1 Introduction

In everyday application, cryptography serves at various levels and scopes of human activities in relation to secured data transfer with the guarantee of privacy [27, 30, 38]. With the rapid expansion of multimedia and internet, the urgent need for appropriate encryption algorithm for image and video online communication have favoured the up-rise of cryptography using chaotic maps.

Chaotic maps were found to be good candidates for cryptography because of the close relationship between chaos properties like ergodicity, sensitivity to initial conditions and control parameters, random-like behaviour, unpredictability, and properties of a good cipher such as sensitivity to key and plaintext, randomness in confusion and diffusion processes [22, 32]. Furthermore chaos-based cryptography was also found suitable for image and video encryption as traditional cryptography (DES, IDEA, AES...) failed [10, 16, 38]. Many techniques and architectures involving different chaotic systems have therefore been published [1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 28, 29, 31,32,33,34,35,36,37, 39, 41, 43,44,45,46,47,48,49,50,51,52,53,54,55,56,57].

Permutation–diffusion is the most common architecture used in chaos-based cryptography. It consists of many rounds of crafty association between pixel values relocation (shuffling) and pixel values alteration (diffusion) using chaotic maps [1, 5–7]. Chen et al. [12] proposed a scheme of permutation-diffusion in which the diffusion key stream was extracted from the permutation matrix generated with Baker’s map, and used for shuffling. In [7] Belazi et al. used four chaos-based cryptographic phases to design a substitution-permutation network. The author in [50] designed a scheme using a key hash function to generate a hash value from both plain image and a secret hash key, then he used logistic and standard maps and the hash value to perform permutation-diffusion and authentication of the encrypted/decrypted image, to prevent chosen plaintext and middle attack. Paper [35] proposed a secure and lightweight image encryption scheme based on 2D Baker’s map, which scheme uses two sets of secret keys, one for permutation and another for diffusion.

In 2011, Zhu et al. [57] proposed a new scheme using a bit-level permutation in which separation of pixels into groups of bits depends on the percentage of pixel information. Afterward they used Cat and Logistic maps to permute and alter the abovementioned bits in pixel values. The scheme was cryptanalyzed and improved in [53]. Zhang et al. [54] proposed a new approach in which he considered an image of M×N size with 28 grayscale values as a 3D bit matrix M×N×8, and designed a new bit-level permutation architecture. Another bit-level permutation technique associated with pixel-level substitution and discrete cat map proposed in [17], was quickly cryptanalyzed and improved in [55]. Surprisingly, the improved scheme was broken and proved to have equivalent permutation Keys by Chen et al. in [11].

With the introduction of DNA computing, some researchers proposed image encryption algorithm based on DNA. Pixels in an image are DNA encoded and each nucleotide in the DNA encoded image is transformed to its base pair for DNA addition, complementary rules or replication with the help of chaotic maps and diffusion-confusion technique. However, the DNA image encryption algorithm using the Logistic map proposed in [51] was found non-invertible and prone to known-plaintext attack by authors in [19]. An enhanced version in [31] was cryptanalyzed in [8, 28]. Finally, more suitable versions for colour images using multiple improved 1D chaotic maps [23] and 2D logistic chaotic maps were proposed [21], but with high time consumption.

In 2015, Liu et al. [25] proposed a colour image encryption scheme based on three S-boxes generated in one-time by the complex Chen system. Each S-box randomly took turns to encrypt one of the colour components in each pixel adhering to the switching sequence. The S-box technique is an inheritance of traditional cryptography. The principle is to generate a random number of perfectly distributed 2D or 3D matrices and proceed to substitution, which is a nonlinear transformation, replacing each pixel value with another. In [44], Wang et al. proposed an image encryption based on dynamic S-boxes constructed by chaotic systems but with high time consumption. The encryption algorithm proposed by Belazi et al. [6] applied a lifting wavelet transform (LWT) to the original image in order to encrypt the latter by block permutation based on a chaotic Tent map. Then, a new S-box method based on chaotic system and linear fractional transform (LFT) was used to substitute the permuted image. Wang et al. [46] proposed an encryption algorithm using a discrete wavelet transform (DWT) to split up a digital image into different frequency coefficients before scrambling. Afterwards, the image sequences were encrypted with a multiple chaos encryption matrix.

