MPEMathematical Problems in Engineering1563-51471024-123XHindawi Publishing Corporation76265210.1155/2009/762652762652Research ArticleChaotic Image Encryption Design Using Tompkins-Paige AlgorithmEtemadi BorujeniShahram1, 2EshghiMohammad1MacauElbert E. Neher1Computer Engineering DepartmentFaculty of Computer and Electrical EngineeringShahid Beheshti UniversityEvin, Tehran 1983963113Iransbu.ac.ir2Computer Engineering DepartmentFaculty of EngineeringUniversity of IsfahanIsfahan 8174673441Iranui.ac.ir20090709200920090102200929042009140720092009Copyright © 2009This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

In this paper, we have presented a new permutation-substitution image encryption architecture using chaotic maps and Tompkins-Paige algorithm. The proposed encryption system includes two major parts, chaotic pixels permutation and chaotic pixels substitution. A logistic map is used to generate a bit sequence, which is used to generate pseudorandom numbers in Tompkins-Paige algorithm, in 2D permutation phase. Pixel substitution phase includes two process, the tent pseudorandom image (TPRI) generator and modulo addition operation. All parts of the proposed chaotic encryption system are simulated. Uniformity of the histogram of the proposed encrypted image is justified using the chi-square test, which is less than χ2(255, 0.05). The vertical, horizontal, and diagonal correlation coefficients, as well as their average and RMS values for the proposed encrypted image are calculated that is about 13% less than previous researches. To quantify the difference between the encrypted image and the corresponding plain-image, three measures are used. These are MAE, NPCR, and UACI, which are improved in our proposed system considerably. NPCR of our proposed system is exactly the ideal value of this criterion. The key space of our proposed method is large enough to protect the system against any Brute-force and statistical attacks.

1. Introduction

In any communication system, including satellite and internet, it is almost impossible to prevent unauthorized people from eavesdropping. When information is broadcasted from a satellite or transmitted through the internet, there is a risk of information interception. Security of image and video data has become increasingly important for many applications including video conferencing, secure facsimile, medical and military applications. Two main groups of technologies have been developed for this purpose. The first group is content protection through encryption, for which a key is required for proper decryption of the data. The second group is digital watermarking, which aims to embed a message into the multimedia data. These two technologies could be used complementary to each other [1, 2].

In secured communications using encryption, which is the focus of the present work, the information under consideration is converted from the intelligible form to an unintelligible structure using certain operations at the transmitter. Data encryption is mainly scrambling the content of data, such as text, image, audio, and video to make the data unreadable, invisible or incomprehensible during transmission. The unintelligible or encrypted form of the information is then transmitted through the insecure channel, that is, internet, to the destination. At the intended recipient side, however, the information is again converted back to an understandable form using decryption operation and thus the information is conveyed securely. It should be noted that the same keys guide both these encryption and decryption operations. Such encryption system is grouped under private key cryptography [1, 3].

In particular, an image-scrambling scheme transforms an image into another unintelligible image, based on keys only known to the senders and the receivers. The fundamental techniques to encrypt a block of pixels are substitution and permutation. Substitution replaces a pixel with another one; permutation changes the sequence of the pixels in a block to make them unreadable.

In recent years, chaotic maps have been employed for image encryption. Most chaotic image encryptions (or encryption systems) use the permutation-substitution architecture. These two processes are repeated for several rounds, to obtain the final encrypted image. For example, in , Fridrich suggested a chaotic image encryption method composed of permutation and substitution. All the pixels are moved using a 2D chaotic map. The new pixels moved to the current position are taken as a permutation of the original pixels. In the substitution process, the pixel values are altered sequentially. Chen et al. employed a three-dimensional (3D) Arnold cat map  and a 3D Baker map  in the permutation stage. Guan et al. used a 2D cat map for pixel position permutation and the discretized Chen’s chaotic system for pixel value masking . Lian et al.  used a chaotic standard map in the permutation stage and a quantized logistic map in the substitution stage. The parameters of these two chaotic maps are determined by a key stream generated in each round. Mao et. al. construct a new image encryption scheme based on the extended chaotic Baker map . Zhang et al. first permute the pixels of images with discrete exponential chaotic map, and then use ‘‘XOR plus mod’’ operation for substitution . Gao et al. present the image encryption algorithm based on a new nonlinear chaotic algorithm using a power function and a tangent function instead of a linear function. It also uses a chaotic sequence generated by a nonlinear chaotic algorithm to encrypt image data using XOR operation . Zhou et al. propose a parallel image encryption algorithm using discretized kolmogorov flow map. All the pixels are first permuted with a discretized chaotic map and then encrypted under the cipher block chain mode .

There are however some other chaotic image encryption systems with different structures. For example, Pisarchik and Zanin suggested an algorithm to convert image pixels to chaotic maps coupled to form a chaotic map lattice. The encrypted image is obtained by iterating the chaotic map lattice with secret system parameters and number of cycles . Pareek et al. extended the concept of their text encryption to image encryption by using two logistic maps and a key .

In this paper, a new permutation-substitution architecture using chaotic maps and Tompkins-Paige algorithm is proposed. Our designed technique for speech scrambling  is extended to two-dimensional (2D) permutation and is applied to image permutation . We have improved our work by using chaotic maps and adding a substitution part to an image encryption system. In the permutation phase, a logistic map is used to generate a bit sequence, which is used to generate Pseudorandom numbers in Tompkins-Paige algorithm. A tent map is also used in the substitution phase to product a Pseudorandom image that is used to mix it with the permuted image. The permutation and substitution operations need two different keys, Key-P and Key-S, respectively. Satisfactory security performance of the proposed system is achieved in only one round and therefore the total encryption time is short .

