In recent years, amounts of permutationdiffusion architecturebased image cryptosystems have been proposed. However, the key stream elements in the diffusion procedure are merely depending on the secret key that is usually fixed during the whole encryption process. Cryptosystems of this type suffer from unsatisfactory encryption speed and are considered insecure upon known/chosen plaintext attacks. In this paper, an efficient diffusion scheme is proposed. This scheme consists of two diffusion procedures, with a supplementary diffusion procedure padded after the normal diffusion. In the supplementary diffusion module, the control parameter of the selected chaotic map is altered by the resultant image produced after the normal diffusion operation. As a result, a slight difference in the plain image can be transferred to the chaotic iteration and bring about distinct key streams, and hence totally different cipher images will be produced. Therefore, the scheme can remarkably accelerate the diffusion effect of the cryptosystem and will effectively resist known/chosen plaintext attacks. Theoretical analyses and experimental results prove the high security performance and satisfactory operation efficiency of the proposed scheme.
With the rapid development of communication technologies, the utilization of visual content in addition to textual information becomes much more prevalent than the past. Cryptographic approaches are therefore critical for secure digital image storage and distribution over public networks. However, traditional data encryption algorithms such as TripleDES, IDEA, AES, and other symmetric cryptographic algorithms are found poorly suited for digital images characterized with some intrinsic features such as high pixel correlation and redundancy [
The fundamental characteristics of chaotic systems, such as ergodicity and sensitivity to initial condition and control parameters, have attracted researchers’ attention since such features can be considered analogous to the desired cryptographic properties. In 1998, Fridrich proposed the first general architecture for chaosbased image cryptosystems. This architecture is composed of two stages: permutation and diffusion [
As pointed out by many previous works, the diffusion procedure is the highest cost of the whole cryptosystem. This is because a considerable amount of computation load is devoted to the chaotic map iteration and quantization operation that is required for the key stream generation. Therefore, the critical issue of an efficient image cryptosystem is to reduce the required diffusion rounds. Moreover, Wang et al. pointed out that the same key stream may be used to encrypt different plain images if the secret key remains unchanged [
In order to accelerate the diffusion effect of permutationdiffusion type image cryptosystems and further enhance the security performance, we propose a more efficient diffusion scheme. The novel scheme consists of two relevant diffusion procedures in one overall encryption round. A supplementary diffusion module is padded after the normal diffusion procedure, in which the control parameter of the chaotic map will be altered by the resultant image generated after the normal diffusion operation. This scheme can make full use of the chaotic system’s sensitivity to control parameters, as the slight difference in the image can be transferred to the chaotic iteration and then brings about distinct key streams even though the same secret keys are applied. Therefore, totally different cipher images will be produced and hence the spreading effect of the cryptosystem will be remarkably accelerated. Besides, as the key stream elements produced in the supplementary diffusion stage not only depend on the secret key but also the plain image, different key streams will be produced when ciphering different plain images. Accordingly, opponents cannot obtain any clues about the secret key by launching chosen/known plaintext attacks, and the cryptosystem can resist known/chosen plaintext attacks effectively. Experimental results demonstrate that the proposed diffusion scheme has a high level of security and satisfactory encryption speed for practical secure image applications.
The remaining of this paper is organized as follows. In the next section, the architecture of permutationdiffusion type image cryptosystems is described. Then, the proposed diffusion strategy for image encryption is given in detail in Section
The architecture of permutationdiffusion type chaosbased image cryptosystems [
Architecture of permutationdiffusion type image cryptosystems.
In the permutation stage, image pixels are generally shuffled by a twodimensional areapreserving chaotic map, without any modification to their values. Traditionally, three types of chaotic maps, Arnold cat map, baker map, and standard map, are applied and their discretized versions are given by, respectively [
Figure
Confused images using different permutation approaches: (a) plain image, (b) confused image with 3round cat map, (c) confused image with 3round baker map, and (d) confused image with 3round standard map.
In the diffusion stage, pixel values are modified sequentially by mixing with the key stream elements that are generated by a onedimensional chaotic map. Generally, the modification to one particular pixel depends not only on the corresponding key stream element but also on the accumulated effect of all the previous pixel values [
