A Secure Image Encryption Algorithm Based on Rubik ’ s Cube Principle

In the past few years, several encryption algorithms based on chaotic systems have been proposed as means to protect digital images against cryptographic attacks. These encryption algorithms typically use relatively small key spaces and thus offer limited security, especially if they are one-dimensional. In this paper, we proposed a novel image encryption algorithm based on Rubik’s cube principle. The original image is scrambled using the principle of Rubik’s cube. Then, XOR operator is applied to rows and columns of the scrambled image using two secret keys. Finally, the experimental results and security analysis show that the proposed image encryption scheme not only can achieve good encryption and perfect hiding ability but also can resist exhaustive attack, statistical attack, and differential attack.


Introduction
The end of the 20th century was marked by an extraordinary technical revolution from analog to numerical as documents and equipments became increasingly used in various domains.However, the advantages of the digital revolution were not achieved without drawbacks such as illegal copying and distribution of digital multimedia documents.To meet this challenge, researchers were motivated more than ever to protect multimedia documents with new and efficient document protection techniques.In this context, different techniques have been introduced such as encryption and digital watermarking.The first one consists in transforming multimedia documents using an algorithm to make it unreadable to anyone except for the legitimate users.The second one consists of embedding digital watermarks into multimedia documents to guarantee the ownership and the integrity of the digital multimedia contents.
In the first category, Liu et al. [1] presented an image encryption scheme based on iterative random phase encoding in gyrator transform domains.A two-dimensional chaotic mapping is employed to generate many random data for iterative random phase encoding.In [2], a color image encryption method using discrete fractional random transform (DFRNT) and the Arnold transform (AT) in the intensity-hue-saturation (IHS) color space has been proposed.Each color space component is then encrypted independently with different approaches.In [3], an image encryption algorithm based on Arnold transform and gyrator transform has been proposed.The amplitude and phase of the gyrator transform are separated into several subimages, which are scrambled using the Arnold transform.The parameters of gyrator transforms and separating scheme serve as the key of the encryption method.Tao et al. [4] proposed an image encryption algorithm based on fractional Fourier transform (FRFT) and which can be applied to the double or more image encryptions.The encrypted image is obtained by the summation of different orders of inverse discrete fractional Fourier transform (IDFRFT) of the interpolated subimages.The whole transform orders of the utilized FRFT are used as the secret keys for the decryption of each subimage.
In the second category, Zunino [5] use Peano-Hilbert curves as pixels position permutation to destroy the spatial autocorrelation of an image.Zhang and Liu [6] proposed image encryption scheme based on permutation-diffusion architecture and skew tent map system.In the proposed scheme, the P-box is chosen as the same size of original image, which shuffles the positions of pixels totally.To enhance the security, the keystream in the diffusion step depends on both the key and original image.Zhao and Chen [7] proposed to used ergodic matrices for scrambling and encryption of digital images.The authors analyzed the isomorphism relationship between ergodic matrices and permutation.Zhu et al. [8] proposed an innovative permutation method to confuse and diffuse the gray-scale image at the bitlevel, which changes the position of the pixel and modifies its value.This algorithm uses also the Arnold cat map to permute the bits and the logistic map to further encrypt the permuted image.
In the third category, Huang and Nien [9] proposed a novel pixel shuffling method for color image encryption which used chaotic sequences generated by chaotic systems as encryption codes.In [10], the two-dimensional chaotic cat map has been generalized to three-dimensional one and then was used to design a fast and secure symmetric image encryption scheme.This scheme employs the 3D cat map to shuffle the positions and the values of image pixels.Wang et al. [11] presented an image encryption algorithm based on simple Perceptron and using a highdimensional chaotic system in order to produce three sets of pseudorandom sequence.Then to generate weight of each neuron of perceptron as well as a set of input signal, a nonlinear strategy is adopted.Recently, a new image encryption algorithm combining permutation and diffusion was proposed by Wang et al. [12].The original image is partitioned into blocks and a spatiotemporal chaotic system is then employed to generate the pseudorandom sequence used for diffusing and shuffling these blocks.
The security of image encryption has been extensively studied.Almost some encryption schemes based on permutation had already been found insecure against the ciphertext-only and known/chosen-plaintext attacks, due to the high information redundancy, and it is quite understandable since the secret permutations can be recovered by comparing the plaintexts and the permuted ciphertexts.Generally, chaos-based image encryption algorithms are used more often than others but require high computational cost.Moreover, a chaos system is defined on real numbers while the cryptosystems are defined on finite sets of integers.One-dimensional chaotic cryptosystems are limited by their small key spaces and weak security in [1,13].
In this paper, we present a novel image encryption algorithm based on the principle of Rubik's cube.First-, in order to scramble the pixels of gray-scale original image the principle of Rubik's cube is deployed which only changes the position of the pixels.Using two random secret keys, the bitwise XOR is applied into the odd rows and columns.Then, the bitwise XOR is also applied to even rows and columns using the flipped secret keys.These steps can be repeated while the number of iteration is not reached.Numerical simulation has been performed to test the validity and the security of the proposed encryption algorithm.
The remaining of this paper is organized as follows.Section 2 describes the proposed image encryption algorithm based on Rubik's cube principle.Experimental results and security analysis are presented in Section 3. Finally, we conclude in Section 4.