Earlier in 2014, Eyebe et al. [14] proposed a scrambling-masking technique using a piece wise linear chaotic map (PWLCM) and the Leophantine equation (LDE) for generation of a large pseudo-random key stream. The algorithm achieved fast encryption since the pixel position and value were modified in a single process, but the encryption process was independent of the plain image characteristics. Another scrambling-masking scheme proposed by Huang et al. [20] using a 2D chaotic Chebychev function to scramble and mask pixel images was later proven to have security flaws [43].

Some schemes further analysed, were declared vulnerable to attacks as they were less sensitive to plaintext [5, 13, 15, 26, 29, 33, 34, 41, 47, 52]. The related algorithm suffered from inefficient chaining mode which prevents from different attacks, by creating an “avalanche effect” when a single pixel in the plain image is modified. Wang et al. [47] demonstrated that the sub-image encryption method based on hyperchaos presented by Mirzaei et al. [33] had some security weaknesses to chosen plaintext attack and improved on the scheme. Liu et al. [26] found some security defects in the scheme proposed by El-Latif et al. [13], designing an image cryptosystem based on a hybrid logistic map and a cyclic elliptic curve. Song et al. [41] presented a new spatiotemporal chaos and combined it to Nonlinear Chaotic Algorithm (NCA) to permute and diffuse image pixels. Bechikh et al. [5] analysed the scheme and concluded that the substitution key stream was the same for every cipher image/plain image pair. Murillo-Escobar [34] designed a colour image encryption algorithm using a 1D logistic map, and to avoid chosen/known plain image attack, the scheme relies on the plain image characteristics. Recently these encryption algorithms were successfully cryptanalyzed by Fan et al. [15]. The recent image encryption algorithm based on hyper-chaotic system and dynamic S-box proposed by Liu et al. [29] was proven to be insecure and not suitable for image secure communication by [52].

Other algorithms were prone to attack because their schemes contained chaotic maps (Logistic, Tent…) which had weaknesses like non-uniform data output, small key space, periodic data output, poor ergodic properties for some ranges of control parameter [3, 4, 23, 24]. To overcome these setbacks, some researchers suggested that they should not be used alone [2, 36], others proposed modified or new chaotic systems with better properties [1, 37, 39, 45, 49, 56]. In [56] for example, the author used two existing 1D chaotic maps to generate a number of new chaos with good chaotic properties, and designed an encryption algorithm capable of generating a completely different encrypted image each time it is applied to the same original image. The weakness of this cipher is its high decryption error. Sheela et al. [39] modified the Henon map in order to increase the chaotic region - which in turn improved the range of system parameters - and generated sequences for column and row shift transformation, then carried out diffusion using XOR operator. Yang et al. [49] generalized the chaotic Logistic map to the finite field, and designed a coloured image encryption scheme. Abanda et al. [1] combined outputs of Duffing and Colpitts chaotic systems to encrypt grey and colour images. In [45], Logistic and Kent chaotic mappings were used to produce two sub-matrices of pseudo random number, then a combined matrix was generated from both to perform XOR operation with the original data for encryption.

As can be seen, the common major weaknesses are the use of chaotic map with poor randomness properties outcome, lack of sensitivity to the plaintext in the method, and high computational load. With the purpose to overcome these difficulties, this paper introduces a fast image encryption algorithm built with new chaotic maps (obtained by mixing known 1D seed maps) and using a new encryption technique depending on the plain image. The new chaotic maps constructed proved to have better properties and were used to generate S-boxes by their PRNS. The encryption technique first applies a substitution of the plain image by moving and “XORing” pixels in between themselves, such that the sensitivity to plain image is enhanced. The confusion-diffusion is obtained in one time, exploiting the S-box for the substituted-pixel relocation and masking in a scrambling-masking process. Security tests carried out and evaluation metrics applied to assess the cryptosystem confirm that the aforementioned setbacks were solved.

