An improved permutation-diffusion type image cipher with a chaotic orbit perturbing mechanism

Jun-xin Chen; Zhi-liang Zhu; Chong Fu; Hai Yu

doi:10.1364/OE.21.027873

1. Introduction

With the dramatic development of communication technology, more and more multimedia applications have been used in all aspects of society due to their easy-understanding and attractive presentations characteristics. Consequently, secure transmission and distribution of multimedia contents have become one of the most critical issues. However, traditional block ciphers such as Triple-DES and AES are found unfit for multimedia information characterized with some intrinsic features such as high pixel correlation and redundancy [1]. Since 1990s, many researchers have noticed that the fundamental features of chaotic systems such as ergodicity, mixing property, sensitivity to initial conditions/system parameters, etc. can be considered analogous to some ideal cryptographic properties for image encryption.

In 1998, permutation-diffusion architecture for image encryption had been firstly proposed by Fridrich [2], as shown in Fig. 1.Under this structure, the plain image is firstly permutated by a two-dimensional area-preserving chaotic map, such as cat map, baker map and standard map, so as to erase the high correlation between adjacent pixels. Considering the diffusion stage, pixel values are modified sequentially using pseudorandom key stream produced by a certain one-dimensional chaotic map. This architecture forms the basis of a number of chaos-based image cryptosystem proposed subsequently [3–23]. In [3], Lian et al. employed a modified standard map in the confusion procedure to achieve large key space in confusion stage, while a logistic map is adopted for diffusion. The parameters of these two chaotic maps are determined by a key stream generated in each round. This algorithm is improved in [4], Wong et al. introduce an ‘add-and-shift’ operation that can produce certain diffusion effect in the permutation procedure, and the purpose is to reduce the workload of the time-consuming diffusion procedure. In [5], Xiang et al. proposed a selective gray-level image encryption scheme, in which only 50% of the whole image data is encrypted, and therefore the encryption time is reduced. In [6], Wang et al. proposed a chaos-based image encryption algorithm with variable control parameters with the purpose of resisting known/chosen plaintext attacks. In [7], a lightweight table lookup and swapping technique was proposed to address the efficiency problem encountered by substitution-diffusion type chaos-based image cryptosystems. In [8], Fu et al. proposed an improved diffusion strategy named bidirectional diffusion and introduce a plain-text orbit turbulence mechanism into the diffusion. By using this strategy, the spreading process can be significantly accelerated and hence the same level of security can be achieved with fewer overall encryption rounds. In [9, 10], the 2-D chaotic cat map and baker map are generalized to 3-D for designing a real-time secure symmetric encryption scheme. The two approaches employ the 3-D map to shuffle the positions of image pixels and use another chaotic map to confuse the relationship between the cipher-image and plain-image. In order to achieve larger key space and overcome the weak security in one-dimensional chaotic system, hyper chaotic systems were employed for image encryption in [11–13], multi chaotic systems or coupled nonlinear chaotic map were used in [14–18], while in [19, 20], spatial chaos maps are employed. In [21], Tong proposed an illuminating bilateral-diffusion image encryption scheme based on dynamical compound chaotic function and LFSR, which can produce more avalanche effect and more large key space. In [22–24], researchers improved the permutation procedure from the pixel level to bit level. As a result, permutations at bit level not only change the position of a pixel but also alter its value.

Fig. 1 Fridrich’s image encryption architecture.

Download Full Size | PDF

As discussed above, most of the existing works focus on improvement of permutation or diffusion strategies independently, without consideration of cooperation between the two procedures. The confusion and diffusion performance completely depend on the permutation and the diffusion procedure themselves, respectively. The improvements on permutation cannot been introduced to the diffusion stage to further impose its effect and catalyze the spreading performance. Therefore, 3-4 overall rounds are generally required to achieve the satisfactory level of security. Besides, the key streams used in confusion and diffusion processes are solely determined by the secret key. The same key streams may be used to encrypt different plain images if the secret key remains unchanged. Therefore, opponents may crack the key stream by known plain-text or chosen plain-text attacks, i.e., by encrypting some special plain-image (plain-image with identical pixel values) and then comparing them with the corresponding cipher-image [25–27].

In this regard, an improved permutation-diffusion type image cryptosystem with a chaotic orbit perturbing mechanism is presented in this paper. The proposed image cryptosystem can significantly improve the efficiency of the permutation-diffusion type image cipher without downgrading the security by employing innovations in three aspects. (1) Orbit perturbing mechanism is further developed in the present paper. Different from Fu’s algorithm in [8], orbit parameters of the chaotic map will be perturbed continuously by the previous processed pixel value both in permutation and diffusion procedures. Therefore, any slight change in a plain image can be introduced to the chaotic map iteration and then result in avalanche effect in the key stream generation. Even using the same secret key, different key stream elements will be generated when ciphering different plain images and bring about totally different cipher images in both confusion and diffusion stages. (2) Pixel-swapping based confusion approach is proposed as a replacement of the traditional permutation techniques. In this confusion strategy, each pixel will be swapped with another one located after it, whose position is determined by an orbit perturbing chaotic map. Therefore, the difference in the plain images will affect the subsequent swapping process by exerting its effect in key stream generation, and thus bring about different confused images. (3) Diffusion is implemented in reverse direction (from the lower-right corner to the upper-left corner) in our cryptosystem, and the chaotic perturbing mechanism is also applied. In coordination with pixel-swapping based confusion strategy, the diffusion effect produced in the confusion stage can be introduced to the diffusion module and will be further diffused to the whole cipher image within one overall encryption round. The efficiency of the permutation-diffusion type image cryptosystem is thus remarkably improved. Experiment results demonstrate that the proposed encryption scheme has a high level of security and fast encryption speed for practical secure image applications.

The remaining of this paper is organized as follows. The proposed cryptosystem based on orbit perturbing chaotic map, pixel-swapping based confusion and reverse direction diffusion will be described in detail in Section 2. Simulation results, the effectiveness and efficiency of the proposed scheme are reported in Section 3. Detailed security analyses of the cryptosystem are carried out in Section 4. Finally, conclusions are drawn in the last section.