The paper is organized as follows. In Section 2, principles of chaotic cryptography including chaotic maps and chaotic encryption are introduced. The proposed chaotic encryption systems using logistic random bit sequence generator, Tompkins-Paige algorithm, and tent Pseudorandom image generator are described in Section 3. In Section 4, simulation results of the proposed image encryption systems are presented. Finally, the security analysis is explained in Section 5.

2. Principle of Chaotic Cryptography

The word cryptography refers to the science of keeping secrecy of information exchanged between a sender and a receiver over an insecure channel. The objective is achieved by data encryption so that only individuals who have the key can decrypt it. The key K, in a typical encryption system, determines the transformation from the set of all possible samples, to the set of all possible permuted samples. An encryption system is a finite set T of transformations from a finite sample space M onto a permuted sample space C. It means that each of the transformations in T must be reversible, so that if a sample m is transformed into the permuted sample c by transformation t, c=t(m), then the sample m is m=t-1(c), where t-1 is the inverse transform of t [16, 17].

In practice, we need to transmit a reasonable amount of information, which requires a large sample space and that in turn implies a large number of keys. The distribution of a large number of keys is liable to cause horrendous management problems. In a practical system, a cryptanalyst will have to worry about time and facilities. Often, the time taken to solve a permuted sample will be of utmost importance. It is quite likely that the samples need to be secret for a limited period of time, referred to as required cover time. Thus, it is certainly possible for a theoretically insecure system to provide adequate practical security . If we set the cryptanalyst a task requiring a large amount of storage, or sufficiently large number of operations, then we may regard our system as practically secure.

With the desirable properties of ergodicity and high sensitivity to initial conditions and control parameters, chaotic maps are suitable for various data encryption schemes. In particular, chaotic maps are easy to be implemented using microprocessors or personal computers. Therefore, chaotic encryption systems generally have high speed with low cost, which makes them better candidates than many traditional ciphers for multimedia data encryption. There are two types of chaotic encryption systems: chaotic stream encryption systems, and chaotic block encryption systems. In chaotic stream encryption systems, a key stream is produced by a chaotic map, which is used to encrypt a plain-text bit by bit. A chaotic block encryption system, on the other hand, transforms a plain-text block by block with some chaotic maps .

2.1. Chaotic Maps

In this subsection, we consider nonlinear and chaotic one-dimensional maps f :  SS, where SR. The set S is S=[0,1]. The one-dimensional dynamical system can be defined by a difference equation similar to xk+1=f(xk),k=0,1,2,,xkS, where the variable k stands for time. A dynamical system consists of a set of possible states, together with a deterministic rule, which means that the present state can be determined uniquely from the past states. The orbit of x under f is the set of points {x,f(x),f2(x),,fn(x)}, where f2(x)=  f(f(x)) and fn(x) means n times iterating of the function   f(x). The starting point x for the orbit is called the initial value of the orbit. A chaotic orbit is one that forever continues to experience the unstable behavior that an orbit exhibits near a source, but that is not itself fixed or periodic . Two well known one-dimensional chaotic maps are tent and logistic maps.

The iterative relation of the tent map is given by .

xk+1={xkp,if0xkp,where  xk[0,1],1-xk1-p,ifpxk1, where x0 is the initial condition and p is the control parameter. The tent map is chaotic if p is in the range of (0,1) and p0.5. Figure 1(a) shows a sample return map of a tent map.

(a) Tent return map (p=0.5). (b) Logistic return map (a=4).

Logistic map is a one-dimensional quadratic map defined by

xk+1=axk(1-xk),xk[0,1], where a is the control parameter, and x0 is the initial condition. The control parameter a should be taken in the range of [3.6,4] to keep the logistic map chaotic. Figure 1(b) shows a sample return map of a logistic map.

The logistic equation involves two multiplications and one subtraction per iteration, while the tent equation includes one division and on average one subtraction. Meanwhile, the tent map has better chaotic behavior than the logistic map. As mentioned above, the range of control parameter (p) of the tent map is about twice the range of the logistic map. However, hardware implementation of the logistic map is simpler. We have used both these in our proposed system to improve security.

2.2. Chaotic Encryption Scheme

Due to the tight relationship between chaos and cryptography, the use of chaotic maps to construct an encryption system has been widely investigated . There are three typical ways of using chaos in an image encryption.

Using chaos as a source to generate Pseudorandom bits with desired statistical properties to realize a secret permutation operation [6, 7, 20].

Using chaos as a source to generate Pseudorandom pixels with desired statistical properties to realize a secret substitution operation [5, 2123].

Using two chaotic maps in both permutation and substitution [8, 11, 12].

The fundamental techniques to encrypt a block of symbols are confusion and diffusion. Confusion can make ambiguous the relationship between the plain-text and the cipher-text. Diffusion can spread the change throughout the whole cipher-text. Substitution, which replaces a symbol with another one, is the simplest type of confusion, and permutation that changes the sequence of the symbols in the block is the simplest method of diffusion. These techniques together are still the foundations of encryption .

2.2.1. Chaotic Permutation

In designing private key cryptographic techniques, permutation methods are considered as important building blocks in conjunction with Pseudorandom sequence generators for selecting a specific permutation key. First, a Key-P is entered as a binary number equivalent to the given key. Then, a 1Dimentional chaotic map generates a random bit-string. Subsequently, a permutation matrix for the system is calculated.

