Image Encryption Scheme Based on Balanced Two-Dimensional Cellular Automata

Cellular automata (CA) are simple models of computation which exhibit fascinatingly complex behavior. Due to the universality of CA model, it has been widely applied in traditional cryptography and image processing. The aim of this paper is to present a new image encryption scheme based on balanced two-dimensional cellular automata. In this scheme, a random imagewith the same size of the plain image to be encrypted is first generated by a pseudo-random number generator with a seed.Then, the random image is evoluted alternately with two balanced two-dimensional CA rules. At last, the cipher image is obtained by operating bitwise XOR on the final evolution image and the plain image. This proposed scheme possesses some advantages such as very large key space, high randomness, complex cryptographic structure, and pretty fast encryption/decryption speed. Simulation results obtained from some classical images at the USC-SIPI database demonstrate the strong performance of the proposed image encryption scheme.


Introduction
Nowadays images are widely used in multimedia applications.These images often contain private or confidential information and sometimes they are associated with financial interests.Security thus becomes increasingly important in the communication and storage of these images.In order to guarantee security, we need process images with the help of cryptography.The purpose of cryptography is to hide the content of messages by encrypting them, so as to make them unrecognizable unless decrypted by someone who has been given a special decryption key.There are several conventional encryption methods which are often used to encrypt common messages or texts, but these traditional cryptographic algorithms do not fit image encryption because of the different characteristics between digital data and image data.The notion of "image encryption" is aiming toward the emerging cryptographic technologies and applications on images.Image encryption has applications in many fields such as internet communication, multimedia systems, medical imaging, telemedicine, and military communication.However, images have intrinsic characteristics like bulk data capacity and high redundancy, as well as realtime requirement.Encryption on images has its own special requirements.
In the first beginning, some researchers designed image encryption schemes with one-dimensional (1D) CA [17,18].Because the image is a two-dimensional array of pixels instead of a one-dimensional digital data, two-dimensional (2D) cellular automata will be more suitable to be applied for image encryption.So later, some people introduced twodimensional CA in the application of image encryption.But many of them used Von Neumann neighborhood [12,13,19,20], or incomplete Moore neighborhood [14], instead of Moore neighborhood, which influenced the capacity of key space.In this paper, a new image encryption method is proposed based on balanced two-dimensional cellular automata with complete Moore neighborhood.Firstly, we use 2D cellular automata with complete Moore neighborhood which is easy to get larger key space.Secondly, we use balanced CA rules which are helpful to generate cipher images with higher randomness.Thirdly, we choose several rows from the initial random image to generate the sequence which controls the order of two balanced CA rules with different radius, which enhances the complexity of our encryption scheme.Furthermore, the encryption/decryption algorithms with their properties are tested and analyzed.Results show that this image encryption is lossless and has a good statistical performance.
This paper is organized as follows.Some background knowledge of 2D CA is described in Section 2. The proposed image encryption/decryption method is presented in Section 3. Simulation results are given in Section 4. The key space analysis and other security analysis are shown in Section 5. Finally, some conclusions are presented in Section 6.

2D Cellular Automata
A cellular automaton is a discrete dynamical system that consists of an arrangement of basic components called cells together with a transition local rule  [1].The cells have a finite number of states that are updated synchronously according to the specified local rule.Configuration   consists of all the states of cells at time .Since image is made up of pixels specified by two-dimensional plane coordinates, we take a two-dimensional CA as example in a concrete description.Z 2 is the underlying space of the two dimensional CA.The cells are arranged in the form of a square lattice structure.The intersections of squares form the cells of the automaton.We can use (, ) to specify every cell whose state is assumed to be 0 or 1 and whose neighborhood is the set of nine cells ( ± 1, ), (,  ± 1), ( ± 1,  ± 1), and (, ).The neighborhood is the so-called Moore neighborhood which is formed by the specified cell (, ) with its eight nearest neighbors.We denote the state of cell (, ) by  , .Then, the nine cells are arranged in  in such a way as Hence,  can be expressed in equations as follows: where bin() means the as the radius- neighborhood of the cell ( 1 ,  2 ).Note that there are 25 cells in every cell's radius-2 neighborhood, and the number of independent variables of local rule achieves 2 25 .Then, the set of local rules would contain elements.Similar to radius-1 neighborhood local rule, we represent the radius-2 neighborhood local rule  by For example, represents a 8388608-bit hexadecimal number, that is, 33554432-bit binary number, combined by 262144 copies of the same hexadecimal number 0x28753046191578039426 together.If exactly half of these 33554432 binary numbers are 0,  is also a balanced CA local rule.A radius- neighborhood local rule can be similarly represented if  ≥ 3. Suppose that the original configuration is  0 at time  = 0, and the states of cells, say, in the radius-1 neighborhood of a cell whose state is  0 are  0 ,  1 , . . .,  8 .If we operate the rule  on  0 , the state of the cell will change to be ( 0 ,  1 ,  2 , . . .,  8 ) at time  = 1.All cells' states can be obtained in the same way.We put the states together to obtain configuration  1 which can be considered as the result of the global transformation   acting on  0 .We can write  1 =   ( 0 ).Sometimes, we simply write  1 = ( 0 ).Furthermore,  2 = ( 1 ),  3 = ( 2 ),  4 = ( 3 ), . . .can be generated in succession.

