write A ¼ B þ p  C for some B; C 2 Z=pk1 Z X; X 1 , where the monomials of all entries of B have coefficient
which is not multiple of p. Assume that there exists a bound b P 1 such that for every k P 1 all entries of Ak have degree less
n o

  b Z ; L is not sensitive. h
than b in absolute value. Therefore, it holds that  Ak ; k P 1  < 1 and so, by Proposition 1, G
We are now able to prove the following important result.



Theorem 4. Let GZ ; F be any Additive CA over G and let G b Z ; L be the LCA associated with F via the embedding W. Then, the CA




GZ ; F is sensitive to the initial conditions if and only if G b Z ; L is. Moreover, the CA GZ ; F is equicontinuous if and only if


b Z ; L is.
G

 

Proof. Let us start with the equivalence between sensitivity of GZ ; F and sensitivity of G b Z; L .


): Assume that G b Z ; L is not sensitive. Then, by Proposition 1, there exist two integers k 2 N and m > 0 such that


Lkþm ¼ Lk . Therefore, we get W  F kþm ¼ Lkþm  W ¼ Lk  W ¼ W  F k . Since W is injective, it holds that F kþm ¼ F k and so GZ ; F
is not sensitive.

188
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195



(: Assume that G b Z ; L is sensitive and for any natural k let Ak ¼ aðkÞ be the k-th power of
i;j 16i6n; 16j6n
h inn

A 2 Z=pk1 Z X; X 1 , where A is the matrix associated with Gb Z ; L . We are going to show that at least one configuration

among eð1Þ ; . . . ; eðnÞ spreads under F. Choose arbitrarily ‘ 2 N. By Lemma 2, there exist an integer m P 1 and one entry ði; jÞ
h i h i h i
 ðmÞ þ ðmÞ þ ðmÞ
such that either deg ai;j < ‘ or deg ai;j > ‘. Without loss of generality suppose that deg ai;j > ‘. The i–th
h i
ðmÞ þ ðmÞ
component of P F m ðeð jÞ Þ ð X Þ is the well defined polynomial pki k1  pk1 kj  ai;j . Since deg ai;j > ‘, we can state that eð jÞ


spreads under F. By Lemma 1, it follows that GZ ; F is sensitive.


As to the equicontinuity equivalence, the above first implication also proves that if G b Z ; L is equicontinuous (i.e., by



Proposition 1, it is not sensitive) then F kþm ¼ F k , i.e., by [30], GZ ; F is equicontinuous. Conversely, if GZ ; F is


equicontinuous then it trivially follows that it is not sensitive, i.e., by the above second implication, G b Z ; L is not sensitive,


i.e., by Proposition 1, G b Z ; L is equicontinuous. h

As immediate consequence of Theorem 4 we can state that the dichotomy between sensitivity and equicontinuity also
holds for Additive CA.

Corollary 1. Any Additive CA over a finite abelian group is sensitive to the initial conditions if and only if it is not equicontinuous.
The following decidability result follows from Theorem 4 and the decidability of sensitivity for LCA.

Corollary 2. Equicontinuity and sensitivity to the initial conditions are decidable for Additive CA over a finite abelian group.

Proof. Use Theorem 1 and 4. h

4.2. Surjectivity and Injectivity for Additive Cellular Automata

We now study injectivity and surjectivity for Additive CA.


Lemma 3. Let G b If there exists a configuration b 2 G
b Z ; L be any LCA over G. b Z with b – 0 and LðbÞ ¼ 0, then there exists a

  
0 0 0 0
configuration b 2 W GZ such that b – 0 and L b ¼ 0. In particular, if b is finite then b is finite too.

Proof. Let b 2 G b Z any configuration with b – 0 and LðbÞ ¼ 0. Set bð1Þ ¼ p  b. If bð1Þ ¼ 0 then for every i 2 Z each component of
  0
bi has p k1 1
as factor. So, b 2 W GZ and b ¼ b is just one possible configuration the thesis requires to exhibit. Otherwise, by
ð2Þ ð1Þ ð2Þ ð1Þ
repeating the same argument, set b ¼ p  b . If b ¼ 0 then, for every i 2 Z, each component of bi has pk1 1 as factor and
 

ð1Þ ð1Þ 0 ð1Þ
so b 2 W GZ . Since L b ¼ 0, a configuration we are looking for is b ¼ b . After k1  1 iterations, i.e., once we get
ðk1 1Þ ðk2Þ ðk2Þ ðk1 1Þ 0 ðk1 2Þ
b ¼ pb (with b – 0), if b ¼ 0 holds we conclude that b ¼ b by using the same argument of the previ-
ðk 1Þ
ous steps. Otherwise, by definition, for every i 2 Z each component of bi 1 itself certainly contains pk1 1 as factor. There-
 

ðk 1Þ ðk 1Þ 0 ðk1 1Þ
fore, b 1 2 W GZ . Moreover, L b 1 ¼ 0. Hence, we can set b ¼ b and this concludes the proof. h
The following lemma will be useful for studying both surjectivity and other properties.



