-->PONE-D-25-29174-->-->LWLCM: A Novel Lightweight Stream Cipher Using Logistic Chaos Function and Multiplexer for IoT Communications-->-->PLOS ONE

Dear Dr. Ashraf,

Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process.

Please submit your revised manuscript by Aug 23 2025 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org . When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

Please include the following items when submitting your revised manuscript:-->

• A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols .

We look forward to receiving your revised manuscript.

Kind regards,

Je Sen Teh

Academic Editor

PLOS ONE

Journal Requirements:

When submitting your revision, we need you to address these additional requirements.

1. Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at

https://journals.plos.org/plosone/s/file?id=wjVg/PLOSOne_formatting_sample_main_body.pdf and https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf

2. Please note that PLOS One has specific guidelines on code sharing for submissions in which author-generated code underpins the findings in the manuscript. In these cases, we expect all author-generated code to be made available without restrictions upon publication of the work. Please review our guidelines at https://journals.plos.org/plosone/s/materials-and-software-sharing#loc-sharing-code and ensure that your code is shared in a way that follows best practice and facilitates reproducibility and reuse.

3. Thank you for stating the following in the Acknowledgments Section of your manuscript:

[The authors are thankful to the Deanship of Graduate Studies and Scientific Research at the University of Bisha, Bisha, for supporting this work through the Fast-Track Research Support Program.]

We note that you have provided funding information that is not currently declared in your Funding Statement. However, funding information should not appear in the Acknowledgments section or other areas of your manuscript. We will only publish funding information present in the Funding Statement section of the online submission form.

Please remove any funding-related text from the manuscript and let us know how you would like to update your Funding Statement. Currently, your Funding Statement reads as follows:

[The author(s) received no specific funding for this work.]

Please include your amended statements within your cover letter; we will change the online submission form on your behalf.

4. In the online submission form/manuscript, you indicated that [The code generated during and/or analyzed during the current study is available from the first author upon reasonable request.].

All PLOS journals now require all data underlying the findings described in their manuscript to be freely available to other researchers, either 1. In a public repository, 2. Within the manuscript itself, or 3. Uploaded as supplementary information.

This policy applies to all data except where public deposition would breach compliance with the protocol approved by your research ethics board. If your data cannot be made publicly available for ethical or legal reasons (e.g., public availability would compromise patient privacy), please explain your reasons on resubmission and your exemption request will be escalated for approval.

5. PLOS requires an ORCID iD for the corresponding author in Editorial Manager on papers submitted after December 6th, 2016. Please ensure that you have an ORCID iD and that it is validated in Editorial Manager. To do this, go to ‘Update my Information’ (in the upper left-hand corner of the main menu), and click on the Fetch/Validate link next to the ORCID field. This will take you to the ORCID site and allow you to create a new iD or authenticate a pre-existing iD in Editorial Manager.

6. We note that Figure 6 in your submission contains copyrighted image. All PLOS content is published under the Creative Commons Attribution License (CC BY 4.0), which means that the manuscript, images, and Supporting Information files will be freely available online, and any third party is permitted to access, download, copy, distribute, and use these materials in any way, even commercially, with proper attribution. For more information, see our copyright guidelines: http://journals.plos.org/plosone/s/licenses-and-copyright.

We require you to either (1) present written permission from the copyright holder to publish these figures specifically under the CC BY 4.0 license, or (2) remove the figures from your submission:

1. You may seek permission from the original copyright holder of Figure 6 to publish the content specifically under the CC BY 4.0 license.

We recommend that you contact the original copyright holder with the Content Permission Form (http://journals.plos.org/plosone/s/file?id=7c09/content-permission-form.pdf) and the following text:

“I request permission for the open-access journal PLOS ONE to publish XXX under the Creative Commons Attribution License (CCAL) CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/). Please be aware that this license allows unrestricted use and distribution, even commercially, by third parties. Please reply and provide explicit written permission to publish XXX under a CC BY license and complete the attached form.”

Please upload the completed Content Permission Form or other proof of granted permissions as an "Other" file with your submission.

In the figure caption of the copyrighted figure, please include the following text: “Reprinted from [ref] under a CC BY license, with permission from [name of publisher], original copyright [original copyright year].”

