Image Encryption with Fusion of Two Maps

Signal Image and Systems Laboratory, HTTTC Ebolowa, University of Yaoundé I, P.O. Box 886, Yaoundé, Cameroon Centre for Research, Experimentation and Production, HTTTC Ebolowa, University of Yaoundé 1, P.O. Box 886, Ebolowa, Cameroon Ingénierie Mathématique et Systèmes d’Information, National Advanced School of Engineering, University of Yaoundé I, P.O. Box 8390, Yaoundé, Cameroon Laboratoire d’Automatique et d’Informatique Appliquée (LAIA), Department of Engineering, IUT-FV Bandjoun, University of Dschang, Dschang, Cameroon


Introduction
e need to preserve privacy and confidentiality in communications has triggered the rapid development of cryptographic techniques. is has spurred an intense research activity in the field of cryptography. anks to their excellent properties of unpredictability, ergodicity, and sensitivity to their parameters and initial values, chaotic maps are good candidates for encryption algorithms. Over the years, many generators of chaos have been used in cryptosystems. However, robustness is still a major challenge in chaos-based cryptosystems. is is shown through the important number of attacked and broken cryptosystems [1][2][3][4][5][6][7][8][9][10][11][12][13][14]. Security defects in cryptosystems are from different origins. Remarkable flaw is the insufficient robustness of chaotic maps used in some encryption algorithms. Indeed, in some chaos-based encryption systems, the link between the control parameters and the secret key is not carefully established. is is because of disappearance of chaos in some portions of the map used, culminating in reduction of the entropy level in the encrypted image and consequently vulnerability of the system to attacks. ose shortcomings were studied by Huang and Guan [5] and Pareek et al. [6]. Another flaw is the fact that eavesdropper can estimate the control parameters from a chaotic orbit and finally, through this, break the cryptosystem.
e work by Skrobek [7] presents the methodology to do that. Several encryption algorithms perform transformation from original to encrypted image by many rounds. For each round, the chaotic map is iterated k times. en, they use the number of rounds and k as part of the key. Such cryptosystems can be broken through a timing attack which analyzes the encryption/decryption time. An illustration is given in the paper of Pisarchik et al. [8] which was cryptanalyzed by Arroyo and al. [9]. e cryptosystems, in which the transformation from plaintext to ciphertext roughly corresponds to a mapping that depends only on the key, have been found to succumb to known and/or chosen plaintext attacks. For example, the two cryptosystems developed by Patidar et al. [12] have been broken, using different approaches, by Rhouma et al. [2] and Li et al. [4]. Another example is the algorithm of Guan et al. [10] that has been cryptanalyzed by Çokal and Solak [11].
Insufficient key space has also in the past accounted for a number of cryptosystems being broken. However, this flaw is rather rare these last years, especially with the optimization of one-dimensional (1D) chaotic generators for digital image encryption. is is justified by their ease of implementation, their discretized forms, and their flexibility when it comes to optimizing them [15,16]. To solve this problem and improve the chaotic maps, many researchers claim that high dimensional (HD) digital chaotic maps have better security and mixing method permits the extension of the period length of chaotic systems in order to get closer to robust chaos. In addition, the absence of periodic windows and coexisting attractors in some neighborhood of the parameter space means the improvement of the dynamic degradation.
In this paper, we develop a new cryptosystem that covers some of the security flaws enumerated above. Our cryptosystem is based on a chaotic map derived from the fusion of samples from time series data from Hartley and Duffing chaotic oscillators, coupled with mathematical transformation function. One of the main contributions in this work is the production of a new chaotic map resulting from the piecewise linearity introduced in the variables of Hartley's oscillator, but this oscillator was also merged with another one in order to produce chaotic and quite robust data maps.
In our generated sequences, we have chosen a new technique to quantify the quality of the chaos. A comparative study was conducted on several traditional techniques such as MLE, Shannon entropy, and permutation entropy [17][18][19][20][21][22][23][24], but this study revealed that they were all time consuming and therefore less suitable for real-time systems [25]. A new algorithm was developed, the PLSE (permutation large slope entropy).
is technique has the advantage of being more appropriate for experimental data, for continuous time systems, and for the analysis of data coming from systems without a well-defined mathematical model in order to quantify the chaos. Another contribution is the modeling of an encryption function whose complexity is based on the principle of affine cryptography. is function uses an external key alpha which is added to the initial conditions of the chaotic oscillators to build the main secret key. e cryptosystem has the following advantages: (i) Firstly, the chaos generated is robust. (ii) Secondly, even if the attacker succeeds to correctly estimate the parameters and recovers a map, he cannot get the exact map which was actually used for encryption because it has been truncated, and it is therefore difficult for the attacker to know which part has been cut. (iii) irdly, in the proposed algorithm, only one round is necessary for encryption, and therefore there is no way of breaking the scheme based on time analysis.
(iv) Fourthly, the transformation from plaintext to ciphertext is not a simple mapping function dependent on the initial conditions only. erefore, as will be seen in the security analysis section, neither the plaintext nor the ciphertext attack can break the proposed cryptosystem. (v) Finally, the key space is large enough to resist all forms of brute attack. e paper is organized as follows. Section 2 presents the chaotic map generation followed by the encryption algorithm. In Section 3, results and performance of the algorithm are given. Section 4 deals with the cryptanalysis of the system. In Section 5, the proposed cryptosystem is compared to some recent ones. e paper is concluded in Section 6.

