Chaotic Image Encryption Based on Running-Key Related to Plaintext

In the field of chaotic image encryption, the algorithm based on correlating key with plaintext has become a new developing direction. However, for this kind of algorithm, some shortcomings in resistance to reconstruction attack, efficient utilization of chaotic resource, and reducing dynamical degradation of digital chaos are found. In order to solve these problems and further enhance the security of encryption algorithm, based on disturbance and feedback mechanism, we present a new image encryption scheme. In the running-key generation stage, by successively disturbing chaotic stream with cipher-text, the relation of running-key to plaintext is established, reconstruction attack is avoided, effective use of chaotic resource is guaranteed, and dynamical degradation of digital chaos is minimized. In the image encryption stage, by introducing random-feedback mechanism, the difficulty of breaking this scheme is increased. Comparing with the-state-of-the-art algorithms, our scheme exhibits good properties such as large key space, long key period, and extreme sensitivity to the initial key and plaintext. Therefore, it can resist brute-force, reconstruction attack, and differential attack.


Introduction
With the rapid development of network and multimedia technology, a large number of images are transmitted and stored in the network. Interactivity, openness, and sharing of network as well as easiness of copying and modifying a digital image, while providing the convenience for users, also provide the opportunity for attackers to steal or tamper secret data [1]. For instance, in June 2013, Edward Snowden leaks the PRISM documents to the media. The major content is that, since 2007, the National Security Agency collects documents, connection logs, photos, videos, emails, and more to acquire personal contact information and action. In addition, according to the report a survey of China Internet Network Security Situation, published by China Computer Emergency Response Team (2012), more than 141.97 millions of computers in the territory of China are controlled by about 0.73 millions of abroad Trojan horses or bonnets. Attackers can acquire any information in these controlled hosts. These facts show that the secret images, whether transmitted through open network or stored in insecure station, need a maximum protection. With the advent of cloud computing and the arrival of big data era, the demand for security becomes extremely high. Among several protection methods in the literature, encryption is one of the most efficient and common methods. However, the inherent characteristics of image, such as high redundancy of data, strong correlation among adjacent pixels, and less sensitivity to data change and its structure property make traditional document encryption schemes unsuitable for image encryption [1,2]. In recent years, with further study in chaos theory, many desirable encryption characteristics of chaotic sequence, for example, nonperiodicity, like-random behavior, sensitivity, and easy to implement, have been found. These features help to enhance the security and reduce the cost of implementation for encryption algorithm. Thus, image encryption based on chaos has become one of the most important image protection methods.

