A New One-Dimensional Chaotic Map and Its Use in a Novel Real-Time Image Encryption Scheme

. We present a new one-dimensional chaotic map, suitable for real-time image encryption. Its theoretical analysis, performed using some specific tools from the chaos theory, shows that the proposed map has a chaotic regime and proves its ergodicity, for a large space of values of the control parameter. In addition, to argue for the good cryptographic properties of the proposed map, we have tested the randomness of the values generated by its orbit using NIST statistical suite. Moreover, we present a new image encryption scheme with a classic bimodular architecture, in which the confusion and the diffusion are assured by means of two maps of the previously proposed type. The very good cryptographic performances of the proposed scheme are proved by an extensive analysis, which was performed regarding the latest methodology in this field.


Introduction
Image encryption schemes have been increasingly studied in order to ensure real-time secure images transmission through the Internet or through the communication networks.To meet this challenge, many new encryption schemes based on classical algorithms (e.g., Blowfish, AES, DES, etc.) have been proposed in the last years [1][2][3][4][5].Starting from 1989, when Robert Matthews proposed the first chaos-based cryptosystem, in which he used the logistic map, chaotic maps have become a new direction to develop image encryption schemes which have, in many aspects, similar properties to the conventional ones [6][7][8][9][10].Recently, many researchers have proposed different encryption schemes based on chaotic maps, being encouraged by the chaotic properties of dynamical systems such as high sensitivity to the initial conditions, ergodicity, and topological transitivity [11][12][13][14][15][16][17].
It is well known that a good encryption algorithm should be sensitive to the secret key, and the key space should be large enough to make brute-force attacks infeasible [18,19].In-based encryption schemes, the secret key space is defined by the control parameters and/or the initial conditions of the maps underling chaos.For some of the proposed chaos-based encryption schemes it was proved that an incorrect selection of the initial condition or the use of chaotic maps which have a small range of the control parameters or an uneven values distribution leads to a weak security [19][20][21][22][23][24][25].
In this sense, we proposed in [26] a new chaotic map with large interval of parameters values for which the chaos is fulfilled, obtained by compounding a periodic real map with a bounded real map.Using specific mathematical and numerical tools from chaos theory and statistics, we proved that the proposed map has very good cryptographic properties.Then, the proposed map was used to design a new PRNG/PRBG model, based on a well-known binary operation [26].In this paper, we have extended our work by studying not only theoretically but also only numerically the behavior of another map designed in the same manner.Thus, we used the topological conjugacy mechanism with logistic map, in order to study the behavior of the proposed map.Also, we have calculated the analytic form of Lyapunov exponent, which allows us to prove theoretically that the proposed map is chaotic for a large interval of parameters values.Moreover, the proposed chaotic map is used in a new real-time image encryption scheme, in which the confusion property is ensured by a new 2 Advances in Multimedia algorithm for generating random permutations, while the diffusion property is achieved using a new efficiently XORscheme.
The paper is organized as follows: in Section 2 we present the design of the newly proposed chaotic map, including its chaotic behavior assessment.Section 3 showcases the detailed and comprehensive randomness' testing process of sequences generated by the orbit of the new chaotic map.Section 4 presents a new image encryption scheme based on the map proposed in Section 2. Section 5 presents the performance analysis of the proposed image encryption scheme.Finally, Section 6 concludes the work carried out so far.