Chaotic Maps.
is section presents the two chaotic seed maps.
ese are Duffing and Hartley maps. ey are combined to generate the final map as will be described later.
e set of equations (6)-(8) describes the Hartley oscillator while the set of equations (11) governs the Duffing oscillator.

Hartley Oscillator.
e circuit of the Hartley oscillator is given in Figure 1. Applying Kirchhoff laws (KL), we obtained the following system of equations: Let us model the BJT by the following systems: where V TH is the threshold voltage and R ON is the smallsignal on-resistance of the base-emitter junction; V EB can also be written from the circuit in Figure 1 as Let us use the following dimensionless variables and (4) to build the nonlinear functions F and F * and transform systems (1)- (3). We obtain (6)- (8).  Figure 1: Circuit of Hartley oscillator used.

Security and Communication Networks
e following values were used for systems (1) and (8):

Duffing Oscillator.
e Duffing oscillator is one of the nonautonomous equations (10) that produces nonlinear dynamics, leading to the presence of chaos when it is well calibrated [26]. It can be transformed into an autonomous 3D system by introducing a new state variable z � t. e new 3D system is given in (11).
e following parameters have been selected in order to simulate chaotic behavior: e sets of equations for each of the two oscillators were numerically solved using Runge-Kutta algorithm with a step Δt � 0.01. Figure 1 displays phase portraits yielded for each oscillator in the chaotic mode.
We can see from Figures 2(a) and 2(b) that each oscillator's phase portrait is a strange attractor.
is, however, does not automatically mean that these oscillators are chaotic. To prove the chaotic nature of these oscillators, Lyapunov analysis was carried out for each of them. In Figures 3(a) and 3(b), the dynamics of Lyapunov exponents are displayed. e computation of the Lyapunov exponents of Hartley system gives us a positive exponent by changing in Figure 1 the voltage value at the Emitter V 1 from 3.75 V to 2.75 V. L E1 � 0.0585 > 0, and the other two are negative L E2 � −0.8709 < 0 and L E3 � −2.8722 < 0, which proves that the system is chaotic. e bifurcation diagram in Figure 4 also proves this. By setting the parameters L 1 and C, the control parameter is the resistance Rc. is resistance is associated with the control parameter a in (8). us, Rc can be chosen between the values 10.5 and 170.5 ohm and the parameter a between 0.39 and 6.742.
Lyapunov exponents represent the average exponential rates of divergence or convergence of nearby orbits in the phase space. Chaotic systems exhibit exponential orbital divergence.
is is manifested by the fact that small differences in initial conditions which we may not be able to resolve get magnified rapidly leading to loss of predictability. Figure 3 displays the dynamics of Lyapunov exponents for Hartley and Duffing oscillators used with initial conditions x10, y10, z10 � (0.2, 0.5, 0.5) and x20, y20, z20 � (0, 1, 1), respectively. By solving the two systems using 4th order Runge-Kutta technique with step 0.01, three series of values, L E1 , L E2 , and L E3 , were obtained and plotted for each of the oscillators. For each oscillator, one series is positive, the second one nil, and the third one negative. ese prove the chaotic nature of the oscillators [17].