Lemma 4. Let GZ ; F and G b Z ; L be any Additive CA over G and any LCA over G,
b respectively, such that L  W ¼ W  F. Then, the



CA GZ ; F is surjective if and only if G b Z ; L is.

Proof. (: Assume that F is not surjective. Then, by the Garden of Eden theorem [35,36], F is not injective on the finite con-
figurations, i.e., there exist two distinct and finite configurations c 0 ; c00 2 GZ with F ðc0 Þ ¼ F ðc 00 Þ. Therefore, the element
c ¼ c 0  c 00 2 GZ is a finite configuration such that c – 0 and F ðcÞ ¼ 0. So, we get both Wðc Þ – 0 and LðWðcÞÞ ¼ WðF ðc ÞÞ ¼ 0.
Since WðcÞ – 0, it follows that L is not surjective.
): Assume that L is not surjective. Then it is not injective on the finite configurations. Thus, there exist a finite

  0
0 0
configuration b – 0 with LðbÞ ¼ 0. By Lemma 3, there exists a finite configuration b 2 W GZ such that b – 0 and L b ¼ 0.
0
Let c 2 GZ be the finite configuration such that Wðc Þ ¼ b . Clearly, it holds that c – 0. We get WðF ðcÞÞ ¼ LðWðc ÞÞ ¼ 0. Since W is
injective, it follows that F ðc Þ ¼ 0. Therefore, we conclude that F is not surjective. h

189
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

Next two theorems state that surjectivity and injectivity behave as sensitivity when looking at an Additive CA over G and
the associated LCA via the embedding W.



Theorem 5. Let GZ ; F be any Additive CA over G and let Gb Z ; L be the LCA associated with it via the embedding W. Then, the CA



GZ ; F is surjective if and only if Gb Z ; L is.

Proof. Use Lemma 4. h

 
  
Theorem 6. Let GZ ; F be any Additive CA and let Gb Z ; L be the LCA associated with it via the embedding W. Then, the CA GZ ; F


is injective if and only if Gb Z ; L is.

Proof. (: Assume that F is not injective. Then, there exist two distinct configurations c; c 0 2 GZ with F ðcÞ ¼ F ðc0 Þ. We get
LðWðc ÞÞ ¼ WðF ðcÞÞ ¼ WðF ðc0 ÞÞ ¼ LðWðc 0 ÞÞ and, since W is injective, it follows that L is not injective.
): Assume that L is not injective. Then, there exists a configuration b 2 G b Z such that b – 0 and LðbÞ ¼ 0. By Lemma 3,

  0
0 0 0
there exists a configuration b 2 W G such that b – 0 and L b ¼ 0. Let c 2 GZ be the configuration such that Wðc Þ ¼ b .
Z

Clearly, it holds that c – 0. We get WðF ðcÞÞ ¼ LðWðcÞÞ ¼ 0. Since W is injective, it follows that F ðc Þ ¼ 0. Since F ð0Þ ¼ 0, we
conclude that F is not injective. h

4.3. Topological transitivity and ergodicity

We start by proving that the embedding W also preserves topological transitivity between an Additive CA over G and the
associated LCA.



Theorem 7. Let GZ ; F be any Additive CA over G and let G b Z ; L be the LCA associated with it via the embedding W. Then, the CA



GZ ; F is topologically transitive if and only if Gb Z ; L is.



Proof. Since W  F ¼ L  W, for every k 2 N it holds that W  F k  I ¼ W  F k  W ¼ Lk  W  W ¼ Lk  I  W. By Lemma 4,
F k  I is surjective iff Lk  I is. Theorem 5 and 3 conclude the proof. h
As a final result, we get the decidability of many mixing and ergodic properties for Additive CA over any finite abelian
group, including chaos, ergodicity, and topological transitivity.

Corollary 3. All the following properties are decidable for Additive CA over any finite abelian group: (1) chaos; (2) ergodicity; (3)
topological transitivity; (4) topological mixing; (5) weak topological transitivity; (6) total transitivity; (7) weak ergodic mixing; (8)
ergodic mixing.