2. The proposed image cryptosystem

2.1 Plain pixel related chaotic orbit perturbing

2.1.1 The orbit perturbing mechanism

Traditionally, the control parameters of employed chaotic maps are fixed in permutation and diffusion procedures, and hence the same key stream will be produced when encrypting different plaintexts. The opponents can crack the cryptosystem by using known plain-text and chosen plain-text attacks. To further enhance the security, the key stream elements used for different plain texts should better be distinct. In this regard, plain pixel related chaotic orbit perturbing mechanism is proposed, in which orbit parameters of the chaotic map will be perturbed continuously by the previous processed pixel value throughout the encryption round.

Chaotic logistic map is applied in our image cryptosystem, as defined by

x_{n + 1} = μ x_{n} (1 - x_{n}),

where μ and x_n are the parameter and state value, respectively. If one chooses μ∈[3.57, 4], the system is chaotic. The initial value x₀ and μ can be combined as the confusion key. In our scheme, the parameter μ will be perturbed continuously by the previous processed (permutated or diffused) plain pixel, according to:

μ = μ \pm L \times Δ,

where L is the grey value of the previous processed pixel, and △ is the basic perturbation unit. According to the IEEE floating-point standard [28], the computational precision of the 64-bit double-precision number is about 10⁻¹⁵, so we adapt this number as the basic perturbation step. The purpose for adapting “±” is to prevent the orbit μ from running out of the chaotic region. We prefer the orbit value increasing progressively during the encryption process, and that means, if μ<4, the orbit perturbing is implemented according to:

μ = μ + L \times Δ,

otherwise the orbit perturbing formula will change to

μ = μ - L \times Δ .

If μ is decreased to less than 3.57, the perturbing operation will go back to Eq. (3).

2.1.2 Statistical analysis of chaotic map with orbit perturbing mechanism

Pseudorandom numbers used for cryptographic applications have to meet much stronger requirements than for other applications. It is crucial that the key stream should be as long as the message, unpredictable, and never reused, thus preventing two different messages encrypted with the same portion of the key stream being intercepted or generated by an attacker [29]. In this section, two sets of statistical tests are implemented to determine whether or not the key streams generated by the proposed chaotic orbit perturbing mechanism are suitable for cryptographic usage. The first one is the National Institute of Standards and Technology (NIST) test suite [30], whereas the other one is the autocorrelation and cross-correlation measurements.

(1) NIST Test

The NIST Test Suite is a statistical package consisting of 16 tests that were developed to test the randomness of (arbitrarily long) binary sequences produce by either hardware or software based random or pseudorandom number generators. For each statistical test, a set of P-values (corresponding to the set of sequences) is produced. For a fixed significance level, a certain percentage of P-values are expected to indicate failure. For example, if the significance level is chosen to be 0.01 (i.e., α = 0.01), then about 1% of the sequences are expected to fail. A sequence passes a statistical test whenever the P-value ≥α and fails otherwise. For each statistical test, the proportion of sequences that pass is computed and analyzed accordingly. Given the empirical results for a particular statistical test, compute the proportion of sequences that pass. For example, if 1000 binary sequences were tested (samples: m = 1000), α = 0.01 (the significance level), and 996 binary sequences had P-values ≥0.01, then the proportion is 996/1000 = 0.9960. The range of acceptable proportions is defined as,

p_{α} = (1 - α) \pm 3 \sqrt{\frac{α (1 - α)}{m}} .

If the proportion falls outside of this interval, then there is evidence that the data is non-random. In our simulation, we set samples: m = 1000 and significance α = 0.01, so the confidence interval is

p_{α} = (1 - α) \pm 3 \sqrt{\frac{α (1 - α)}{m}} = 0.99 \pm 0.0094392.

In our simulation, 1000 binary streams are produced by the proposed key stream generation strategy and the conventional method, respectively, using 1000 pairs of randomly selected control parameters (x₀, μ). The length of each bit stream is 100,000. The test results are listed in Table 1.

Table 1. NIST test results

View Table | View all tables in this article

It is obvious that, for each statistical test item, the proportion of the binary sequences produced by the proposed orbit perturbing mechanism falls inside the confidence interval in Eq. (6) and is more satisfactory than that of the conventional scheme.

(2) Autocorrelation and cross-correlation

Autocorrelation and cross-correlation are two important measurements of randomness for binary sequences. For a truly random series, the autocorrelation and cross-correlation are δ function and zero, respectively. The autocorrelation coefficients at lag k for a series x₀, x₁, …,x_N_-1 is described as:

autocorr (k) = \frac{\sum_{i = 0}^{N - 1} (x_{i} - \bar{x}) (x_{i + k} - \bar{x})}{\sum_{i = 0}^{N - 1} {(x_{i} - \bar{x})}^{2}},

where

\bar{x}

is the mean of the series.

The cross-correlation coefficients at lag k for series x(i) and y(i) is given by:

crosscorr (k) = \frac{\sum_{i = 0}^{N - 1} (x_{i} - \bar{x}) (y_{i - k} - \bar{y})}{\sqrt{\sum_{i = 0}^{N - 1} {(x_{i} - \bar{x})}^{2}} \sqrt{\sum_{i = 0}^{N - 1} {(y_{i} - \bar{y})}^{2}}},

where

\bar{x}

and

\bar{y}

is the mean of the series x(i) and y(i), respectively.

The autocorrelation of the key stream elements generated by the proposed key stream generation mechanism with the parameter (x₀ = 0.3, μ = 3.997) is shown in Fig. 2(a).Its cross-correlation with another key stream sequences generated with the parameter (x₀ = 0.3, μ = 3.99700000000001) is shown in Fig. 2(b). It is obvious that the autocorrelation and cross-correlation performance of the key stream elements generated by orbit perturbing logistic map is very close to that of a truly random source, thus the security of the key stream cipher are well guaranteed.

Fig. 2 Correlation tests: (a) autocorrelation performance; (b) cross-correlation performance.