In the present paper, chaotic logistic map [
As pointed out by many previous works, an efficient image cipher should spread a minor change in the plain image to the whole cipher image in order to resist differential attack. Opponents usually make a slight change (e.g., change one pixel) of the plain image and then obtain some clues of the keys by comparing the difference of cipher images. Therefore, if the change in the plain image can spread out to larger scale pixels in the cipher image, the attacker will be unable to find out any valuable clues about the keys. Two performance indices, NPCR (number of pixels change rate) and UACI (unified average changing intensity), are utilized to measure the influence of one pixel change in plain image on the entire cipher image. Suppose that
From the above two mathematical formulas, we can draw the conclusion that NPCR is used to measure the spreading scale, whereas UACI is the measurement of the spreading degree. For a 256 graylevel image, the expected NPCR and UACI values are 99.61% and 33.46%, respectively [
In this section, the diffusion effect of the traditional permutationdiffusion type image cryptosystems is analyzed theoretically and experimentally. In the present paper, the plain image and the encrypted image with the size of
Traditional diffusion algorithm, as described by (
Diffusion process of traditional image cryptosystems.
Without loss of generality, we assume that the differential pixel is at
We can now infer from the above analysis that two features of the spreading process may exist in the first encryption round.
Simulations have been performed to testify the theses mentioned above. In order to better represent the spreading effect of the diffusion procedure, two relevant shuffled images are directly applied as the inputs of the diffusion module. The first one is the confused image of Barb using 3round cat map, whereas the other one is the modified version obtained by changing the last bit of the first pixel from 0 to 1. Chaotic logistic map with coefficients
Simulation results of the diffusion effect (i): (a) confused image of Barb using 3round cat map, (b) modified version of (a), (c) output image of (a) after diffusion, (d) output image of (b) after diffusion, and (e) differential image of (c) and (d).
Based on precise numerical calculations using Matlab R2010a, the differential ratio of the corresponding pixels between Figures
According to (
Simulation results of the diffusion effect (ii): (a) output image of Figure
Based on numerical calculations using Matlab, the NPCR and UACI are 99.61% and 33.41%, respectively. Both of the two performance indices are very close to the expected values. Therefore, two output images can be viewed as two random ones and there are no statistical correlations between them. The slight difference in the plain images has spread out to the whole image. Opponents cannot obtain any clues by comparing such two output images, and hence the cryptosystem can resist known/chosen plaintext attacks effectively. Therefore, it is of great significance to investigate how to make the difference in the input image transferred to the chaotic iteration so as to produce distinct key stream elements and hence obtain satisfactory diffusion performance at an early age.
In this section, we propose a novel diffusion scheme named continuous diffusion that can accelerate the spreading effect remarkably. The proposed diffusion scheme can collaborate with any chaotic maps that are used as key stream generator for diffusion, and logistic map is employed as an example for illustrating the proposed scheme clearly.
Different from the traditional diffusion strategies, the proposed diffusion scheme consists of two relevant diffusion procedures with the normal diffusion module being unchanged and a supplementary diffusion procedure padded next. In the normal diffusion stage, plain pixel values are modified sequentially by the logistic map with the chosen parameters
The proposed image diffusion scheme.
In our scheme, the control parameter
Note that, for deciphering smoothly, key stream element used for ciphering the last pixel in the supplementary diffusion stage has to be generated by the given parameter “
The detailed process of above proposed that diffusion scheme is described as follows.
Iterate (
The logistic map is iterated for
Calculate the cipherpixel value sequentially according to (
Alter the control parameter “
Iterate the logistic map for
Except the last one, modify the pixel values sequentially by (
Encrypt the last pixel in supplementary diffusion stage using the last key stream element produced in Step
Note that when other chaotic maps are applied for key stream generation, the control parameter perturbing operation could be implemented referring to that of the logistic map described above. Besides, any 2D or higher dimensional discretized chaotic maps can be employed for image permutation and collaborated with the proposed diffusion scheme.
In this section, simulation results are given out to demonstrate the efficiency and the effectiveness of the proposed diffusion scheme in comparison with Wang’s algorithm in [
Testing results when using cat map.
Test  1 round  2 rounds  3 rounds  4 rounds  