Proof. It is an immediate consequence of Theorem 3 and 7. h

5. Applications

The above decidability results find application in several computer science domains. We are going to deal with some
cryptographic applications that are nowadays of crucial importance and, in particular, illustrate how our results can be
exploited for improving the existing methods already based on CA (especially LCA).
Before proceeding, we want to stress the class of Additive CA over a finite abelian group is richer than LCA. Indeed, for a
same alphabet cardinality and the same radius, the former includes also rules over a finite abelian group G that, according to
situation (S3) from Section 4, has some set ni¼1 Z=pki Z as subgroup or it agrees with such a set.

Block Encryption Several schemes exist that are based on linear higher-order CA over Z=mZ (see for instance [7], where
the size of the alphabet and the memory used are m ¼ 2 and n ¼ 2, respectively), i.e., those specific, and in a sense sim-
pler, LCA over ðZ=mZÞn with associated matrix in Frobenius normal form.
Since the choice of the local rule plays a relevant role to get a method of high quality in several respects and the class of
Additive CA is richer than LCA, we propose the following significant modifications to the existing schemes.

190
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

First of all, the linear local rule is replaced with one giving rise to an Additive CA F over the abelian group Z=256Z  Z=2Z
(instead of a LCA over ðZ=2ZÞ2 with associated matrix in Frobenius normal form) in order that, once the radius and the
alphabet are fixed, the variety of local rules to be chosen, and then the security of the cryptosystem, strongly increases.
According to Definition 6, the LCA L over ðZ=256ZÞ2 associated with the Additive CA F is also built.
Furthermore, by virtue of Theorems 6 and 7, algorithms from Theorems 2 and 3 checking reversibility, ergodicity, and
chaos for LCA are included in the encryption schemes in order that a good rule is chosen, i.e., one defining an Additive
CA which is at the same time reversible, ergodic, and chaotic. Indeed, besides reversibility which allows recovering the
exact original plaintext from the cyphertext, block encryption systems have to satisfy the so-called confusion and diffusion
properties [2]. Being just the dynamical counterparts of confusion and diffusion for the dynamical system on which the
cryptosystem is based, ergodicity and chaos ensure that these required cryptographic properties hold.
The setup phase of the scheme consists of the following steps:
SetupBE  1. A first part of bits of the plaintext to be cyphered are collected in bytes, each of them represented as ele-
ment of Z=256Z, and put in the first component c1 while the remaining ones, just as they are, are put in the second
component c2 with elements in Z=2Z, respectively, of the initial configuration
!
c1
c¼
c2

of an Additive CA F to be built over the abelian group G ¼ Z=256Z  Z=2Z.

 
SetupBE  2a. Then, an Additive CA GZ ; F over G with radius 1 local rule d : G3 ! G is built as follows. A pseudo ran-
dom number generator provides the values of the functions d1 ; d0 , and d1 from (2) over the generators of the group G,
ð zÞ
i.e., the values ai;j for z ¼ 1; 0; 1, and i; j ¼ 1; 2 such that
  !   !
1 að1;1
1Þ
0 að1;2
1Þ

d1 ¼ ; d1 ¼ ;
0 að2;1
1Þ 1 að2;2
1Þ

  !   !
1 að1;1
0Þ
0 að1;2
0Þ

d0 ¼ ð0 Þ
; d0 ¼ ;
0 a2;1 1 að2;2
0Þ

  !   !
1 að1;1
1Þ
0 að1;2
1Þ

d1 ¼ ; d1 ¼ ;
0 að2;1
1Þ 1 að2;2
1Þ

ð zÞ ð zÞ ð1Þ ð0Þ ð1Þ

where, for any z and j as above, a1;j 2 Z=256Z; a2;j 2 Z=2Z, and, in addition, the constraints a1;2 ; a1;2 ; a1;2 2 f0; 128g must
necessarily hold in order that d1 ; d0 , and d1 are endomorphisms of G. In this way, according to Definition 6, the LCA

  
b Z ; L over G
G b ¼ ðZ=256ZÞ2 associated with GZ ; F is defined by the matrices A1 ; A0 ; A1 2 ðZ=256ZÞ22 , where

" #
að1;1
1Þ
27 a1;2
ð1Þ

A1 ¼ ð1Þ
;
27 a2;1 að2;2
1Þ

" #
að1;1
0Þ
27 a1;2
ð0 Þ

A0 ¼ ð0 Þ
;
27 a2;1 að2;2
0Þ

" #
að1;1
1Þ
27 a1;2
ð1 Þ

A1 ¼ ð1 Þ
;
27 a2;1 að2;2
1Þ

P1 h i22
z
or, equivalently, by the matrix A ¼ z¼1 Az X 2 Z=256Z X; X 1 , i.e.,
" #
að1;1
1Þ 1 ð0 Þ ð1Þ
X þ a1;1 þ a1;1 X 1
ð1Þ ð0 Þ ð1Þ
27 a1;2 X 1 þ 27 a1;2 þ 27 a1;2 X 1
A¼ ð1Þ ð0Þ ð1Þ
:
27 a2;1 X 1 þ 27 a2;1 þ 27 a2;1 X 1 að2;2
1Þ 1 ð0 Þ ð1Þ
X þ a2;2 þ a2;2 X 1