Download Full Size | PDF

From the two tests, we can draw the conclusion that key stream generator based on orbit perturbing mechanism possesses excellent randomness property, and thus be suitable for cryptographic applications.

2.2 Image permutation using pixel swapping strategy

2.2.1 Traditional permutation techniques

In traditional image ciphers, image pixels are generally shuffled by a two-dimensional area-preserving chaotic map, without any change in their values in permutation stage. Three types of chaotic maps: cat map, baker map and the standard map are usually adopted. Their discretized versions are given by Eqs. (9)–(11), respectively.

[\begin{array}{l} x_{i + 1} \\ y_{i + 1} \end{array}] = [\begin{array}{l} 1 p \\ q p q + 1 \end{array}] [\begin{array}{l} x_{i} \\ y_{i} \end{array}] mod N,

{\begin{matrix} x_{i + 1} = \frac{N}{n_{j}} (x_{i} - N_{j}) + y_{i} \mod \frac{N}{n_{j}} \\ y_{i + 1} = \frac{k_{j}}{N} (y_{i} - y_{i} \mod \frac{N}{n_{j}}) + N_{j} \end{matrix}, w i t h {\begin{matrix} n_{0} + n_{1} + \dots + n_{t} = N \\ N_{j} = n_{0} + n_{1} + \dots + n_{j} \\ 0 \leq y_{i} \leq N \\ N_{j} \leq x_{i} \leq N_{j} + n_{j + 1} \\ 0 \leq j \leq t - 1 \\ n_{0} = 0 \end{matrix},

{\begin{cases} x_{i + 1} = (x_{i} + y_{i}) \mod N \\ y_{i + 1} = (y_{i} + K \sin \frac{x_{i + 1} N}{2 π}) \mod N \end{cases},

where p, q, K and n_j (j = 1, 2, …, t-1) are control parameters for permutation, N is the image width or height of the square image, (x, y) and (x_i₊₁, y_i₊₁) is the original and the permutated pixel position of the image, respectively. All pixels are scanned sequentially from the upper-left corner to the lower-right corner to produce the confused image.

As can be seen from Eqs. (9)–(11), the confused image totally depends on the control parameters of the selected chaotic map. Therefore, difference between plain images will be moved to a new position rather than spread out. So the duty of spreading the difference entirely relies on the diffusion procedure, which is the highest cost of the cryptosystem.

2.2.2 Pixel-swapping based permutation strategy

In this section, pixel swapping confusion approach is proposed, which can effectively diffuse a slight change in the plain image. In the proposed image confusion mechanism, the plain image and the confused image with the size of M × N are viewed as one-dimensional arrays, and thereby pixels are represented by P = {P(0), P(1), …, P(M × N-1) and C = {C(0), C(1), …, C(M × N-1) from the upper-left corner to the lower-right corner, respectively. Each pixel in the plain image will be swapped with another pixel located after it, and the pseudorandom position is determined by a chaotic logistic map whose orbit is perturbed according to the plain pixel. Suppose X is the current pixel position, X′ is the position of the corresponding swapping pixel, X′ is calculated according to

X' = X + k_{c} (X),

where k_c(X) is the current confusion key stream element. In our image cryptosystem, k_c(X) is produced according to:

k_{c} (n) = \mod [f l o o r (x (n) \times 10^{14}), M * N - n),

where floor(x) returns the value nearest integers less than or equal to x, mod(x, y) returns the remainder after division, x(n) is the current state of the orbit-perturbing chaotic logistic map. Then pixel swapping operation will be implemented by the following steps:

C (X) = P (X^{'}) = P (X + k_{c} (X)),

P (X^{'}) = P (X) .

Then P(X’) is swapped to location X and it will become C(X). As all pixel swapping operations are performed forward, and hence C(X) cannot be changed again, so C(X) will be the resultant pixel value of confused image. However, after P(X) is swapped to X’ as the new value of P(X’), it may be swapped again with another pixel in the subsequent swapping operations. Therefore, P(X) cannot be viewed as C(X’) and C(X’) will be produced when pixel swapping operation is implemented to location X’. Pixel swapping operation will be performed from the first to the last pixel and the confused image is produced finally.

Obviously, if there is a tiny change in the plain image, the modification will be transferred to the chaotic map iteration, and hence result in a different key stream k_c(X). Then, the subsequent pixel swapping process will be wholly influenced according to Eqs. (12)–(15). Finally, the tiny change will result in totally different confused image.

2.2.3 Simulation results of pixel swapping strategy

Besides the traditional measurements of confusion effect such as correlation coefficients and operating time, two criteria, NPCR (number of pixels change rate) and UACI (unified average changing intensity), are utilized to measure the influence of one pixel change in plain image on the entire cipher image. Supposed that P₁(i, j) and P₂(i, j) be the (i, j)th pixel of two images P₁ and P₂, respectively, NPCR is defined as

N P C R = \frac{\sum_{i = 1}^{W} \sum_{j = 1}^{H} D (i, j)}{W \times H} \times 100 %,

where W and H are the width and length of P₁ and P₂ and D(i, j) is

D (i, j) = {\begin{matrix} 0 \begin{matrix} \begin{matrix} i f & P_{1} (i, j) = P_{2} (i, j) \end{matrix} \end{matrix} \\ 1 \begin{matrix} \begin{matrix} i f & P_{1} (i, j) \neq P_{2} (i, j) \end{matrix} \end{matrix} \end{matrix} .

UACI is defined as

U A C I = \frac{1}{W \times H} [\sum_{i = 1}^{W} \sum_{j = 1}^{H} \frac{| P_{1} (i, j) - P_{2} (i, j) |}{L - 1}] \times 100 % .

Table 2 lists the experimental results of proposed pixel-swapping approach and traditional permutation strategies mentioned in section 2.2.1, using the standard 256 grayscale Lena image of size 512 × 512. The consumption time is measured by running the standard C program in our computing platform, a personal computer with an Intel(R) Core(TM) i5 CPU (2.27GHZ), 2GB memory and 320GB hard-disk capacity. The permutation key is (x₀ = 0.3, μ = 3.997).

