^{1}

^{1}

^{1}

^{1}

^{1}

This paper suggests a new chaos-based color image cipher with an efficient substitution keystream generation strategy. The hyperchaotic Lü system and logistic map are employed to generate the permutation and substitution keystream sequences for image data scrambling and mixing. In the permutation stage, the positions of colored subpixels in the input image are scrambled using a pixel-swapping mechanism, which avoids two main problems encountered when using the discretized version of area-preserving chaotic maps. In the substitution stage, we introduce an efficient keystream generation method that can extract three keystream elements from the current state of the iterative logistic map. Compared with conventional method, the total number of iterations is reduced by 3 times. To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values. The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence. Experimental results demonstrate that the proposed scheme has a satisfactory level of security and outperforms the conventional schemes in terms of computational efficiency.

Nowadays, digital image information has been widely communicated over the Internet and wireless networks owing to the rapid advancements in the multimedia and communication technology. Meanwhile, the protection of digital image information against illegal usage has become an important issue. A direct and obvious way to protect image data from unauthorized eavesdropping is to employ an encryption algorithm. Unfortunately, the renowned block ciphers, such as Triple-DES, AES, and IDEA, are not suitable for practical image encryption. This is because the security of these algorithms is mainly ensured by their high computational cost, making them hard to meet the demand for online communications when dealing with digital images characterized by bulk data capacity. To meet this challenge, many different encryption technologies have been proposed. Among them, the chaos-based algorithms provide an optimal trade-off between security and efficiency. The first chaos-based image encryption scheme was suggested by Fridrich in 1998 [

Conventionally, three area-preserving invertible chaotic maps, that is, the cat map, the baker map, and the standard map, are widely used for image scrambling. Unfortunately, this kind of permutation strategy suffers from two main disadvantages, that is, the periodicity of discretized version of chaotic maps and applicability to only square images [

In the substitution stage, various discrete chaotic maps and continuous chaotic systems can be employed to generate keystream sequences with desired statistical properties, including the most commonly used ones like the logistic map [

To better meet the challenge of online secure image communications, much research has been done on improving the efficiency of chaos-based image ciphers. For instance, in [

Conventionally, in the substitution stage, one keystream element is obtained from the current value of a state variable of an iterative chaotic system. That is, to generate a keystream sequence of length

The rest of this paper is organized as follows. The proposed permutation and substitution algorithms are thoroughly described in Sections

The hyperchaotic Lü system [

The projections of phase portrait of system (

Without loss of generality, a 24-bit RGB color image of size

Arrange the colored subpixels in the input image to a one-dimensional byte array

Generate a chaotic sequence of length

Extract a permutation keystream sequence

Scramble

As can be seen from the above description, the proposed permutation scheme well addresses the two problems encountered when using the discretized version of area-preserving chaotic maps. First, the proposed scheme can be applied to images of arbitrary size, whereas the area-preserving chaotic maps can be only applied to square images. Secondly, though the aperiodicity nature of a chaotic system will be deteriorated in computer realization with finite computation precision, the period length of pseudorandom keystream sequence generated by a chaotic system is by far longer than that of its discretized version. A keystream sequence with a very long period can be considered practically aperiodic when applied to images of reasonable size. That is, image scrambled by the proposed method will not return to its original state even after a huge number of iterations.

In the substitution stage, the logistic map [

The detailed substitution process is described as follows.

Preiterate the logistic map for

The logistic map is iterated continuously. For each iteration, a 24-bit (3 byte) integer can be obtained from the current state of the map according to^{24}.

Extract three keystream elements from pseRandInt according to

Convert the plain-pixel to its cipher form according to _{3n},_{3n+1},_{3n+2}) and (_{3n},_{3n+1},_{3n+2}) are the three colored subpixels of the currently operated pixel and its output cipher-pixel, respectively,

As can be seen from (_{0}, the initial value

Make the keystream elements depend on the plain-pixel by perturbing the state variable of logistic map according to

Return to Step 2 until all the subpixels in imgData are encrypted.

Perform several rounds of the overall permutation-substitution operations so as to spread the influence of each individual subpixel over the entire cipher-image.

Produce the final output by adding a file header identical to that of the input image to imgData.

The decryption procedure is similar to that of the encryption process except that some steps are followed in a reversed order. Particularly, the inverse of (

The randomness of the keystream sequence is crucial to the security of a chaotic cipher. A cryptographically secure keystream generator should generate the keystream sequence without repetition or predictability, thus preventing different parts of a messages encrypted with the repeated parts of the keystream sequence from being intercepted or generated by an attacker. The degree of randomness of a keystream sequence may be determined by statistical tests, and the most authoritative one is the test suite designed by the National Institute of Standards & Technology (NIST). The test suite is a statistical package consisting totally of 16 tests, which are carried out as follows: For each statistical test, a set of

Results of NIST statistical test.

