A Chaotic Cryptosystem for Images Based on Henon and Arnold Cat Map

The rapid evolution of imaging and communication technologies has transformed images into a widespread data type. Different types of data, such as personal medical information, official correspondence, or governmental and military documents, are saved and transmitted in the form of images over public networks. Hence, a fast and secure cryptosystem is needed for high-resolution images. In this paper, a novel encryption scheme is presented for securing images based on Arnold cat and Henon chaotic maps. The scheme uses Arnold cat map for bit- and pixel-level permutations on plain and secret images, while Henon map creates secret images and specific parameters for the permutations. Both the encryption and decryption processes are explained, formulated, and graphically presented. The results of security analysis of five different images demonstrate the strength of the proposed cryptosystem against statistical, brute force and differential attacks. The evaluated running time for both encryption and decryption processes guarantee that the cryptosystem can work effectively in real-time applications.


Introduction
Some researchers utilized conventional cryptosystems to directly encrypting images. But this is not advisable due to large data size and real-time constraints of image data. Conventional cryptosystems require a lot of time to directly encrypt thousands of image pixels value. On the other hand, unlike textual data, a decrypted image is usually acceptable even if it contains small levels of distortion. For all the above mentioned reasons, the algorithms that function well for textual data may not be suitable for multimedia data [1]. Many studies have been performed on the use of textual encryption algorithms for images by modifying the algorithms to adapt with image characteristics. One such option for encrypting an image is to consider a 2D array of image pixels value as a 1D data stream and to then encrypt this stream with any conventional cryptosystem [2,3]. This would be considered a naïve approach and usually is suitable for text and occasionally for small images files that are to be transmitted over a fleet dedicated channel [4]. Subramanyan et al. [5] proposed an image encryption algorithm based on AES-128 in which the encryption process is a bitwise XOR operation on a set of image pixels. This method employs an initial 128-bit key and an AES key expansion process that changes the key for every set of pixels. The secret keys are generated independently at both the sender and the receiver sides based on the AES key expansion process. Therefore, the initial key alone is shared rather than the whole set of keys. 2 The Scientific World Journal The flapping wings represent a tiny variation in the initial conditions of the dynamic system that causes a chain of events leading to large-scale changes in the future. Had the butterfly not flapped its wings, the trajectory of the system might have been vastly different [7]. In general, this means that a small variance in the initial parameters (even in ten-millionth place value) could yield widely divergent results. Hence, for a chaotic system, rendering long-term prediction is impossible in general. This means that having initial conditions of these systems makes their future behavior predictable. This behavior, which derived from a natural phenomenon, is known as deterministic chaos or, simply, chaos and exhibits by chaotic maps. Such maps are classified as continuous maps and discrete maps.
In the 1990s, numerous researchers found that there are some relationships between properties that have counterparts in chaos and cryptography. A high sensitivity to initial conditions, with deterministic pseudorandom behavior, is an interesting similarity between chaotic maps and cryptographic algorithms. Furthermore, confusion and diffusion are two general principles in the design of cryptography algorithms that lead to the concealing of the statistical structure of pixels in a plain image and to a decrease in the statistical dependence of a plain image and the corresponding encrypted one. Applying a mixing property on chaos-based encryption algorithms will increase the complexity of the cipher image.
Chaotic maps are assigned to discrete and continuous time-domains. Discrete maps are usually in the form of iterated functions, which corresponded to rounds in cryptosystems. This similarity between cryptography and discrete chaotic dynamic systems is utilized to propose chaotic cryptosystems. Each map has some parameters that are equivalent to the encryption keys in cryptography. In stream cipher, a chaotic system is applied to generate a pseudorandom key stream but in block ciphers, the plaintext or the secret key(s) are used as the initial and control parameters. Finally, some iteration is applied on the chaotic systems to obtain the cipher-text. Security and complexity are significant concerns in cryptosystems. These should be considered when selecting a map and its parameters for use in cryptography [8].