A permutation matrix is an identity matrix with the rows and columns interchanged. It has a single 1 in each row and column; all the other elements are 0. For example,

P=. Any vector A is multiplied by the permutation matrix in order to rearrange its elements. For example from 1-2-3-4 to 4-1-3-2 as shown in

P·A=[a1a2a3a4]=[a4a1a3a2]. For simplicity, the 4×4 matrix p could be expressed as a 4-element vector Q as shown in

Q=.

Therefore, the L×L permutation matrix of the L elements could be expressed as an L-element vector Q for simplicity (2.7), where 1kiL .

Q=[k1k2k3k4kL]. Each element in the vector Q shows the new position of each element in the permuted vector. The elements of the vector are rearranged in a new order according to Ki’s in the simplified permutation matrix, Q. Practically, the element at the kith position is moved to the ith position, respectively. By permutation P on a set of L elements, A,

A=[a1a2a3a4aL]T,P·A=P·[a1a2a3a4aL]T=[d1d2d3d4dL]T, where di=aki, for i=1,2,L (as an example: if  k1=4 then d1  =a4).

2.2.2. Chaotic Substitution

In cryptography, a substitution cipher is a method of encryption by which blocks of plain text are replaced with cipher-text according to a regular system; the blocks may be single or several letters. The receiver deciphers the text by performing an inverse substitution. Substitution ciphers can be compared with permutation ciphers. In a permutation cipher, the blocks of the plain-text are rearranged in a different and usually quite complex order, but the blocks themselves are left unchanged. By contrast, in a substitution cipher, the blocks of the plain-text are retained in the same sequence as in the cipher-text, but the blocks themselves are altered.

A permutation-only encrypted system is insecure against attacks . To improve the security, substitution process is added to the encryption system. The substitution could be one of simple operations such as XOR, XNOR, shift, Add, and/ or a combination of these simple operations. Chaotic map is used as generation of Pseudorandom image for substitution. Actually, chaotic image with a size equal to plain-image is generated. All pixels of permuted image and new chaotic image are combined with modular addition. Substitute operation decreases the correlation between blocks or samples in text and makes its histogram uniform.

3. Design of a Chaotic Image Encryption System

The block diagram of the proposed chaotic image encryption system is illustrated in Figure 2. This system includes two major units, chaotic pixels permutation unit and chaotic pixels substitution unit. Two different dynamical systems, that is, logistic and tent maps are also considered to generate a more complicated key and consequently a highly secure encryption system. In this paper, logistic map is used as a Pseudorandom bit generator while tent map is utilized to generate a Pseudorandom image generator. Pixels of a plain-image are rearranged by the permutation unit. The permutation unit uses a chaotic bit generator and Tompkins-Paige algorithm, to implement a 1D and 2D image permutation. The pixels of the permutated image are then changed in the chaotic pixels substitution unit. The substitution unit is used for the modular addition of the permuted image with a Pseudorandom image. A key that is used for the encryption system includes Key-P and Key-S. Key-P is used as the initial value and control parameter of a logistic map, which is utilized to generate random bit sequences. Key-S is applied to the tent map, as an initial value and the control parameter. Tent map is used to generate a Pseudorandom image. More details of each unit are explained in the following sections.

Block diagram of the chaotic image encryption system.

3.1. Chaotic Pixel Permutation Unit

It is assumed that L pixels are expected to be permuted. The number of possible permutations for L pixels is L!, however not all permutations can be used. The Hamming distance is the number of elements moved by the permutation. The more number of elements moved by the permutation, the larger the Hamming distance. Meanwhile, permutation matrixes that are close to any circularly shifted versions of the identity order produce a permuted sample of high closeness to the original sample. Since typically, we might wish to have a choice of about N permutation matrixes, the number of key bit, M, should be selected such that N<2M-1. In the encryption system, the number of pixels to be permuted L is assumed to be 128, since the image size 128. Therefore, the number of all possible permutations is 128!(3.85E+215) [25, 26].

There are three steps in the design of the permutation subsystem, which are explained as follows. First, a 90 bit key is entered as a binary number equivalent to the given sub key Key-P. It is used as the initial value (26 bits) and control parameter (64 bits) of a logistic random bit generator. Then, a random bit string is generated. Subsequently, integer Pseudorandom numbers are calculated according to its range and Tompkins-Paige algorithm. Finally, Tompkins-Paige algorithm is applied to provide a permutation matrix for permutation of the pixels.

The block diagram of the system is illustrated in Figure 3. Three subsections, logistic random bit sequence (LRBS) generator, Pseudorandom number calculator, and Tompkins-Paige algorithm perform pixel permutation. An LRBS generator is needed as a first stage of the permutation matrix generator. An initial key is used as an initial value and control parameter of the logistic map. A bit-string is generated by LRBS and the integer Pseudorandom numbers are calculated by (3.1). The Tompkins-Paige algorithm is used to generate the target permutation matrix, which is obtained from repetition of some simple permutations.

Block diagram of the chaotic pixel permutation unit.

Chaotic pixel permutation is used as the target permutation matrix to implement 1D and 2D image permutation .

3.1.1. Logistic Random Bit Sequence (LRBS) Generator

Generation of the chaotic random bit sequence is done as follows . An appropriate chaotic map is selected. The logistic map is general and simple as mentioned in Section 2. The probability density function of logistic is not uniform, but by introducing a proper threshold level, the output of the bit sequence becomes uniform. The control parameter and initial value of the map is determined. Then, a real value is generated by each iteration, which is converted into a bit by a single level threshold function. The threshold value is calculated using a computer simulation. Different values are considered and the occurrence of 0 and 1 is examined. The threshold is selected to 0.6 such that the probability of frequencies of 0 (f0) and frequencies of 1 (f1) is approximately equal. A sample histogram of a logistic map with a=3.9 and x0=0.5 is shown in Figure 4. The initial 90 bit Key- P contains a 26bit initial value and a 64 bit control parameter. A string of 768bits, {b0~b767} is generated in 768 iterations of LRBS. If the real output of logistic map in the specific iteration is less than 0.6, the output bit of LRBS is 0, otherwise it is 1.