Rubik's Cube Image Encryption
In this section, the proposed encryption algorithm based on Rubik's cube principle is described along with the decryption algorithm.(1) Generate randomly two vectors K R and K C of length M and N, respectively.Element K R (i) and K C ( j) Each take a random value of the set A = {0, 1, 2, . . ., 2 α − 1}.Note that both K R and K C must not have constant values.

Rubik's Cube
(2) Determine the number of iterations, ITER max , and initialize the counter ITER at 0.
(4) For each row i of image I o , (a) compute the sum of all elements in the row i, this sum is denoted by α(i) (b) compute modulo 2 of α(i), denoted by M α(i) , (c) row i is left, or right, circular-shifted by K R (i) positions (image pixels are moved K R (i) positions to the left or right direction, and the first pixel moves in last pixel.),according to the following: (5) For each column j of image I o , (a) compute the sum of all elements in the column j, this sum is denoted by β( j), (b) compute modulo 2 of β( j), denoted by M β( j) .(c) column j is down, or up, circular-shifted by K C (i) positions, according to the following: Steps 4 and 5 above will create a scrambled image, denoted by I SCR .( 6) Using vector K C , the bitwise XOR operator is applied to each row of scrambled image I SCR using the following expressions: where ⊕ and rot 180(K C ) represent the bitwise XOR operator and the flipping of vector K C from left to right, respectively.
(7) Using vector K R , the bitwise XOR operator is applied to each column of image I 1 using the following formulas: with rot 180(K R ) indicating the left to right flip of vector K R .
(8) If ITER = ITER max , then encrypted image I ENC is created and encryption process is done; otherwise, the algorithm branches to step 3.
Vectors K R , K C and the max iteration number ITER max are considered as secret keys in the proposed encryption algorithm.However, to obtain a fast encryption algorithm it is preferable to set ITER max = 1 (single iteration).Conversely, if ITER MAX > 1, then the algorithm is more secure because the key space is larger than for ITER MAX = 1.Nevertheless, in the simulations presented in Section 3, the number of iterations ITER max was set to one.

Rubik's Cube Decryption Algorithm.
The decrypted image, I o , is recovered from the encrypted image, I ENC , and the secret keys, K R , K C , and ITER max as follows in the following.
(3) The bitwise XOR operation is applied on vector K R and each column of the encrypted image I ENC as follows: (4) Then, using the K C vector, the bitwise XOR operator is applied to each row of image I 1 : (5) For each column j of the scrambled image I SCR , (a) compute the sum of all elements in that column j, denoted as β SCR ( j): (b) compute modulo 2 of β SCR ( j), denoted by M βSCR( j) , (c) column j is down, or up, circular-shifted by K C (i) positions according to the following: (6) For each row i of scrambled image I SCR , (a) compute the sum of all elements in row i, this sum is denoted by α SCR (i): (b) compute modulo 2 of α SCR ( j), denoted by M αSCR( j) , (c) row i is then left, or right, circular-shifted by K R (i) according to the following: (7) If ITER = ITER max , then image I ENC is decrypted and the decryption process is done; otherwise, the algorithm branches back to step 2.

Experimental Results
In this section, we present the tests that were conducted to assess the efficiency and security of the proposed image encryption algorithm.These tests involve visual testing and security analysis.