The Proposed Image Encryption and Decryption Scheme
Because every image is finite while Z 2 is infinite, we must deal with this contradiction by applying two dimensional CA.If we consider the image to be on a topological anchor ring, that is, the right border of the image laps the left one and the top border superposes the bottom one, then every pixel has nine neighbors (including itself) in its neighborhood in the image.Without loss of generality, we take black-and-white binary image  with height  and width  to illustrate how to encrypt image by applying the proposed CA approach.Let black represent 1 and let white represent 0 in a blackand-white binary image .Each row of image  can be considered as a 0-1 binary string of length .
Our proposed image encryption/decryption scheme is a kind of stream cipher.In our image encryption scheme, the sender Alice and the receiver Bob agree on some necessary information in the beginning: a selected balanced radius-1 neighborhood local rule  0 , a selected balanced radius-2 neighborhood local rule  1 , a seed(seed) which is used to generate pseudo-random numbers, a subpermutation () =  1  2 . . .  of {1, 2, . . ., }, where   ∈ {1, 2, . . ., }, 1 ≤  ≤ , 1 ≤  ≤ .In other words, Alice should transmit  0 ,  1 , seed, and () to Bob through secret channel before she sends cipher images.Alice generates an original random binary image   with the same size as the plain image  by a pseudo-random number generator (PRNG) with seed.Denote the   th row of   by    , where   ∈ {1, 2, . . ., }.   will be a binary string of length .We concatenate the strings   1 ,   2 , . . .,    one by one, then we get a binary string of length , denoted by L, that is, L =   1 ,   2 , . . .,    .Here L can be considered as a control sequence to determine whether  0 or  1 is being used in the encryption process.Suppose where   is 0 or 1, 1 ≤  ≤ , and the short vertical lines are used to facilitate observation.The proposed image encryption/decryption scheme is described as follows.

The Image Encryption Algorithm
Step 1. Alice generates   by a PRNG with seed.Let  = 1 and  0 =   be the configuration at time  = 0.
Step 4. Alice obtains the cipher-image  =   ⊕  through the operation of XOR on   and .
Step 5. Alice sends  to Bob.

The Image Decryption Algorithm.
Step Let  = 1.
Step 4. Bob easily recovers the original secret black-andwhite binary image  through the operation of XOR on   and  because   ⊕  =   ⊕ (  ⊕ ) = .

Simulation Experiments
As an example, we take the classic gray-scale image "Lena" with size ×, as the plain image  to show our algorithm.
Here,  =  = 128.The gray scale of each pixel in the image is between 0 and 255.In order to use our algorithm, we represent each pixel's gray scale in the binary number system.For example, let   be the gray scale of the pixel in the th row and th column and   =  1 ,  2 , . . .,  8 , where   = 0 or 1, 1 ≤  ≤ 8.Then, we regard "Lena" image as composition of 8 layers.Each layer is a black-and-white image of size  × .
And the pixel located in the th row and th column of the th layer is black if   = 1 and white if   = 0.In other words, the th layer consists of all the pixels with value 0 or 1 that equals to the th bit of the binary representation of each pixel of "Lena" image.Suppose Alice and Bob both agree on the balanced radius-1 neighborhood local rule  0 and balanced radius-2 neighborhood local rule  1 being  0 = 0x(1683) 16 ,  1 = 0x(2875304619) 524288 , (10) respectively.Of course they can choose other appropriate balanced CA rules as they want.
Alice generates a random gray-scale image   with the same size of "Lena" image by the PRNG with seed.  is also  considered as composition of 8 layers.Each layer consists of all the pixels with value 0 or 1 that equals to the th bit of the binary representation of each pixel of image   .For each layer of plain image , this system uses one corresponding layer of   to encrypt it.
Figure 1 is "Lena, " the original gray-scale image  encrypted by using our algorithm.And the encryption result is shown in Figure 2.After deciphering the cipher image  by performing the process of decryption with the help of random image   , Bob can get the recovered image which is identical to the original "Lena" image in Figure 1.