Test items | Pass rate | |
---|---|---|

Proposed method | Conventional method | |

Frequency | 100.0% | 97.50% |

Block frequency | 99.00% | 99.00% |

Cusum-forward | 100.0% | 97.00% |

Cusum-reverse | 100.0% | 97.50% |

Runs | 99.50% | 98.50% |

Long runs of ones | 99.50% | 97.50% |

Rank | 99.00% | 98.50% |

Spectral DFT | 99.00% | 99.00% |

Nonoverlapping templates | 99.50% | 98.50% |

Overlapping templates | 99.00% | 97.00% |

Universal | 98.50% | 98.00% |

Approximate entropy | 99.00% | 97.50% |

Random excursions | 98.21% | 99.43% |

Random excursions variant | 99.40% | 100.0% |

Linear complexity | 99.50% | 99.50% |

Serial | 99.50% | 99.00% |

In order to evaluate the confusion performance of the proposed permutation method, we apply it to the standard “peppers” test image (

The applications of the proposed and three conventional chaos-based permutation methods. (a) The test image; (b) the test image after applying the proposed permutation method once; (c)–(e), (f)–(h), and (i)–(k) are the test images after applying the cat map, the baker map, and the standard map once, twice, and three times, respectively.

As is known, the diffusion property is essential to ensure the security of a cryptographic algorithm against chosen-plaintext attack. The differential analysis is the most common way to implement the chosen-plaintext attack. To do this, an opponent may firstly create two plain-images with only one-bit difference and then encrypt the two images using the same secret key. By observing the differences between the two resulting cipher-images, some meaningful relationship between plain-image and cipher-image could be found out, and it further facilitates determining the keystream. Obviously, this kind of cryptanalysis may become impractical if a cryptosystem is highly sensitive to plaintext; that is, changing one bit of the plaintext affects every bit in the ciphertext.

To measure the diffusion property of an image cryptosystem, two criteria, that is, NPCR (the number of pixel change rate) and UACI (the unified average changing intensity), are commonly used. The NPCR is used to measure the percentage of different pixel numbers between two images. Let

Clearly, no matter how similar the two input images are, a good image cryptosystem should produce outputs with NPCR and UACI values ideally being equal to those of two random images, which are given by

The NPCR and UACI of the proposed cryptosystem are evaluated using five standard 24-bit color test images of size

Differential images used in NPCR and UACI tests.

Test image name | Color channel | Pixel position | Pixel value | |
---|---|---|---|---|

( | Original | Modified | ||

Baboon | G | (29, 130) | 66 | 65 |

House | G | (182, 179) | 35 | 36 |

Lena | B | (425, 39) | 121 | 122 |

Peppers | R | (428, 144) | 123 | 122 |

Portofino | R | (306, 294) | 64 | 65 |

Results of NPCR and UACI tests.

Test image name | Number of encryption rounds | |||||||
---|---|---|---|---|---|---|---|---|

1 | 2 | 3 | 4 | |||||

NPCR | UACI | NPCR | UACI | NPCR | UACI | NPCR | UACI | |

Baboon | 0.90905 | 0.30349 | 0.99614 | 0.33460 | 0.996095 | 0.33445 | 0.99609 | 0.33457 |

House | 0.83127 | 0.27808 | 0.99611 | 0.33483 | 0.9961407 | 0.33466 | 0.99608 | 0.33446 |

Lena | 0.06218 | 0.02089 | 0.99620 | 0.33469 | 0.996074 | 0.33487 | 0.99619 | 0.33447 |

Peppers | 0.81662 | 0.27345 | 0.99607 | 0.33448 | 0.996147 | 0.33457 | 0.99608 | 0.33466 |

Portofino | 0.44400 | 0.14861 | 0.99600 | 0.33443 | 0.995989 | 0.33425 | 0.99603 | 0.33487 |

In this section, thorough security analysis has been carried out, including the most important ones like brute-force analysis, statistical analysis, and key sensitivity analysis, to demonstrate the high security of the proposed scheme.

In cryptography, a brute-force attack is a cryptanalytic attack that attempts to break a cipher by systematically checking all possible keys until the correct one is found. Obviously, a cipher with a key length of ^{100} keys is widely considered out of reach for conventional digital computing techniques for the foreseeable future. Therefore, the proposed scheme is secure against brute-force attack.

A good image cryptosystem should sufficiently mask the distribution of pixel values in the plain-images so as to make frequency analysis infeasible. That is, the redundancy of plain-image or the relationship between plain-image and cipher-image should not be observed from the cipher-image as such information has the potential to be exploited in a statistical attack. The frequency distribution of pixel values in an image can be easily determined by using histogram analysis. An image histogram is a graph showing the number of pixels in an image at each different intensity value found in that image. The histograms of the RGB color channels of the “peppers” test image and its output cipher-image produced by the proposed scheme are shown in Figure

Histogram analysis. (a) and (h) are the test image and its output cipher-image, respectively. (b)–(d) and (i)–(k) are the three color channels of (a) and (h), respectively. (e)–(g) and (l)–(n) are the histograms of (b)–(d) and (i)–(k), respectively.