Related
Works. The first chaos-based cryptosystem was proposed by Matthews in 1989 [29]. Subsequently, the amount of research on chaotic cryptography increased rapidly, while trying to break (and find the weakness of) the proposed schemes in order to improve chaos-based cryptosystems.
The algorithm proposed by Wang et al. [30] for encrypting color images utilizing a logistic map was broken by Li et al. [31]. Another cryptosystem analyzed by Li et al. [32] is the recent work of Zhu [26]. Zhu applied hyperchaotic sequences to generate the key stream but Li in his work proved that the proposed algorithm was not sufficiently robust against a chosen plaintext attack. Another weak cryptosystem is the combination of the Lorenz map and perceptron model of the neural network proposed by Wang et al. [33]. This chaotic algorithm was cracked by Zhang et al. [34] after analyzing its security by simulated attacks. The experimental results show that the secret key can be reconstructed after one pair of known-plaintext/ciphertext attacks. Furthermore, the effect of changing one bit in the plain image is a change in only one bit at the same position in an encrypted image. This is another weakness of Wang's proposed algorithm.
Many similar works have failed in security analysis. Hence, when designing and implementing a chaos-based cryptographic system, some important requirements should be kept in mind. A common framework was proposed by Alvarez and Li [35] for chaos-based cryptosystem designers. Implementation rules, key management tips, and security analysis approaches are three main issues suggested in their work. Adhering to these basic guidelines guarantees an acceptable level of security with the chaos-based cryptosystem scheme. Moreover, Alvarez and Li in [36] established a practical security analysis of a cryptosystem based on the Baker map [37]. In addition to breaking this cryptosystem due to vulnerability of the key, some countermeasures are introduced for improving and enhancing the security of similar cryptosystems. Alvarez and Li in another cryptanalysis work [38] presented that the nonlinear chaotic algorithm by Gao et al. [39] is insecure according to failure in the plaintext attack and statistical and key space analysis.
Chaos-based encryption algorithms are based on diverse types of chaotic maps and also on discrete maps. Most of these are a combination of two or more chaotic maps to achieve a greater level of complexity, security, and expanded key space. A combination of the Arnold cat map and the Chen map was the work of Guan et al. [40]. The Arnold cat map was applied to clutter the position of the pixels followed by XOR with the discrete output signal of the Chen map to modify the gray value of the cluttered pixels. This was analyzed and improved by Xiao et al. [41]. They found the weakness of the proposed algorithm and overcame the flaws.
To overcome the disadvantages of permutation-only cryptosystems, Fu et al. [12] proposed a novel shuffling algorithm which performs an efficient bit-level permutation in two stages of chaotic sequence sorting and Arnold cat map. Their analysis results show that this scheme is more secure and has much lower computational complexity than previous similar works.
Xu et al. [10] analyzed the improved work of Xiang et al. [42] and found two drawbacks. In their proposed letter, iterating Chen chaotic system generates random number sequence, which is more random in comparison with the sequence that was generated by logistic map in [42]. The second drawback is overcome by setting the parameter of Chen map using the last one byte of encrypted plaintext after every iteration that leads to a higher sensitivity of encrypted image to the plain one. This scheme is fast and secure according to simulation results and large size of key space, respectively.
To overcome the drawback of time-consuming real number arithmetic calculations in chaos-based image encryption techniques, a block cipher cryptosystem was proposed by Fouda et al. [27]. This fast and secure chaotic scheme is based on sorting the integer coefficients of linear diophantine The Scientific World Journal 3 equation (LDE), which is generated dynamically by only two rounds of any chaos map.
The scheme of Chen et al. [28] is another work that is proposed to enhance the efficiency of chaos-based encryption. They found that permutation-diffusion encryption approaches are produce with high computation of at least two chaotic maps and weak against known/chosen plaintext attacks. Hence, they proposed a dynamic mechanism to generate the state variables from the 3D or hyperchaotic maps for snake-like diffusion and pixel-swapping confusion. A tiny change (e.g., one pixel) will make a totally different key stream sequence at the first round of encryption. Table 1 is a brief overview of some chaotic maps applied in image encryption. The Arnold cat map is the most commonly used map in chaos-based image encryption works with the main purpose of shuffling pixels of an image in a pseudorandom order.

