Two-Phase Image Encryption Scheme Based on FFCT and Fractals

This paper blends the ideas from recent researches into a simple, yet efficient image encryption scheme for colored images. It is based on the finite field cosine transform (FFCT) and symmetric-key cryptography. The FFCT is used to scramble the image yielding an image with a uniform histogram. The FFCT has been chosen as it works with integers modulo p and hence avoids numerical inaccuracies inherent to other transforms. Fractals are used as a source of randomness to generate a one-time-pad keystream to be employed in enciphering step. The fractal images are scanned in zigzag manner to ensure decorrelation of adjacent pixels values in order to guarantee a strong key. The performance of the proposed algorithm is evaluated using standard statistical analysis techniques. Moreover, sensitivity analysis techniques such as resistance to differential attacks measures, mean square error, and one bit change in system key have been investigated. Furthermore, security of the proposed scheme against classical cryptographic attacks has been analyzed. The obtained results show great potential of the proposed scheme and competitiveness with other schemes in literature. Additionally, the algorithm lends itself to parallel processing adding to its computational efficiency.


Introduction
Multimedia communication has now become a common practice in our daily lives.Multimedia data demand both high transmission rates and security.Medical imaging systems, military image databases, and pay-per-view TV are examples of applications in which security is an essential requirement of the multimedia system [1].
Encryption is a key component for secure communication.It is the cryptographic primitive responsible for converting data into a form that is only intelligible by the intended recipient.A secret piece of information held by the recipient, the decryption key, is used to recover the original message.The proper choice of such a key is a critical component to any cryptosystem, especially in stream ciphers [2].
Image encryption is far more challenging compared to textual data encryption.The adjacent bits in an image usually show high correlation which can be used in cryptanalysis.Moreover, the image size is a major challenge requiring highly efficient algorithms that can handle such huge data size in an acceptable time frame.Furthermore, traditional symmetric encryption schemes do not work well for encrypting images.Several attempts have been made to adapt standard encryption schemes to suit the delicate nature of images [3].The enciphered image should look random with a uniform histogram and passing well-known statistical tests of randomness in the NIST suite [4].Moreover, the encryption scheme should be sensitive to small variations in the plain image showing a significant change in the enciphered image.
Image encryption has thus attracted the attention of many researchers, who attempt to develop new schemes representing different tradeoffs between the complexity of the algorithm and its reliability.In this paper, an image encryption algorithm is proposed employing both the finite field cosine transform [5] and fractal images [6].Fractal images can be easily generated and they are used as a source of randomness for constructing a strong stream cipher key.The preliminary results show that the proposed scheme shows comparable performance to other schemes in literature.
The rest of the paper is organized as follows.In the following section, related work on image encryption in literature is reviewed.The finite field cosine transform, zigzag scanning idea, and fractal images are defined in Section 3. Some important characteristics of the FFCT are briefly discussed and the transform matrix to be used in our algorithm is presented.In 2 Security and Communication Networks Section 4, evaluation techniques used to test the developed algorithm are described.Our image encryption scheme is introduced in Section 5. System key, complexity, and speed analysis are provided in Sections 6, 7, and 8, respectively.The experimental results used to illustrate and evaluate the performance of our approach are presented in Section 9. Resistance of the proposed encryption scheme to classical cryptographic attacks, like known-plaintext and chosen-plaintext attacks, is examined in Section 10.A comparative study between the proposed scheme and other schemes in literature is presented in Section 11.Finally, Section 12 concludes the paper.