Security Analysis
A good encryption scheme should be robust against all kinds of attacks that are already known, and key space should be large enough to make brute-force attack infeasible.In this section, some security analyses such as key space analysis, statistical analysis, and confusion analysis, have been performed on the proposed image encryption scheme to show that the proposed scheme is secured against the most common attacks.

Key Space Analysis
. Key space should be large enough to be robust against the unpredicted attacks.In our encryption scheme, we only need at most ( + 4 + 64) byte memory to store the sequential local rules   1 ,   2 , . . .,    , which can be realized easily in practice.If the eavesdropper Charlie wants to break this scheme by brute force, he must contend with searching through all subpermutations of {1, 2, . . ., }, all ( 512 256 ) possible balanced radius-1 neighborhood local rules and all ( 33554432 16777216 ) possible balanced radius-2 neighborhood local rules.By counting arguments, we can know that the number of all subpermutations of {1, 2, . . ., } is where  is the base of natural logarithm.Hence, the volume of security key of our encryption scheme is approximately The volume of security key of the scheme that we proposed is much larger than 256, which is the volume of security key introduced in [14].And it is also larger than 10 9536 , 10 2194× , and 10 14775 which are the lower bounds of the volume of security key introduced in [12], [19], and [20], respectively.In addition, it is larger than the volume of security key introduced in [16][17][18].This makes the algorithm robust against unpredicted attacks.

Statistical
Analysis.An encryption algorithm should be robust against statistical attacks.For testing it, statistical analysis such as image histogram and correlation coefficient of images has been conducted.In order to get the better statistical performance, we use the balanced CA rules instead of common CA rules in our proposed image encryption scheme.It is clearly shown in Figure 3 that the histogram of the encrypted image is almost uniform regardless of the original image and is significantly different from that of the original image, so statistical attacks will become very difficult.

Correlation Coefficients.
In a digital image pixels are not independent and their relevance is great.This may indicate that a large area of the image has similar gray-scale value.For example, in a common television digital image, the correlation coefficient of adjacent pixels may reach 0.9; that is, the relevance (which means information redundancy) is very big.The smaller the relevance, the better is the encryption effect and the higher is the security.We show the fact that the relevance between plain images and cipher images is very small in two ways.
First we repeat the encryption scheme 16 times using the plain-image "Lena." Each time a different random image   is generated for the encryption scheme.We calculate the correlation coefficients between the plain-image  and the ciphered-image .Here, we use the formulae in [21]: where  are the gray-scale values of all the pixels in the images ,  are the gray-scale values of all the pixels in the images , and  is total number of pixels of  or . can vary between −1 and 1, so 0 ≤ || < 1.If || is near 1, we will conclude that  and  are correlated and if || is near 0, we will conclude that there is a trivial correlation between  and .All the correlation coefficients are calculated and listed in Table 1 as below.
Second, we test horizontal, vertical, and diagonal correlations for the plain-image and cipher-image after the encryption process.A number of 4096 random pairs of horizontally, vertically, and diagonally adjacent pixels have been tested.Numerical results are shown in Table 2.
Correlation coefficients in the table are between −1 and 1.It is a fact that the closer the coefficients are to zero, the smaller the correlation between pixels is.The results show that the correlation coefficients of the encrypted image are close to zero, so correlation between pixels of the encrypted image is very small.This indicates little possibility of prediction and high security.
In order to see it more clearly, we show the correlation of two horizontally, vertically, and diagonally adjacent pixels in the original image and the encrypted image in Figure 4.Note that to be more explicit, only 600, instead of 4096, points are drawn in each frame.