Henon Map.
Henon is a two-dimensional dynamic system proposed [43] to simplify the Lorenz map [44] with the same properties and is defined by (1). This might be easier to implement than the differential equations of the Lorenz system. Consider The initial parameters are , and the initial point is ( 0 , 0 ). Each point ( , ) is mapped to a new point ( +1 , +1 ) through the Henon map. For = 1.4 and = 0.3, the Henon function has chaotic behavior and the iterations have a boomerang-shaped chaotic attractor. Figure 1 is the outline on a two-dimensional plane for the Henon map obtained from a distinct number of iterations starting from the chosen initial point (0.1, 0.1). Minute variations in the initial point will lead to major changes and different behavior.

Arnold Cat
Map. ACM is a mixing discrete ergodic system that performs an area preserving stretch and fold mapping discovered by V. Arnold in 1968 using the image of a cat. This 2D transformation is based on a matrix with a determinant of 1 that makes this transformation reversible and described as Here, and are integers and ( , ) is the original position that is mapped to the new position ( , ). This transformation randomizes the original order of pixels or bits in an image. However, after sufficient iterations, the original image is reconstructed. Reverse mapping using (3) is a phase in decryption process to transform the shuffled image into the input image. The number of iterations in the permutation step must be equal to that of the reverse transformation. Consider

Initializing Prerequisite
Values. In addition to , , and initial point ( 0 , 0 ) in (1), there are some other variables that must be initialized before running the algorithm. The proposed encryption architecture is shown in Figure 2. This scheme is based on two secret images and permutation steps in the bit level and pixel level. In the bitwise permutation, the pixel values are distorted but, in the pixel permutation, the pixels are shuffled without any alteration in value and histogram. Creating the secret images and a set of parameters and for the Arnold cat map are prerequisites for the encryption and decryption processes. Secret images have pseudo-random-like gray pixel distributions and are created using coordinates and generated by a Henon map. The secret images are the same as the plain image in height and width; therefore, the number of iterations for the Henon map depends on the total pixels in the plain image. In this work, experiments are performed on × gray-level images. Hence, the minimum iterations of Henon map should be 2 . The first few iterations seem fairly close together. Therefore, the total number of iterations is 2 + 100, but the first 100 points are discarded to achieve higher randomness. Secret image pixels are generated using (4) and (6). The pix and pix are sets of pseudorandom numbers (0 ≤ pix , pix ≤ 255) created by -coordinates and -coordinates of the Henon map and are considered pixel values. To shape the one-dimensional pixel values into an image, (5) and (7) are applied to create the 2D secImgX and secImgY secret image. The final secret image is generated by a combination of secImgX and secImgY by performing the XOR operation on the corresponding pixels as described by (8). Consider secImg = xor (secImg , secImg ) .
The permutation steps by the Arnold cat map are based on the parameters and . The -coordinates andcoordinates that result from the iterations of the Henon map are applied to generate parameters for the ACM. The pixels or bits of an input image that are permuted by the Arnold cat map return to its preliminary position after finite iterations. Attackers may be able to restore the original image by using this periodicity. To avoid such reconstruction of the input image, iteration is repeated for rounds with different values for the parameters and in each round. Equations (9) and (10) generate parameter values for the Arnold cat map. The The Scientific World Journal × × Xu et al. [10] × Zhang and Cao [11] × × Fu et al. [12] × Zhang et al. [13] × × × Ghebleh et al. [14] × × Elshamy et al. [15] × Ye and Zhou [16] × × Ye and Zhou [17] × × Wang et al. [18] × Al-Maadeed et al. [19] × Patidar et al. [20] × × Wong et al. [21] × Guanghuia et al. [22] × Zhang et al. [23] × Liu et al. [24] × × number of generated parameters is equal to the total number of permutation rounds: = abs (⌊ 100+ × 10 14 ⌋) mod , = 1, . . . , * ( + ) . Figure 2 presents the architecture of the proposed encryption scheme. This scheme has three inputs and three main functions, and the final result is the encrypted image. The plain image, secImgX, and secImgY are the three main inputs for this model. The primary functions are bit permutation, pixel permutation, and pixel modification. As illustrated in Figure 2, at the first step, secImgX and secImgY are XORed pixel by pixel to generate secImg. Then, pixels of the secret image are permuted rounds. A simultaneous step is rounds of bit-level permutation of the plain image. The outputs of these two phases are applied to pixel modification, which is a sequence XOR of consecutive pixels. The result is fed back to the bit permutation function (instead of the plain image) for additional − 1 rounds while the secImg is permuted with new parameters at each round. The functions details are described in the following sections.