Encryption Algorithm.
e encryption algorithm has two steps. e first consists in combining the two original chaotic maps to generate a third one which is used in the encrypting function. e second step is the implementation of the mathematical encrypting function.

Fusion Technique and New Chaotic Map.
Let (x 1 , y 1 , z 1 ) be the state variables of the first oscillator while (x 2 , y 2 , z 2 ) are those of the second oscillator. Each iteration i generates sets of state variables (x 1i , y 1i , z 1i ) and (x 2i , y 2i , z 2i ). Let m × n be the size of the image to be encrypted. After a given Security and Communication Networks number of iterations, the resultant map K ij ′ can be obtained as follows: e truncation function represents the way that data mask can be extracted from the data obtained by merging the two oscillators. e notion of periodicity is lost when the combination of two chaotic maps extends the cycle length of the chaotic orbit and improves the chaotic behavior of the pseudorandom generator. For the new map obtained, we choose the variables that have more nonlinearity in their state equations and therefore provide high probability of more random data to merge. In order to preserve the parameter estimation and be sure that the orbit of the new system is bounded, we take values from the established mathematical equations and combine them, emphasizing the unpredictable side of the newly calculated data with the modulo operator at the output. Ku represents the chaotic map when we merge the oscillators. You can see the phase portrait in Figure 5.

Chaotic Nature of the Resultant Map.
e resultant map is a truncated fusion of two chaotic maps. However, this resultant map may not automatically be chaotic. e goal of this section is to prove that it is chaotic.
In order to prove that a map is chaotic, a number of techniques such as 0-1 test [18,19], 3ST test [27], and permutation entropy (PE) [21,22] can be used. ey help to distinguish the regularity or irregularity of the map and also measure the complexity of the finite data sequence coming from system, in order to make sure that the latter is chaotic.
To characterize data, all the above-mentioned techniques are directly applied to the time series. is permits the detection of the chaotic nature of the corresponding dynamics thanks to either its chaos indicator or the entropy. e entropy is a metric to characterize the complexity of time series and helps to distinguish between regular (periodic, for example), random, and chaotic signals and to quantify their complexity. Most of prementioned tests have been successfully applied to continuous time systems [18,23] and discrete time systems [20]. Furthermore, they are robust in presence of noise and require neither phase space reconstruction nor modeling equations of the underlying system. However, some of them are time consuming and cannot be used for real-time implementation [24]. Recently, a new test proposed by Eyebe Fouda et al. [25] was used efficiently with interesting results. Its principle is described below and then used to test our data series.

Description of the Permutation Largest Slope Entropy
. .,T be a time series of length T, where t is the time index. e permutation entropy (PE) of order n is defined as a measure of the probabilities of permutations of order n. Permutations of order n are obtained from the comparison of neighboring values (increasing order) in embedding vectors X t � (X t+1 , X t+1+τ , . . ., X t+1+(n−1)τ ), where n is the number of values of X t and τ the distance between two values in X t . Assuming that the permutation P t of order n derived from X t is a piecewise linear function, we consider the slope of each linear function as the difference between pairs of neighboring values in P t as follows: We thus defined the largest slope of P t as S t � max − (S i ) as the maximum value of {S i }. It has been shown that L � lim n⟶∞ |S t | for regular dynamics and that L-periodic dynamics are characterized by a single value of largest slope if the embedding dimension n is such that L < n [20]. As a result, the entropy related to the distribution of the largest  slopes may be equal to zero in the case of regular dynamics. e normalized permutation largest slope entropy (PLSE) of order n ≥ 2 is where where p (s) is the probability of S and Nb denotes the number of slopes apparition. For regular dynamics, h s (n) � 0 with period L < n, and for irregular dynamics, 0 < h s ≤ 1. Indeed, regular dynamics are characterized by a single value of largest slope S t � S, for all t and h s � 0 as p (S) � 1; for irregular dynamics, S t takes different values.