Related Work
Much attention has been lately devoted to developing efficient and highly secure image encryption schemes.Image encryption algorithms are classified into three major categories [7]: (i) pixel position permutation based algorithms, in which a pixel is replaced by another pixel of the same image, (ii) value transformation based algorithms, in which a pixel is converted to another pixel value, and (iii) visual transformation based algorithms, in which another image is superimposed on another image such as using an image as a key or watermark-based encryption.Now, hybrid algorithms are most dominating.Different types of permutation or shuffling techniques have been successfully applied.Moreover, numerous frequency domain transforms have been considered.Furthermore, there is abundant literature on the use of chaotic maps as well as the use of fractals in image encryption.
For keystream generation, fractal geometry and chaotic maps have been extensively used in both cryptography and data hiding [8].As for the use of chaotic function, Liu and Wang [9] used a piecewise linear chaotic map to generate a pseudorandom key stream sequence.Amin et al. [10] used a chaotic block cipher scheme to encrypt a block of bits rather than a block of pixels using cryptographic primitive operations and a nonlinear transformation function.Wang et al. in [11] encrypted images using Baker map and several one-dimensional chaotic maps.Wang et al. [12] encrypted plaintext by alternating between stream ciphering and block ciphering based on a pseudorandom number generated based on a chaotic map.On the other hand, Huang [13] used a nonlinear chaotic Chebyshev function to generate a keystream, in addition to multiple pixel permutations.In [14], Wang and Luan proposed a novel image encryption scheme based on reversible cellular automata combined with chaos.
As for the use of fractal images, the Mandelbulb set has been used in [15].The fractal image and the fractalcompressed source image are transformed to square matrices and matrix operations are applied in encryption and decryption.The Mandelbrot set is utilized in [16] along with the Hilbert transformation to generate a random encryption key.Moreover, Abd-El-Hafiz et al. [6] introduced a novel image encryption system based on diffusion and confusion processes in which the image information is hidden inside the complex details of multiple fractal images.
The FFCT was first defined in [19] and corresponds to a finite field version of the discrete cosine transform (DCT).It exhibits interesting properties which are valuable for cryptographic purposes.In [5], a simple method for uniformizing histograms of greyscale digital images was introduced based on 8-point FFCT without any encryption mechanism.Then, a method for histogram uniformization of greyscale images integrated with a full encryption mechanism was developed in [17].In [20], an improvement had been proposed to allow the color channels to be processed jointly by means of a single transformation round by using a 32-point FFCT over the GF (2 24 ) to transform blocks of the image.
The present work is based on the idea of multiphase image encryption and thus the encryption process is split over two phases: FFCT phase and encryption phase as in [18].First, a transformation is done based on applying a recursive 8point FFCT over GF (2 8 ) to blocks of a color image.Since RGB images are considered, the transform is applied to each color channel separately.Application of this transformation guarantees a uniform histogram as well as decorrelation of values of adjacent pixels.This makes our method useful to provide robustness against statistical attacks in image encryption schemes.Second, encryption is based on using fractal images to generate the keystream which leads to a simple, yet secure encryption scheme.

Background
In this section, some important definitions are provided which are essential to the development of the proposed scheme.First, the finite field cosine transform (FFCT) is defined, and then zigzag image scanning and fractal images and their generation are described.

Finite Field Cosine Transform.
In order to define the FFCT as in [5], let  be a nonzero element in the finite field GF(), where  is an odd prime.The finite field cosine function related to  is computed modulo  as cos  () fl   +  − 2 ,  = 0, 1, . . ., ord () , where ord() denotes the multiplicative order of .
As an advantage, the finite field cosine transform is defined over the integers modulo  and thus avoids inaccuracies associated with other real-valued transforms.A type-2 FFCT is defined in [5,19] as follows.
Let  ∈ GF() be an element with multiplicative order 2.The finite field cosine transform of the vector  = [ 0 ,  1 , . . .,  −1 ],   ∈ GF() is given by the vector  = [ 0 ,  1 , . . .,  −1 ],   ∈ GF() whose elements are where The inverse FFCT can be computed according to the following formula: The previous equations can be written in matrix format as  = , where  corresponds to the transform matrix, the elements of which are obtained directly from (2).Using such a matrix notation, the FFCT can be extended to two dimensions.The two-dimensional FFCT of a matrix M with dimensions  ×  can be computed by where  is the transformation matrix.
In this paper, RGB color images are considered, which have three color channels red, green, and blue.Each channel has pixels values ranging from 0 to 255.As suggested by [5], the Fermat prime used in the current paper is taken to be  = 257.An example of a 8 × 8 transform matrix used for testing the scheme is the following: 15 where  is an orthogonal matrix which satisfies The period of the FFCT transform matrix  has great importance for the application described in this paper, since such a parameter corresponds to the least integer and positive power  giving   = .Once the transform matrix  used has a large period  ( = 16974594 for the above matrix), there is not risk of returning the transformed block to its original block by the FFCT repetitive computation for a small number of times.

