On the Cryptanalysis of a Bit-Level Image Chaotic Encryption Algorithm

In this paper, the security analysis of a bit-level image chaotic encryption algorithm based on the 1D chaotic map is proposed.*e original image chaotic encryption algorithm includes bit-level permutation encryption, diffusion encryption, and linear transform. Deciphering of it can be divided into two stages. First, bit-level permutation encryption, diffusion encryption, and linear transform can be simplified into bit-level equivalent permutation encryption and equivalent diffusion encryption, which is a key breakthrough point of cryptanalysis. Second, the chaotic sequence generated by this algorithm is independent of the plaintext image. *erefore, the equivalent diffusion key and the equivalent permutation key can be obtained by chosen-plaintext attack, respectively. *eoretical analysis and numerical simulation experiment results verify the effectiveness of the analytical method. Finally, some suggestions are proposed to promote the security of the original image chaotic encryption algorithm.


Introduction
With the rapid development of network technology, a large amount of multimedia information, such as image, voice, text, and video, needs to be transmitted through the Internet. erefore, the security problem becomes an important research subject and attracts more and more attention. Because of some intrinsic properties of images, for example, bulk data capacity, high redundancy, and strong correlation of two adjacent pixels, traditional text encryption algorithms such as AES and DES, which have higher time complicity, are not suitable for image encryption [1]. Because chaos is pseudo-random, ergodic, and highly sensitive to initial values and control parameters, these characteristics can achieve good confusion and diffusion effects and can meet the basic requirements of cryptography. erefore, many image encryption algorithms have been proposed based on the chaotic map in recent years [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20].
In 1997, the first image chaotic encryption algorithm based on the permutation-diffusion structure is proposed in [2]. ereafter, a symmetric image encryption algorithm based on 3D chaotic cat map is presented in [1]. In 2007, a new image encryption algorithm based on the permutation-diffusion structure is proposed in [3]. In [4], a novel image encryption algorithm based on the skew tent chaotic map and classic permutation-diffusion structure is proposed. To enhance the security of the image chaotic encryption algorithm, some bit-level image chaotic encryption algorithms are proposed in [5][6][7][8]. In addition, many image encryption schemes based on constructing new chaotic maps are also proposed in [9][10][11][12][13]. An image chaotic encryption algorithm based on CHHCS and LBP is proposed in [14], where CHHCS is used to scramble the plaintext image, while LBP is considered to diffuse the scrambled image in order to change the values of all pixels. In [15], a color image encryption algorithm is proposed based on cellular automata and hyperchaotic system; the main contribution is the application of the hyperchaotic system and nonuniform cellular automata for robust keys. An image encryption algorithm utilizing the principles of the Josephus problem and the filtering technology is developed in [16]. Moreover, some typical image encryption algorithms based on the chaotic S-box are proposed in [17][18][19][20].
Note that the chaotic encryption schemes proposed in [1-4, 6-15, 20] adopt the classical permutation-diffusion two-stage encryption structure; security test metrics are mainly limited to histogram, correlation analysis, differential analysis, key sensitivity test, and so on, which are not enough to guarantee cryptosystem security. In [21][22][23][24][25][26][27][28][29][30][31][32], the cryptanalysis literature studies point that many chaotic encryption algorithms have some intrinsic security weaknesses, which are not robust against chosen-plaintext attack, chosen-ciphertext attack, and conquer attack. In addition, the chaotic encryption algorithm proposed in [5] adopts permutation-only structure; however, permutation-only is vulnerable to chosen-plaintext attack given in [33][34][35][36]; for example, according to the chosen-plaintext attack, one can obtain equivalent permutation keys by choosing several pairs of plaintext-ciphertext images and then recovering the corresponding original plaintext image.
is paper re-evaluates the security of a bit-level image encryption algorithm based on the 1D chaotic map proposed in [37]. e algorithm adopts a permutation encryptiondiffusion encryption-linear transform structure. In the permutation encryption stage, 1D chaotic sequence is generated by the improved logistic map, and its corresponding index sequence is used to scramble the plaintext image. In the diffusion encryption stage, 1D diffusion sequence is utilized to diffuse the scrambled image. In the linear transform stage, the ciphertext encrypted by diffusion is rotated to the right. e authors also give the statistical test results of key space, histogram, correlation of two adjacent pixels, and key sensitivity and claim that the algorithm is secure. However, the cryptanalysis results in this paper show that the algorithm has three security vulnerabilities as follows: (1) e three-stage structure for the permutation encryption-diffusion encryption-linear transform of the original encryption algorithm can be simplified to an equivalent permutation encryption-equivalent diffusion encryption two-stage structure (2) e generated chaotic sequence is independent of the plaintext image (3) ere is no ciphertext feedback mechanism in the algorithm Based on the aforementioned security vulnerabilities, the equivalent permutation encryption-equivalent diffusion encryption parts of the image chaotic encryption algorithm proposed in [37] can be cracked separately by the divideand-conquer strategy. Furthermore, the equivalent diffusion key and the equivalent permutation key can be obtained by chosen-plaintext attack. e rest of the paper is organized as follows. Section 2 briefly introduces the image chaotic encryption algorithm under study. Section 3 presents the security analysis. Section 4 gives the numerical simulation experiments. Section 5 proposes some suggestions for improvement. Section 6 concludes the paper.