A sample histogram of a logistic map with a=3.9 and x0=0.5.

3.1.2. Pseudorandom Number Generator

Let bi  (i=0,1,2,) be the ith output bit of the LRBS, which is generated according to the initial key, Key-P. L-1 integer Pseudorandom numbers, gi’s (i=1,2,,L-1) are calculated using these bi’s, as shown in 

g1=1,g2=[(2b0+b1)(1)(22-1)]+1,g3=[(2b2+b3)(2)(22-1)]+1,gi=[(2j-1bk+2j-2bk+1++bk+j-1)(i-1)(2j-1)]+1, where j=log2i+1,k=s=2i-1(log2s+1).x denotes the floor of x. Since the number of permuted pixels (L=128) is equal to the image size, 127 integers (gi) and 768bits (bi) are required. It is obvious that the maximum value of every gi is i, (gi<i+1).

3.1.3. Tompkins-Paige Algorithm

Tompkins-Paige algorithm gives a one-to-one correspondence between the integers and the permutation. As an example, the simple permutation of nine elements of order 7 and degree 3 is shown in the second row. The last 7 elements are disturbed and an end-around shift of 3 elements to the left are performed

. Therefore, the simple permutation of order L-  m1+1 and degree m2-m1 is generally defined as shown in the matrix 

[12m1-1m1m1+1m2-1m2m2+1L12m1-1m2m2+1Lm1m1+1m2+1]. In the above example, m1=3, m2=6, and L=9.

In this example, the target permutation of these 9  elements can be obtained through compounding 8 simple permutations of orders 9 to 2, and for each order an associated degree. In each simple permutation, degree should be less than its order. In General, the target permutation on L elements is the result of compounding L-1 simple permutations with order of L to 2 and degree of gi, where gi is less than the corresponding order in each simple permutation.

In this paper, the Tompkins-Paige algorithm is applied to L=128 elements with order of 128 to 2 and degree of gi. Finally, the 128×128 permutation matrix of the 128 elements is expressed in a 128 elements vector .

As mentioned earlier, L=128 is the number of pixels, to be permuted and gi's are calculated using (3.1), where, gi<i+1.

3.1.4. <inline-formula><mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M156"><mml:mn>1</mml:mn><mml:mi>D</mml:mi></mml:math></inline-formula> Chaotic Pixel Permutation

The main idea behind the present work is that an image can be viewed as an arrangement of 2D pixels . The intelligible information present in an image is due to the correlations among the pixels in a given arrangement. This perceivable information can be reduced by decreasing the correlation among the pixels using certain random permutation techniques.

The image can be seen as a 2D array of pixels, each with 256 gray scales. In pixel permutation techniques the pixels taken from the image are permuted with the key chosen from the key space. There are two options in 1D permutation process: row permutation or column permutation.

In row permutation, according to Figure 3, the Key-P is used to generate the permutation matrix. The pixels of all rows are rearranged with respect to the permutation matrix/vector, as explained in Section 2.2.1. The result of these permutations is discussed in Section 4.

In column permutation, the pixels of all columns are rearranged with respect to the permutation matrix/vector according to the Key-P. The result of these permutations is also presented in Section 4.

3.1.5. <inline-formula><mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML" id="M160"><mml:mn>2</mml:mn><mml:mi>D</mml:mi></mml:math></inline-formula> Chaotic Pixel Permutation

We extend the basic concept of 1D Chaotic pixel permutation in order to design a 2D permutation method. Here row and column permutation are applied simultaneously. In the 2D permutation of the image, the permutation matrix of the rows and columns could be either identical, using the identical Key-P, or different, using the dissimilar Key-P.

In identical permutation approach, the pixels of all rows are first rearranged, with respect to the permutation matrix/vector and the pixels of all columns are then rearranged with respect to the same permutation matrix/vector. The encrypted images that appear as a random noisy image are shown in Section 4.

In a different permutation approach, the pixels of all rows are first rearranged, with respect to the first permutation matrix/vector and the pixels of all columns are then rearranged, with respect to the second permutation matrix/vector. The encrypted images that appear as a random noisy image are also shown in Section 4.

3.2. Chaotic Pixel Substitution Unit

In the permutation part of the system, pixel positions are displaced without changing their gray level values. Hence, the histogram of the permuted image is similar to the histogram of the plain-image. The permuted image however cannot resist against "statistical" and “known plain text” attacks . To improve the security of the proposed encryption system, its histogram needs to approximate the uniform distribution. This improvement is done using a substitution scheme, shown in Figure 5.

Block diagram of the chaotic pixel substitution unit.

There are two main subunits in the substitution unit, tent Pseudorandom image generator and modulo addition. A 128 bits key (Key-S) is entered to the tent map, 64bits as an initial value of the map and the remaining bits as the control parameter. Tent map is used to generate a Pseudorandom image. In each iteration of the tent map, a Pseudorandom number between 0 to 1 is generated. For each 128×128 image, 16 384 iterations are required. Since a 256 gray-scale image is selected, the Pseudorandom number should be linearly transformed to the range of [0,255]. Then, the permuted image is modularly added with random image pixel-wise in mod 256. The substitution procedure decreases a correlation between pixels and makes the histogram more uniform.