Zigzag Scanning of Images and Reshaping.
To understand the idea of zigzag scanning of a two-dimensional matrix, see Figure 1.A two-dimensional matrix is scanned in a zigzag way to obtain a one-dimensional vector.The onedimensional vector thus has  2 elements, which is then to be reshaped back into an  ×  two-dimensional matrix.Every  consecutive element is used to form a column of this matrix as shown in Figure 2.This method of image scanning is used in the keystream generation step mentioned in Section 5.2.

Fractal Images.
A fractal object [8] is a self-similar object obtained by repeating a kernel at various scales of magnification and can possess high variations.A fractal image can be generated using a mathematical equation or function that is iterated for a finite number of times.The choice of a fractal image is flexible and it depends on the level of detail and colors.Several resources are available on the Internet to generate fractals.Many of the most popular fractal images can be obtained through Iterated Function Systems (IFS) [8].IFS have received a lot of attention because of their appealing combination of conceptual simplicity, computational efficiency, and great ability to reproduce natural formations and complex phenomena [21].There are miscellaneous programs, which are freely available on the Internet, for generating and rendering IFS fractals.Figure 3 shows a sample of eight fractals used in the testing phase of our scheme.

Encryption Evaluation Techniques
There are two main categories for performance evaluation techniques: statistical measures and sensitivity measures.In this section, the evaluation techniques used in the assessment of the performance of the proposed encryption scheme are reviewed.

Statistical Measures.
The statistical means include measuring the correlation among the image pixels, histogram analysis, entropy analysis, and the NIST suite of randomness tests.
Adjacent image pixels in a plain image are highly correlated with each other and, hence, one of the encryption targets is to reduce the correlation coefficients for horizontal, vertical, and diagonal pixels.The correlation coefficient () between two N-dimensional vectors  and  is calculated using the following formula [4]: Histogram analysis is a visual test that shows the distribution of pixel color values across the whole image.For normal images, the histogram shows curves and peaks which means that some specific color values appear more than others.On the other hand, an encrypted image histogram should be flat as no specific color value should appear more than another color value.
Entropy is a measure of the predictability of a random source.Owing to the high correlation between adjacent pixels, image data is predictable and consequently has low entropy.Encrypted image data, on the other hand, should appear random to avoid any information leakage; that is, all pixel values are equally likely to occur.For a binary source producing 2 8 symbols of equal probabilities and each symbol is 8 bits long, the entropy of this source is defined as This source is considered unpredictable for an entropy value of 8.
NIST SP-800-22 statistical test suite was introduced by [4], which is a group of 15 different tests designed to assess the random characteristics of a group of bits.Such bits can be the output of a random number generator or pixels of an encrypted image.The NIST tests in the second scenario examine the effectiveness of the encryption technique showing how similar the encrypted image is to a random noise based on the P value (PV) of the test and the proportion of passing sequences (PP).

Sensitivity Measures.
Sensitivity tests are used in investigating the sensitivity of cryptosystems to changes in plaintext and system key.Secure cryptosystems should be very sensitive to small changes in either plaintext or system key.Sensitivity tests include differential attack measures, mean square error, and one bit change in system key.

Resistance against Differential
Attacks.These study the statistical characteristics of the input plain image and the output enciphered image with the aim to infer any meaningful relationships when changing the input while observing the output to reveal the encryption algorithm.A strong encryption algorithm should be sensitive in the sense that small changes to the input produce a significant change in the output.Quantitatively, different measures are defined for evaluating the protection levels against differential attacks [22].
The mean absolute error (MAE) measures the absolute change between the encrypted image  and the source image .Let  and  be the width and height of the source image, respectively; then where (, ) is the original pixel value at location (, ) and (, ) is the encrypted pixel value at the same location.
The number of pixels change rate (NPCR) is used to measure the percentage of different pixels between two encrypted images  1 and  2 whose corresponding two original images are identical except for only one-pixel difference and it is calculated using The unified average changing intensity (UACI) measures the average intensity of differences between two encrypted images provided that their two corresponding original images are identical except for only one-pixel difference and it is calculated as Recommended values, as reported by [22], of MSE are in the order of 10 4 for (1024 × 1024) images.