Related Work
In 1998, Fridrich first proposed a representative chaotic image encryption scheme, which has confusion-diffusion 2 The Scientific World Journal integration mechanism [3]. In order to enhance the role of chaos in this kind of integration mechanism, Chen et al. [4], based on 3D cat map, proposed an image encryption scheme. Afterwards, three other schemes were presented in [5][6][7]. Essentially, these schemes have the same encryption principle; that is, confusion and diffusion perform alternatively. However, paper [8] (2008) analyzes this kind of scheme and finds some problem such as weak sensitivity to the change of plain-images or key stream and the flaw of diffusion function and pseudorandom sequence. Obviously, these shortcomings violate the security rules proposed in [9]. On top of that, paper [10] find another defect of Fridrich integration mechanism; that is, neither initial-key nor running-key of an encryption system is related to plaintext. So, if using the same user keys, encrypt scheme would use the same initialkey and running-key to encrypt different images. Practically, user keys do not frequently change. Consequently, this kind of encryption algorithm is cracked. Under these circumstances, in order to design more secure image encryption, studying image encryption in which initial-key or running-key is related not only to user keys but also to plaintext has received increased attention in the research community.
According to the type of key related to plaintext, the existing image encryption algorithms can be divided into two categories. One is based on initial-key related to plaintext. The other is based on running-key related to plaintext.
(1) Image Encryption Based on Initial-Key Related to Plaintext. Paper [11] proposed chaotic image encryption by correlating initial key with plaintext. In the initial-key generation stage, it uses plaintext to disturb the current chaotic number and then takes the disturbed chaotic number as the next input of chaotic iteration. Repeat this process and use the last output value as the initial key. By doing so, the correlation between initial-key and plaintext is created. Paper [12] proposed remote-sensing image encryption in hybrid domains, which first gets the hash value of original image and then calculates the initial key of the encryption system through eight formulae. These formulae use hash value as parameters. Thus, the algorithm realizes the correlation between initial key and plaintext. After that, by using the same method as paper [12], paper [13] established the correlation between initial key and plaintext. Paper [1] proposed a color image encryption algorithm based on DNA sequence operation and hyperchaotic system, which first encodes the image with DNA encoding rules and then gets three Hamming distances through image channels, next, transforms them into three decimal numbers, after that, adds them to initial values of chaotic system, finally, gets initial key. Through this process, the correlation is established.
(2) Image Encryption Based on Running-Key Related to Plaintext. Paper [14] proposed a new image encryption algorithm based on 3D chaotic map. This algorithm does not use the whole chaotic numbers, but only utilizes partial elements as running key. In chaotic sequence, those used elements keep certain interval, which is determined by the current ciphertext. Due to cipher-text closely related to plaintext, runningkey is indirectly related with plaintext.
For the first category, although these algorithms all establish the correlation between the initial key and plaintext, thus being capable of resisting attack method proposed by Solak et al. [10]. Yet chaotic stream, which is used to generate running-key, is totally determined by the initial key and thus its orbit does not dynamically change in the encryption process, which makes encryption algorithm vulnerable to reconstruction attack. For the second one, although algorithm is of good security, yet it only uses a part of the chaotic stream when generating running-key and wastes each element generated but not used. Therefore, it not only fails to not only fails to make full use of chaos resources, but also wastes the expensive time of the system. In addition, the common defect of these two categories of encryption schemes is that they do not consider digital chaotic dynamical degradation. Aiming at the above limitations, an efficient and secure image encryption scheme based on cipher-text disturbing chaotic stream is proposed.

Notation Definitions
: A procedure or function that transforms any chaotic sequence from any distribution into (0, 1) uniform distribution. For example: A universal algorithm for transforming chaotic sequence into uniform pseudorandom sequence [15], or shift-and-cut method [16] as follows: ( ) = |10 − fix(10 k x)|, here refers to chaotic number.
: Any function that can transform uniform (0, 1) random variable into uniform integer space. A concrete represents uniform distribution over [ , ]; int( ) is a function that truncates the decimal portion and remains the integer portion of the value .

Basic Idea.
Our scheme (see Figure 1) is comprised of three parts. The first part is key uniformity module, which includes chaotic sequence uniformity function and space transformation function , implementing transformation from any chaotic sequence to cipher-key. The second is chaotic sequence disturbing module, by disturbing function ℎ, achieving the function of reducing dynamical degradation of digital chaos and generating one time running-key stream. The last is random feedback encryption module, in which The Scientific World Journal Figure 1: Block diagram of our scheme. both length and position of feedback cipher-text are random, increasing the difficulty of breaking our scheme.
3.3. Algorithm Implementation. The encryption processes, which include the forward and backward encryption, are shown in Figure 2. The specific procedure is described in detail as follows.

Encryption Process
Initialization. Select three chaotic maps. The first one, map (1), is used to forward encryption. The second one, map (2), is used to generate a binary vector. The last one, map (3), is used to backward encryption. Set user key, which includes the initial values and parameters of chaotic maps, and related function parameters. is assigned to the number of image pixels.
Phase 1 (Forward Encryption). (1) Generate a chaotic number by iterating map (1). Next, get (0, 1) pseudorandom number by applying function to and then obtain the current running key ( ) through function ; (2) generate a binary random vector = ( 1 , 2 , . . . , ) by iterating map (2);   4 The Scientific World Journal (3) encrypt the current plain-pixel, formulae as follows: (1) (4) map the current cipher-pixel into (0, 1) real number with function. Next, use it to disturb the current output of map (1) and then take the disturbed result as the next input of map (1); (5) repeat steps (1)-(4) until the last pixel of the image. In order to guarantee plaintext sensitivity in any position, we take the above cipher image as an intermediate image; start with the (N−1)th pixel and reversely encrypt the image.
Phase 2 (Backward Encryption). (1) Generate a chaotic number by iterating map (3). Next, apply uniformity function to it to get the (0, 1) pseudorandom number and then obtain the current running key ( ) through function ; (2) generate a binary random vector = ( 1 , 2 , . . . , ) by iterating map (2); (3) encrypt the current pixel, formulae as follows: (4) map the current cipher-pixel into (0, 1) real number with function. Next, use it to disturb the current output of map (3) and then take the disturbed result as the input of map (3); (5) repeat steps (1)-(4) until the first pixel of the image.