Thus, the coefficients of the characteristic polynomial of A are (up to sign)

det A ¼ d1;1 X 2 þ ðd1;0 þ d0;1 ÞX 1 þ ðd1;1 þ d0;0 þ d1;1 Þ þ ðd0;1 þ d1;0 ÞX 1 þ d1;1 X 2
and
trð AÞ ¼ trðA1 ÞX 1 þ trðA0 Þ þ trðA1 ÞX 1 ;
    
1 0
where du;v ¼ det du d , for u; v ¼ 1; 0; 1. At this point, an Additive CA F over the abelian group Z=256Z  Z=2Z
0 v 1
and the LCA L over ðZ=256ZÞ2 associated with F have been built.
191
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

SetupBE  2b.Algorithms from Theorems 2 and 3 run on L, i.e., on the coefficients trð AÞ and detð AÞ of the characteristic
polynomial of A, to establish whether, by virtue of Theorems 6 and 7, F is at the same time reversible, chaotic, and
ergodic.
Steps SetupBE  2a and SetupBE  2b are repeated until an Additive CA with the required properties is outputted.
The encryption phase simply consists in computing, for some ‘ > 2, the next ‘ elements of the dynamical evolution of F
starting from c. The cyphertext is just F ‘ ðcÞ.
We stress that about 1=7 turns out to be the fraction of the injective, i.e., reversible, Additive CA over a total of 233 possible
ð zÞ
distinct ones that can be outputted by step SetupBE  2a at varying all the possible 12-tuples of values ai;j . The scenario
resulting from these numbers represents a huge improvement with respect to the corresponding one involving linear
higher-order CA over Z=2Z (as for instance in [7]) and where these numbers are very small. In particular, one reversible
Additive CA can be detected from a large set of reversible Additive ones during step SetupBE  2b. Hence, our modification
to the scheme consisting of the introduction and the use, as above illustrated, of Additive CA for encrypting a plaintext
increases the security level of the scheme itself. Furthermore, according to step SetupBE  2b, the addition of the algo-
rithms ensuring confusion and diffusion, made it possible by Theorems 6 and 7, makes attacks much harder.
Secret Sharing Schemes. Secret sharing schemes are those methods that define how a secret can be shared among dif-
ferent participants. Regarding the existing methods based on CA, the secret is inserted in an initial configuration of a
reversible linear higher-order CA F over Z=2Z of memory n (that can be seen as a LCA over ðZ=2ZÞn with associated matrix
in Frobenius normal form) and, after a certain number of iterations of F starting from the initial configuration, the n-th
components inside the last l configurations obtained are the shares (see for instance [34,8]). Each share is distributed
by a trusted authority among the l participants in such a way that only suitable subsets of them can recover the secret.
This is done putting together the shares and calculating back the initial configuration by means of the inverse of the CA.
The use of Additive CA improves the schemes. Indeed, the same points about both the choice of the local rule and the
properties of the global behavior discussed for block encryption apply here. Therefore, we propose the following modi-
fications to the standard secret sharing schemes based on CA.
An Additive CA F over the abelian group G ¼ Z=256Z  Z=2Z  . . .  Z=2Z, where Z=2Z appears n  1 times, is used
instead of a LCA over ðZ=2ZÞn with associated matrix in Frobenius normal form. In this way, once the radius is fixed,
the number of local rules to be chosen hugely increases. The local rule of F is defined by the values of every di from
(2) over the generators of the group G. Such values can be chosen by a further modification of the standard scheme in
order that, by virtue of Theorems 6 and 7, a reversible, chaotic, and ergodic Additive CA is defined. Then, they are suitably
distributed by the trusted authority to the participants together with the shares.
Remark 4. The fact that the values of the generators are also distributed to the participants is a novelty and hence it rep-
resents a further difference with respect to the existing schemes. Moreover, in the method we propose, unlike the stan-
dard scheme, each share contains a piece of (blended besides disjoint) information from each, instead of one, element
among n out of the last l configurations obtained by means of iterations of F starting from the initial configuration in
which the secret has been inserted. As a matter of fact, now the CA used in the scheme is no longer strongly limited
to be an LCA with associated matrix in Frobenius normal form.
Let us detail the modified scheme involving l participants, i.e., with ðn; lÞ-threshold, by starting with the setup phase
which is comprised of the following two steps.
SetupSS  1. The bits of the secret are collected in bytes, each of them represented as element of Z=256Z, and put in the
first component c1 of the initial configuration
0 1
c1
B .. C
c ¼ @. A
cn
of an Additive CA F to be built over the abelian group G ¼ Z=256Z  Z=2Z  . . .  Z=2Z. The remaining components
c2 ; . . . ; cn are provided by the mutually trusted party (MTP) by means of a pseudo random number generator.
 