Bit Permutation.
For a gray-level image with a size of × pixels, the total bits are × × 8. Prior to bit permutation, the input image is divided into eight subimages. Each subimage is × /8 pixels or × bits in height and width as shown in Figure 3. Matrix (11) shows how the th subimage is created. Replacing the corresponding pixel values of the input image at the proper position of the matrix would create the subimage. A pixel in the position ( , ) is an 8-bit value in the form of (12), where (8) is the most significant bit (MSB) and (1) is the least significant bit (LSB) of the pixel value in binary form. Every pixel value of the subimage converts to its binary format and creates the bit-plane. The bit-plane is a matrix with rows and columns and each element is one bit 0 or 1. Matrix (13) shows how to create the matrix for the bit-plane. Each subimage is converted to the equivalent × bit-plane and each bit-plane is permuted separately and independently: ] .
After creating the bitPlane matrices, the Arnold cat map was applied to these matrices to permute the bits. In the permutation phase, the new location of each bit is calculated by (14). The pair of ( , ) is the new position of ( , ). At the first phase, the input image is permuted times with different parameters and where = 1, . . . , . Consider After finishing this phase, the bitPlane matrices are changed to decimal values to reconstruct the image pixels.

Pixel Permutation.
Concurrent with bit permutation of the plain image, the secret image is permuted for rounds at the pixel level to change the position of the pixels in a random manner. In contrast to bit permutation, pixel permutation does not affect the pixel values. Therefore, histograms of the plain image and the shuffled image are entirely the same. The permutation is performed times with different parameters and with = 1, . . . , . Consider

Pixel Modification.
The concluding phase is a sequence XOR to modify the pixel values. This step will cause extreme changes in the pixels of cipher image with even one bit change in a pixel in plain image. This step is based on the shuffled secret image and the bit-level permuted plain image. Equations (16) and (17) are used to change pixels consecutively. The output of this step is a modified image. For more confusion and modification, this step will repeat for rounds. After each round, the result is replaced with a plain image, as input, and the secret image will permute rounds. After completing rounds, the final output is the cipher image. Consider 3.3. Decryption Process. Figure 4 shows the decryption process. On the receiving side, the secret image is generated by XORing secImgX and secImgY, which are recreated using private parameters. Inverse pixel modification is performed on the cipher image and the secret image after × rounds of pixel permutations. The result of the secret image pixel permutation in the first step is saved for subsequent steps and at each round this is inverse permuted for rounds and applied as an input to the inverse pixel modification function. The additional input is (the feedback of) the output of the inverse pixel modification function after rounds of inverse bit permutation.

Experiments and Security Analysis
Experiments are carried out to analyze the proposed algorithm and evaluate their security and robustness. A vigorous encryption algorithm is resistant to attacks by an opponent or to unauthorized access. Due to the various types of attacks, a comprehensive security analysis is inevitable. This section analyzes the results of simulated attacks such as a statistical attack, a differential attack, a brute-force attack, and a known/chosen plaintext attack to demonstrate the strength of the proposed technique. Key space, encryption time, and decryption time are additional parameters that will affect the decision-making regarding the choice of applied cryptosystem. The selected images for the experiments are "Peppers, " "Baboon, " and "Fingerprint, " which are 512 × 512 gray images. "Cameraman" and "Chess-plate" are two additional images of size 256 × 256. The proposed algorithm is implemented using the MATLAB programming language on a PC with a 64-bit OS, Core i5 CPU, and 8 GB installed RAM.