The Proposed Chaotic Map
In any encryption system, the basic issue is the selection process of the secret keys.According to the principle postulated by Menezes et al. [18], the security of the cryptosystem must depend only on the secret key.Even if an encryption algorithm is well designed, if the secret key is incorrectly chosen or the key space size is small, the security is endangered.Chaotic-based cryptosystems proposed so far have not defined a clear set of rules to be followed in the selection process of the secret key [27].In many cases, the idea that the secret key is constituted by the control parameters and/or the initial condition of the map for which this is chaotic and ergodic was implicitly admitted.Most used maps in chaosbased encryption schemes proposed so far, respectively, the logistic map, tent map, and Hénon map, have small ranges of the parameters' values, for which the two requirements are achieved, that is, intervals (3.999, 4], (0.999, 1), and [1. 1, 1.4].Due to the discretization (i.e., implementation of the real numbers is realized with a finite precision in computers), the key space size of a cryptosystem based on chaotic map will actually collapse to a finite and a small set of numbers [6,19,24,25,28,29].
The new chaotic map proposed in this paper uses (1) as model.Here, whilst  represents a periodic real map (selected so as to ensure a large phase space), ℎ represents a bounded real map (which, by an appropriate selection, restricts the phase space to a closed interval in which the map has good chaotic properties): Therefore, the proposed one-dimensional chaotic map, which is defined with respect to (1), is given by The behavior of a map can be easily studied using the mechanism of topological conjugacy with a map whose behavior is already known; thus it established an equivalent relationship between their dynamics [30,31].So, we have determined the topological conjugacy between the proposed map and the logistic map, whose properties are already wellknown.
Proof.To prove that the   and   maps are topologically conjugated through the homeomorphism ℎ, we check that the following condition is satisfied: For  ∈ [−1, 0] the left term from (5) becomes For  ∈ [−1, 0] the right term from ( 6) becomes Substituting the relations ( 6) and ( 7) in ( 5), we obtain which is equivalent with and hence Summing up, condition (5) is satisfied.In a similar manner, condition (5) was proven for  ∈ [0, 1], which concludes the proof of the proposition.Proof.In order to study the asymptotic behavior of an orbit { 0 ,  1 , . . .,   } of the chaotic map , in the phase space, which starts from an initial point  0 ∈ [−1,1], we will use a strong instrument from the chaos theory, such as the Lyapunov exponent   [31], given by the relation The maps  and  are topologically conjugated through the conjugation map ℎ given by relation (4); thus, after applying the derivation rule of the continue maps, we obtain from which it results that Therefore, we obtain the relation Appling the limit after  in the last relation, we obtain the following relation: The Lyapunov exponent of the logistic map is given by the relation [31]   = lim Relation (16) shows that the Lyapunov exponent of the orbits corresponding to the  map is identical with the  map one, so we obtain Due to the fact that the Lyapunov exponent is positive, the asymptotic behavior of any orbit of the  map is chaotic [30,32,33].The next objective is to determine a statistical image of the  map dynamics, in the phase space, using the same mechanism of topologic conjugation, through theoretical results postulated by Grossman and Thomae in [30].
Proposition 3. The  map given by relation (2) conserves an absolute invariant density function that is continuous on the interval [−1, 1] and is equal to 1.
Proof.Let   and   be the probability densities of the maps and .Because these maps are topologically conjugated through conjugation map ℎ, applying the Grossman-Thomae theorem [30], we obtain the relation For  ∈ [0, 1], conjugation map ℎ is given by the relation Thus, we obtain that The invariant density function of the logistic map has the following analytical expression [33]: So, relation (19) becomes From (23) we conclude that the density function of probability of the map is equal to 1, for any  ∈ [0, 1].In the same manner, we can prove that the probability density function of the  map is equal to 1, for any  ∈ [−1, 0], which concludes the proof of the statement.