3.2.1. Tent Pseudorandom Image (TPRI) Generator

There are two options to generate a chaotic Pseudorandom image. A chaotic random generator along with a simple threshold detector similar to Section 3.1 could be utilized. Afterward, every 8bits stream should be converted to a gray scale of a pixel. As a second option, a chaotic random generator along with a linear transform may be used. The transformer is employed to convert a real range of [0,1] to an integer range of [0,255] linearly. It is completed by introducing 255 threshold levels. As the latter seems to be faster, modification of chaotic random generator has been done as follows:

Tent map is chosen as a chaotic system instead of a logistic map, since its probability density function (PDF) is uniform and implementation is almost simple.

Control parameter and initial condition of the map is determined by Key-S. Each of them is defined with 64bits and a simple linear transformation.

Real values of chaotic sequences are generated by iterations of the map: x0,x1,x2,,x(nxn) where n is the image size.

255 threshold levels in the range [0,1) are defined and a gray scale of pixels from 0 through 255 are attributed to them, respectively.

TPRI output seems to be a noisy image and its histogram is uniform.

3.2.2. Modulo Addition for Chaotic Pixel Substitution

It is desirable to decrease intelligibility of the encryption image. That is achievable with a substitute operation such that the final histogram becomes uniform and correlation between pixels is reduced. The permuted image could therefore be mixed with a noise image, TPRI. Modulo addition/subtraction is more suitable than XOR/XNOR operation. In this research, modulo 256 additions are performed. At the encryption side, the 2D permuted image, called PIM, is added modularly with the TRPI Image, called TIM, pixel wise to generate the encrypted image, called EIM. This is shown in

EIMi,j=PIMi,j+TIMi,jmod256, where i  and j are the coordinates of the pixels in the range of [0,255].

In the decryption side, to recover the 2D encrypted image, the same TRPI Image should be modularly subtracted from the 2D encrypted image in mod 256. After that, the product image will be depermuted to retrieve a plain image. The simulation of the proposed encryption system is investigated in Section 4.

4. Simulation of the Chaotic Image Encryption System

The proposed chaotic image encryption along with individual permutation and substitution has been simulated using MATLAB tools. In order to verify the exact operation of the proposed encryption system, and according to the process map of the system, that is, Figures 2, 3, and 5, the proposed chaotic image encryption has been coded and simulated. A 128×128 Lena image with 256 gray scales is used as a plain-image. The results obtained by the Lena gray scales image are demonstrated.

The proposed encryption system includes two major units, chaotic pixels permutation unit and chaotic pixels substitution unit. Three processes called logistic random bit sequence (LRBS) generator, Pseudorandom number calculator, and Tompkins-Paige algorithm are used to perform the pixel permutations.

First, the logistic map to generate a string of bits uses a Key-P with 90bits. Since the chaotic range of the initial parameter is about 0.4, 26bits of Key-P are used as an initial value. 64bits are considered as a control parameter. Then 127 integer Pseudorandom numbers, degree, are calculated and used as the degree of permutation. The Tompkins-Paige algorithm is then used to find the target permutation by multiplication of 127 simple permutations. A sample of identity and permutation matrix of a sample key is presented in Figure 6.

A sample of identity and permutation matrix.

Subsequently, as shown in Figure 5 and explained in Section 3.2, Key-S (128 bits) is entered as an input variable to the system, 64 bits as an initial value of the map and 64 bits as the control parameter. A Pseudorandom image of size 128×128 with 256 gray scales is generated using the tent map. The pixels of the Pseudorandom image are then modularly added with the pixels of permutated image of the previous phase to generate the final encrypted image.

Afterward, an 128×128 image with 256 gray scales (Figure 7) is used as a plain-image and applied to the proposed encryption system. The output of each stage is shown next. The results of row and column permutation unit are shown in Figures 8 and 9, respectively.

128×128 Lena image with 256 gray scales and its image histogram.

Row chaotic pixel permutation of Lena image.

Column chaotic pixel permutation of Lena image.

In Figure 10, the result of the 2D permutation of plain-image is illustrated, where the permutation matrixes of the rows and columns are identical using the identical Key-P’s. Figure 11 shows another 2D permutation with different permutation matrixes, using different Key-P’s. The encrypted images of Figures 10 and 11 approximate Pseudorandom noisy images.

Row-Column chaotic 2D pixels permutation of Lena image (identical permutation matrixes for row and column).

Row-Column chaotic 2D pixels permutation of Lena image (different permutation matrixes for row and column).

A 128 bits key is then entered to the tent map, 64bits as an initial value of the map and 64bits as the control parameter. Tent map is used to generate a Pseudorandom image. In each iteration of the tent map, a Pseudorandom number between 0 to 1 is generated. The Pseudorandom number should be linearly transformed to a range of [0,255], since a 256 gray scale image is desired. Then, the permuted image is modularly added with Pseudorandom image pixel-wise in mod 256. Figure 12 illustrates an example of a 128×128 tent Pseudorandom image with 256 gray scales and its histogram. It is similar to a noisy image.

128×128 tent Pseudorandom image with 256 gray scales and its image histogram.

Finally, the 2D permuted image is modularly added with the TRPI Image pixel-wise in mod 256. The results of the modularly addition stage and its histogram are depicted in Figure 13. The final histogram clearly appears uniform.

Proposed Chaotic Encrypted Image of Lena with 256 gray scales and its image histogram.