One Bit Change in System
Key.This test is used to test and measure the sensitivity of the system key to one bit change.The system key contains the values of the system parameters that are used to initialize the encryption process.A secure encryption process is sensitive to any slight change in any of its parameters and, hence, one bit change in the system key should lead to a totally different behavior in the encryption process.If a system is not sensitive enough to one bit change in the system key, this would lead to revealing the encryption without knowing the exact secret key, which is not acceptable in any practical cryptosystem.For one bit change in system key, two different tests are performed.
Test I.It is changing one bit in the fractals count part () of the key, which leads to the selection of a different number of fractals.
Test II.It is changing one bit in the fractals number part of the key, which leads to the selection of one different fractal other than the originally selected one.

Security Analysis.
Security of the proposed scheme is analyzed by investigating its resistance to classical cryptographic attacks, like known-plaintext and chosen-plaintext attacks to reveal the secret parameters of the algorithm.
In known-plaintext attack, the attacker knows at least one sample of both the plaintext and the ciphertext.In this case, the attacker can use that to break algorithm.In chosen-plaintext attack, the attacker can specify his own plaintext and encrypt it and then uses the result to determine the encryption key.

The Proposed Encryption Scheme
First, the FFCT algorithm used in the first phase is described.
Next, the generation of the keystream based on multiple fractal images is described.Finally, the pseudocode for the proposed encryption algorithm is provided.The technique adopted by [17] calls for the recursive application of the transform to overcome this problem; that is, the FFCT of a block is computed repeatedly until the resulting block has no pixels with value equal to 256; see Figure 4.This process is invertible by computing the inverse transform also repeatedly until encountering the original image block, which does not contain any pixel with value equal to 256.This technique is suggested and applied in [5,17] to encrypt greyscale images.In this paper, this technique is extended to encrypt color images by separating and treating each one of the three RGB color channels independently.

FFCT
The original image block can be restored by applying the inverse finite field cosine transform (IFFCT); IFFCT of a matrix  with dimensions  ×  can be computed as  =  −1 (  ) −1 (modulo ).If  is an orthogonal matrix as in (6), its inverse is simply its transpose.This adds to the simplicity and computational efficiency of the algorithm.Another interesting characteristic of the above FFCT transform computational algorithm is that it lends itself to parallel implementation, where processing of all blocks can be done in parallel.

Pseudorandom Keystream Generation Using Fractals.
Practically, assume that 2  fractal images  1 ,  2 , . . . 2  are available to both the sender and receiver, and only a subset of  fractal images are used in keystream generation, where  ≤ 2  .Hence, the number of fractal images used is a variable part  of the system key.It is noteworthy that the selected fractals should have the same resolution as the plain image.
To generate the keystream to be used in the enciphering phase, a new method is suggested using multiple fractal images rather than the one mentioned in [6].As shown in Figure 5, the keystream is generated by zigzag scanning each fractal image of a variable number of fractals  and then reshaping each into a matrix and finally XORing the resulting reshaped fractals.A sample of fractals used ( = 8) in our work is shown in Figure 3.

Pseudocode for the Proposed Scheme. Suppose a sender A wants to encrypt an image IM and send it to its recipient B;
then A carries out the following steps, assuming that both A and B have agreed on the fractals to be used in the generation of the keystream as well as the transformation matrix .

Encryption Process Phase 1 (FFCT Phase)
Step 1. From the 1024×1024×3 input image, extract the three red, green, and blue color channels.
Step 2. For each channel, divide the 1024 × 1024 image channel into 16384 blocks with each block being 8 × 8 in size.
Step 4. Group the transformed blocks to get the intermediate image.

Phase 2 (Encryption Phase)
Step 5 (key generation).Generate the keystream using the selected fractals agreed upon, by zigzag scanning each fractal and reshaping it and finally XORing the resulting reshaped eight fractals.
Step 6. Encrypt the image by bit XORing the intermediate image resulting from Step 3 with the keystream of Step 5.
The block diagram of the proposed encryption process is shown in Figure 6.