The Parameterization of the Proposed Dynamic System.
From the theoretical results, that is, the ones presented above, we can conclude that the map  has a chaotic behavior and an invariant probability measure on the interval [−1, 1].
The chaotic maps used as base of cryptosystems are defined in a parametric way; for example, their dynamics depend on one or several control parameters.Moreover, those chaotic systems show a chaotic behavior for certain values of the associated control parameters.Therefore, the design of a cryptosystem based on any of those dynamical systems must be done by guaranteeing the use of a set of values for the control parameters leading to chaos.
Following the method described by Fridrich in [34], we parameterized  map, as follows: where  > 0 is the control parameter of the map.The behavior, in time, of the discreet system  +1 =   (  ), depends both on the control parameter  and on the initial condition  0 .
First, we analyze the stability of the fixed points in order to determine the sensitivity level of the system to the initial conditions.The map  has the following fixed points: According to the theorem of fixed points [31], the points  1 and  2 are attractors if the following condition is fulfilled: which implies that the control parameter  must fulfill the condition The map   is defined on the interval [−1, 1]; therefore, from condition (24), it results that the fixed point  2  ∉ [−1, 1] for any  ∈ Z and the fixed point  1  ∈ [−1, 1] only for  = 0. So, for values of the parameter  < 1/2, any trajectory which starts from any initial point  0 ∈ [−1, 1] converges in time to the attractor point  1 0 = 0.After the value of the parameter  exceeds the value 1/2, the fixed point  1 0 loses its stability and another instable fixed point  2 0 = 2/(2 + 1) appears.The trajectory with the initial condition  0 converges, at the beginning, in the neighborhood of  2 0 , and then leaves it, entering into a chaotic regime.The stability of the fixed points of the map   is also emphasized through the bifurcation diagram presented in Figure 1.
It can be observed that for a value of the parameter  > 1/2 the   map has an instable behavior and for the parameter  > 1 the map enters in a complete chaotic regime.
The road to chaos of the   map with parameter  > 1/2 is not achieved through the doubling process of the period, specific to some chaotic maps [31], but is induced by the existence of a dense set of periodic orbits of any period in the interval The sensitivity of the   map to infinitesimal changes of the initial conditions is illustrated in Figures 2 and 3.
In Figure 2, two orbits of the map   with fixed control parameter  = 5 starting from two very close initial points in phase space are plotted, while in Figure 3 two orbits generated by two maps which start from the same initial point   whose control parameters differ by 10 −6 are plotted.It can be noticed, in both figures, that, after some iterations, the orbits have a completely different behavior, becoming divergent by an exponential law in time.
Next, using the Lyapunov exponent we proved that the orbits of the map   have a chaotic behavior on the interval (−1, 1) for values of the control parameter  > 1/2.Theorem 4. The orbits of the map   given by relation (24) have a chaotic behavior on the interval (−1, 1) for values of the control parameter  > 1/2.
Proof.The sensitivity level to the initial conditions of a periodic orbit { 1 ,  2 , . . .,   } generated by   map is determined using the Lyapunov exponent: The orbit { 1 ,  2 , . . .,   } is chaotic if the Lyapunov exponent   is positive, so we obtain the relation ln 2 > 0, which is equivalent to  > 1/2. Figure 4 represented the Lyapunov exponent, numerically calculated using Wolf 's algorithm [35], according to the control parameter  ∈ [0, 10].It can be observed that for values of the parameter  > 1/2 the orbits of the map   are chaotic.
Following on, the analysis of the shape of a dynamical system attractor can provide information about its behavior in time for certain values of its parameters.The attractor of a dynamical system with a periodic behavior has a regular shape, while the one corresponding to chaotic dynamical system has a complex structure, of fractal type, and it is called strange attractor.The attractor of the   map for  = 7 is represented in Figure 5.
The fractal structure of an attractor is indicated by a fractional value of its fractal dimension, which is a ratio providing a statistical index of complexity comparing how details in a pattern change with the scale at which they are.Several types of fractal dimension can be estimated theoretically and empirically, such as box-counting dimension, Hausdorff dimension, Minkowski-Bouligand dimension, information dimension, and correlation dimension [36][37][38].Using the plots from Figure 6, we established that the attractor of the   map has a box-counting dimension   = 0.97863 and a correlation dimension   = 0.97064.
The fractional values of both estimated fractal dimensions allow us to conclude that the proposed map   has a strange attractor, which indicates a chaotic behavior.
In the next stage of our analyses we tested the ergodicity property.The ergodic property is a basic requirement for the use of a dynamical system as a base of an encryption scheme.This property implies that the state space cannot be nontrivially divided into several parts.Therefore, a trajectory starting from a point never localizes in a smaller region, so the plain-text space which corresponds to a given cipher will not be restricted to a "smaller" subspace.Indeed, if a dynamical system is ergodic, the long-term behavior of its orbits is independent of the initial condition and can be studied using statistical analysis.Using Birkhoff 's theorem [30,31] in conjunction with Kolmogorov-Smirnov test [39] we proved that the dynamical system   is ergodic for  > 1.The Kolmogorov-Smirnov test is applied on two series of experimental independent data ( 1 ,  2 , . . .,   ) and ( 1 ,  2 , . . .,   ), corresponding to the measurements of two random variables  and .The random variable  is obtained iterating for  times the   map using a fixed parameter  > 1 and an initial condition  0 ∈ [−1, 1].The second random variable  is obtained by selecting the values extracted from  distinct orbits of the   map at a moment , orbits that start from  initial points of the interval [−1, 1], using the same fixed parameter.The moment  = 100 is chosen from the stationary zone of   , previously established using Kolmogorov-Smirnov test described in [39,40].Due to the fact that the random variables  and  correspond to time average of   after time  and space average, respectively,, the purpose of the test is to establish if the two experimental sets of data derive from populations with the same distribution or not, in respect to Birkhoff 's theorem.The analysis is based on the experimental distribution functions Fe  and Fe  of the two random variables  and .
The hypotheses of the Kolmogorov-Smirnov test are as follows: (i)  0 : both variables  and  have the same probability law; (ii)  1 : both variables  and  have different probability laws.
The Kolmogorov-Smirnov test is applied as follows.
(1) The  test value is calculated; that is, the maximum absolute difference between the two experimental distribution functions is (2) For a chosen  significance level, Δ  is calculated, where  is the quantile of the probability law of the random value Δ; that is, (Δ > Δ  ) = , (3) If  ≤ Δ  , the hypothesis  0 is accepted.In other words, if the absolute maximum distance between the two experimental distribution functions is lower than a certain accepted value Δ  , then it will be decided if the random variables  and  have the same probability law.Otherwise, if  > Δ  , the test rejects the  0 hypotheses for the chosen level; that is, the two sets of experimental data come from random variables with different probability laws [40].
The Kolmogorov-Smirnov test was performed for a sample of  =  = 100000 and a significance level  = 0.05.The decision regarding the ergodicity can be based on a Monte Carlo analysis, which evaluates the ability of the Kolmogorov-Smirnov test to accept bad data as good data.For example, the above experiment can be repeated 500 times, finally recording the acceptance proportion of the hypothesis  0 , which is [0.93, 097].
The overall results are summarized in Table 1.One can observe that, in case of all values selected for  parameter, with  ∈ (1, 10], the acceptance proportion of  0 hypothesis lies within the confidence interval.Thus, ergodicity of the proposed chaotic map is confirmed over the entire interval of interest of the parameter .
Based on the results numerically obtained, using instruments from the chaos theory, it can be concluded that the   map has a chaotic behavior, without intermittent scenarios, for values of the control parameters  > 1.Therefore, the dynamical system can be successfully used to build strong cryptographic applications, because of the very large space of the keys that ensures a high level of security and also due to the ergodicity property which ensures the efficiency of the diffusion process.
According to Theorem 4, the map   is sensitive to the initial conditions on interval [−1, 1], for values of the parameter  > 1/2, and it becomes chaotic and ergodic for  > 1.Because the control parameter of a chaotic map defines the corresponding cryptosystem's key space, the fact that map   can be used for the construction of robust encryption scheme is confirmed.