Application of PLSE Test.
e algorithm of PLSE is applied to the resultant map, and only the maximal value of the corresponding entropies is retained. Choosing τ > 1 allows reducing detection errors due to small values of embedding dimensions n while 1 < t 0 < n allows considering smaller observation time T for detection purposes. Moreover, choosing 1 < t 0 < n speeds up the scanning time of the time series under study [23]. ree sequences of data were tested depending on control parameter B in the Duffing oscillator. e following parameters were used.

Security and Communication Networks
where SHA256 is the hash algorithm in order to scramble image deterministically. T ij is encrypted image and α a parameter.

Pseudocode of the Encryption Process.
(1) Load the plain image O ij of size n × m.
(2) Choose six values which represent the initial conditions for the two chaotic systems.

Test Images.
In this section, we present results yielded by our cryptosystem and analyze them. Four images (Figure 7) were used to test our algorithm. e statistical properties of the plaintext images are summarized in Table 1. Two images of this testing set were of gray-level type while the other two were color ones. ey were of size m × n with m ≠ n for one of them and m � n for the rest. is permits us to test the various combinations.

Cipher Evaluation.
Visual examples of plain, encrypted, and decrypted images are given in Figure 8. Brute force attack, speed, histogram, correlation, key space, and key sensitivity analyses were also carried out for the proposed cryptosystem. With a laptop equipped with a 2.0 GHz Core Duo and 2Go DDR, we had encryption times of 1.2 seconds for a 512 × 512 resolution Lena image, 1.2 seconds for a 512 × 512 resolution Barbara image, 1 second for a 480 × 500 resolution Mandrill image, and 3 seconds for a 1024 × 1024 resolution Man image.

Key Space Analysis.
e secret key of the proposed cryptosystem contains 7 real numbers (6 initial conditions and many parameters). By considering only the initial conditions of the two oscillator models, let us use real data type to attenuate effect caused by discretization. In the event of using a programming language compatible with IEEE Standard 754-2008 [21], it is necessary to use the double data type, which stores real numbers on 8 bytes (64 bits), with an accuracy of 15 decimal positions. In this case, the secret key length will be 448 bits (7 numbers × 64 bits). is means that the size of the secret key space will be equal to 2 448 ≈ 7.26 × 10 134 , which is sufficiently large to resist all kinds of known brute force attack.

Chaotic dynamics
Determine the entropy of the different slopes Hs = 0 Regular dynamics Hs ≠ 0 Chaotic dynamics Figure 6: Flowchart of the PLSE test.

Histogram Analysis.
Histogram analysis refers to quality of the frequency distribution of pixels in an image. When the grayscale frequencies in the ciphered image are approximately in the same level, this will result in a flat histogram and excellent resistance to statistical analysis attacks. As illustrated in Figure 9, the three histograms of the ciphered images are almost flat.
We can notice that, contrary to those of plain images that clearly exhibit some modes, histograms of ciphered images are roughly flat which is a good indication for a cipher. As for   Security and Communication Networks the correlation analysis, Figure 10 displays results yielded by the proposed cryptosystem.

Further Analyses.
A number of common metrics such as image entropy (19), number of pixel change rate ( (20) and (21)), unified average changing intensity (22), and variance of histogram (23) were computed to evaluate the proposed system.
where Z is the vector of the histogram values. Z � z 1 , z 2 , . . . , z 256 , with z i and z j being the numbers of pixels whose gray values are equal to i and j, respectively. e results are summarized in Tables 2 and 3. e average value of NPCR which is 99.464 falls into the bracket of what the literature presents. at of UACI is 33.8, a bit higher than 33.3 which is the average value in the literature. e observation of Table 3 shows that, from plain to ciphered images, there is a ratio of 10 3 as concerns the values of variances of histograms.