Decryption Process.
The proposed decryption process proceeds as follows, with the block diagram depicted in Figure 7.
Step 1. Perform bit XORing between the ciphered image and the private keystream generated from selected fractals agreed upon to get the intermediate color image.
Step 2. From the 1024 × 1024 × 3 intermediate color image, extract the three red, green, and blue color channels.
Step 4. For each 8 × 8 block, apply the IFFCT as mentioned in Section 5.1.
Step 5. Reconstruct the plain color image from 8 × 8 blocks of each color channel.

System Key Analysis
The system key is composed of the parameters, which are used in the (encryption/decryption) process.It includes the following parameters: (i) For FFCT phase, consider the 8 × 8 transformation matrix  of unsigned 8-bit integers (0 to 2 8 −1), which is used for all 8 × 8 image blocks.It can be generated by specifying  in (1); thus only 8 bits are required for generating the matrix  from .
(ii)  bits are required to specify the number of selected fractals, where 2  is the maximum number of available fractals.
(iii) Consider  ×  bits to specify the selected fractals' numbers, where  is the actual number of fractals selected and where  ≤ 2  .
Thus, the key length is variable depending on number of fractals available 2  and the number of selected fractals  and equals 8 + (1 + ) bits.In our experiment, 8 fractals are selected from 2 7 available fractals ( = 8,  = 7); hence key length used in our experiment equals 71 bits.

Computational Complexity Analysis
The computational complexity of the proposed encryption scheme was calculated for the two phases: (i) For the FFCT phase, we used 8 × 8 matrix multiplication.Since the image resolution is  × , the number of blocks is ( × )/(8 × 8).Thus, the complexity of this step is ( 2 ).
(ii) For the encryption phase, the complexity of zigzag scanning of fractals and XORing with the source image are known to be ( 2 ).Accordingly, the computational complexity of the proposed encryption/decryption scheme is ( 2 ), where  ×  is the source image resolution.Moreover, the computational complexity can be improved by using fast algorithms for computing the FFCT by ( log ) as in [23].

Speed Analysis
After running the proposed scheme many times on different plain images, the approximate time necessary to perform encryption/decryption of a 1024 × 1024 colored image was 7 seconds; thus the average speed of our proposed scheme is approximately 0.45 MB/second.These results were obtained using an HP 250 G3 computer equipped with an Intel(R) Core (TM) i3-4005U CPU @1.70 GHz processor and 4 GB of RAM running Windows 10 64-bits.The block-by-block FFCT computation makes it possible to reduce the time required by the proposed scheme if parallel processing is employed.Moreover, there are fast algorithms for computing the FFCT as in [23].

Experimental Results
All the work in this paper is implemented using MATLAB.
We apply our MATLAB program on 1024 × 1024 standard images available from [24].In order to evaluate the performance of the proposed scheme, our encryption scheme has been applied to some standard images, for example, Mandrill (4.2.03), airplane (4.2.05), and peppers (4.2.07).For the fractals, 2  Mandelbulb fractals can be readily available (from the Internet) and  fractals are chosen.The encryption quality is evaluated using different analysis techniques including both statistical means like correlation coefficients, histogram analysis, entropy analysis, and NIST test suite.Moreover, sensitivity tests like differential attack measures, MSE, and one bit change in system key have been investigated.
It is clear from the results that the proposed scheme successfully meets various requirements for a strong image encryption scheme as detailed in the following points.
(i) As apparent in Figures 8, 9, and 10, the histogram of ciphered images is uniform with all pixel values being equally likely in the three color channels.
(ii) In Figure 11, the correlation among pixels has decreased in the encrypted image and the correlation coefficients are approximately equal to zero.
(iii) Moreover, in Figure 11, the entropy is shown to increase after applying the proposed encryption algorithm and its value approaches 8 (the ideal value).
(iv) Tables 1, 2, and 3 show that the encrypted images successfully passed the NIST suite tests.The symbol N\A in these tables means not available; that is, testing randomness according to this criterion failed.(v) From Figure 12, it is apparent that the proposed scheme is resistant to differential attacks.This is clear since the scheme is sensitive to only one pixel change in the plain image as indicated by the values of MAE, NPCR, and UACI measures.
(vi) As for MSE, from Figure 12, it is apparent that the mean square error between the original image and the encrypted image is large enough in the order of 10 4 as recommended for 1024 × 1024 image.
(vii) As for key sensitivity, Table 4 shows the results of the two tests.NPCR% is computed between the original plain image and the image decrypted using a wrong key in the two tests.As NCPR% approaches 100%, it is clear that the system is very sensitive to key changes.
(viii) Figure 13 shows that the encryption result is very sensitive to a change in the key, regardless of where the change occurs.All of the tests give a totally wrong image other than the peppers image.