Description of the Original Encryption Algorithm
In [37], the original encryption algorithm adopts the permutation encryption-diffusion encryption-linear transform three-stage structure. It consists of secret key selection, bitplane decomposition, permutation encryption, diffusion encryption, linear transform, and bit-plane composition, as shown in Figure 1. In Figure 1, x 0 , μ, k, N 0 , kd, rp are secret key parameters, I(i, j) is a 2D plaintext image, B(l) is a 1D bit-plane decomposition sequence of I(i, j), Q(l) is a 1D index sequence corresponding to the improved logistic map, P(l) is a 1D diffusion sequence corresponding to the improved logistic map, S(l) is a 1D permutation encryption sequence of B(l), D(l) is a 1D diffusion encryption sequence of S(l), L(l) is a 1D linear transform sequence of D(l), and the corresponding ciphertext image of I(i, j) is defined by C(i, j). Note that I(i, j), C(i, j), and Q(l)are denoted by a decimal number, and B(l), P(l), S(l), D(l), and L(l) are denoted by a binary number, where i � 1, 2, . . . , M, j � 1, 2, . . . , N, l � 1, 2, . . . , 8NM, the size of the 2D plaintext image is N × M, M is the height, and N is the width, respectively. e detailed principle of the chaotic encryption algorithm given by Figure 1 can be described as follows: (1) Choose the secret key parameters: according to Figure 1, the chaotic encryption algorithm includes six secret key parameters x 0 , μ, k, N 0 , kd, and rp, where x 0 , μ, k, and N 0 are initial values and control parameters of the improved logistic map, kd is a disturb parameter, and rp is the number of circle shifts to the right.
(2) Generate the 1D index sequence Q(l) and the 1D diffusion sequence P(l) by using the chaotic sequence: first, obtain the 1D chaotic sequence x n (n � 0, 1, 2, . . .) by adopting the improved logistic map where μ ∈ [0, 4], k � 12, and mod denotes module operation. en, obtain the 1D index sequence Q(l) and the 1D diffusion sequence P(l) corresponding to x n [37].
(3) Encrypt the image by using the original encryption algorithm: the encrypted object may be a color image or a grayscale image [37]. For the sake of analysis, here, a plaintext grayscale image of size N × M resolution is taken as an example to indicate the encryption process. Suppose that I(i, j) ∈ 0, 1, . . . , 255 { }(i � 1, 2, . . . , M; j � 1, 2, . . . , N) denotes the 2D plaintext grayscale image, hereinafter referred to as the 2D plaintext image. e steps for the original encryption algorithm are shown as follows: Step 1: bit-plane decomposition: first, convert the 2D plaintext image I(i, j) ∈ 0, 1, . . .  Mathematical Problems in Engineering Note that the relationship between Z(m) and B v (m) is defined as where m � 1, 2, . . . , NM. Take a plaintext image of size N × M � 2 × 2 resolution as an example, and the bitplane decomposition process is shown in Figure 2.
Step 5: bit-plane composition: it is the inverse process of the bit-plane decomposition. Convert the 1D linear transform sequence L(l)(l � 1, 2, . . . , 8NM) with binary form into a 2D ciphertext image . . , N) with decimal form by utilizing the bit-plane composition method. (4) Decrypt the image by using the original decryption algorithm: decryption is the inverse of encryption. e plaintext image I(i, j) is recovered from the 2D ciphertext image C(i, j). Note that the detail relevant statistical test analysis of the original encryption Obtain Z (m) by scanning I (i, j) from left to right and up to down Obtain B (l) by scanning B v (m) from left to right and down to up ...

Analysis of Equivalent Permutation Encryption-Equivalent Diffusion
Encryption. According to Figure 1, the chaotic encryption algorithm adopts the permutation encryptiondiffusion encryption-linear transform three-stage structure, which can be simplified into its corresponding equivalent permutation encryption-equivalent diffusion encryption two-stage structure. From equation (4), one gets the diagram of linear transform between L(l) and D(l), as shown in Figure 3.
In the image chaotic encryption algorithm, permutation encryption-diffusion encryption is a general two-stage encryption algorithm. However, the algorithm, as shown in Figure 1, is a permutation encryption-diffusion encryptionlinear transform three-stage structure. For the sake of cryptanalysis, according to equations (2) and (3) with equations (6) and (7), one can simplify the three-stage structure of Figure 1 to its corresponding equivalent permutation encryption-equivalent diffusion encryption twostage structure, as shown in Figure 4.