Randomness Analysis
Evaluation process in terms of cryptographic properties of a dynamical system must include, in addition to the study of the chaotic behavior, a statistical analysis of the randomness of the values generated, in order to determine the security level of the system against some statistics cryptanalytic attacks.There are several options available for analyzing the randomness of a new developed pseudorandom bit generator.
The most popular suites of statistical tests for randomness are NIST [41] and DIEHARD [42].Chaotic cryptography deals with real numbers; thus, in order to use the NIST statistical suite, we firstly apply a computationally method to transform a chaotic sequence of real number into a bitstream.The used discretization method has consisted of the extraction of the first 15 digits from the fractional part of the real numbers generated by the chaotic   map.For the numerical experimentations we have generated  = 2000 different binary sequences from 500 randomly chosen orbits, each sequence having a length of  = 1000000 bits, and computed the  value corresponding to each sequence for all the 15 tests of the NIST suite.
The significance level of each test in NIST is set to 1%, which means that 99% of test samples pass the tests if the random numbers are truly random.The acceptance region of the passing ratio is given by [ − 3√((1 − ))/,  + 3√((1 − ))/], where  represents the number of samples tested and  = 1 −  is the probability of passing each test.For  = 2000 and the probability  = 0.99 (corresponding to the significance level  = 0.01), we obtained the confidence interval [0.983, 0.996].In the second column of Table 2 we have summarized the results obtained after applying nonparameterized and parameterized tests of the NIST suite on the binary sequences produced by the discrete orbit of the proposed map.The computed proportion for each test lies inside the confidence interval.Hence, the tested binary sequences are random according to all tests of NIST suite [41].If the tested sequences are truly random, then  values would be uniformly distributed in the interval [0, 1).NIST recommends to apply a  2 - in which the interval [0, 1) is divided into 10 subintervals.Defining   as number of occurrences of  value in th interval, then the  2 statistic is  2 = ∑ 10 =1 (  − (/10)) 2 /(/10).NIST recommends to set its significance level to 0.01%, so the acceptance region of statistics is  2 ≤ 33.72.The  value corresponding to the uniformity of the  values is calculated as igamc (9/2,  2 /2), so it must be greater than 0.0001 to ensure that the  values could be considered uniformly distributed.The results from the third column of Table 2 lead us to the conclusion that the  values for each statistical test are uniformly distributed.
The calculating method of the total test passing ratio of total test and the uniformity  value of total test samples follows the same methodology described above.In this case, we considered the number of samples  = 30000, so the acceptance region is [0.988, 0.992].For the passing ratio of the total test we obtained the value 0.988 and the  value corresponding to the uniformity of the  values from the total test was 0.294808.Thus, the pseudorandom bit sequences obtained by discretization of the   orbits passed the total test.