Table 2. Simulation results of the proposed confusion approach and traditional permutation techniques

View Table | View all tables in this article

(1) Speed performance. One can see from Table 2, correlation coefficients for horizontal, vertical, and diagonal adjacent pixels after 1 round pixel swapping are better than that of applying 3 rounds cat map, baker map and standard map, whereas the corresponding confusion time are 9.2ms, 12ms, 120ms and 200ms respectively. The confusion efficiency is much more satisfactory.

(2) Difference spreading effect. To illustrate this property, different types of permutation mechanisms are implemented to a pair of test images; one is the standard Lena image, whereas another is the slightly modified version obtained by changing the lower-right pixel value from 108 to 109. As shown in Table 2, 68.43% pixels of the confused images are different after 1 round pixel swapping confusion. In contrast, difference between plain images will move to a new position rather than diffusing when applying the traditional permutation techniques. The difference ratio between the confused images after any rounds permutation will remain at 3.8147e-006, the outcome of 1/ (512*512). Analogously, the UACI performance is 14.82% after 1 confusion process, whereas the value is 1.4960e-008 for conventional permutation strategy, the outcome of 1/ (512*512*255).

Moreover, to clearly demonstrate the spreading effect of proposed confusion strategy, the confused images produced by the proposed permutation strategy and 3 rounds cat map are shown in Fig. 3. Figures 3(a) and 3(b) are the standard Lena and its modified version, respectively. Figures 3(c) and 3(d) are the confused images after 1 round pixel swapping confusion, whereas Figs. 3(f) and 3(g) are the permutated images applying 3 rounds cat map, respectively. Figure 3(e) is the differential image between Figs. 3(c) and 3(d). It is obvious that one tiny difference in the plain image has lead to large mounts of different pixels in the confused image, which implies that an impressive spreading effect can be obtained by the proposed confusion strategy. On the other hand, as there is no difference spreading effect when using cat map, there is only one different pixel between Figs. 3(f) and 3(g), and the differential image is shown in Fig. 3(h). Here to notice that pixel values of the differential images are the absolute difference between corresponding pixels of the comparable images.

Fig. 3 Simulation results of confusion approaches: (a) lena image; (b) modified lena image; (c) confused image of (a) using pixel swapping; (d) confused image of (b) using pixel swapping; (e) differential image between(c) and (d); (f) confused image of (a) using 3 rounds cat map; (g) confused image of (b) using 3 rounds cat map; (h) differential image between (f) and (g).

Download Full Size | PDF

In order to further testify the NPCR and UACI effect of the proposed pixel swapping confusion strategy, five modified versions of lena image produced by changing the last bit of the upper left corner pixel and the other four randomly selected pixels are then permutated. The NPCR and UACI between the resultant images to the confused lena image are 94.03% and 20.32%, 37.83% and 8.19%, 43.78% and 9.49%, 79.06% and 17.12%, 38.62% and 8.40%, respectively. An average NPCR of 58.72% and UACI of 12.70% can be obtained. As the difference in the confused image will be firstly transferred to the logistic map iteration in the reverse direction diffusion procedure, even one tiny difference will result in totally different key stream for diffusion, and hence the diffusion effect can be guaranteed. This viewpoint will be described in detail in Section 2.3.

2.3 Image diffusion in reverse direction

In the diffusion stage, pixel values are modified sequentially to confuse the relationship between cipher image and the plain image. The cipher-pixel value is calculated according to

c (n) = k (n) \oplus p (n) \oplus c (n - 1),

where p(n), k(n), c(n), c(n-1) are the current operated pixel, key stream element, output cipher-pixel, the previous cipher-pixel, respectively. To cipher the first pixel, c(−1) has to be set as a seed. In the proposed scheme, chaotic logistic map with another combination of secret key (x₀^′, μ′) is used as generation of the key stream for diffusion, and the orbit-perturbing mechanism is also adopted in this stage. The key stream elements k (n) is calculated by

k (n) = \mod [f l o o r (x (n) \times 10^{14}), G r e y),

where x(n) is the current state of the chaotic map and Grey is the grey-level of the plain image.

An efficient diffusion procedure should spread out the difference as early as possible so as to get better diffusion effect. In the present paper, image diffusion operation is performed in reverse direction (from the lower-right corner to the upper-left corner). The purpose is to introduce the difference produced in the confusion stage at the beginning of the diffusion procedure, and spread out it to the whole cipher image in the first encryption round.

The difference of the spreading effect between the diffusion process in normal direction and reverse direction is depicted in Figs. 4 and 5.Assuming that there is only one different pixel between the two plain images at the lower-right corner, then the difference will spread to a larger scale from (x’, y’) to the last pixel after the pixel swapping confusion using orbit perturbing chaotic map. As shown in Fig. 4, diffusion implemented in normal direction will spread the difference from (x’, y’) to all the subsequent pixels again, but cannot scatter the difference to a wider range. In contrast, when diffusion is implemented in reverse direction, the difference can be introduced at the beginning of the diffusion module. By affecting the key stream generation through the orbit perturbing mechanism, the difference can be spread out to the whole cipher image in the first encryption round, as illustrated by Fig. 5. Therefore, collaborated with pixel-swapping based confusion approach and orbit perturbing mechanism, diffusion operation in reverse direction can remarkably accelerate the spreading process, and hence the required encryption rounds can be reduced while keeping the security level.

Fig. 4 Diffusion process in normal direction.

Download Full Size | PDF

Fig. 5 Diffusion process in reverse direction.

Download Full Size | PDF

2.4 The proposed image cryptosystem

The overall architecture of the proposed encryption cryptosystem is shown in Fig. 6.

Fig. 6 Architecture of the proposed image cryptosystem.

Download Full Size | PDF

The operation procedures of the proposed cryptosystem are described as follows:

Step 1: Perform one round pixel swapping.

(1) Iterate Eq. (1) with (x₀, μ) for N₀ times continuously to avoid the harmful effect of transitional procedure, where N₀ is a constant.
(2) Modify the orbit of the logistic map by the previous confused pixel according to orbit perturbing mechanism. For the first perturbing operation, initial value c(−1) has to be set as a seed.
(3) Iterate the orbit-perturbed chaotic map once, and get the key stream elements for current confusion process according to Eq. (13).
(4) Swapping the pixels according to Eqs. (12), (14) and (15).
(5) Go back to (2) until all pixels are confused.