Decryption
Process. The decryption process is very similar to the encryption process except that first decrypt cipher-text is generated in the backward encryption process and then do it in the forward encryption process.

Encryption Results
In order to verify practicality and efficiency of our scheme, a lot of encryption experiments have been done. Here we illustrate a simplest example. Three chaotic maps all take Logistic equation = * * (1 − ). Their differences lie in initial values and control parameters, here 1 = 3.8898, Take Lena image and Penguin image as examples, the space histograms for the original images and the corresponding cipher-images are showed in Figure 3. From these results, we can see that our scheme has good cipher-text space distribution.

Key Space.
Our scheme includes the following user keys: initial values and control parameters of chaotic systems, feedback length , parameter(s) of uniformity function , and parameter of function . Even if we consider the simplest case: three chaotic maps all take Logistic map; only take their initial values and parameters as key space (suppose the greatest accuracy of variables is 10 −14 ), while omitting other key possible values. The key space is still at least (10 64 ), which is large enough to resist all kinds of brute-force attack.

Dynamical Degradation Analysis of Digital Chaos.
At present, image encryption schemes based on the correlation between cipher-key and plaintext have dynamical degradation problem. Paper [17] gives three practical solutions as possible remedies: using higher precision, cascading multiple chaotic systems, and (pseudo-)randomly disturbing chaotic system. Furthermore, it points out that disturbance-based solution is superior to others. Thus, our scheme utilizes cipher-text disturbing chaotic stream method to minimize the impact of chaotic degradation on encryption system security.
In order to verify the randomness and periodicity of chaotic sequences generated by our scheme, the phase space ( , +1 ) generated by using our scheme is shown in Figure 4. For comparison, phase spaces generated by using logistic map and method of literature [18] are also shown in Figures 5 and  6, respectively.
One can see that the phase space in Figure 5 is the single trajectory. On top of that, it has many breakpoints. These facts show that such chaotic sequence has strong correlation and short length of period. When compared with Figure 5, the trajectory of phase space in Figure 6 is compound trajectory, which shows that the sequence's correlation becomes weak and its period becomes long. It should be noted that in Figure 4, nearly full space trajectory is generated, not limited by fixed orbits. Thus, randomness and periodicity of chaotic sequence are superior to the other two. These experiments show that our scheme can minimize dynamical degradation of digital chaos.

Reconstruction Attack Analysis.
Image encryption scheme, which uses chaotic sequence to generate cipher key, may be attacked by phase space reconstruction. The theory foundation of such attack is Takens' delay embedding theorem [19]. But in order to use this theory, acquiring a sequence of observations of the state of a dynamical system is the precondition. In our scheme, The chaotic sequence observed by any attacker has been disturbed by cipher-text. According to chaotic sensitivity, the disturbed sequence is totally different from the original chaotic sequence. Thus, phase space reconstruction attack is impossible.

One-Time Running Key Stream.
According to Shannon's theory [20], perfect secret system needs one time pad. In our scheme, under the condition of the same user key, Figure 7 shows the running keys generated by chaotic sequence before and after disturbance. In which the dotted line represents undisturbed running key, the solid line represents disturbed running key used when system encrypts Lena image (see   Figure 8 shows two running keys, represented by a dotted line and a solid line, used when system encrypts Lena image and Penguin image (see Figure 3(d)), respectively.
As can be seen from these results, key generation mechanism in our scheme can guarantee one time running key stream.   where and represent adjacent pixel values, represents image size. For a meaningful image, adjacent pixels usually have a relatively large correlation. For a cipher image, pixel correlation should be as small as possible. For comparison, Rand image is introduced, which is composed of random elements. Seen from Table 1, adjacent pixels in cipher image have very small correlation, which proves our scheme's effectiveness.