Key Sensitivity Analysis.
e security of a cryptosystem is clearly related to the sensitivity of the key. us, for a chaos-based encryption algorithm, the smallest difference in the key or in the plaintext image leads to a failure to decrypt the encrypted image. To test the sensitivity to the encryption key, we encrypt the color and grayscale images "Lena (512 × 512)," "Barbara (512 × 512)," and "Man (1024 × 1024)" with the key x 10 � 0.12345678919876; then, this key will be slightly modified and used for decryption. Figure 11 clearly shows that the image encrypted by the x 10 is not correctly decrypted by using the key x 10 + 10 −15 . Accordingly, it can be concluded that the proposed scheme is very sensitive to the key.

Pixels' Resemblance Analysis.
e pixels' resemblance reveals the similarity between different digital contents [28]. e quality of the encrypted image compared to the original image can be measured using mathematical tools such as PSNR (Peak Signal Low Noise Ratio between images) and SSIM (Structured Similarity Index Measure). e most widely used classical metric for objectively estimating the distortion between two images is the PSNR which is considered to be a reliable indicative measure. To calculate PSNR (25), first we have to calculate the MSE using the following expression: where P ij and C ij refer to the pixels' position at ith row and jth column of plain and ciphered images distinctly. MSE is the mean square error.
where R 2 , R is the maximum fluctuation in the input image data type. e higher the PSNR, the better the quality of compressed or reconstructed image. If the input image has double-precision floating point data type, the R is 1; if it has 8 bit unsigned integer data type, R is 255 etc. PSNR and MSE are used to compare image compression quality.
SSIM determines the structural similarity of images in order to be closer to visual perception than the PSNR is and is used to compare contrast of plain and enciphered contents too. For plain and ciphered images P ij and C ij with mean values μ p , μ c and the standard deviation σ pc , the SSIM (26) has values between 0 and 1. If the value is close to 1, there will be more resemblance between plain and ciphered contents; if the value approaches 0, there will be dissimilarity between contents. Pixels' resemblance analysis of proposed approach is given in Table 4.

Cryptanalysis of the System
As far as the security analysis is concerned, the cryptosystem was submitted to the CPA (Chosen-Plaintext Attack). In this attack, we have an adversary model in which an eavesdropper is presumed to have the ability to encrypt a plain image to obtain its corresponding cipher but does not have the secret key. e eavesdropper has access to the encryption mechanism or process and encrypts a neutral image, in the hope of discovering the secret key. According to [26], it can be summarized by the following equation:   where A is the decrypted image, A ′ is its cipher, B ′ is the eavesdropper's encrypted image obtained from an extreme plaintext, "⊕" is the machinery, and Map is the presumed key. Two test images were used, and the results obtained are shown in Figure 12. We note that the eavesdropper does not reveal any keys or patterns in the plain image.

Comparison with Other Cryptosystems
Not all published cryptosystems present an extensive evaluation of the system. Our system was compared to recent papers in the literature based on performances with a common image which is Lena. Results are displayed in Table 5.
We can see from the table that one first advantage of the proposed system is the fact that one round is enough to encrypt an image. is also means a short encryption time and therefore possibility of real-time encryption. Furthermore, the key space of our cryptosystem and that of Choi et al. [27] are the largest. We can also notice from Table 5 that the average UACI, NPCR, and entropy yielded by the proposed scheme are among the best. Finally, its NPCR and entropy are among the best in literature.

Conclusion
In this work, we have suggested a chaos-based cryptosystem. A new data chaotic map has been built by combining two oscillators. To do this, we first introduce continuous functions in the dynamics of the Hartley oscillator; then, by modular addition, we perform a fusion with the Duffing oscillator. e robustness of the resulting data chaotic maps is evaluated by the PLSE algorithm. Furthermore, the resulting chaotic map is combined with a new iterative mathematical transformation function we have proposed to encrypt images. e encryption and decryption process are tested on 4 very popular images and evaluated using very common   metrics such as NPCR, UACI, SSIM, PSNR, and variance of histograms. e system was further analyzed in terms of speed, correlation, and attacks. Results obtained were compared to very recent systems in the literature and proved to be of equal or better quality. We aim to carry out the experimental setup in future work.

Data Availability
Conflicts of Interest e authors declare that they have no conflicts of interest.