Description of the Proposed Cryptosystem
The proposed cryptosystem is a symmetric one and has a bimodular architecture, in which one of the modules performs the diffusion process using a random permutation generated by a chaotic map  1 of type (24), while the second one performs the confusion process by modifying pixel values using a deterministic algorithm which implies another map  2 of type (24).
Assuming that the pixels of a RGB image with size  =  ×  pixels are numbered on rows, from top to down and from left to right on each row, we denote the plain image by  = { 0 ,  1 , . . .,  −1 } and the corresponding encrypted one by  = { 0 ,  1 , . . .,  −1 }, both of the same size .Also, both in the encryption and in decryption process, we will use an auxiliary image of size , too, denoted by  = { 0 ,  1 , . . .,  −1 }.
Next, we will describe in detail the implementation and functionality of each module of the proposed cryptosystem.

The Secret Key.
The secret key of the proposed cryptosystem, shared by the emitter and the receiver, consists of (i) two real numbers  1 and  2 representing the parameters of the maps  1 and  2 chosen so that both maps might be in a chaotic and ergodic regime (i.e.,  1 ,  2 > 1); (ii) two real numbers  1 0 and  2 0 representing the initial conditions of the maps  1 and  2 , chosen from the interval [−1, 1]; (iii) two unsigned integers  1 and  2 representing the preiterations numbers of the maps  1 and  2 , required to assure a chaotic and ergodic behavior (we recommend to choose  1 ,  2 ≥ 100); (iv) an unsigned integer V, representing the initial value used to encrypt/decrypt the first pixel of the plain/encrypted image.