SetupSS  2a. An Additive CA GZ ; F over G with local rule d : G2rþ1 ! G of radius r is built by the MTP which provides a
natural number r > 0, i.e., the radius of F, and the values of the functions dr ,. . ., d0 , . . .dr from Eq. (2) over the gener-
ators of the group G, i.e., the values
 i
aði;jzÞ ¼ dz ej for z ¼ r; . . . ; r; and i; j ¼ 1; . . . ; n; ð3Þ
ð zÞ ð zÞ
where, for each z and j; a1;j 2 Z=256Z; ai;j 2 Z=2Z for i ¼ 2; . . . ; n, and, in addition, for each z and j ¼ 2; . . . ; n, the con-
ð zÞ
straint a 2 f0; 128g must necessarily hold in order that dz is an endomorphism of G. In this way, according to Defi-
1;j

  Z 
nition 6, the LCA b Z; L
G over G b ¼ ðZ=256ZÞn associated with G ;F is defined by the matrices
Ar ; . . . Ar 2 ðZ=256ZÞnn , where for each z; i, and j, the ði; jÞ-entry of Az is

192
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

8 7 ðzÞ
>
> 2 ai;j if i ¼ 1; j > 1;
<
ðzÞ
ai;j ¼ 27 aði;jzÞ if j ¼ 1; i > 1;
>
>
: ð zÞ
ai;j otherwise;
Pr h inn
z
or, equivalently, by A ¼ z¼r Az X 2 Z=256Z X; X 1 .
SetupSS  2b. By virtue of Theorems 6 and 7, the algorithms for establishing whether F is at the same time reversible,
chaotic, and ergodic are run on A.
Steps SetupSS  2a and SetupSS  2b are repeated until an Additive CA with the required properties is outputed.
The sharing phase is carried out by the MTP which computes, for some ‘ P n, the next ‘ þ l  1 elements

F ðc Þ; F 2 ðc Þ; . . . ; F ‘ ðc Þ; . . . ; F ‘þl1 ðc Þ
of the dynamical evolution of F starting from c. For each h ¼ 1; . . . ; l, the share that the MTP distributes to the h-th participant
is the vector
0 1
F ‘þh1 ðc Þ1
B ‘þh2 2 C
BF ðc Þ C
B C
B. C
B. C
@. A
F ‘þhn ðc Þn
0
together with the values of the 2r þ 1 endomorphisms over the h -th generator eh0 of G
dr ðeh0 Þ; . . . ; dr ðeh0 Þ;
0
where h ¼ ðh  1Þ mod n þ 1. In this way, any set of n consecutive participants h; h þ 1; . . . ; h þ n  1 are able to rebuild the
element F ‘þh1 ðcÞ together with the local rule d and compute back the initial configuration c from which the secret c1 can be
extracted.
Let us describe now the impact of our modifications to the standard scheme over a significant case, namely, the secret
sharing scheme with ð3; 4Þ-threshold for texts of 64 bits used in [8]. Such a scheme is based on a LCA over ðZ=2ZÞn with
associated matrix in Frobenius normal form and fixed radius r ¼ 1.
The CA we propose to use is then an Additive CA over the abelian group G ¼ Z=256Z  Z=2Z  Z=2Z defined by the 27
ð zÞ
values ai;j (z ¼ 1; 0; 1; i; j ¼ 1; 2; 3) that the MTP provides according to Eq. (3). In this way, the LCA L over ðZ=256Þ3 asso-
h i33
ciated with F is defined by the matrix A 2 Z=256Z X; X 1 where for each i; j the ði; jÞ-entry of A is
8 7 ð1Þ 1 ð0 Þ ð1Þ
>
> 2 ai;j X þ 27 ai;j þ 27 ai;j X 1 ifi ¼ 1; j > 1;
<
7 ð1Þ 1 7 ð0 Þ 7 ð1Þ 1
ai;j ¼ 2 ai;j X þ 2 ai;j þ 2 ai;j X ifj ¼ 1; i > 1;
>
>
: ð1Þ 1
ai;j X þ aði;j0Þ þ aði;j1Þ X 1 otherwise:

Thus, we get that

det A ¼ d1;1;1 X 3 þ ðd1;1;0 þ d1;0;1 þ d0;1;1 ÞX 2 þ

þðd1;1;1 þ d1;0;0 þ d1;1;1 þ d0;1;0 þ d0;0;1 þ d1;1;1 ÞX 1 þ
þðd1;1;0 þ d1;0;1 þ d0;1;1 þ d0;0;0 þ d0;1;1 þ d1;1;0 þ d1;0;1 ÞX 0 þ
þðd1;1;1 þ d0;0;1 þ d0;1;0 þ d1;1;1 þ d1;0;0 þ d1;1;1 ÞX 1 þ
þðd0;1;1 þ d1;0;1 þ d1;1;0 ÞX 2 þ d1;1;1 X 3 ;
0 0 1 0 1 0 11
1 0 0
where du;v ;w ¼ det @du @ 0 Adv @ 1 Adw @ 0 AA, for u; v ; w ¼ 1; 0; 1.
0 0 1
ð zÞ
By considering all the possible 27-tuple of values ai;j , it follows that step SetupSS  2a provides one Additive CA over a total
48
of 2 possible distinct ones. We estimated that among them just under 6% are reversible. We got this outcome by repeatedly
running the algorithm from Theorem 6 on detð AÞ at varying A among a sample of all the matrices that can be defined in step
SetupSS  2a. As in the case of data encryption, our modifications to the standard scheme give rise to a scenario that, on the
basis of these numbers and the addition of the algorithms ensuring confusion and diffusion, represents a significant improve-
ment with respect to the corresponding one where linear higher-order CA over Z=2Z are used.

193
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

6. Conclusions and perspectives

In this paper we have provided many decidability and characterization results about the dynamical behavior of Additive
CA over finite abelian groups. Moreover, we have described how our results can be exploited in some emblematic applica-
tions of cryptosystems such as block encryption and secret sharing schemes. Indeed, we have proposed significant modifi-
cations to the existing methods, i.e., the use of Additive CA instead of the simpler LCA and the addition of the decision
algorithms from Theorems 6 and 7. In this way, the security of the resulting cryptosystems strongly increases.
The are several research directions that are worth investigating from both theoretical and applicative points of view.
First of all, one might ask what results and characterizations are still true when considering non abelian groups. Further-
more, it would be very interesting to find out characterization or decidability results about positive expansivity and strong
transitivity. Since these are stronger conditions of chaos for Additive CA, they could be required by the cryptographic meth-
ods in order these latter improve even more from the security point of view. Finally, an important research direction consists
in generalizing our results to higher dimensions. Besides having a theoretical value, they will be certainly useful in many
applications as for instance the encryption or compression of images and other multidimensional data [34,32].
Going back to the results of the present paper, further possible investigations concern how they can be exploited to
improve the existing pseudo random number generators (PRNG). Indeed, the most recent PNRG based on cellular models
involve linear non-uniform (or hybrid) CA over Z=mZ (see for instance [37,38]). These are variants of CA where cells use dif-
ferent local rules (see [17–19] for an introduction and recent results on non-uniform CA). The random numbers are got by
the dynamical evolution of one fixed cell. Since linear non-uniform CA over Z=mZ used in applications are homeomorphic to
LCA over ðZ=mZÞn , we can state that the functioning of such PNRG depends on the dynamical behavior of these latter. In par-
ticular, the studies on the existing methods show that the choice of the (local and then global) transition rules is crucial in
order to reach a high quality pseudorandomness and an appropriate period length. As already pointed out, the class of Addi-
tive CA over a finite abelian group is richer than LCA. Therefore, that is a more suitable container of which one can draw rules
up for further improving the existing methods. Moreover, since a chaotic behavior is required to the dynamical systems on
which PNRG are based and chaos agrees with topological transitivity for Additive CA, the algorithm deciding topological
transitivity is an important tool to be added in applications for providing, by virtue of Theorem 7, PNRG based on chaotic
Additive CA.

CRediT authorship contribution statement

Alberto Dennunzio: Conceptualization, Methodology, Formal analysis, Investigation, Writing - review & editing. Enrico
Formenti: Conceptualization, Methodology, Formal analysis, Investigation, Writing - review & editing. Darij Grinberg: Con-
ceptualization, Methodology, Formal analysis, Investigation, Writing - review & editing. Luciano Margara: Conceptualiza-
tion, Methodology, Formal analysis, Investigation, Writing - review & editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have
appeared to influence the work reported in this paper.