Step 2: Perform one round diffusion in reverse direction.

(1) Iterate Eq. (1) with (x₀, μ) for N₀ times continuously to avoid the harmful effect of transitional procedure, where N₀ is a constant as used in Step 1.
(2) Modify the orbit of the logistic map according to the proposed orbit perturbing mechanism. For the first perturbing operation, initial value c(−1) set in Step 1 is employed as a seed.
(3) Iterate the chaotic map once, and get the key stream elements for current diffusion according to Eq. (20).
(4) Calculate the ciphered pixel value according to Eq. (19).
(5) Go back to (2) until all pixels are diffused.

Step 3: Repeat the above steps n times to satisfy the security requirements.

3. Simulation Results

Three kinds of tests have been carried out with different plain images and numbers of encryption rounds to demonstrate the effectiveness and efficiency of the proposed image cryptosystem. The encryption time is measured by running the standard C program on our simulation platform as described before and the compile environment is Code Blocks 10.05.

(1) Lena image and its five modified versions are encrypted by the proposed image cryptosystem to test the spreading effect of the different pixel changes in the same plain image on the entire cipher image. These modified versions are produced by changing the last bit of the corresponding randomly selected pixels in the original Lena image, and are represented by lena_d0, lena_d1… lena_d4, respectively. The simulation results are listed in Table 3.

Table 3. Encryption time and NPCR & UACI performance (i)

View Table | View all tables in this article

(2) The proposed image encryption is implemented to five standard test images and their modified version obtained by altering the last bit of the pixel at the lower right corner. The purpose is to analyze the spreading effect of one pixel change in the same position of different plain images on the entire cipher image. The results are listed in Table 4.

Table 4. Encryption time and NPCR & UACI performance (ii)

View Table | View all tables in this article

From the above two simulation results, one can see that to achieve a satisfactory security level such as NPCR > 99.60% and UACI > 33.4%, only one overall round is required no matter the testing images are used. It is fully vindicated that our scheme has steady secure performance in only one encryption round.

(3) The proposed image encryption is used to cipher Lena image and its modified version obtained by changing the lower-right pixel value from 108 to 109, in comparison with Fu’s bidirectional diffusion algorithm [8] and Zhang’s image cipher in [24]. The experiment results are listed in Table 5.

Table 5. Encryption time and NPCR & UACI performance (iii)

View Table | View all tables in this article

As can be seen from Table 5, only one overall round is required to obtain a satisfactory security level when using the proposed scheme or Fu’s algorithm, whereas the consumption time is 16.2ms and 72ms, respectively. On the other hand, at least two rounds encryption have to be performed when using Zhang’s encryption scheme, and the corresponding encryption time is 68ms. Compared with Fu’s and Zhang’s algorithm, approximately three-quarter of the consumption time can be reduced. This is because the difference between plain images can remarkably spread out in the confusion phase, and the spreading effect can be transferred to the diffusion module and catalyzes the spreading performance of the diffusion stage in the first encryption round. However, two rounds sub-diffusion operations are required when using Fu’s and Zhang’s encryption algorithms and hence more time is needed due to the time-consuming property of the diffusion process. Besides, since three sine operations are needed for one pixel encryption and hence the consumption time of Fu’s algorithm is much longer due to the calculation complexity. With such a encryption speed, the proposed image cryptosystem can be used in real-time secure applications over public networks.

4. Security analysis

4.1 Key sensitivity test

A good cryptosystem should be sensitive to the secure key which guarantees the security against the brute-force attack to some extent. The key sensitivity of a cryptosystem can be observed in two aspects: (i) completely different cipher images should be produced when slightly different keys are used to encrypt the same plain image; (ii) the cipher image cannot be correctly decrypted even though there is only tiny difference between the encryption and decryption keys.

To evaluate the key sensitivity of the first case, the encryption is carried out at first to obtain a cipher image with a randomly chosen key. Then a slight change 10⁻¹⁵ is introduced to one of the parameters with all others remain unchanged, and repeat the encryption process. The corresponding cipher images and differential images are shown in Fig. 7.The differences between the corresponding cipher images are computed and given in Table 6.The results obviously show that the cipher images exhibit no similarity one another and there is no significant correlation that could be observed from the differential images.

Fig. 7 Key sensitivity test 1: (a) plain image; (b) cipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.4, μ′ = 3.999); (c) cipher image (x₀ = 0.300000000000001, μ = 3.997, x₀′ = 0.4, μ′ = 3.999); (d) differential image between (b) and (c); (e) cipher image (x₀ = 0.3, μ = 3.997000000000001, x₀′ = 0.4, μ′ = 3.999); (f) differential image between (b) and (e); (g) cipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.400000000000001, μ′ = 3.999); (h) differential image between (b) and (g); (i) cipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.4, μ′ = 3.999000000000001); (j) differential image between (b) and (i).

Download Full Size | PDF

Table 6. Differences between cipher images produced by slightly different keys

View Table | View all tables in this article

In addition, decryption using keys with slight change 3 × 10⁻¹⁶ are also performed in order to evaluate the key sensitivity of the second case. The deciphering images are shown in Fig. 8.The differences between wrong deciphering images to the plain image Fig. 8(b) are 99.60%, 99.62%, 99.61% and 99.60%, respectively.

Fig. 8 Key sensitivity test 2: (a) cipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.4, μ′ = 3.999); (b) decipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.4, μ′ = 3.999); (c) decipher image (x₀ = 0.300000000000001, μ = 3.997, x₀′ = 0.4, μ′ = 3.999); (d) decipher image (x₀ = 0.3, μ = 3.997000000000001, x₀′ = 0.4, μ′ = 3.999); (e) decipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.400000000000001, μ′ = 3.999); (f) decipher image (x₀ = 0.3, μ = 3.997, x₀′ = 0.4, μ′ = 3.999000000000001).