Initial Values.
The Henon map is the main function in this cryptosystem and the generated chaotic sequence is employed to produce both the secret image and the parameters for the Arnold cat map. Its initial value is one of the secret keys in this scheme.
Having obtained the set of and , we can create pixels of secImgX and secImgY by setting the values = 12345678 and = 87654321 in (4) and (6) as shown in (19) and (21), respectively. Then, we reshape them to form an image with the same size as the plain image using (20) and (22). The final secret image is the result of (23). Consider pix = abs (⌊ 100+ × 87654321⌋) mod 256, The    The parameters for the Arnold cat map that perform permutations on the plain image and secret images are the set of and . Each pair of and is a modified value of a point on the Henon sequence. These coordinates are real numbers. They converted to integer numbers using multiplied, modular, and absolute operations as described in (8)   The results for 256 × 256 were almost a quarter of the given intervals in Table 2. The total encryption time is calculated by (25) and the decryption time is calculated by (26). Table 3 is the encryption time of proposed cryptosystem in comparison with recent similar works for a 256×256 gray image. Consider = * * + + ( − 1)

Encryption and Decryption Illustrations and Histogram.
The image histogram is the graphical illustration of the pixel distribution at different gray levels. A great deal of statistical information regarding the image is extractable from its histogram [45]. by Zhu et al. [9]. Despite the pixel value alteration by Zhu's model, the histogram of the permuted image is not uniform. This is due to the permutation of a group of bits in the same position. According to Shannon's theory, the 8th bit (MSB) pixel values carry almost 50% of the total information of the image. Permuting all of the bits at the same location will not vastly change the image pixels' value. Hence, the plain image, which is shown in Figure 5, is bit permuted for four rounds, and the result and its histogram are illustrated in Figure 6. It seems that there are patterns that still appear in the image. To overcome this vulnerability, a bit permutation scheme is proposed and shuffles the bits entirely and independently of its position. Figure 7 shows the subimages of the plain image that would be permuted independently. After four rounds of permuting each subimage with altered parameters, the result and its histogram are shown in Figure 7. Visual comparison of images and histograms in Figures 6 and 7 demonstrates the efficacy of the proposed bit-permutation model. Figures  8 and 9 are the images and the histograms after the encryption and decryption process, respectively. The decrypted image is the same as the original one and this technique is found to be lossless.

Key Analysis
4.4.1. Key Space Analysis. The total number of possible keys that an attacker must try to break a cryptosystem is called key space and it should be large enough to prevent bruteforce attack. In the proposed cryptosystem, the initial point ( 0 , 0 ) of the Henon map was used as one of the secret keys. Other control parameters are , , , , , , and . These parameters should be kept secret and be used as secret keys. Table 4 is the upper bound for each variable. A combination of these parameters will provide a large key space of approximately 2 300 that is sufficient to make bruteforce attack infeasible and very large rather than similar works that are compared in Table 5.

Key Sensitivity Analysis.
In addition to a sufficiently large key space to protect an encrypted image from bruteforce attacks, a strength algorithm should also be absolutely sensitive to both encryption and decryption keys. Changing even one bit in a secret key will cause a completely different result in either the encrypted image or the decrypted image. Key sensitivity is analyzed in both the encryption The Scientific World Journal and the decryption phase. In the encryption phase, the cipher image that results from changing even one bit in any one of the initial values is compared with the encrypted image that resulted before changing the key. The results are given in Table 6. Several experiments were performed and, in each experiment, only one parameter was manipulated while others were unchanged. The changed values and the difference rates for the produced images are listed in the table.
In the decryption phase, key sensitivity means that the encrypted image cannot be decrypted by slight variations in the secret key. Based on the results in Table 7, changing even one bit in the decryption key will result in a wholly different decrypted image.

Statistical Analysis.
Statistical analysis can extract the relationships between the original and the encrypted image. Shannon in his theory of information and communication [45] proved that it is possible to break many types of cryptograms by statistical analysis. This can be thwarted by dissipating the redundancy in the structure of the message by diffusion or by increasing the complexity of the relationship between the encrypted message and the secret key by confusion. Either confusion or diffusion is presented in the proposed cryptosystem to frustrate statistical attacks.