References

[1] Luigi Acerbi, Alberto Dennunzio, Enrico Formenti, Conservation of some dynamical properties for operations on cellular automata, Theoret. Comput.
Sci. 410 (38–40) (2009) 3685–3693.
[2] Gonzalo Álvarez, Shujun Li, Some basic cryptographic requirements for chaos-based cryptosystems, I.J. Bifurcation and Chaos 16 (8) (2006) 2129–2151.
[3] Lieven Le Bruyn, Michel Van den Bergh, Algebraic properties of linear cellular automata, Linear algebra and its applications 157 (1991) 217–234.
[4] Gianpiero Cattaneo, Alberto Dennunzio, and Fabio Farina. A full cellular automaton to simulate predator-prey systems. In Samira El Yacoubi, Bastien
Chopard, and Stefania Bandini, editors, Cellular Automata, 7th International Conference on Cellular Automata, for Research and Industry, ACRI 2006,
Perpignan, France, September 20–23, 2006, Proceedings, volume 4173 of Lecture Notes in Computer Science, pages 446–451. Springer, 2006. .
[5] Gianpiero Cattaneo, Alberto Dennunzio, Luciano Margara, Chaotic subshifts and related languages applications to one-dimensional cellular automata,
Fundamenta Informaticae 52 (1–3) (2002) 39–80.
[6] Gianpiero Cattaneo, Alberto Dennunzio, Luciano Margara, Solution of some conjectures about topological properties of linear cellular automata,
Theoret. Comput. Sci. 325 (2) (2004) 249–271.
[7] Zhenchuan Chai, Zhenfu Cao, and Yuan Zhou. Encryption based on reversible second-order cellular automata. In Guihai Chen, Yi Pan, Minyi Guo, and
Jian Lu, editors, Parallel and Distributed Processing and Applications - ISPA 2005 Workshops, pages 350–358, Berlin, Heidelberg, 2005. Springer, Berlin
Heidelberg. .
[8] Angel Martín, Joaquim del Rey, Pereira Mateus, Gerardo Rodríguez Sánchez, A secret sharing scheme based on cellular automata, Appl. Math. Comput.
170 (2) (2005) 1356–1364.
[9] Alberto Dennunzio, From one-dimensional to two-dimensional cellular automata, Fundamenta Informaticae 115 (1) (2012) 87–105.
[10] Alberto Dennunzio, Pietro Di Lena, Enrico Formenti, Luciano Margara, Periodic orbits and dynamical complexity in cellular automata, Fundamenta
Informaticae 126 (2–3) (2013) 183–199.
[11] Alberto Dennunzio, Enrico Formenti, Darij Grinberg, Luciano Margara, Chaos and ergodicity are decidable for linear cellular automata over ðZ=mZÞn ,
Inf. Sci. 539 (2020) 136–144.
[12] Alberto Dennunzio, Enrico Formenti, Darij Grinberg, Luciano Margara, Dynamical behavior of additive cellular automata over finite abelian groups,
Theoret. Comput. Sci. 843 (2020) 45–56.