The rest of this paper is organized as follows. An overview of seed chaotic maps is given in Section 2 while in Section 3, the new chaotic maps are designed and proven to be chaotic. The encryption algorithm proposed, is detailed in Section 4. Section 5 focuses on common security tests like key space, key sensitivity, differential attack, while Section 6 concludes the paper.

2 Presentation of 1D seed chaotic maps

2.1 Logistic map

The Logistic map is one of the most studied chaotic systems and is mathematically translated by the equation:

$$ {x}_{n+1}=r{x}_n\left(1-{x}_n\right) $$
(1)

Where xn ∈ [0, 1] is the discrete state of the output chaotic sequence, r is the control parameter with values in the range [0, 4]. The chaotic behaviour of the Logistic map is observed in the range [3.5, 4]. However, its chaotic properties are not so good, as shown in Fig. 1a.

Fig. 1
figure 1

The bifurcation diagrams of the a Logistic map and the b May map

Full size image

2.2 May map

Published by Robert May [40], the May map has behaviour and properties similar to that of the Logistic map and is expressed by the following equation:

$$ {x}_{n+1}={x}_n\exp \left(a\left(1-{x}_n\right)\right) $$
(2)

Where xn ∈ [0, 10.9] and the control parameter a belongs to the range [0, 5].

Figure 1b illustrates the bifurcation diagram of May map in which, we can observe a non-uniform data output distribution and periodicity (expressed by blank space) in the range of [2.6, 5].

2.3 Gompertz map

First proposed by Gompertz [40], the Gompertz map has a very low level of chaotic behaviour and properties. Its equation is:

$$ {x}_{n+1}=-b{x}_n\ln {x}_n $$
(3)

Where the control parameter b ∈[0,e], e=2.71829… and is the exponential function.

In Fig. 2a, one can see how low the chaocity the Gompertz map exhibits through its bifurcation diagram.

Fig. 2
figure 2

The bifurcation diagrams of the a Gompertz map and the b Gaussian map

Full size image

2.4 Gaussian map

The Gaussian map’s equation is:

$$ {x}_{n+1}=\exp \left(-\alpha {x}_n^2\right)+c $$
(4)

α ∈ [4.7, 17], c∈[−1, 1].

Also known as mouse map, this map is a consequence of some mathematical assumptions and approximations over the Gaussian noise function [40]. The bifurcation diagram of the Gaussian map in Fig. 2b shows how their chaotic behaviour and properties are different from the ones of the Logistic, May and Gompertz, and appears in various small intervals of their control parameter c.

3 The proposed chaotic map

The chaotic properties of the above seed maps are not suitable to build a secure cryptosystem [3, 4]. In this section we design new maps with better levels of chaocity and that can therefore be integrated in a good cipher.

3.1 Scheme of the designed map

The method proposed by Zhou et al. [56] was adopted to combine the different seed maps. Depicted in Fig. 3, the scheme shows how a new map is obtained from a nonlinear combination of two different 1D chaotic maps.

Fig. 3
figure 3

The new chaotic map scheme

Full size image

3.2 The new chaotic maps

From the four 1D chaotic maps (Logistic, May, Gompertz and Gaussian) used as seed, six new chaos will be constructed and analysed, each using two different seeds with unified control parameter r. The criterion for the level of chaocity here will be the maximum Lyapunov exponent.

3.2.1 The Logistic-May system

The first system is made of the Logistic and May maps and is called the Logistic-May System (LOMAS). Its equation is written:

$$ {x}_{n+1}=\left({x}_n\exp \left(\left(r+9\right)\left(1-{x}_n\right)\right)-\left(r+5\right){x}_n\left(1-{x}_n\right)\right)\operatorname{mod}1 $$
(5)

Where xn ∈ [0, 1] and r ∈ [0, 5].

The bifurcation diagram and Lyapunov exponent are shown in Fig. 4 a and d. We then can therefore see that chaotic properties are excellent within [0, 5], with a maximum Lyapunov exponent equal to 8.3.