Correlation Analysis.
Two adjoining pixels in a regular image are strongly correlated in horizontal, vertical, and diagonal positions. Scatter plots in Figures 10 and 11 reveal the correlation of two adjacent pixels in horizontal, vertical, and diagonal distributions in the plain and the cipher image, respectively. Correlation coefficients are calculated for test images by (27) and the results for plain images and cipher images are listed in Table 14. For an ordinary image, the correlation coefficients are very close to 1, which is the highest possible value. The produced encrypted image is ideal and resists statistical attack if the correlation coefficients are very low and close to 0. Consider

Entropy Analysis.
Entropy is a statistical parameter that is defined to measure the uncertainly and randomness of a bundle of data. According to Shannon theory, image entropy  is the number of bits that is necessary to encode every pixel of the image. The optimal value for entropy of an encrypted image is ∼8. This quantity describes the random pattern and texture of pixels in an encrypted image and is calculated by where is the total number of gray levels (i.e., 256) and is the probability of incidence of intensity in the current image. is the number of pixels with intensity divided by the total number of pixels. The base-2 logarithm will present the calculated entropy in bits. The entropy values for plain images and encrypted images are given in Table 14.

12
The Scientific World Journal  4.6. Differential Analysis. For the purpose of differential attack, an attacker changes a specific pixel in the plain image and traces the differences in the analogous encrypted image to find a meaningful relation. This is also known as a chosenplaintext attack. A robust encrypted image must be sensitive image. This parameter is calculated by (29) and for an ideal encryption algorithm it is 1. Consider where 1 and 2 are obtained by encrypting two × plain images and one random bit dissimilarity. The UACI in differential analysis is the unified average changing intensity between two encrypted images with a difference in only one bit in corresponding plain images. The UACI can be calculated by (30): To evaluate the sensitivity of the proposed algorithm to differential attacks, a random bit is changed in the plain image. Encrypting two plain images with a difference in only one bit produces two encrypted images. The rates of pixel and intensity differences in the two encrypted images are calculated. Tables 8, 9, and 10 present calculated UACI and NPCR values for different combinations of , , and to trade off the encryption speed and the overall rounds to find a threshold that achieves the highest rate. The following tables are related to the Peppers image. From Tables 8 and 9, it was concluded that increasing the value of the parameter that is related to the pixel permutation rounds does not affect the NPCR and UACI values. These values depend only on and . However, to increase the level of confusion and increase the key space, pixel permutation is required. The results in Table 10 were used to find the minimum values for and that result in the ideal value for NPCR and UACI with the smallest run-time. It was concluded that at least three rounds of were required to obtain the highest values for UACI and 14 The Scientific World Journal   (25) and the combination of ( , , ) that encrypts the image with the smallest run-time is (3, 1, 1). In addition to Peppers, the same experiments were performed on Baboon, Figure 12, Fingerprint, Figure 13, Cameraman, Figure 14, and Chess-plate, Figure 15. The results of the experiments on these three images are investigated to determine the strength of the proposed cryptosystem. Tables 11, 12, 13, and 14 list the calculated values of UACI and NPCR for different combinations of and in Baboon, Fingerprint, Cameraman, and Chess-plate images, respectively. Because the results were similar to other combinations of the Pepper image, the other similar tables were discarded and only

16
The Scientific World Journal       the set of and was surveyed. The results for entropy, correlation, and brief of the UACI and NPCR are listed in Table 15.

Conclusion and Future Works
In this paper, a new chaos-based cryptosystem has been proposed for encrypting images. The Arnold cat map and the Henon map are two discrete chaotic maps that are used in this scheme. Bit shuffling and pixel shuffling are reversible transformations that are performed using the Arnold cat map with various secret parameters. Improving the randomness of transformation and the efficiency of bit permutation are two advantages of this cryptosystem that increases the strength of the ciphered image in comparison with previous works. Iterating the Arnold cat map with different parameters at each round prevents undesirable reconstruction of the input image. These parameters are generated by the Henon map with secret initial values. The points generated by the Henon map are also applied to create secret images for more confusion and diffusion and to increase the key space. Sequential XOR of the bit-permuted plain image and the pixel-permuted secret image is another phase of modifying the pixels values. This creates a slight distortion in the plain image to prevent successful differential attacks. The results of security analysis of five images demonstrate the resistance of the encrypted image to statistical attacks and to the chosenplaintext attack. In addition, a sufficiently large key space makes a brute force attack impractical. As the future work, the proposed cryptosystem in this paper will combine with a public key technique such as ECC or RSA to propose a hybrid encryption method. This technique is a chaotic asymmetric cryptosystem.