Download Full Size | PDF

The above two tests indicate that the proposed image encryption scheme is highly sensitive to the key. Even an almost perfect guess of the key does not reveal any valuable information about the cryptosystem and hence differential attack would become inefficient and practically useless.

4.2 Key space analysis

The key space is the total number of different keys that can be used in a cryptosystem. For an effective cryptosystem, key space should be large enough to make brute-force attack infeasible. In the proposed scheme, the keys consist of the initial values (x₀, x₀′), and the control parameters (μ, μ′), where (x₀, x₀′)∈(0,1) and (μ, μ′)∈[3.57, 4]. According to the IEEE floating-point standard [28], the computational precision of the 64-bit double-precision number is about 10⁻¹⁵. Due to the fact that (x₀, x₀′) can be any one among those 10¹⁵ possible values and (μ, μ′) can be any one of (4−3.57) × 10¹⁵ possible values, the total key space of the proposed scheme is

K e y_{s} = k e y_{p} \times k e y_{d} = {(10^{15} \times 0.43 \times 10^{15})}^{2} = 0.18 \times 10^{60} \approx 2^{197},

which is large enough to resist brute-force attack.

4.3 Statistical analysis

4.3.1 Histogram analysis

Histogram of an image shows the distribution of the pixel values by plotting the number of pixels at each grayscale level. The histogram of an effectively ciphered image should be uniform and is significantly different from that of the plain image so as to prevent the attacker from obtaining any useful statistical information.

The histograms of the plain image and its cipher image produced by the proposed cryptosystem are shown in Figs. 9(b) and 9(d), respectively. It is obvious that the histograms of the encrypted image are uniformly distributed and quite different from that of the plain image, which implies that the redundancy of the plain image is successfully hidden after the encryption and consequently does not provide any clue to apply statistical attacks.

Fig. 9 Histograms analysis: (a) plain image; (b) histogram of plain image; (c) cipher image; (d) histogram of cipher image.

Download Full Size | PDF

4.3.2 Correlation of adjacent pixels

For an ordinary image with meaningful visual content, each pixel is highly correlated with its adjacent pixels in horizontal, vertical and diagonal direction. An effective encryption should produce a cipher image with sufficiently low correlation between the adjacent pixels. To test this, 3000 pairs of adjacent pixels of the plain image and the cipher image are randomly selected from the horizontal, vertical and diagonal direction, respectively. The correlation coefficient r_xy of each pair are calculated according to the following three formulas:

r_{x y} = \frac{E (x - E (x)) (y - E (y))}{\sqrt{D (x)} \sqrt{D (y)}},

E (x) = \frac{1}{N} \sum_{i = 1}^{N} x_{i},

D (x) = \frac{1}{N} \sum_{i = 1}^{N} {(x_{i} - E (x))}^{2},

where x_i and y_i are gray-level values of the ith pair of the selected adjacent pixels, and N represents the total number of the samples. The correlation coefficients of adjacent pixels in the plain and its cipher image are listed in Table 7. Moreover, the correlation of two horizontally adjacent pixels in the plain and the encrypted image are shown in Figs. 10(a) and 10(b), respectively. Both the calculated correlation coefficients and the figures can substantiate that the strong correlation among neighboring pixels of a plain image can be decorrelated by using the proposed cryptosystem effectively.

Table 7. Correlation of adjacent pixels

View Table | View all tables in this article

Fig. 10 Correlation of horizontal adjacent two pixels; (a) plain image; (b) cipher image.

Download Full Size | PDF

4.3.3 Information entropy

Entropy is a significant property that reflects the randomness and the unpredictability of an information source, which was firstly proposed by Shannon in 1949 [31]. The entropy H(s) of a message source s is defined by the following formula:

H (s) = - \sum_{i = 0}^{2^{N} - 1} P (s_{i}) \log_{2} P (s_{i}),

where s is the source, N is the number of bits to represent the symbol s_i, and P(s_i) is the probability of the symbol s_i. For a truly random source consists of 2^N symbols, the entropy is N. Therefore, for a secure cryptosystem, the entropy of the cipher image with 256 gray level should ideally be 8.

Five 256 grayscale test images with size 512 × 512 are encrypted and the information entropies are then calculated, as listed in Table 8.It is obvious that the entropies of the cipher images are very close to the theoretical value of 8, which means that information leakage in the encryption procedure is negligible and the proposed algorithm is secure against entropy analysis.

Table 8. Entropies of plain image and its cipher image

View Table | View all tables in this article

5. Conclusions

In this paper, an improved permutation-diffusion type image cryptosystem with a chaotic orbit perturbing mechanism is proposed to promote the efficiency of the most widely used permutation-diffusion type image cryptosystem. Compared with the conventional image cipher, key stream elements used in our encryption are generated by a plain pixel related orbit perturbing mechanism, with the purpose to introduce the different in plain image to the chaotic iteration and bring about avalanche effect to the encryption process. A novel pixel swapping confusion strategy is proposed as a replacement of the tradition permutation techniques, which can spread a tiny difference in the plain image to a larger scale in confused images. Besides, diffusion is implemented in reverse direction in conjunction with pixel swapping operation, so as to introduce the difference at the beginning of the diffusion module and spread to the whole cipher image in the first encryption round. Simulation results and numerical analysis have shown that the NPCR, UACI, and information entropy of the proposed scheme are better than those of the conventional image cryptosystems. All these results justify the superior security and computational efficiency of our encryption.

Acknowledgments

This work was supported by the National Natural Science Foundation of China (Nos. 61271350, 61374178, 61202085), the Fundamental Research Funds for the Central Universities (No. N120504005), the Liaoning Provincial Natural Science Foundation of China(No. 201202076), the Specialized Research Fund for the Doctoral Program of Higher Education(No. 20120042120010) and the Ph.D. Start-up Foundation of Liaoning Province, China (Nos. 20111001, 20121001, 20121002).

References and links

1. S. Li, G. Chen, and X. Zheng, “Chaos-based encryption for digital images and videos,” in Multimedia Security Handbook (CRC Press, 2005), Chap. 4.