Fig. 4
figure 4

The bifurcation diagrams and the Lyapunov exponent graphics of the new chaotic maps, a-d LOMAS, b-e LOGOS, c-f LOGAS

Full size image

3.2.2 The Logistic-Gompertz system

Logistic and Gompertz maps are the seeds of the second system called the Logistic-Gompertz system (LOGOS). It is mathematically given by Eq. (6).

$$ {x}_{n+1}=\left(-\left(r-31\right){x}_n\left(1-{x}_n\right)-\left(r+35\right){x}_n\log {x}_n\right)\operatorname{mod}1 $$
(6)

Where xn ∈ [0, 1] and r ∈ [0, 5].

Even though the Gompertz map has poor chaotic properties (Fig. 4), the bifurcation diagram of its combination with Logistic exhibits a rather good level of chaocity (Fig. 4b). The Lyapunov exponent of LOGOS has a mean value of 2.5 (Fig. 4e).

3.2.3 The Logistic-Gaussian system

Constructed with the Logistic and Gaussian maps, the third system is called the Logistic-Gaussian system (LOGAS) and is defined by:

$$ {x}_{n+1}=\left(-\left(r-33\right){x}_n\left(1-{x}_n\right)+\frac{\left(r+37\right)}{4}+\exp \left(-\alpha {x}_n^2\right)\right)\operatorname{mod}1 $$
(7)

Where xn ∈ [0, 1], r ∈ [0, 5], α ∈ [4.7, 17].

LOGAS’s bifurcation diagram depicted by Fig. 4c proves its good chaotic behaviour in the range [0, 5]. Its maximum Lyapunov exponent is equal to 2.5 (Fig. 4f).

3.2.4 The May-Gompertz system

The fourth system derives from the May and Gompertz maps and is named the May-Gompertz system (MAGOS). Its equation is:

$$ {x}_{n+1}=\left({x}_n\exp \left(\left(r+10\right)\left(1-{x}_n\right)\right)-\left(r+10\right){x}_n\log {x}_n\right)\operatorname{mod}1 $$
(8)

Where xn ∈ [0, 1] and r ∈ [0, 5].

Figure 5a and c show how its properties in terms of the bifurcation diagram and Lyapunov exponents (with a maximum value equivalent to 8.7) are excellent in the range of [0, 5].

Fig. 5
figure 5

The bifurcation diagrams and the Lyapunov exponent graphics of the new chaotic maps, a-d MAGOS, b-e MAGAS, c-f GAGOS

Full size image

3.2.5 The May-Gaussian system

The May combined to the Gaussian map form the fifth system called the May-Gaussian system (MAGAS) which is built up by the following equation:

$$ {x}_{n+1}=\left({x}_n\exp \left(\left(r+10\right)\left(1-{x}_n\right)\right)+\frac{\left(r+5\right)}{4}+\exp \left(-\alpha {x}_n^2\right)\right)\operatorname{mod}1 $$
(9)

Where xn ∈ [0, 1], r ∈ [0, 5], α ∈ [4.7, 17].

Through the bifurcation diagram of MAGAS in Fig. 5b, one can see an output sequence uniformly distributed within [0,1]. Figure 5e shows its positive Lyapunov exponents and belonging to the range [2.5, 5.6].

3.2.6 The Gaussian-Gompertz system

The last system designed is the Gaussian-Gompertz system (GAGOS). It uses the Gaussian and Gompertz maps and is expressed by the following formula:

$$ {x}_{n+1}=\left(\frac{\left(r/5+26\right)}{4}+\exp \left(-\alpha {x}_n^2\right)-\left(r/5+26\right){x}_n\log {x}_n\right)\operatorname{mod}1 $$
(10)

Where xn ∈ [0, 1], r ∈ [0, 5], α ∈ [4.7, 17].

The GAGOS bifurcation diagram (Fig. 5c) shows a uniform distribution of sequences like the previous new chaos designed. It also has a mean Lyapunov exponent value around 2.5 (Fig. 5f).