Security Analysis
In this section, we analyze the security of the proposed scheme.We mount both known-plaintext attack and chosenplaintext attack and attempt to reveal the secret parameters of the algorithm.However, it appears that the proposed scheme is resistant to both attacks.percentage of image blocks being subjected to a given number of recursive applications of the FFCT has been computed.Such results are shown in Table 5.In all images, for each color channel almost 80% of the blocks had to be transformed only once.A rather small percentage of blocks had to be transformed more than twice.This indicates that the extra computational effort due to the recursive application of the FFCT is minor.It has also been observed that the largest number of rounds necessary for a block was 8.An appropriate choice of the transformation matrix  should be one with a large period  (in our experiments  = 16974594).Thus, there was no risk of returning the transformed block to its original block by the FFCT repetitive application.
In order to further assess the success of the proposed scheme, its performance is compared to several other schemes in literature.Table 6 shows the results obtained when encrypting the Lena (512 × 512) image using the proposed encryption scheme and compares its performance with other related recent schemes.The comparison involves correlation coefficients, some differential attacks measures, and the entropy.Like our scheme, a colored image is encrypted in [6,9,10], while in other researches greyscale images are only considered [11,12,17,18].In Table 6, for a fair comparison, the averages of the performance measures for the proposed scheme for the three RGB channels are compared against the averages of other schemes.This is how we compared our technique using colored Lena image with some other techniques using a greyscale Lena image.The obtained results show great potential compared to other techniques.

Conclusion
In this paper, an efficient scheme for colored image encryption using image pixel value transformation is proposed.The scheme employs the finite field cosine transform FFCT to reduce correlation among adjacent pixels and to obtain a uniform histogram for the enciphered images.The FFCT does not involve any approximations inherent in other transforms as it operates on integers modulo  and results in integer sequences.Moreover, encryption is performed on the transformed image using multiple fractals to enforce more security.The experimental results show that the cipher image has entropy information close to ideal value 8 and low correlation coefficients close to ideal value 0. Thus, the analysis proves the security, correctness, effectiveness, and robustness of the proposed image encryption algorithm.
Additionally, the number of recursive applications of the FFCT to an image block has been investigated and the experiments showed that it has minor effect on the algorithm computational efficiency as it is in 80% of the cases equal to one and the FFCT algorithm can proceed on all blocks in parallel.Finally, for the scheme to resist both known-plaintext and chosen ciphertext attacks, it is suggested to refresh the keystream used in the enciphering phase per communication session and to keep the transformation matrix used in the FFCT phase as a shared secret between the communicating parties.

Figure 3 :
Figure 3: Eight fractal images used in testing the proposed system.

F 1 F 2 F 8 Figure 5 :
Figure 5: Example of key stream generation using 8 fractals.

Figure 8 :Figure 9 :
Figure 8: Histogram analysis of Mandrill original and encrypted image.

Figure 12 :Figure 13 :
Figure 12: Differential attacks and MSE of some encrypted images.
1 (, ) −  2 (, ) 255          × 100%.(12) 4.2.2.Mean Square Error.The mean square error value gives another indication on how far the encrypted image is from the original image.As this value gets larger this implies a better encrypted image.The mean square error is calculated using the following equation:

Table 5 :
Average percentages of RGB channel blocks of test images submitted to recursive applications of the FFCT.

Table 6 :
Comparison among the proposed scheme and other schemes in literature.