2. J. Fridrich, “Symmetric ciphers based on two-dimensional chaotic maps,” Int. J. Bifurcat. Chaos 8(6), 1259–1284 (1998). [CrossRef]

3. S. G. Lian, J. S. Sun, and Z. Q. Wang, “A block cipher based on a suitable use of chaotic standard map,” Chaos Solitons Fractals 26(1), 117–129 (2005). [CrossRef]

4. K. W. Wong, B. S. H. Kwok, and W. S. Law, “A fast image encryption scheme based on chaotic standard map,” Phys. Lett. A 372(15), 2645–2652 (2008). [CrossRef]

5. T. Xiang, K. W. Wong, and X. F. Liao, “Selective image encryption using a spatiotemporal chaotic system,” Chaos 17(2), 023115 (2007). [CrossRef] [PubMed]

6. Y. Wang, K. W. Wong, X. F. Liao, T. Xiang, and G. R. Chen, “A chaos-based image encryption algorithm with variable control parameters,” Chaos Solitons Fractals 41(4), 1773–1783 (2009). [CrossRef]

7. K. W. Wong, B. S. H. Kwok, and C. H. Yuen, “An efficient diffusion approach for chaos-based image encryption,” Chaos Solitons Fractals 41(5), 2652–2663 (2009). [CrossRef]

8. C. Fu, J. J. Chen, H. Zou, W. H. Meng, Y. F. Zhan, and Y. W. Yu, “A chaos-based digital image encryption scheme with an improved diffusion strategy,” Opt. Express 20(3), 2363–2378 (2012). [CrossRef] [PubMed]

9. Y. B. Mao, G. R. Chen, and S. G. Lian, “A novel fast image encryption scheme based on 3D chaotic baker maps,” Int. J. Bifurcat. Chaos 14(10), 3613–3624 (2004). [CrossRef]

10. G. R. Chen, Y. B. Mao, and C. K. Chui, “A symmetric image encryption scheme based on 3D chaotic cat maps,” Chaos Solitons Fractals 21(3), 749–761 (2004). [CrossRef]

11. F. Y. Sun, S. T. Liu, and Z. W. Lu, “Image encryption using high-dimension chaotic system,” Chin. Phys. 16(12), 3616–3623 (2007). [CrossRef]

12. C. X. Zhu, “A novel image encryption scheme based on improved hyper chaotic sequences,” Opt. Commun. 285(1), 29–37 (2012). [CrossRef]

13. T. G. Gao and Z. Q. Chen, “A new image encryption algorithm based on hyper-chaos,” Phys. Lett. A 372(4), 394–400 (2008). [CrossRef]

14. S. Behnia, A. Akhshani, H. Mahmodi, and A. Akhavan, “A novel algorithm for image encryption based on mixture of chaotic maps,” Chaos Solitons Fractals 35(2), 408–419 (2008). [CrossRef]

15. A. N. Pisarchik and M. Zanin, “Image encryption with chaotically coupled chaotic maps,” Physica D 237(20), 2638–2648 (2008). [CrossRef]

16. C. K. Huang and H. H. Nien, “Multi chaotic systems based pixel shuffle for image encryption,” Opt. Commun. 282(11), 2123–2127 (2009). [CrossRef]

17. S. Mazloom and A. M. Eftekhari-Moghadam, “Color image encryption based on Coupled Nonlinear Chaotic Map,” Chaos Solitons Fractals 42(3), 1745–1754 (2009). [CrossRef]

18. R. Rhouma, S. Meherzi, and S. Belghith, “OCML-based colour image encryption,” Chaos Solitons Fractals 40(1), 309–318 (2009). [CrossRef]

19. F. Y. Sun, S. T. Liu, Z. Q. Li, and Z. W. Lu, “A novel image encryption scheme based on spatial chaos map,” Chaos Solitons Fractals 38(3), 631–640 (2008). [CrossRef]

20. S. T. Liu and F. Y. Sun, “Spatial chaos-based image encryption design,” Sci. China, Ser. G 52(2), 177–183 (2009). [CrossRef]

21. X. J. Tong, “The novel bilateral - diffusion image encryption algorithm with dynamical compound chaos,” J. Syst. Software 85(4), 850–858 (2012). [CrossRef]

22. C. Fu, B. B. Lin, Y. S. Miao, X. Liu, and J. J. Chen, “A novel chaos-based bit-level permutation scheme for digital image encryption,” Opt. Commun. 284(23), 5415–5423 (2011). [CrossRef]

23. Z. L. Zhu, W. Zhang, K. W. Wong, and H. Yu, “A chaos-based symmetric image encryption scheme using a bit-level permutation,” Inf. Sci. 181(6), 1171–1186 (2011). [CrossRef]

24. W. Zhang, K. W. Wong, H. Yu, and Z. L. Zhu, “An image encryption scheme using lightweight bit-level confusion and cascade cross circular diffusion,” Opt. Commun. 285(9), 2343–2354 (2012). [CrossRef]

25. Y. Wang, K. W. Wong, X. F. Liao, T. Xiang, and G. R. Chen, “A chaos-based image encryption algorithm with variable control parameters,” Chaos Solitons Fractals 41(4), 1773–1783 (2009). [CrossRef]

26. Y. Wang, X. F. Liao, T. Xiang, K.-W. Wong, and D. Yang, “Cryptanalysis and improvement on a block cryptosystem based on iteration a chaotic map,” Phys. Lett. A 363(4), 277–281 (2007). [CrossRef]

27. J. Wei, X. F. Liao, K. W. Wong, and T. Zhou, “Cryptanalysis of a cryptosystem using multiple one-dimensional chaotic maps,” Commun. Nonlinear Sci. Numer. Simul. 12(5), 814–822 (2007). [CrossRef]

28. IEEE Computer Society, “IEEE standard for binary floating-point arithmetic,” ANSI/IEEE std. 754–1985 (1985).

29. G. Alvarez and S. Li, “Some basic cryptographic requirements for chaos-based cryptosystems,” Int. J. Bifurcat. Chaos 16(8), 2129–2151 (2006). [CrossRef]

30. A statistical test suite for random and pseudorandom number generators for cryptographic applications, Special Publication 800–22 Rev 1a, 2010, http://www.nist.gov.