3.3 Advantages of the new maps

All the combined chaotic systems designed above exhibit better chaotic behaviour than those obtained from a single seed. Although the mathematical theory behind chaocity improvement by combining seed maps is not yet established, one easily notices that the bifurcation diagrams of the combined maps have a wider chaotic range and a more uniform distribution of their density functions (Figs. 4a, b and c, 5a, b and c) than their seeds (Figs. 1 and 2.). Furthermore, the maximum Lyapunov exponent values of the Logistic, May, Gompertz and Gaussian maps are respectively equal to 0.6, 0.4, 0.5 and 0.7 [40]. The ones obtained with the LOMAS, LOGOS, LOGAS, MAGOS, MAGAS, GAGOS maps have values of 8.1, 2.6, 2.5, 8.7, 5.6 and 2.5 respectively (Figs. 4d, e and f and 5d, e and f). A high Lyapunov exponent means less iterations and less transient effects to have two totally different PRNS from two very close initial conditions with the same control parameter. It is therefore obvious that the new chaotic maps are better pseudo random number generators (PRNG) than their seeds. We can conclude that these will be more suitable for secure and high speed encryption provided the encryption algorithm is built around a good algebraic structure.

4 Proposed image encryption algorithm

This section presents the new chaotic encryption algorithm based on two main procedures which are a novel plain image substitution technique and a scrambling-masking technique using S-boxes.

4.1 Plain image substitution technique

The plain image substitution technique (PIST) is applied to the plain image for the enhancement of sensitivity such that any change in any pixel in the plain image will cause a substantial change in the corresponding cipher image. It does not depend on a key, and can be applied to any type of images. The steps to apply the PIST to an image are:

  • From bottom to top, in each column in an image I of size M X N, replace the value of the pixel in process with the one obtained by bit-wise XOR operation between that value and the value of the previous pixel. The process starts on the second to the last pixel (Eq. (11)).

$$ \Big\{{\displaystyle \begin{array}{l}I\left(M-i,j\right)=I\left(M-i,j\right)\oplus I\left(M+1-i,j\right)\\ {}i=1,...M-1;j=1,...N\end{array}} $$
(11)

Where (i, j) are indices of an image I of size M×N, and the symbol ⊕is the bit-wise XOR operation.

  • Repeat the same process in each row (Eq. (12)).

$$ \Big\{{\displaystyle \begin{array}{l}I\left(i,N-j\right)=I\left(i,N-j\right)\oplus I\left(i,N+1-j\right)\\ {}i=1,...M;j=1,...N-1\end{array}} $$
(12)

As a consequence of applying the PIST on a plain image, any tiny change in a pixel will spread and affect many pixels in the vertical and horizontal directions and finally the pixels in the first row and the first column (Fig. 6). In the Chaining Block Cipher (CBC) mode or Propagating Chaining Block Cipher (PCBC) mode, a modification of the first pixels in the plain image easily affects the rest when encryption occurs [38]. This technique can be used as a response to the insensitivity to plain images of many cryptosystems as shown in [5, 13, 15, 17, 26, 29, 31, 33, 34, 38, 41, 47, 52, 57]. Figure 6 shows how a grey image Lena is confused when it undergoes the PIST.

Fig. 6
figure 6

Effect of PIST process on grey image Lena

Full size image

4.2 Confusion technique using S-boxes

This section describes the encryption process using as key the initial condition w0 = 0.4, x0 = 0.3, y0 = 0.2, z0 = 0.1 and control parameter r1 = 1, r2 = 2, r3 = 3, r4 = 4, α = 6, of the new chaos maps (LOMAS, LOGOS, LOGAS, MAGOS). The Plain image I of size M×N which has undergone the PIST will yield the encrypted image C after a scrambling-masking process using S-boxes, and finally an encrypted image C′ after the shuffling process. Below are the steps of the confusion technique.

  1. Step 1:

    After 500 iterations to avoid transient effects, iterated LOMAS, LOGOS, LOGAS and MAGOS M×N times. Build four 1D array vectors W, X, Y, and Z of size M×N, and two 2D vectors Sx (S-box obtained from 1D array X) and Sy (S-box obtained from 1D array Y) of sizes M×N respectively with the PRNS obtained from the chaotic systems above.