5. Security Analysis

In this section, the performance of the proposed chaotic image encryption system is analyzed. The security analysis presented in this section is based on the performance of only one round of operation of the proposed encryption system including a 2D permutation and a substitution. However, to improve the security of the proposed algorithm, more than one iteration can be applied with different keys. The first criterion for this security analysis is the chi-square test of histogram of each encrypted image. The second criterion is the correlation coefficients of pixels in the encrypted image in the vertical, horizontal, and diagonal directions. The third criterion is the difference between each encrypted and corresponding plain-image, which is measured by mean absolute difference, number of pixel change rate, and unified average changing intensity. The fourth criterion in this security analysis is key space.

5.1. Histogram

The histogram of the plain-image is illustrated in Figure 7. The histograms of all permuted images shown in Figures 8 to 11 are similar to the histogram of the plain-image. The histogram of the encryption system has to approximate the uniform distribution. The result of the encryption system and its histogram are illustrated in Figure 13. The histogram is approximated by a uniform distribution. The uniformity is justified by the chi-square test  in

χ2=k=1256(vk-64)64, where k is the number of gray levels (256), vk is the observed occurrence frequencies of each gray level (0–255), and the expected occurrence frequency of each gray level is 64. Assuming a significant level of 0.05,χ2(255,0.05)=293. Chi-square value for the final encrypted image of the proposed system is 290, χ2(test)=290.This implies that the null hypothesis is not rejected and the distribution of the encrypted histogram is uniform, χ2(test)<χ2(255,0.05) .

5.2. Correlation Coefficient

The proposed chaotic image encryption system should be resistant to statistical attacks. Correlation coefficients of pixels in the encrypted image should be as low as possible [12, 31]. Horizontal, vertical, and diagonal correlation coefficients (rxy) of two adjacent pixels can be calculated using the following equations:

rxy=COV(x,y)D(x)D(y),D(x)=1Ni=1N(xi-1Ni=1Nxi)2,COV(x,y)=1Ni=1N(xi-E(x))(yi-E(y)), where x and y are gray-scale values of two adjacent pixels in the image and E denotes the expectation operator shown in

E(z)=1Ni=1Nzi. About a thousand pairs of two adjacent (in vertical, horizontal, and diagonal direction) pixels are randomly selected from the encrypted image, and the correlation coefficients are calculated, respectively. The results are shown in Table 1. It is clear that the correlation coefficients of the proposed encrypted image (Figure 13) in all three directions are smaller than the correlation coefficients of the proposed permuted image (Figure 7). Correlation coefficients of tent Pseudorandom image (Figure 12) are also small.

Comparison of correlation coefficients of the proposed methods.

Correlation coefficientPlain-image (Figure 7)Proposed permuted image (Figure 10)Proposed tent Pseudorandom image (Figure 12)Proposed encrypted image (Figure 13)
Horizontal (H)0.7980.0430.1490.005
Vertical (V)0.8670.2710.0330.011
Diagonal (D)0.7690.0540.0510.023
(H2+V2+D2)0.51.4070.2800.1610.026
Average (H, V, D)0.8110.1230.0780.013

Meanwhile, the correlation coefficients of the proposed methods (Table 1: column 5, Table 2: column 6) are compared with results of four other papers [6, 9, 10, 32], which are shown in Table 2. As shown, the average correlation coefficient of the proposed system is less than all of the other methods.

Comparison of correlation coefficient of the proposed method and the other methods.

Correlation coefficientMao et al. Zhang et al. Gao et al. Zhou et al. Proposed encrypted image (Figure 13)
Horizontal (H)0.0450.0820.0160.0120.005
Vertical (V)0.0280.0400.0650.0270.011
Diagonal (D)0.0210.0050.0320.0070.023
(H2+V2+D2)0.50.0570.0910.0740.0300.026
Average (H, V, D)0.0310.0420.0380.0150.013
5.3. Difference between Encrypted and Plain-Images

The encrypted image should be significantly different to the original one. To quantify this requirement, three measures are used: mean absolute error (MAE), the number of pixel change rate (NPCR), and unified average changing intensity (UACI) [1, 30].

The performance of each stage of the difference between permuted/encrypted and plain-images is measured by the mean absolute error (MAE) criterion in

MAE=1L×Lj=1Li=1L|aij-bij|, where L, size of image, is equal to 128. The parameters aij and bij are gray-scale values of pixels in plain and encrypted images, respectively. The larger the MAE value, the better the encryption security. According to the selected key, the results are shown in Table 3. It is illustrated that MAE of the proposed column permutated image is about 23, while the MAE for row permuted image and 2D permuted image are about 27. The MAE of proposed encrypted image is about 35 that is 26 percent more than MAE of row and 2D permutation. It is obvious that substitution and permutation are more secure than only-permutation encryption systems.

A comparison of MAE of different methods.

Proposed MethodsMAE
Row Permutation27.48
Column Permutation22.99
2D Permutation27.84
Substitution and Permutation35.13

The NPCR is the percentage of corresponding pixels with different gray levels in two images. Let C1(i,j) and C2(i,j) be the gray level of the pixels at the ith row and jth column of two W×H images. The NPCR of these two images is defined in

NPCR=i,jD(i,j)W×H×100%, where D(i,j) is defined as

D(i,j)={0,ifC1(i,j)=C2(i,j),1,ifC1(i,j)C2(i,j). Another measure, UACI, is defined as the average intensity difference in a gray level of corresponding pixels and is defined as

UACI=1W×H[i,jC1(i,j)-C2(i,j)2L-1].