The distribution of pixel values can be further quantitatively determined by calculating the information entropy of the image. Information entropy, introduced by Shannon in his classic paper “A Mathematical Theory of Communication” [

The information entropies of the five test images and their output cipher-images are calculated, and the results are listed in Table

Information entropies of the test images and their output cipher-images.

Test image name | Information entropy | |
---|---|---|

Plain-image | Cipher-image | |

Baboon | 7.762436 | 7.999778 |

House | 7.485787 | 7.999747 |

Lena | 7.750197 | 7.999772 |

Peppers | 7.669826 | 7.999788 |

Portofino | 7.306934 | 7.999766 |

Pixels in an ordinary image are usually highly correlated with their neighbors either in horizontal, vertical, or diagonal direction. However, an effective image cryptosystem should procedure cipher-images with sufficiently low correlation between neighboring pixels. Scatter diagram is commonly used to qualitatively explore the possible relationship between two data sets. To plot a scatter diagram for image data, the following procedures are carried out. First, randomly select

Figures

Graphical analysis for correlation of neighboring pixels. (a)–(c) and (d)–(f) are scatter diagrams for horizontally neighboring pixels in the three color channels of the “peppers” test image and its output cipher-image, respectively.

To further quantitatively measure the correlation between neighboring pixels in an image, the correlation coefficients

Table

Correlation coefficients for neighboring pixels in the test images and their output cipher-images.

Test image name | Direction | Plain-image | Cipher-image | ||||
---|---|---|---|---|---|---|---|

R | G | B | R | G | B | ||

Baboon | horizontal | | | | | | |

vertical | | | | | | | |

diagonal | | | | | | | |

| |||||||

House | horizontal | | | | | | |

vertical | | | | | | | |

diagonal | | | | | | | |

| |||||||

Lena | horizontal | | | | | | |

vertical | | | | | | | |

diagonal | | | | | | | |

| |||||||

Peppers | horizontal | | | | | | |

vertical | | | | | | | |

diagonal | | | | | | | |

| |||||||

Portofino | horizontal | | | | | | |

vertical | | | | | | | |

diagonal | | | | | | |

Key sensitivity, another basic design principle of cryptographic algorithms, ensures that no information about the plaintext can be revealed even if there is only a slight difference between the decryption and encryption keys. To evaluate the key sensitivity property of the proposed scheme, the “peppers” test image is firstly encrypted with a randomly generated secret key: hyperchaotic Lü system with initial conditions

Decryption keys used for key sensitivity test.

Figure | Decryption key | ||
---|---|---|---|

Permutation part | Substitution part | ||

| | | |

| | ||

| | | |

| | ||

| | | |

| | ||

| | | |

| | ||

| | | |

| | ||

| | | |

| |

Results of key sensitivity test.

As can be seen from the above description of the substitution keystream generation method, three keystream elements can be simultaneously extracted from the current state of the logistic map, whereas only one can be obtained using the conventional method. As a result, the total number of iterations is reduced by 3 times and the encryption time is shortened. We use three 24-bit RGB test images of different sizes to evaluate the computational efficiency of the proposed scheme and compare it with that of an identical copy of the proposed scheme except using a conventional keystream generation method. Each test image is ciphered 10 times with two rounds of permutation-substitution operations, and the average execution times are listed in Table

Performance comparison of two schemes using different keystream generation methods.

Image size | File size (KB) | Running speed (ms) | |
---|---|---|---|

Proposed method | Conventional method | ||

| | | |

| |||

| | | |

| | | |

This paper has proposed a new permutation-substitution type color image cipher to better meet the increasing demand for real-time secure image communications. To confuse the relationship between the ciphertext and the secret key, the positions of colored subpixels in the input image are scrambled using a pixel-swapping mechanism, which avoids two main problems encountered when using the discretized version of area-preserving chaotic maps. To improve the computational efficiency of the substitution process, we introduced an efficient keystream generation method that can simultaneously extract three keystream elements from the current state of the iterative logistic map. Compared with the conventional method, the total number of iterations is reduced by 3 times. The computational efficiency comparison results have shown the superior performance of the proposed encryption scheme. To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values. The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence. The results of NPCR and UACI tests indicate that the proposed scheme takes only two encryption rounds to achieve a satisfactory diffusion effect. The results of NIST statistical test indicated that the substitution keystream sequences generated using the proposed method have a higher degree of randomness than that generated by conventional method. We have carried out an extensive security analysis, which demonstrates the satisfactory security level of the new scheme. It can therefore be concluded that the proposed scheme provides a good candidate for online secure image communication applications.

The authors declare that there are no conflicts of interest regarding the publication of this paper.

This work was supported by the Fundamental Research Funds for the Central Universities (no. N150402004) and the Online Education Research Fund of MOE Research Center for Online Education (Qtone Education) (no. 2016YB123).