Proposition 1. Equivalent permutation encryption-equivalent diffusion encryption two-stage structure, as shown in
Proof. e equivalence is proved by comparing the threelevel encryption as shown in Figure 1 with the two-level encryption as shown in Figure 4.
(1) From Figure 1 and equations (6) and (7), the result of the permutation encryption-diffusion encryptionlinear transform is given by (2) According to Figure 4 and equation (2), the result of equivalent permutation encryption is given by Similarly, from Figure 4 with equation (9), the result of diffusion encryption is given by Comparing equation (8) with (10), it can be seen that the results of the permutation encryption-diffusion encryption-linear transformation three-level structure are equal to those of the equivalent permutation encryptionequivalent diffusion encryption two-level structure. e proof is completed.
According to Figure 4, Q ′ (ℓ) is the 1D equivalent index sequence expressed in the decimal number, and P ′ (ℓ) is the 1D equivalent diffusion sequence expressed in the binary number.
(2) According to equation (10), one has where Q ′ (ℓ) is denoted by the decimal number.

(27)
Finally, according to the bit-plane composition principle, B ′ (ℓ)is converted into 2D plaintext image I R (i, j), that is, one recovered plaintext grayscale image I R (i, j) from the ciphertext image C(i, j) is According to equations (19) and (28), one obtains that I R � I. erefore, the proposed chosen-plaintext attack scheme has been verified through the above examples.

Attack Complexity and Time.
According to above analysis, as for the grayscale images with the size of N × M, one gets that deciphering the 1D equivalent diffusion sequence P ′ (l) and the 1D equivalent index sequence Q ′ (l) only require (1 + log 2 (8NM) plaintext images and the corresponding ciphertext images without any known keys. erefore, the total data complexity is O(log(NM)), which represents a logarithmic level complexity. Moreover, the breaking time is 12.18 seconds by utilizing our proposed schemes. As for the RGB color images with the size of N × M, the total data complexity is O(log(NM)). Besides, the breaking time is 40.3 seconds by utilizing our proposed schemes, respectively. Consequently, the experiment results show that the cracking method is both effective and efficient, where it has lower running time and attack complexity.

Suggestions for Improvement
According to the security defects of the original image chaotic encryption algorithm, the suggestions for improvement are given as follows: (1) In the permutation encryption structure, one can construct the combination of key stream parameters and the characters of the plaintext image, such as all pixels' sum, average, and hash value of the plaintext information, where the equivalent permutation keys can be avoided.
(2) In the diffusion encryption structure, one could add some nonlinear diffusion encryption techniques such as S-box and ciphertext feedback mechanism to enhance the combination of plaintext, keys, and ciphertext and further promote the security of the original encryption algorithm. Moreover, one can suggest building the combination of the circle shift parameter and the diffusion encryption results to avoid the equivalent diffusion keys. (3) One can suggest that the multiple-round encryption algorithm is proposed to improve the security based on the higher efficiency. (4) One can check the randomness of chaotic sequences. e periods of chaotic sequences obtained by iterating the logistic map in the digital computer are rigorously analysed in [39] and further lead to the dynamic degradation of chaotic maps. Moreover, the randomness of chaotic sequences affects the security of the encryption algorithm. erefore, it is necessary to check the randomness of chaotic sequences from the perspective of cryptanalysis.

Conclusions
In this paper, the chaotic cryptosystem with the three-level structure of permutation encryption, diffusion encryption, and linear transformation is analysed. Simplifying the three-level encryption structure of a chaotic cipher into the two-level encryption structure of equivalent permutation encryption and equivalent diffusion encryption is the key point to solve the security analysis problem. In addition, because the chaotic cipher algorithm belongs to an open-loop structure and lacks the ciphertext feedback mechanism, the generated chaotic sequence has nothing to do with the plaintext image, so the equivalent key method can be used to decipher it. e results of theoretical analysis and numerical simulation show that, as for the grayscale images and RGB color images of size NM, by utilizing the chosen-plaintext attack method, the equivalent diffusion key and equivalent permutation key can be obtained by choosing only (1 + log 2 (8NM) and (1 + log 2 (24NM) plaintext images and the corresponding ciphertext images; thus, the original algorithm can be deciphered successfully. Finally, some suggestions are presented to improve the security of the original image chaotic encryption algorithm. Furthermore, the paper sets up a good example framework for security analysis of bit-level chaotic cryptosystems.
Data Availability e data and code used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.