2. If you are unable to obtain permission from the original copyright holder to publish these figures under the CC BY 4.0 license or if the copyright holder’s requirements are incompatible with the CC BY 4.0 license, please either i) remove the figure or ii) supply a replacement figure that complies with the CC BY 4.0 license. Please check copyright information on all replacement figures and update the figure caption with source information. If applicable, please specify in the figure caption text when a figure is similar but not identical to the original image and is therefore for illustrative purposes only.

Additional Editor Comments:

The reviewers acknowledge the proposed LWLCM cipher as a promising lightweight stream cipher integrating logistic chaos with LFSR, NLFSR, and MUX components. However, both reviews highlight significant concerns regarding the lack of detailed justifications, formalisation, experimental validation, and clarity. Key issues include insufficient rationale for using the logistic map over newer chaotic models, absence of ablation studies, vague explanations of parameter handling, and lack of replication details.

The authors need to address all reviewer concerns where possible. Otherwise, please provide a justification as to why any of the concerns were not addressed. Any literature recommendations should be reviewed and included only if relevant (otherwise, omit).

Reviewers' comments:

Reviewer's Responses to Questions

-->Comments to the Author

1. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented. -->

Reviewer #1: Partly

Reviewer #2: Yes

**********

-->2. Has the statistical analysis been performed appropriately and rigorously? -->

Reviewer #1: N/A

Reviewer #2: Yes

**********

-->3. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.-->

Reviewer #1: No

Reviewer #2: Yes

**********

-->4. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.-->

Reviewer #1: No

Reviewer #2: Yes

**********

-->5. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)-->

Reviewer #1: This paper proposes a lightweight stream cipher model called LWLCM, which integrates the logistic chaos function with the use of LFSR, NLFSR, and MUX. The main contribution of this paper lies in the combination of Grain-like structure with logistic chaos module in keystream formation. Some comments that need to be responded to are as follows:

1. The chaos function used is only the standard logistic map, without structural modification or combination with other maps or modifications to improve the quality of the chaotic map. The reason for choosing the logistic map needs to be explained because there are many new models that are lighter and more robust. In this regard, the introduction needs to be strengthened by explaining the weaknesses and strengths of several recent studies such as https://doi.org/10.62411/faith.3048-3719-93 and 10.32604/cmc.2024.058478, so that the reason for choosing logistic in this case is stronger.

2. There is no ablation study that tests the role of each component (chaotic module, NLFSR, MUX) separately. This makes the individual contribution of the chaos function to security enhancements unconfirmable experimentally.

3. The description of the output function that combines bits from registers and chaos is not mathematically formalized. The formula and bitwise structure used in the keystream function should be presented explicitly so that it can be replicated.

4. It is not explained how the chaos parameters (α and x₀) are generated.

5. It is also not explained how the chaos parameters (α and x₀) are stored or transmitted securely in an IoT communication scenario. This ambiguity leaves a gap for potential parameter recovery attacks.

6. There is no clear explanation of the type of plaintext encrypted in the test.

7. Then how to do the comparison, is it with a replication technique or how?

8. The avalanche effect test in this paper is carried out on a 1-bit variation in the key, but it is not explicitly explained which part of the key is modified — whether it is the initial seed of the chaos function, the state of the LFSR/NLFSR, or the control bits in the MUX. This ambiguity makes replication and interpretation difficult. In addition, there is no avalanche effect test for a 1-bit change in the plaintext, which is important for evaluating the effects of cipher diffusion in practical scenarios.

9. Explained in the data availability statement "The data set generated during and/or analyzed during the current study is available in the KAGGLE repository, https://www.kaggle.com/datasets/crawford/20-newsgroups" Why choose this dataset, but not explained in section 4 or 3 clearly?