Considering two Pseudorandom images, the expected value of NPCR is found to be 99.61%. The proposed method is evaluated using this criterion and NPCR of Figure 13 is 99.7%. In the case of two Pseudorandom images, the expected value of UACI can be computed as 33.46%, assuming each gray level is coded with 8 bits. The proposed method is evaluated using this criterion too and UACI of image in Figure 13 is 29.3%.

As shown in Table 4 our proposed method with 0.09% difference to the expected value of NPCR is improved compared to the other reported methods. It also shows that, our method has advantage with respect to UACI criteria, with a difference of about 10% to its expected value.

Comparison of NPCR and UACI criteria of proposed method and the others.

Criteria (expected value)Mao et al.  first roundZhang et al.  2nd roundGao et al. Zhou et al.  2nd roundProposed method first round
NPCR (99.61%)37%21.5%NA25.0%99.7%
UACI (33.46%)9%2.5%NA8.5%29.3%
5.4. Key Space Analysis

Key space should be sufficiently large to make brute-force attack infeasible. Key space is the total number of different keys that can be used in the encryption system. The keys of the proposed system in this paper consist of permutation key, Key-P =90bits, and substitution key, Key-S =128bits. Each key includes initial value and control parameter of corresponding chaotic maps. Only 26 bits are used as parameter of logistic map, since the chaotic range of logistic map is about 40% of a chaotic range of tent map. The total key length is 218bits, which contain three equal 64 bits plus 26 bits. Therefore, the key space is 2218, that is, 4.12×10+65. It is shown that, the key space is large enough to resist the proposed system against any brute-force attack. Comparison of the key length in our proposed method with the others is shown in Table 5.

Comparison of Key length of proposed method and the others.

KeyMao et al. Zhang et al. Gao et al. Zhou et al. Proposed Method
Length (Bin.)2128NA*215021122218
Length (Dec.)1038NA104510331065

It is possible to increase the number of bits for total key in hardware implementation. However, by increasing the key length, volume of hardware is increased and consequently speed of the system is decreased. With respect to the speed of the today’s computers, the key space size should be more than 2100=1030 in order to avoid brute-force attacks .

6. Conclusion

In this paper, we presented a new permutation-substitution image encryption architecture using chaotic maps and Tompkins-Paige algorithm. The proposed encryption system included two major parts, chaotic pixels permutation and chaotic pixels substitution. A logistic map was used to generate a bit sequence, which was in turn used to generate Pseudorandom numbers in Tompkins-Paige algorithm, in pixel permutation phase. Pixel substitution phase, included two processes, the tent Pseudorandom image (TPRI) generator and modulo addition operation. A tent map was used to produce a Pseudorandom image that was mixed with the permuted image.

The permutation and substitution operations needed two different keys, Key-P and Key-S, respectively. The total key length was 218bits. Therefore, the key space was 2218, that is, 4.12×10+65, which was large enough to protect the system against any brute-force attacks.

The image was a 2D array of pixels, each with 256 gray scales. The 2D permutation was designed by permutation of rows and columns simultaneously. To improve security of the proposed encryption system, the histogram needed to become uniform. This was achieved by pixel substitution. There were two main parts for pixel substitution here, tent Pseudorandom image generator and modulo addition operation. A Key-S was entered in to the tent map to generate a Pseudorandom image with uniform histogram. Subsequently, pixels of permuted image were modularly added to pixels of random image with uniform distortion.

All parts of the proposed chaotic encryption system were simulated using a computer code. The histogram of the encrypted image was approximated a uniform distribution. The uniformity was justified by the chi-square test. Chi-square value shows that the distribution of the histogram of the encrypted image is uniform. The vertical, horizontal, and diagonal correlation coefficients, as well as their average and RMS values for the proposed encrypted image were calculated. The individual values and their average and RMS values of correlation coefficients were lower than the corresponding values from previous research by a factor between 13% to 70%. Therefore, the proposed encryption system was resistant against any statistical attack.

To quantify the difference between encrypted image and corresponding plain-image, three measures were used: mean absolute error (MAE), number of pixel change rate (NPCR), and unified average changing intensity (UACI). It was concluded that the NPCR and UACI criteria of the proposed system were satisfactory when compared to other research results as was the security performance of the proposed system. All these results were obtained in only one round of encryption process.

Acknowledgment

The authors would like to thank Dr. Mehrnaz Shoushtarian, for her useful comments and suggestions.