The Diffusion Process.
In a bimodular image encryption/decryption scheme, the diffusion process consists of the pixels permutation from the plain image, so that the default redundancy of the image might be distributed throughout the encrypted image [34].In [43], we proposed a fast algorithm for generating random permutations with a high shift factor, suitable for image scrambling.
The algorithm combines the use of random values, generated by a chaotic map, with the use of nonrandom ones, determined algorithmically.Practically, a permutation  = ( 1 ,  2 , . . .,   ) of degree  is constructed element by element, as follows: a random value between 1 and , obtained by discretization of a real value generated by the  1 map, is assigned to the current element and then it is checked if the value was previously used; if not, the maximum unused value is assigned to it.In this way, it is clear that a part of the elements from the beginning of the permutation will have large values and a part of the elements from the end of the permutation will have small ones, so the shift factor of the permutation will be high.
(1) For  from 1 to  do the following.
(2) Set max ←  + 1 (variable max stores the maximum unused value between 1 and  in permutation ).
(3) For  from 1 to  do the following.
In [43] we proved that the proposed algorithm has an almost linear complexity if the used map is chaotic and ergodic, condition satisfied by the  1 map.
In the encryption process, the pixels from the plain image  are shuffled using the following algorithm, based on the permutation  = ( 1 ,  2 , . . .,   ).
(1) For  from 0 to  − 1 do the following.

The Confusion Process.
In an image encryption/decryption scheme, the confusion process tries to hide the correlations between the plain image, the encrypted image, and encryption key, usually by substitutions of the values of all pixels in a deterministic way [34].
As we mentioned above, the confusion process is based on one chaotic map  2 of type (24), used in conjunction with the recurrence  2 +1 =  2 ( ) for any  ∈ {0, 1, . . .,  − 1} (function floor() returns the nearest integer less than or equal to ).
To ensure a high level of security against differential attacks, we alter the value of a pixel   from the shuffled image  = { 0 ,  1 , . . .,  −1 }, before XOR-ing it with the keystream and the value of the previously encrypted pixel, by the sum   of the three values corresponding to the color channels RGB of the pixels previously encrypted.Assuming that a pixel   from the encrypted image is a triplet   = (   ,    ,    ), then we define   as for any  ∈ {1, . . .,  − 1} and  0 = 0. Thus, the values of the pixels from the encrypted image are obtained according to the following formula: 4.3.The Decryption Process.Due to the fact that the proposed cryptosystem is a symmetric one, in the decryption process the same secret key is used, which leads to the same keystream { 0 ,  1 , . . .,  −1 }.The decryption process consists of next two steps.

Security Analysis of the Proposed Cryptosystem.
A strong encryption scheme should resist against known cryptanalytic attacks, such as known-plain-text attack, cipher-text only attack, statistical attack, differential attack, and various bruteforce attacks.For the proposed image encryption system we performed standard security analysis, such as key space analysis, statistical analysis, and differential analysis.Thus, several specific statistical tests were performed, such as image pixels distribution, the correlation between adjacent pixels of the image encrypted, entropy, the correlation between original image and the encrypted one, NPCR, and UACI.The performances of the proposed cryptosystem were evaluated using 10 various standard test images from USC-SIPI Image Database [44], Kodak Digital Camera Sample Pictures [45], personal photos, and so forth.All the pictures used were 24 bit-color bitmaps, with different dimensions varying from 256 × 256 to 3000 × 4000 pixels.All tests were performed for each of the three color channels (red, green, and blue) in order to achieve a rigorous and detailed analysis of proposed cryptosystem performance.

Key Space Analysis.
A secure image encryption algorithm should have enough large key space to resist against brute-force attacks.
The secret key of the proposed cryptosystem contains 4 real numbers and 3 unsigned integers.The real numbers must be stored and transmitted using a real data type with high precision to prevent them from negative effects caused by the discretization.If the implementation of the cryptosystem is done using a programming language that complies with IEEE Standard 754-2008, then it is recommended to use the double data type, which stores real numbers on 8 bytes, with an accurate 15 decimal places.In this case, the secret key length will be 352 bits, which means that the size of the secret key space will be equal to 2 352 ≈ 9.17×10 105 , a value large enough to prevent guessing the secret key in a reasonable time, using exhaustive search.