Visual Testing.
For visual testing, four gray-scale images of size 256 × 256 pixels were used.Figure 1 depicts these test images-lena, black, baboon and checkerboardas well as the images encrypted using the proposed Rubik's cube algorithm.From this figure, one can see that there is no perceptual similarity between original images and their encrypted counterparts.The encrypted image should greatly differ from its original form.In general, two difference measures are used to quantify this requirement.The first measure is the number of pixels change rate (NPCR), which indicate the percentage of different pixels between two images.The second one is the unified average changing intensity (UACI), which measures the average intensity of differences in pixels between two images [10].Let I o (i, j) and I ENC (i, j) be the pixels values of original and encrypted images, I o and I ENC , at the ith pixel row and jth pixel column, respectively.Equations ( 13) and (15) give the mathematical expressions of the NPCR and UACI measures: with : To approach the performances of an ideal image encryption algorithm, NPCR values must be as large as possible and UACI values must be around 33%. Table 1 gives the NPCR and UACI values for the original images and their encrypted versions.The values are very close to unity for the NPCR measure.The UACI values are also appropriate.The high percentage values of the NPCR measure indicate that the pixels positions have been randomly changed.
Furthermore, the UACI values show that almost all pixel gray-scale values of encrypted image have been changed from their values in the original images, making the original and encrypted image pixels more difficult to discriminate.It iss also observed that the UACI values for the case of the black and the checkerboard images are larger than those of the other images.This is due to the fact that all the pixels values of the black and checkerboard images are at the extremity of pixels values range, that is, 0 for the black pixels and 255 for the white pixels, leading to a large absolute difference between the original and encrypted images.

Security Analysis. Security is a major issue in cryptology.
A good image encryption scheme should resist various attacks such as known plain text attack, cipher-text-only attack, statistical analysis attack, and brute-force attacks.
In this section, a security analysis on the proposed image encryption algorithm is done.The security assessment has been done on key space analysis and statistical analysis.

Key Space Analysis.
A secure image encryption scheme must have a large key space in order to make brute-force attack practically (computationally) infeasible.In theory, the proposed algorithm can accommodate an infinite key space.However, the encryption key used in our scheme is composed of the (K R , K C , ITER max ) triplet.For an α-bit gray-scale image I o of size M × N pixels, the vectors K R and K C can take 2 M•α and 2 N•α possible values, respectively.If we consider that both vectors must not have constant values, and the key space size is 2 α•(M+N) × ITER max − 2 2α keys, one can see that the size of the key space can be expanded when the number of iteration ITER max is increased.For instance, for an 8-bits, scale gray image of size 256 × 256 pixels and ITER max = 1.
The key space size is equal to 2 4096 − 2 16 ≈ 10 1233 ; this key space is large enough to resist exhaustive attack and it is larger than the key space size of the image encryption algorithms proposed in [1, 9, 10, 14-16].

Key Sensibility.
Encryption algorithms should also have high sensibility to encryption key: this means that any small change in the key should lead to a significant change in the encrypted, or decrypted, image.We performed two tests to illustrate the key sensibility of our scheme.The first one shows the impact of a key change in the image encryption process.Here, the original image, I o , is encrypted using the key K 1 = (K R , K C , ITER max ), where K R , K C , and ITER MAX are randomly generated.Then, the same image, that is, I o , is encrypted using another key K 2 which differs only from the first key, K 1 , in the least significant bit, that is, ).This experiment is repeated 100 times using different key pairs K 1 and K 2 (still only differing by the least significant bit).Table 2 represents the mean and the standard deviation of the NPCR values between the   encrypted image with key K 1 and the encrypted image using the key K 2 using 100 different key pairs.One can see from Table 2 that the mean values of NPCR are close to 100%, which means that image encrypted by the key K 1 differs significantly from the one encrypted by key K 2 .Moreover, standard deviation values are very small: this indicates that the NPCR values are clustered closely around the mean.
Figure 2 represents the original images, their encrypted images using two different keys K 1 and K 2 and the image difference between the encrypted images, respectively.As mentioned earlier, keys K 1 and K 2 differ only by one bit.
The second test consists of measuring the key sensibility in the image decryption process.Let original image I o be encrypted using the key K 1 = (K R , K C , ITER MAX ), where K R , K C , and ITER MAX are again randomly generated, to give the encrypted image I ENC .This image is decrypted separately using the keys K 1 and K 2 ; these keys always differ by only one bit in the least significant bit location.Figure 3 illustrates the original image, the encrypted image I ENC with key K 1 , the decrypted image of I ENC using correct key K 1 , and the decrypted image of I ENC using the wrong key K 2 .It is clear from this figure that decryption using a wrong key does not succeed.