MitraY. V.RaoS.PrasannaS. R. M.A new image encryption approach using combinational permutation techniquesInternational Journal of Computer Science200612127131Van de VilleD.PhilipsW.Van de WalleR.LemahieuI.Image scrambling without bandwidth expansionIEEE Transactions on Circuits and Systems for Video Technology200414689289710.1109/TCSVT.2004.828325EID2-s2.0-2942661839YangM.BourbakisN.LiS.Data-image-video encryptionIEEE Potentials2004233283410.1109/MP.2004.1341784EID2-s2.0-33747065479FridrichJ.Image encryption based on chaotic maps2Proceedings of the IEEE International Conference on Systems, Man and Cybernetics199711051110EID2-s2.0-0031351370ChenG.MaoY.ChuiC. K.A symmetric image encryption scheme based on 3D chaotic cat mapsChaos, Solitons & Fractals2004213749761MR2043749ZBL1049.9400910.1016/j.chaos.2003.12.022EID2-s2.0-1342306864MaoY.ChenG.LianS.A novel fast image encryption scheme based on 3D chaotic baker mapsInternational Journal of Bifurcation and Chaos2004141036133624MR2107566ZBL1064.9450910.1142/S021812740401151XEID2-s2.0-10444257964GuanZ.-H.HuangF.GuanW.Chaos-based image encryption algorithmPhysics Letters A20053461–315315710.1016/j.physleta.2005.08.006EID2-s2.0-24944459842LianS.SunJ.WangZ.A block cipher based on a suitable use of the chaotic standard mapChaos, Solitons & Fractals200526111712910.1016/j.chaos.2004.11.096EID2-s2.0-17644405819ZhangL.LiaoX.WangX.An image encryption approach based on chaotic mapsChaos, Solitons & Fractals2005243759765MR2116284ZBL1083.9401110.1016/j.chaos.2004.09.035EID2-s2.0-12244258246GaoH.ZhangY.LiangS.LiD.A new chaotic algorithm for image encryptionChaos, Solitons & Fractals200629239339910.1016/j.chaos.2005.08.110EID2-s2.0-31444446656ZhouQ.WongK.-W.LiaoX.XiangT.HuY.Parallel image encryption algorithm based on discretized chaotic mapChaos, Solitons & Fractals20083841081109210.1016/j.chaos.2007.01.034EID2-s2.0-45849121786PisarchikA. N.ZaninM.Image encryption with chaotically coupled chaotic mapsPhysica D20082372026382648MR2514123ZBL1148.9443110.1016/j.physd.2008.03.049EID2-s2.0-51249123329PareekN. K.PatidarV.SudK. K.Image encryption using chaotic logistic mapImage and Vision Computing200624992693410.1016/j.imavis.2006.02.021EID2-s2.0-33747058774EhsaniM. S.BorujeniS. E.Fast Fourier transform speech scrambler1Proceedings of the 1st International IEEE Symposium on Intelligent Systems2002248251BorujeniS. E.ZakerolhoseiniA.Permutation based image encryption using pseudo random number generator and Tompkins-Paige algorithmProceedings of the International Conference on Robotics, Vision, Information and Signal Processing2007Penang, Malaysia478481ShannonC. E.Communication theory of secrecy systemsThe Bell System Technical Journal194928656715MR0032133StinsonD. R.Cryptography: Theory and Practice20022ndBoca Raton, Fla, USAChapman & Hall/CRCxiv+339CRC Press Series on Discrete Mathematics and Its ApplicationsMR1911330AlligoodK. T.SauerT. D.YorkeJ. A.Chaos: An Introduction to Dynamical Systems1997New York, NY, USASpringerxviii+603Textbooks in Mathematical SciencesMR1418166FurhtB.KirovskiD.Multimedia Security Handbook2005Boca Raton, Fla, USACRC PressYenJ.-C.GuoJ.-I.A new chaotic key-based design for image encryption and decryption4Proceedings of IEEE International Symposium on Circuits and Systems (ISCAS '00)May 2000Geneva, Switzerland495210.1109/ISCAS.2000.858685de OliveiraL. P. L.SobottkaM.Cryptography with chaotic mixingChaos, Solitons & Fractals2008353466471MR2359835ZBL1139.9400510.1016/j.chaos.2006.05.049EID2-s2.0-34548615503LianS.SunJ.WangZ.Security analysis of a chaos-based image encryption algorithmPhysica A20053512–464566110.1016/j.physa.2005.01.001EID2-s2.0-16344371432YuanzhiW.GuangyongR.JulangJ.JianZ.LijuanS.Image encryption method based on chaotic mapProceedings of the 2nd IEEE Conference on Industrial Electronics and Applications (ICIEA '07)20072558256010.1109/ICIEA.2007.4318874EID2-s2.0-35248889427LiS.ChenG.ZhengX.Chaos-based encryption for digital images and videosMultimedia Security Handbook2004Boca Raton, Fla, USACRC Press133167BorujeniS. E.Speech encryption based on fast Fourier transform permutation1Proceedings of the 7th IEEE International Conference on Electronics, Circuits and Systems (ICECS '00)2000290293SakuraiK.KogaK.MurataniT.A speech scrambler using the fast Fourier transform techniqueIEEE Journal on Selected Areas in Communications198423434442EID2-s2.0-0021421736PolyaG.Applied Combinatorial Mathematics1981KriegerXiaoH.-P.ZhangG.-J.An image encryption scheme based on chaotic systemsProceedings of the International Conference on Machine Learning and Cybernetics2006Dalian, China2707271110.1109/ICMLC.2006.258930EID2-s2.0-33947215704ZouJ.XiongC.QiD.WaroR. K.The application of chaotic maps in image encryptionProceedings of the 3rd International IEEE Northeast Workshop on Circuits and Systems Conference (NEWCAS '05)2005Quebec City, Canada33133410.1109/NEWCAS.2005.1496703EID2-s2.0-33745799480KwokH. S.TangW. K. S.A fast image encryption system based on chaotic maps with finite precision representationChaos, Solitons & Fractals200732415181529MR2286314ZBL1127.9400410.1016/j.chaos.2005.11.090EID2-s2.0-33845402246BorujeniS. E.EshghiM.Design and simulation of encryption system based on PRNG and Tompkins-Paige permutation algorithm using VHDLProceedings of the International Conference on Robotics, Vision, Information and Signal Processing2007Penang, Malaysia6367ZhouF.CaoG.LiB.Design of digital image encryption algorithm based on compound chaotic systemJournal of Harbin Institute of Technology200714supplement 23033EID2-s2.0-34249340871AlvarezG.LiS.Some basic cryptographic requirements for chaos-based cryptosystemsInternational Journal of Bifurcation and Chaos200616821292151MR226600610.1142/S0218127406015970EID2-s2.0-33750542126