Items  Proposed  Wang’s  Proposed  Wang’s  Proposed  Wang’s  Proposed  Wang’s 


50.51%  99.62% 

99.62%  99.60%  99.60%  99.61% 


16.86%  33.51% 

33.46%  33.45%  33.51%  33.48% 
Times (ms) 

6.7  15.6 

23.4  20.1  26.8  31.2 
Testing results when using baker map.
Test  1 round  2 rounds  3 rounds  4 rounds  

Items  Proposed  Wang’s  Proposed  Wang’s  Proposed  Wang’s  Proposed  Wang’s 


51.02%  99.61% 

99.62%  99.60%  99.61%  99.62% 


16.91%  33.47% 

33.51%  33.46%  33.48%  33.49% 
Times (ms) 

67.2  137.6 

206.4  201.6  275.2  268.8 
Testing results when using standard map.
Test  1 round  2 rounds  3 rounds  4 rounds  

Items  Proposed  Wang’s  Proposed  Wang’s  Proposed  Wang’s  Proposed  Wang’s 


49.87%  99.61% 

99.60%  99.61%  99.63%  99.60% 


16.75%  33.48% 

33.48%  33.48%  33.52%  33.46% 
Times (ms) 

101.8  206.8 

310.2  305.4  413.6  407.2 
As demonstrated in the tables, to achieve a satisfactory security level such as NPCR > 99.60% and UACI > 33.4%, only one overall round is required when using the proposed diffusion scheme no matter what technique is applied for permutation. However, such satisfactory security performance will be produced after the second encryption round when using Wang’s algorithm. Compared with Wang’s scheme, at least 40% of the encryption time can be saved even though a little more time is needed in one overall round due to the computation in the supplementary diffusion procedure. The significant acceleration in encryption speed is due to the reduction of the encryption rounds, and thus the encryption efficiency is more satisfactory. Besides, as the key stream elements produced in our diffusion stage are decided not only by the secret key but also by the plain image, different plain images can result in distinct key stream elements, and this advantage ensures the robustness against known/chosen plaintext attacks of the proposed scheme.
In this section, image cryptosystems based on the proposed diffusion scheme and various permutation strategies are analyzed versus different security performances.
The key space is the total number of different keys that can be used in a cryptosystem, and the key space should be sufficiently large to make bruteforce attack infeasible. For permutationdiffusion type image cryptosystems, the secret key consists of two parts: permutation key
Throughout the previous works, the key space of the cat map with permutation round
The key sensitivity of a cryptosystem can be observed in the following two aspects: (i) completely different cipher images should be produced when using slightly different keys to encrypt the same plain image and (ii) the cipher image cannot be correctly decrypted even though there is slight difference between the encryption and decryption keys.
The following key sensitivity tests have been performed to evaluate the key sensitivity in the first case.
The plain image Barb is firstly encrypted with the chosen coefficients
The initial value
The control parameter
Compute the difference between the original cipher image obtained in step
Repeat the above steps using different permutation strategies.
The testing results when using cat map, baker map, and standard map are listed in Table
Key sensitivity test (i).
Permutation 
Difference between

Difference between


Cat map  99.59%  99.60% 
Baker map  99.59%  99.61% 
Standard map  99.62%  99.61% 
Key sensitivity test (i) using cat map for permutation: (a) plain image, (b) cipher image
In addition, decryption operations using different keys with slight changes also have been performed in order to evaluate the key sensitivity in the second case.
Barb is firstly encrypted with the chosen coefficients
Decrypt the
Decrypt the
Compute the difference between the plain image Barb and the decipher images produced in steps
Repeat the above steps using different permutation techniques.
The simulation results when using cat map, baker map, and standard map are listed in Table
Key sensitivity test (ii).
Permutation 
Difference between Barb and