Statistical Analysis.
In a paper published in 1949 [17], Shannon stated that "It is possible to solve many kinds of ciphers by statistical analysis."Consequently, he suggested two methods based on confusion and diffusion in order to counteract powerful attacks based on statistical analysis.In  the present paper, statistical analysis has been performed to demonstrate the superior confusion and diffusion properties of the proposed encryption algorithm against statistical attacks.This is done by performing two series of tests: histograms analysis of the encrypted images and the correlations computation of the adjacent pixels in encrypted images.
Figure 4 represents the histograms of the original and the encrypted images illustrated previously in Figure 1.One can see those the histograms of the encrypted images are almost uniform and are significantly different from that of the four original images.For instance, the histogram of original image Checkerboard shows as expected only two values: 0 and 255; however, the histogram of the encrypted Checkerboard image is fairly uniform.Therefore, the proposed image encryption algorithm responds well to the diffusion properties: it does not provide information that can be exploited for attacks based on statistical analysis of the encrypted image.
The other statistical test consists of computing the correlation between adjacent pixels [10].It is obvious        that an arbitrarily chosen pixel in an image is generally strongly correlated with adjacent pixels, and its in either horizontal, vertical or diagonal directions.However, a secure image encryption algorithm must produce an encrypted image having low correlation between adjacent pixels.This correlation test consists of randomly selecting N pairs of adjacent pixels (vertical, horizontal, and diagonal) from the original and the encrypted images separately.Then, the correlation coefficient of each pair is calculated using ( 19)

Journal of Electrical and Computer Engineering
where x i and y i are the grayscale values of two adjacent pixels, N is the number of pairs (x i , y i ), and E(x) and E(y), are respectively, the mean values of x i and y i .Table 3 gives the correlation coefficient values of adjacent pixels in the horizontal, vertical, and diagonal directions of the original images and their encrypted versions.It is clear that for the original images, the coefficient correlation values are very high (close to one) contrary to those observed for the encrypted images.This confirms that adjacent pixels in the original images are strongly correlated.However, for the encrypted images, those values are close to zero, which means that the adjacent pixels (horizontal, vertical and diagonal directions) are very weakly correlated.Figure 5 illustrates the correlation distributions of the horizontal adjacent pixels of the original images and the corresponding encrypted images using the proposed algorithm.One can see from Figure 5 that adjacent pixels in encrypted images are indeed very weakly correlated.

Entropy Analysis.
The concept of entropy analysis for image encryption algorithm was introduced by Edward [18].7.9260 Wong et al. [20] 7.9690 Xiang et al. [21] 7.9950 Lin and Wang [22] 7.9890 For gray-scale images of 256 levels, if each level of gray is assumed to be equiprobable, then the entropy of this image will be theoretically equal to 8 Sh (or bits).Ideally, an algorithm for encryption of images should give an encrypted image having equiprobable gray levels.Table 4 gives the entropy values of the four original images and those of their encrypted versions.
From those entropy values, we note that the entropy values of original images are far from ideal value of entropy since information sources are highly redundant and thus rarely generate uniformly distributed random messages.On the other hand, the entropy values of the encrypted images are very close to the ideal value of 8 Sh, which means that the proposed encryption algorithm is highly robust against entropy attacks.
Table 5 gives a comparison of the entropy values for encrypted image Lena with various image encryption algorithms.

Analysis against
Attacks.An attacker who intercepts encrypted image can easily modify it, while the legitimate user can receive it and decrypt it successfully.This is the principle of attacks in image encryption; these attacks can include additive noise, filtering, rotation and cropping, and so forth.