Key Sensitivity Analysis.
A secure image cryptosystem should be sensitive to any small change in the secret key, so the use of two secret keys which are very small different one from another leads to two completely different encrypted images.In Figure 7, 2 images are shown obtained by encrypting Lena image using 2 secret keys which has only a double data type component different by 10 −12 , along with the difference image.
In our key sensitivity analysis, we considered 10 plain images and 10 corresponding secret keys.Each plain image was encrypted using 7 secret keys, which differ from the initial one by 10 −12 on components of double data type or by one bit on components of unsigned integer data type, and the 7 encrypted images obtained were compared with the image obtained by encrypting the plain image using the initial secret key.In all the 70 cases, we obtained a correlation coefficient very close to 0, which confirms that the encrypted images are completely different.
Furthermore, the sensitivity to any small change in the secret key must be present in the decryption process, too.So, the use of a secret key which is different in very few respects from the original one must lead to a decrypted image completely different from the initial plain one.Figure 8 shows an image obtained by decrypting the encrypted Lena image using a secret key which has only one double data type component different by 10 −12 from the original secret key.Note that the image is totally different from the plain-image Lena and, moreover, the decrypted image seems to be a noise.
In this step of our key sensitivity analysis, we considered 10 plain images and 10 corresponding secret keys, too.Each plain image was encrypted using the corresponding secret key and the encrypted image obtained was decrypted using 7 secret keys, which differ from the initial one by 10 −12 on components of double data type or by one bit on components of unsigned integer data type, and all the 7 decrypted images obtained were compared to the initial plain image.In all 70  cases, we obtained a correlation coefficient very close to 0, which confirms that the decrypted images are completely different from the initial plain images.So, we can conclude that the proposed encryption algorithm is very sensitive to the key, because a small change in the secret key will generate a completely different decrypted image and cannot obtain the correct plain image.

Statistical Analysis.
In his most famous work, "Communication Theory of Secrecy Systems" [46], Shannon said that "It is possible to solve many kinds of ciphers by statistical analysis."In this sense, he suggested two methods of diffusion and confusion in order to crack the attacks based on statistical analysis.
In order to prove that the proposed image encryption system has a superior confusion and diffusion properties, we performed tests on the histograms and entropies of the encrypted images, along with a statistical test on the correlations between adjacent pixels in the encrypted image.

Histogram of the Encrypted Images.
A cryptosystem with high security level needs to produce encrypted images with a uniform distribution of pixels in each color channel, in order to hide the uneven distribution from the plain image.
The most often used visual analysis tool to study the distribution of a color image of pixel values is the color histogram, in which the pixel values frequencies are plotted separately for each color channel.Figure 9 contains a pair of plain image, encrypted image, along with the associated color histograms.
Note that, after the encryption of Lena image, which has a strong color uneven distribution (Figure 9  The value of the  2 test for an encrypted image of dimension  ×  is given by the following formula: where   is the observed frequency of a pixel value  (0 ≤  ≤ 255) and  0 is the expected frequency of a pixel value , so  0 = ( × )/256.The results obtained by applying the  2 test on 10 encrypted images can be summarized as follows: for 9 images the values of the  2 test obtained were lower than the critical value  2 255,0.05= 293.25 and for one image the value obtained was 294.68, which is very close to the critical value  2 255,0.05= 293.25.Thus, we conclude that the distribution of pixel values is uniform in the encrypted image, which demonstrates that the proposed cryptosystem is able to resist against statistical attacks.

Entropy.
Considering the pixel values as a quantification of the information contained in an image, we can estimate the uncertainty of its content through the notion of entropy, defined by Shannon [46].The entropy () of an image source  can be calculated as where () represents the probability of a pixel value  (0 ≤  ≤ 255) from a color channel RGB of an image and the entropy is expressed in bits.The 10 plain images used in the testing process had entropy values between 5.762235 and 7.752217.Through the encryption process images with entropies between 7.999330 and 7.99986 were obtained, being very close to the maximal theoretical value of 8, so that the information leakage in the encryption process is negligible and the encryption system is secure upon the entropy attack.