Difference between Barb and 

Cat map  99.62%  99.59% 
Baker map  99.60%  99.63% 
Standard map  99.61%  99.59% 
Key sensitivity test (ii) using cat map for permutation: (a) cipher image
The above two tests prove that the proposed image diffusion scheme is highly sensitive to the secret key. Even an almost perfect guess of the key does not reveal any valuable information about the cryptosystem and hence differential attack would become inefficient and practically useless.
Histogram of an image demonstrates the distribution of the pixel values by plotting the number of pixels at each gray scale level. The histogram of an effectively ciphered image should be uniform and significantly different from that of the plain image so as to prevent the attacker from obtaining any useful statistical information. The histograms of the plain image and its cipher images produced by the image cryptosystems based on the proposed diffusion scheme and different permutation strategies are depicted in Figure
Histograms analysis: (a) plain image, (b) histogram of plain image, (c) cipher image using cat map, (d) cipher image using baker map, (e) cipher image using standard map, (f) histogram of (c), (g) histogram of (d), and (h) histogram of (e).
For an ordinary image with meaningful visual content, each pixel is highly correlated with its adjacent pixels in horizontal, vertical, and diagonal direction. An effective cryptosystem should produce a cipher image with sufficiently low correlation between the adjacent pixels. To test this, 3000 pairs of adjacent pixels of the plain image and the cipher image are randomly selected from the horizontal, vertical, and diagonal direction, respectively. The correlation coefficient
Correlation coefficients of two adjacent pixels in the plain and cipher images.
Correlation of plain image  Correlation of cipher images  

Cat map  Baker map  Standard map  
Horizontal  0.9565  0.0023  −0.0056  0.0015 
Vertical  0.8617  −0.0057  −0.0023  −0.0018 
Diagonal  0.8396  −0.0013  0.0036  0.0023 
Correlation of two horizontally adjacent pixels: (a) correlation of the plain image, (b) correlation of the cipher image using cat map, (c) correlation of the cipher image using baker map, and (d) correlation of the cipher image using standard map.
Entropy is a significant property that reflects the randomness and the unpredictability of an information source; it was firstly proposed by Shannon in 1949 [
Five 256 gray scale test images with size
Entropies of plain images and cipher images.
Entropies of plain images  Entropies of cipher images  

Cat map  Baker map  Standard map  
Lena  7.445568  7.999370  7.999424  7.999413 
Baboon  7.357949  7.999356  7.999189  7.999342 
Barb  7.466426  7.999305  7.999335  7.999355 
Bridge  5.705560  7.999287  7.999297  7.999305 
Peppers  7.571478  7.999351  7.999378  7.999371 
In the present paper, an efficient diffusion scheme is proposed to address the efficiency and security flaws of the traditional permutationdiffusion type image cryptosystems. Our diffusion scheme consists of two relevant diffusion procedures in one overall round encryption. The first one is the same as the normal diffusion module, whereas, in the supplementary diffusion procedure, the control parameter of the selected chaotic map is altered by the resultant image generated after the first diffusion operation. This scheme makes full use of the sensitivity property of the chaotic systems, and a slight difference in the image can be transferred to the chaotic map iteration and then brings about totally different key stream elements. Through this mechanism, the spreading effect of the cryptosystem can be significantly accelerated in the supplementary diffusion procedure and the cryptosystem can resist chosen/known plaintext attacks effectively. Experimental results have proved the higher efficiency and the security level of the proposed scheme. These improvements can motivate the practical applications of permutationdiffusion architecture chaosbased image cryptosystems.
The authors declare that there is no conflict of interests regarding the publication of this paper.
This work was supported by the National Natural Science Foundation of China (nos. 61271350, 61374178, and 61202085), the Fundamental Research Funds for the Central Universities (no. N120504005), the Liaoning Provincial Natural Science Foundation of China (no. 201202076), the Specialized Research Fund for the Doctoral Program of Higher Education (no. 20120042120010), and the Ph.D. Startup Foundation of Liaoning Province, China (Nos. 20111001, 20121001, and 20121002).