Confusion Analysis.
In Shannon's original definitions, confusion refers to making the relationship between the ciphertext and the private key as complex and involved as possible.An excellent encryption algorithm should be sensitive to small changes in key.In other words, a slight change in the key can cause very different results.For example, in the experiment simulation, we use  0 and  1 to encrypt the plain-images.Then we make a very slight modification, for example, changing the first bit of the Wolfram number of  0 to its complement to get   0 .In order to prove that the very small change can lead to a large difference, we perform two simulations as follows.
(1) Encrypt three classical images at the USC-SIPI database [28] with key CA rules  0 and  1 ,   0 and  1 , respectively, while the subpermutation () is the same.Here "Lena, " "House, " and "Pepper" are used as examples.The correlation coefficients between each pair of encrypted images are calculated in Table 3, which shows that a small change of key can lead to very different results.
In order to give a clearer quantitive illustration, we introduce two indexes NPCR and UACI for further analysis.
(I) NPCR Analysis.In this analysis, a 128 × 128 image "Lena" is chosen and encrypted by using  0 and  1 to get  1 .Then, it is encrypted once again by using   0 and  1 to get  2 .Label the gray-scale values of the pixels at grid (, ) in  1 and  2 by  1 (, ) and  2 (, ), respectively.Define the "difference array, " , which is a binary array, with the same size as images  1 and  2 .And (, ) is determined by  1 (, ) and  2 (, ), namely, The number of pixels change rate (NPCR) is defined as where  and  are the width and height of  1 or  2 .
For two independent random images, the expected value of NPCR is (NPCR) = (1 − 2 − ) × 100%, where  is the number of bits used to represent one pixel of the image.For ] × 100%, (16) where  and  are the width and height of  1 or  2 .
The UACI measures the average intensity of the differences between the two cipher images.For two random images, the expected value of UACI is where  is the number of bits used to represent one pixel of the image.For two 8-bit per pixel random gray-scale images, the expected value of UACI is (UACI) = 33.4635%.
In our study, we encrypt the plain-image "Lena" with key CA rules  0 and  1 .Then, we encrypt the plain-image "Lena" once again with key CA rules   0 and  1 . 0 and   0 only differ in the first bit.Finally, the encrypted images are compared.We measure NPCR and UACI of the two cipher images with only one bit difference in key rules and the results are given in Table 4.
As you see in Table 4, the NPCR and UACI values of the scheme are very near to the ideal values 99.6094% and 33.4635%, respectively.Based on these findings, we conclude that our method is safe and our system is secured.
(2) After encrypting the plain-image with key rules  0 and  1 as mentioned above, we make a very slight modification, for example, changing the first bit of the Wolfram number of  0 to its complement to get   0 .Then, if we use   0 and  1 to decrypt the ciphered image, the decryption should not succeed.Table 5 confirms our findings.In it, frame (a) is the plain image.Frame (b) is the cipher-image encrypted with rules  0 and  1 .Frames (c) and (d) show the decrypted images from frame (b) with key rules  0 and  1 ,   0 and  1 , respectively.It is clear that the image encrypted by  0 and  1 cannot be correctly decrypted by using   0 and  1 .Since there is only one bit difference between the two keys, the results show the high key sensitivity of the proposed CA encryption scheme.

Information Entropy.
Entropy is one of the important features for randomness.The information entropy is defined as follows:  where   is the th gray value for an  level gray image.The closer an entropy rate is to eight, the less is the possibility of predictability and the higher is the security level.As specified in Table 6, entropy of the encrypted images is very close to 8, and it indicates that this algorithm is robust against entropy attack.

Conclusion
In this paper, a new image encryption/decryption scheme is proposed based on balanced two-dimensional CA.If Alice wants to transmit a secret image  with height  and width  to Bob, they need agree on a subpermutation (), a balanced radius-1 neighborhood local rule  0 , a balanced radius-2 neighborhood local rule  1 , and a seed.Then, Alice generates a random image   by a PNRG with the seed and evolutes it  times by alternatively using rules  0 and  1 according to the sub-permution () and   .After each evolution, a bitwise XOR will be operated on   and the evoluted result to get   .At last, Alice sends to Bob  =   ⊕ as the cipher-image.The decryption process is similar.The scheme proposed in this paper possesses the characteristics of convenient realization, very large number of security keys, pretty fast encryption speed, and low cost.Theoretical analysis and simulated experiment show that the scheme has the confusion property and excellent performance against statistical attacks.
Cellular automata are simple models of computation which exhibit fascinatingly complex behavior.They have captured the attention of several generations of researchers, leading to an extensive body of work.For example, John Conway's Game of Life is actually a two-dimensional CA with special local rule.Due to the universality of CA model, it can be more widely used in cryptography and image processing, and that will be our future work.
Image histogram is used to show the number of pixels per gray level.In general, more uniformed histogram results in less statistical attacks.The encrypted results are shown in Figure 3. Frame (a) is the original image and frame (c) is its histogram.Frame (b) is the encrypted image and frame (d) is the corresponding histogram of it.

Table 2 :
Correlation coefficients for horizontal, vertical, and diagonal directions.

Table 3 :
Encrypted images with different keys with very small modification.Original imageEncrypted image with  0 and  1 Encrypted image with   0 and  1

Table 4 :
Comparison of NPCR and UACI in encrypting different plain images.

Table 5 :
Encrypt Lena image with key rules  0 and  1 and then decrypt it with   0 and  1 .Decrypted image with 0 and  1 Frame (a)Frame (b) Frame (c) Frame (d)

Table 6 :
Entropy of encrypted image.