Sensitivity Analysis.
A good encryption algorithm should be sensitive to the changes of plaintext or key.  attacker can find out the relation between plain image and cipher image and hence breaks the encryption process. Conversely, differential analysis becomes not significant [13]. Plaintext sensitivity can be investigated through pixel change ratio and bit change ratio. The former can be measured by NPCR (number of pixel change rate) and UACI (unified average change intensity) [4]. The latter can be examined by avalanche effect. Table 2 shows the results of plain-image sensitivity analysis. The NPCR is over 99%, UACI is over 33%, and bit flip ratio is close to 50%. These results show that our scheme is extremely sensitive to plain-image, therefore, can effectively resist chosen-plaintext attack.

User Key Sensitivity Analysis.
User key refers to some values given by a user used to set the parameters of an encryption scheme. The sensitivity of cipher-image to user key can be analyzed from two aspects. One is correlation. The other is decryption ability.
Correlation refers to the relationship between two cipherimages. Its strength can be measured by correlation coefficients. Here, two cipher images are generated with the same plain-image, slightly different user keys. According to the definition of user key sensitivity, if cipher image sensitively depends on the user key, encrypting the same image with slightly different user keys would generate two completely different cipher images, which have little correlation. Formula (3) is adopted to calculate correlation coefficients, where , represent pixel values of two cipher images, respectively. Experiment is as follows.
Suppose primary user key is 1 = 3.8898, 2 = 3.98, 3 Table 3, two cipher images have little correlation, which shows that our scheme is sensitive to user key. In the decryption ability, Figure 9(a) shows the Lenacipher image encrypted with the primary user key. Figure 9(b) shows decrypted image of Figure 9(a) with the user key generated by making a Δ 1 alteration to the primary user key.
As we have expected, if the component, no matter what, of the primary user key is changed slightly, the decrypted image would be completely different from the original image. Thus, our algorithm is extremely sensitive to the change of user key.

Min-Entropy Analysis.
In chaotic image encryption field, Shannon's entropy is always utilized to do statistics analysis. But Shannon's entropy measures the amount of randomness that a distribution contains on average. Considering the practical methods of attack, we think min-entropy [21] is more suitable to do that.
Min-entropy: ∞ ( ) = min ∈{0,1} log 1/pr[ = ], ∈ {0, 1} . Equivalently, a distribution has min-entropy at least if the probability of each element is bounded by 2 − . Intuitively, such a distribution contains random bits. Minentropy measures the amount of randomness on the worst case. In order to support our opinion, both Shannon-entropy and min-entropy are all shown in Table 4.
From Table 4, we can see that Shannon entropy of cipher-Penguin is higher than that of cipher-Lena, but the minentropy is just the opposite. According to attacking method, cipher-Penguin is easier to break. From such fact, we think min-entropy is better than Shannon entropy in security analysis. In addition, Table 4 shows that the min-entropy of our scheme is higher than that of the scheme in literature [11]. Thus, our scheme is more secure.

Speed Analysis.
Apart from the security aspect, running speed is another important factor in measuring image encryption scheme. Due to the difference of computer configurations and code optimization ways, running speed cannot be compared directly [13]. Therefore, time complexity analysis is used. Our algorithm includes two stages. They are forward and backward encryption. Time complexity of each stage is ( ), here, denotes feedback maximum length. Therefore, the whole algorithm time complexity is (2 ). The time complexity of paper [22] is ( + 3 + log( )). Thus, our algorithm is effective in speed.
Additively, in our scheme, several measures are taken to improve running speed. The first is disturbing chaotic stream by cipher-text which can effectively avoid wasting chaotic number and hence accelerate key generation. The second is only two rounds which are necessary to implement high sensitivity of cipher-text to any position plaintext. All these measures can help to accelerate the running speed.

Conclusion
In this paper, we present a new image encryption algorithm based on one time running-key. Using cipher-text to disturb chaotic stream not only helps to minimize digital chaotic degradation, hence reducing the influence of degradation on security of an encryption system, but also implements one time running key and improves the encryption efficiency. Also, introducing random feedback mechanism further enhances the security of our scheme. In addition, minentropy, which more exactly measures the ability of resisting statistical attack, is first proposed to replace Shannon entropy. The last feature is chaotic map and transformation function which can be chosen according to user requirement and possessing strong flexibility and expandability. In the future, parallel implementation of image encryption scheme will be investigated.