31. C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J. 28(4), 656–715 (1949). [CrossRef]

Test items	Logistic map	Orbit-perturbing Logistic map
Frequency	98.90%	99.00%
Block Frequency	98.80%	98.50%
Cumulative Sums forward sum	99.10%	99.20%
Cumulative Sums backward sum	99.0%	99.10%
Runs	98.60%	98.70%
Longest Run	99.10%	99.10%
Rank	98.90%	99.00%
FFT	98.40%	99.30%
NonOverlapping Template	98.94%	98.93%
Overlapping Template	98.70%	99.30%
Universal	100.00%	100.00%
Approximate Entropy	99.10%	98.20%
Random Excursions	98.86%	99.54%
Random Excursions Variant	98.27%	99.40%
Serial	98.85%	99.05%
Linear Complexity	99.00%	98.80%
Average	98.91%	99.07%

Permutation Approach	Rounds	Pixel correlation			NPCR	UACI	Time (ms)
Permutation Approach	Rounds	Horizontal	Vertical	Diagonal	NPCR	UACI	Time (ms)
Plain-image		0. 9849	0.9693	0.9562	—	—	—
Proposed	1	−0.0077	0.0117	0.0119	0.6843	0.1482	9.2
Arnold cat map	3	0.0267	−0.0325	−0.0186	3.8147e-006	1.4960e-008	12
Baker map	3	0.0142	−0.0454	0.0228	3.8147e-006	1.4960e-008	120
Standard map	3	0.0109	−0.0070	0.0086	3.8147e-006	1.4960e-008	162

	Test images	1 Round		2 Rounds		3 Rounds		4 Rounds
	Test images	NPCR	UACI	NPCR	UACI	NPCR	UACI	NPCR	UACI
1	lena_d0	99.61%	33.35%	99.60%	33.39%	99.61%	33.47%	99.61%	33.43%
2	lena_d1	99.60%	33.35%	99.59%	33.43%	99.57%	33.44%	99.60%	33.42%
3	lena_d2	99.60%	33.44%	99.60%	33.45%	99.60%	33.40%	99.62%	33.45%
4	lena_d3	99.60%	33.35%	99.59%	33.47%	99.61%	33.42%	99.62%	33.51%
5	lena_d4	99.61%	33.39%	99.60%	33.44%	99.60%	33.48%	99.62%	33.54%
Average		99.61%	33.38%	99.60%	33.45%	99.60%	33.45%	99.62%	33.48%

	Test images	1 Round		2 Rounds		3 Rounds		4 Rounds
	Test images	NPCR	UACI	NPCR	UACI	NPCR	UACI	NPCR	UACI
1	Lena	99.61%	33.42%	99.62%	33.49%	99.61%	33.46%	99.63%	33.53%
2	Baboon	99.60%	33.45%	99.60%	33.45%	99.63%	33.51%	99.60%	33.49%
3	Barb	99.61%	33.59%	99.62%	33.44%	99.60%	33.47%	99.61%	33.45%
4	Bridge	99.60%	33.55%	99.62%	33.48%	99.60%	33.46%	99.62%	33.47%
5	Peppers	99.60%	33.46%	99.62%	33.43%	99.61%	33.52%	99.60%	33.59%
Average		99.60%	33.49%	99.62%	33.46%	99.61%	33.48%	99.61%	33.51%

Rounds	Encryption Time(ms)			NPCR			UACI
Rounds	Proposed	Fu’s	Zhang’s	Proposed	Fu’s	Zhang’s	Proposed	Fu’s	Zhang’s
1	16.2	72	34	99.61%	99.61%	42.62%	33.42%	33.51%	14.29%
2	32.4	144	68	99.62%	99.59%	99.60%	33.49%	33.46%	33.45%
3	48.6	216	102	99.61%	99.63%	99.59%	33.46%	33.50%	33.46%
4	63.8	288	136	99.63%	99.62%	99.61%	33.53%	33.45%	33.47%

An improved permutation-diffusion type image cipher with a chaotic orbit perturbing mechanism

Abstract

1. Introduction

2. The proposed image cryptosystem

2.1 Plain pixel related chaotic orbit perturbing

2.1.1 The orbit perturbing mechanism

2.1.2 Statistical analysis of chaotic map with orbit perturbing mechanism

(1) NIST Test

(2) Autocorrelation and cross-correlation

2.2 Image permutation using pixel swapping strategy

2.2.1 Traditional permutation techniques

2.2.2 Pixel-swapping based permutation strategy

2.2.3 Simulation results of pixel swapping strategy

2.3 Image diffusion in reverse direction

2.4 The proposed image cryptosystem

3. Simulation Results

4. Security analysis

4.1 Key sensitivity test

4.2 Key space analysis

4.3 Statistical analysis

4.3.1 Histogram analysis

4.3.2 Correlation of adjacent pixels

4.3.3 Information entropy

5. Conclusions

Acknowledgments

References and links

Cited By

Figures (10)

Tables (8)

Equations (25)

Optics Express

Figures	Encryption keys
	x₀		μ		x₀^′		μ′
7(b)		0.3		3.997		0.4		3.999	—
7(c)		0.3 + 10⁻¹⁵		3.997		0.4		3.999	99.60%
7(e)		0.3		3.997 + 10⁻¹⁵		0.4		3.999	99.59%
7(g)		0.3		3.997		0.4 + 10⁻¹⁵		3.999	99.62%
7(i)		0.3		3.997		0.4		3.999 + 10⁻¹⁵	99.62%

Direction	Plain image	Cipher image
Horizontal	0.9840	0.0088
Vertical	0.9738	−0.0067
Diagonal	0.9624	7.0838e-004

Test image	Plain image	Cipher image
Lena	7.445568	7.999335
Baboon	7.357949	7.999329
Barb	7.466426	7.999315
Bridge	5.705560	7.999218
Peppers	7.571478	7.999359