194
A. Dennunzio, E. Formenti, D. Grinberg et al. Information Sciences 563 (2021) 183–195

[13] Alberto Dennunzio, Enrico Formenti, Darij Grinberg, and Luciano Margara. An efficiently computable characterization of stability and instability for
linear cellular automata. To appear, 2021. .
[14] Alberto Dennunzio, Enrico Formenti, Luca Manzoni, Computing issues of asynchronous CA, Fundamenta Informaticae 120 (2) (2012) 165–180.
[15] Alberto Dennunzio, Enrico Formenti, Luca Manzoni, Luciano Margara, Antonio E. Porreca, On the dynamical behaviour of linear higher-order cellular
automata and its decidability, Inf. Sci. 486 (2019) 73–87.
[16] Alberto Dennunzio, Enrico Formenti, Luca Manzoni, Giancarlo Mauri, Antonio E. Porreca, Computational complexity of finite asynchronous cellular
automata, Theoret. Comput. Sci. 664 (2017) 131–143.
[17] Alberto Dennunzio, Enrico Formenti, Julien Provillard, Non-uniform cellular automata: Classes, dynamics, and decidability, Inf. Comput. 215 (2012)
32–46.
[18] Alberto Dennunzio, Enrico Formenti, Julien Provillard, Local rule distributions, language complexity and non-uniform cellular automata, Theoret.
Comput. Sci. 504 (2013) 38–51.
[19] Alberto Dennunzio, Enrico Formenti, Julien Provillard, Three research directions in non-uniform cellular automata, Theoret. Comput. Sci. 559 (2014)
73–90.
[20] Alberto Dennunzio, Enrico Formenti, Michael Weiss, Multidimensional cellular automata: closing property, quasi-expansivity, and (un)decidability
issues, Theoret. Comput. Sci. 516 (2014) 40–59.
[21] Alberto Dennunzio, Pierre Guillon, Benoıt Masson, Stable dynamics of sand automata, in: Giorgio Ausiello, Juhani Karhumäki, Giancarlo Mauri, Chih-
Hao Luke Ong (Eds.), Fifth IFIP International Conference On Theoretical Computer Science - TCS 2008, IFIP 20th World Computer Congress, TC 1,
Foundations of Computer Science, Springer, Milano, Italy, 2008, pp. 157–169, volume 273 of IFIP.
[22] Alberto Dennunzio, Pierre Guillon, Benoıt Masson, Sand automata as cellular automata, Theoret. Comput. Sci. 410 (38–40) (2009) 3962–3974.
[23] Alberto Dennunzio, Pietro Di Lena, Enrico Formenti, Luciano Margara, On the directional dynamics of additive cellular automata, Theoret. Comput. Sci.
410 (47–49) (2009) 4823–4833.
[24] Robert Luke Devaney, An Introduction to Chaotic Dynamical Systems. Addison-Wesley advanced book program, Addison-Wesley, 1989.
[25] Fabio Farina, Gianpiero Cattaneo, and Alberto Dennunzio. Grid and HPC dynamic load balancing with lattice boltzmann models. In Robert Meersman
and Zahir Tari, editors, On the Move to Meaningful Internet Systems 2006: CoopIS, DOA, GADA, and ODBASE, OTM Confederated International
Conferences, CoopIS, DOA, GADA, and ODBASE 2006, Montpellier, France, October 29 - November 3, 2006. Proceedings, Part II, volume 4276 of Lecture
Notes in Computer Science, pages 1152–1162. Springer, 2006. .
[26] Fabio Farina, Alberto Dennunzio, A predator-prey cellular automaton with parasitic interactions and environmental effects, Fundamenta Informaticae
83 (4) (2008) 337–353.
[27] Masanobu Ito, Nobuyasu Osato, Masakazu Nasu, Linear cellular automata over Zm , J. Computer Syst. Sci. 27 (1983) 125–140.
[28] Jarkko Kari, Rice’s theorem for the limit sets of cellular automata, Theoret. Comput. Sci. 127 (2) (1994) 229–254.
[29] Jarkko Kari, in: Horst Reichel, Sophie Tison (Eds.), Linear cellular automata with multiple state variables, Springer-Verlag, 2000, pp. 110–121, STACS
2000, volume 1770 of LNCS.
[30] Petr Kurka. Languages, equicontinuity and attractors in cellular automata. Ergodic Theory and Dynamical Systems, 17(2):417–433, 1997..
[31] Petr Kurka. Topological and Symbolic Dynamics. Volume 11 of Cours Spécialisés. Société Mathématique de France, 2004. .
[32] Olu Lafe, Data compression and encryption using cellular automata transforms, Eng. Appl. Artif. Intell. 10 (6) (1997) 581–591.
[33] Giovanni Manzini, Luciano Margara, A complete and efficiently computable topological classification of d-dimensional linear cellular automata over
Zm , Theoret. Comput. Sci. 221 (1–2) (1999) 157–177.
[34] Gonzalo Álvarez Marañón, Luis Hernández Encinas, and Ángel Martín del Rey. A multisecret sharing scheme for color images based on cellular
automata. Information Sciences, 178(22), 4382–4395, 2008. .
[35] Edward Forrest Moore, Machine models of self-reproduction, Proc. Symposia Appl. Math. 14 (1962) 13–33.
[36] John Myhill, The converse to Moore’s garden-of-eden theorem, Proc. Am. Math. Soci. 14 (1963) 685–686.
[37] Sukumar Nandi, B.K. Kar, and Parimal Pal Chaudhuri. Theory and applications of cellular automata in cryptography. IEEE Trans. Computers, 43
(12):1346–1357, 1994..
[38] C. Fraile Rubio, Luis Hernández Encinas, S. Hoya White, Ángel Martín del Rey, Gerardo Rodríguez Sánchez, The use of linear hybrid cellular automata as
pseudo random bit generators in cryptography, Neural Parallel Sci. Comp. 12 (2) (2004) 175–192.
[39] Claude E. Shannon, Communication theory of secrecy systems, Bell Syst. Tech. J. 28 (4) (1949) 656–715.

195