Correlation of Adjacent Pixels.
In an ordinary image, each pixel is usually highly correlated with its adjacent pixels either in horizontal, vertical, or diagonal directions [9,48,49] which is indicated by a value of Pearson's correlation coefficient very close to 1 [47].
In order to analyze the encryption quality of the proposed algorithm, the correlation coefficient was used to evaluate the correlations between adjacent pixels of the plain/encrypted images.Firstly, we randomly selected 1000 pairs of two adjacent pixels from plain/encrypted image, and, using the values from each color channel RGB, we constructed two series of data  = { 1 ,  2 , . . .,  1000 } and  = { 1 ,  2 , . . .,  1000 }.Then, we calculated the correlation coefficient between  and using the following formula: where  is the color channel, (⋅) denotes the variance of a random variable, and cov(⋅, ⋅) denotes the covariance of two random variables [47].
In Figure 10(a) we plotted the value of the pixel at the position (, ) versus the value of the pixel at the position (+1, ) from the Lena image, while in Figure 10(b) we plotted them from the encrypted Lena image.We repeated the same plotting for vertically adjacent pixels (Figures 10(c For all the 10 pairs of plain/encrypted test we obtained average values of the correlation coefficient from the interval [−0.00915, 0.010345], very close to 0, which confirms that the encryption process eliminates the inherent strong correlation existing between the pixels of the plain image.This fact proves, once again, that the proposed system will resist against cryptanalytic attacks of statistical type.
The UACI indicator measures the average intensity of differences between the encrypted images  1 and  2 and it is defined as follows: (1)   −  (2)         255 ) × 100%.
Considering two random images, the maximum expected value of NPCR is found to be 99.609375%, while the maximum expected value of UACI is 33.463541% [49].Using the proposed cryptosystem, 10 tests were performed, achieving values of the NPCR indicator between 98.78% and 99.16% and between 32.77% and 33.14% for the UACI indicator, which confirms that the proposed cryptosystem will withstand to the differential attacks.5.6.Quality of the Decryption Process.Within the cryptosystem performances evaluation, the quality of the decryption process should be also checked.Basically, this consists in testing that the image obtained after decryption process coincides with the plain one.
In this sense, we evaluated the mean squared error (MSE) between a plain image  = { 0 ,  1 , . . .,  −1 } and the corresponding decrypted one  = { 0 ,  1 , . . .,  −1 }, on each RGB color channel, using the following formula [47]: A value close to 0 of MSE indicates a good quality of the decryption process, while other values indicate the occurrence of errors in this process.
In all 10 tests performed, the value of MSE was 0 for each RGB color channel, which indicates that decryption is carried out without any loss of information.

Speed Performance.
Another important factor to consider when analyzing the efficiency of a cryptosystem is its speed.In this sense, we run the proposed algorithm implemented in C language (MinGW compiler) under Windows 7, using a PC with Intel(R) Core (TM) i3 @2.53 GHz CPU and 3 GB RAM.We used 10 standard test bitmaps (256 × 256) with sizes of 256 × 256, 512 × 512, 720 × 576, 1024 × 1024, and 3000 × 4000 [44,45].The mean speeds obtained are summarized in Table 3.
Analyzing the mean speeds from Table 3, we can conclude that the proposed algorithm is faster than the ones presented in [50][51][52], having a mean encryption/decryption speed about 4 MB/s, being suitable for real-time image encryption.

7 Figure 3 :Figure 4 :
Figure 3: The sensibility of the   map to changes of the control parameter .

Figure 5 :
Figure 5: The attractor of the   map for  = 7.

Figure 6 :
Figure 6: The fractal dimensions of the attractor of the   map.
(a) Lena image encrypted with the first secret key (b) Lena image encrypted with the second secret key (c) The difference image of the two encrypted images

Figure 7 :Figure 8 :
Figure 7: Images that resulted from encrypting the Lena image using two secret keys which differ by 10 −12 on a single double data type component.
(a)), we obtained an image with a uniform distribution of pixel values (Figure 9(d)) for each color channel, so an attacker cannot extract statistical information about the plain image or about the encryption key used.To analyze the distribution of pixel values for a large number of encrypted images, we used the  2 test[47].

Figure 9 :
Figure 9: Analysis of the standard image Lena.

Table 1 :
The results of ergodicity property testing for   map.

Table 2 :
The results of the NIST tests.