Reviewer #2: This manuscript proposes a lightweight stream cipher that combines logistic chaos functions with multiplexers, aiming to balance security and various performances in IoT sensors. The algorithm combines a pseudo-random number generation module based on one-dimensional logistic chaos mapping with dual 80-bit Feedback Shift Registers (LFSR and NLFSR), which improves the randomness and security of the key stream through the combination of chaotic properties and nonlinear expansion. In addition, the confusion and diffusion properties are enhanced by the use of multiplexers to dynamically adjust the operation paths, thus increasing the resistance to differential, linear and algebraic attacks. From the security point of view, the algorithm is empirically compared with many mainstream algorithms in terms of encryption time, throughput, and energy consumption, demonstrating that the stream cipher strikes an optimal balance between performance and security, and is rigorously verified by an average Shannon entropy of 7.9996, 15 NIST randomness tests, and avalanche effect and correlation coefficient analyses, to provide efficient and robust cryptographic security for resource-constrained environments. Before the manuscript becomes suitable for publication, the author should solve the following problems:

1.The statement in the manuscript that “LWLCM is the first time anyone has tried to adapt chaotic structures to lightweight stream ciphers” is overly absolute. In fact, previous studies have combined chaotic systems with nonlinear feedback shift registers to design stream ciphers. This statement does not adequately consider the existing technical background.

2.The literature lacks currency, with several references older than five years. We recommend updating the manuscript with recent work to reflect current research progress.

3.Section 1.1 points out that classical cryptographic algorithms are not applicable to restricted devices due to resource consumption, but fails to explain why other lightweight classes such as lightweight block ciphers and hash derivation schemes have limitations of applicability, and instead discusses stream ciphers directly.

4.The logic of the contribution (1.2) section is unclear and does not highlight the core innovations. The chaotic pseudo-random number generation module mentioned in the abstract is not clearly explained in the contribution section, and the description of the dynamic adjustment mechanism of the multiplexer lacks technical details (such as control logic).

5.Some custom symbols and formula symbols in this manuscript are not explained in detail, such as the symbols in Equation 1.

6.The manuscript's Chapter 7, “Security Analysis,” lacks experimental data and comparative verification. It lacks test data for attacks such as linear approximation attack and correlation attack, and does not compare security metrics with other algorithms. As a result, the claim of resistance to various attacks lacks quantitative support.

7.The statistical testing section in Chapter 8 of the manuscript has issues with test completeness. Although the paper mentions that LWLCM passed all 16 NIST tests and Shannon entropy is close to the theoretical maximum value, it does not provide detailed information on test sample length, number of repetitions, and other parameters.

**********

-->6. PLOS authors have the option to publish the peer review history of their article (what does this mean? ). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy .-->

Reviewer #1: No

Reviewer #2: Yes:  Lang LI

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/ . PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org . Please note that Supporting Information files do not need this step.

LWLCM: A Novel Lightweight Stream Cipher Using Logistic Chaos Function and Multiplexer for IoT Communications

PONE-D-25-29174R1

Dear Dr. Ashraf,

We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements.

Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication.

An invoice will be generated when your article is formally accepted. Please note, if your institution has a publishing partnership with PLOS and your article meets the relevant criteria, all or part of your publication costs will be covered. Please make sure your user information is up-to-date by logging into Editorial Manager at Editorial Manager®  and clicking the ‘Update My Information' link at the top of the page. For questions related to billing, please contact billing support .

If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org.

Kind regards,

Je Sen Teh

Academic Editor

PLOS ONE

Additional Editor Comments (optional):

Reviewers' comments:

Reviewer's Responses to Questions

-->Comments to the Author

1. If the authors have adequately addressed your comments raised in a previous round of review and you feel that this manuscript is now acceptable for publication, you may indicate that here to bypass the “Comments to the Author” section, enter your conflict of interest statement in the “Confidential to Editor” section, and submit your "Accept" recommendation.-->

Reviewer #1: All comments have been addressed

Reviewer #2: All comments have been addressed

**********

-->2. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented. -->

Reviewer #1: Yes

Reviewer #2: Yes

**********

-->3. Has the statistical analysis been performed appropriately and rigorously? -->

Reviewer #1: Yes

Reviewer #2: Yes

**********

-->4. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.-->

Reviewer #1: Yes

Reviewer #2: Yes

**********

-->5. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.-->

Reviewer #1: Yes

Reviewer #2: Yes

**********

-->6. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)-->

Reviewer #1: All comments have been addressed satisfactorily and are supported by content revisions to the relevant sections of the paper, no further comments are expected.

Reviewer #2: All comments have been addressed.No further comments on this paper. I recommend to accept the manuscript.

**********

-->7. PLOS authors have the option to publish the peer review history of their article (what does this mean? ). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy .-->

Reviewer #1: No

Reviewer #2: No

**********