  2. Step 2:

    Encrypt the first row and the first column of the image using the PRNS of the 1D vectors X and Y as expressed by Eq. (13).

$$ \Big\{{\displaystyle \begin{array}{l}j=2,3,...N\ \mathrm{and}\kern0.5em i=1,2,...M\kern0.5em \\ {}C\left(1,j\right)=I\left(1,j\right)\oplus \left\lfloor \left(X\left(j+100\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \oplus \left\lfloor \left(Y\left(j+100\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \\ {}C\left(i,1\right)=I\left(i,1\right)\oplus \left\lfloor \left(X\left(i+200\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \oplus \left\lfloor \left(Y\left(i+200\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \end{array}} $$
(13)

Where i and j are the indices of an image I of size M×N, the symbol ⌊t⌋ is to round up the element of t to the nearest integer less than or equal to t, mod is the modulus operator and the symbol ⊕ denotes bit-wise XOR operation. (Fig. 7)

  1. Step 3:

    For each encrypted value C(i,1) and C(1, j) of the first column and the first row, calculate the number l(i) and k(j) (Eq. (14)), and use each of them as an index to definitively extract a number respectively in the sets of values {2, 3…M} for rows, and {2, 3…N} for columns.

Fig. 7
figure 7

Flowchart of encryption algoritm

Full size image
$$ \Big\{{\displaystyle \begin{array}{l}i=2,\mathrm{3...}N\ \mathrm{and}\ j=2,\mathrm{3...}M\ \\ {}l(i)=1+\left(C\left(i,1\right)\oplus \left\lfloor \left(Z\left(i+200\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \times \left\lfloor \left(W\left(i+200\right)\times {10}^{15}\right)\right\rfloor \right)\operatorname{mod}\left(M+1-i\right)\\ {}k(j)=1+\left(C\left(1,j\right)\oplus \left\lfloor \left(Z\left(j+100\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \times \left\lfloor \left(W\left(j+100\right)\times {10}^{15}\right)\right\rfloor \right)\operatorname{mod}\left(N+1-j\right)\end{array}} $$
(14)

Where l, k are 1D arrays respectively of sizes M and N.

  1. Step 4:

    Substitute the pixels of indices i = {2, 3…M} and j = {2, 3…N} in a scrambling-masking process with the indices a and b extracted respectively from l(i) and k(j) following Eq. (15).

$$ \Big\{{\displaystyle \begin{array}{l}i=2,\mathrm{3...}M\ \mathrm{and}\kern0.5em j=2,\mathrm{3...}N\\ {}C\left(a,b\right)=I\left(i,j\right)\oplus {S}_x\left(i,b\right)\oplus {S}_y\left(a,j\right)\end{array}} $$
(15)

Where each element of the S-boxes (Sx and Sy) are grey values obtained calculating (x (n) ×1015) mod 256 and (y (n) ×1015) mod 256 respectively, with n = {1, 2...M × N}.

  1. Step 5:

    Determine 1D arrays u(i) and v(j) using the four systems and the five encrypted values of pixels C(1,1), C(1,2), C(1,3), C(2,1), C(3,1) as expressed by Eq. (16). And substitute the indices (i, j) of each encrypted pixel with the indices (c, d), where c and d are the values extracted from the sets {1, 2…M} and {1, 2…N} using u(i) and v(j) as indices respectively.

$$ \Big\{{\displaystyle \begin{array}{l}i=1,2,...M\kern0.5em \mathrm{and}\kern0.75em j=1,2,...N\ \\ {}u(i)=1+\left(C\left(1,1\right)\oplus \left\lfloor \left(W\left(i+C\left(1,2\right)\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \times \left\lfloor \left(X\left(i+C\left(1,3\right)\right)\times {10}^{15}\right)\right\rfloor \right)\operatorname{mod}\left(M+1-j\right)\\ {}v(j)=1+\left(C\left(1,1\right)\oplus \left\lfloor \left(Y\left(j+C\left(2,1\right)\right)\times {10}^{15}\right)\operatorname{mod}256\right\rfloor \times \right\lfloor \left(Z\left(j+C\left(2,3\right)\times {10}^{15}\right)\Big\rfloor \right)\operatorname{mod}\left(N+1-i\right)\end{array}} $$
(16)

Where u, v are 1D arrays respectively of sizes M and N.