Additive Noise.
To verify the performance of the proposed encrypted algorithm against additive noise attacks, we considered two types of noises: salt and pepper noise and speckle noise.An additive noise attack consists in adding random noise to the intercepted encrypted image.Then, the noisy encrypted image will be decrypted.To measure the robustness of the proposed image encryption algorithm against this attack, mean squared error (MSE) measures are used.
Table 6 gives the MSE values between original images and their decrypted ones under the salt and pepper noise with different noise density values and the speckle noise with different variances.
Figures 6 and 7 illustrate the decrypted images: their encrypted version has been attacked separately by salt & pepper noise with 0.05 density and by speckle noise of variance 0.05.From these results, we can conclude that random noise attacks seriously affect decrypted images.7 gives the MSE values between original images and the decrypted and cropped images either in their center or on the image sides with parameter values equal to 1/8.This one indicates the fraction of the encrypted image that has been cropped.Figure 8 represents the encrypted images cropped in the center and their decrypted versions.From these results, we can conclude that the proposed image encryption algorithm resists to this attack lightly.
3.6.Speed Test.Apart from security considerations, another important consideration in the design of image encryption techniques is the actual algorithm execution speed, particularly for real-time applications.The proposed encryption algorithm is indeed very fast compared to other algorithms [10].Our experimental results show that the average speed for encryption and for decryption is of around 0.9 Mb/s (megabits per second).The peak speed can reach up to 2.2 Mb/s on personnel computer equipped with an AMD Athlon processor with clock speed of 2.70 GHz, 1 GB (gigabytes) of RAM memory and 160 GB hard-disk capacity.
Table 8 illustrates the performance of the proposed algorithm using original image Lena with different sizes ranging from 64 × 64 to 1024 × 1024 pixels.The proposed algorithm was written using the MATLAB software platform.

Conclusion
In this paper, a novel image encryption algorithm is proposed.This algorithm is based on the principle of Rubik's cube to permute image pixels.To confuse the relationship between original and encrypted images, the XOR operator is applied to odd rows and columns of image using a key.The same key is flipped and applied to even rows and columns of image.Experimental tests have been carried out with detailed numerical analysis which demonstrates the robustness of the proposed algorithm against several types of attacks such as statistical and differential attacks (visual testing).Moreover, performance assessment tests demonstrate that the proposed image encryption algorithm is highly secure.It is also capable of fast encryption/decryption which is suitable for real-time Internet encryption and transmission applications.
Based Encryption Algorithm.Let I o represent an α-bit gray scale image of the size M × N. Here, I o represent the pixels values matrix of image I o .The steps of encryption algorithm are as follows:
(a) Original image: Lena (b) Encrypted image (a) with key K 1 (c) Encrypted image (a) with key K 2 (d) Image difference between (b) and (c) (e) Original image: Black (f) Encrypted image (e) with key K 1 (g) Encrypted image (e) with key K 2 (h) Image: difference between (f) and (g) Encrypted image (i) with key K 1 (k) Encrypted image (i) with key K 2 (l) Image difference between (j) and (k) (m) Original image: Checkerboard (n) Encrypted image (m) with key K 1 (o) Encrypted image (m) with key K 2 (p) Image: difference between (n) and (o)

Figure 2 :
Figure 2: Key sensibility for image encryption using the proposed algorithm.
(a) Original image: Lena (b) Encrypted image (a) with key K 1 (c) Decrypted image (b) using correct key K 1 (d) Decrypted image (b) using wrong key K 2 (e) Original image: Black (f) Encrypted image (e) with key K 1 (g) Decrypted image (f) using correct key K 1 (h) Decrypted image (f) using wrong key K 2 (i) Original image: Baboon (j) Encrypted image (i) with key K 1 (k) Decrypted image (j) using correct key K 1 (l) Decrypted image (j) using wrong key K 2 (m) Original image: Checkerboard (n) Encrypted image (m) with key K 1 (o) Decrypted image (n) using correct key K 1 (p) Decrypted image (n) using wrong key K 2

Figure 3 :
Figure 3: Key sensibility for image decryption using the proposed algorithm.

Figure 4 :
Figure 4: Histograms of original and encrypted images.
Pixel gray value on location (x, y) gray value on location (x, y) (h) Encrypted image: Checkerboard

Figure 5 :
Figure 5: Correlation distribution of the horizontal to adjacent pixels.

Figure 8 :
Figure 8: Encrypted images under cropping attack in center (cropping over 1/8 of the entire image area).

Table 1 :
Difference measures between original and encrypted images.

Table 2 :
Number of pixel change rate (NPCR) between images encrypted with keys K 1 and K 2 (with 1 bit difference).

Table 3 :
Correlation coefficients between adjacent pairs of pixels for original and encrypted images.

Table 4 :
Comparison of entropy values of original images and their encrypted version.

Table 5 :
Comparison of entropy values of encrypted images under different image encryption algorithms.

Table 6 :
MSE between original images and the decrypted versions under different noise attacks.

Table 7 :
MSE between original images and the decrypted versions under cropping attack.

Table 8 :
Speed test results of the proposed algorithm with image Lena using a 2.7 GHz personal computer.Analysis against Cropping Attacks.The cropping attacks consist of modifying the intercepted encrypted image by deleting one or several areas of the image.Table