  1. Step 1:

    Send a copy of C(1,1), C(1,2), C(1,3), C(2,1), C(2,3) values as a part of the key.

4.3 Colour image encryption

The encryption process remains unchanged for coloured images containing R G B components. However, with the purpose of attaining high sensitivity, they will be joined together to form a unique matrix image before encryption, and restored as R G B components at the end.

4.4 Plain image recovering process

Recovering the plain image is done in two steps. Firstly, undo the substitution of indices of all pixels of the encrypted image by using the initial condition and control parameter of the four systems, and also the C(1,1), C(1,2), C(1,3), C(2,1), C(2,3) values (step 6 of Section 4.2). Afterwards, recover confused pixels of indices i = {2,3,...M} and j = {2,3,...N} using the PRNS of the four systems, the first row and the first column of the confused image. Then decrypt the first row and the first column and apply the PIST to recover the original plain image.

5 Security analysis

The security tests in this section are conducted with a Core(TM) i5-2430 M processor, on a Matlab 2012b platform. The visual results of the encrypted images (Cameraman 256 ×256 image size, Colour Lena 512 ×512, Airport 1024 ×1024) of Fig. 8 are further analysed in terms of statistical attack, brute force attack, differential attack, Chosen plain and cipher image attack, and Speed.

Fig. 8
figure 8

The grey and colour images encrypted and their histograms. (a) Cameraman, (b) Colour Lena, (c) airport

Full size image

5.1 Statistical analyses

Histogram, correlation analysis, and information entropy of the cipher image are the three main statistical tests (metrics) needed to assess robustness against statistical attack.

5.1.1 Histogram and variance of histogram

The histogram of a noise-like-image must be uniform. In Fig. 8, the histogram of the encrypted images (cameraman, Lena, airport) seem to be uniform. However, the best evaluation is done by calculating the variance of the histogram given by Eq. (18).

$$ Var(z)=\frac{1}{n^2}\sum \limits_{i=1}^n\sum \limits_{j=1}^n\frac{1}{2}{\left({z}_i-{z}_j\right)}^2 $$
(18)

Where Z is the vector of the histogram values and Z = {z1, z2, ..., z256}, zi and zj are the numbers of pixels for which the grey values are equal to i and j respectively.

In Table 1, the values of the variance of the histogram of the proposed encryption algorithm are shown with the ones of some recent cryptosystems. It appears that the mean value of the histogram of the proposed cryptosystem is around 5465 which is very close to that of the good cryptosystem proposed in [48], and not far away from the ideal value of 5000 [36]. Histogram analysis proves that the proposed cryptosystem is safe as far as statistical attacks are concerned.

Table 1 Variance of histograms of some cipher images
Full size table

5.1.2 Correlation analysis

In a good encrypted image, there must be no or a very low correlation between neighbouring pixels in every direction. The usual method to assess this is to compute the correlation coefficient Cr of 5000 pairs of randomly chosen pixels in the horizontal (HC), vertical (VC), and diagonal (DC) directions using Eq. (19).

$$ Cr=\frac{K\times \sum \limits_{i=1}^K{X}_i{Y}_i-\sum \limits_{i=1}^K{X}_i^2\times \sum \limits_{i=1}^K{Y_i}^2}{\sqrt{\left(K\times \sum \limits_{i=1}^K{\left({X}_i\right)}^2-{\left(\sum \limits_{i=1}^K{X}_i\right)}^2\right)}\times \left(N\times \sum \limits_{i=1}^K{\left({Y}_i\right)}^2-{\left(\sum \limits_{i=1}^K{Y}_i\right)}^2\right)} $$
(19)

Where X and Y are grey scale values of two adjacent pixels in the image, K is the number of pairs of pixels and Cr is the value of correlation belonging to the [−1,1] range.

Cr tends to be 1 or − 1 for high correlations and tends to be 0 for very low correlations. Table 2 shows the calculated correlation coefficient of a 512×512 Lena image in every direction. A mean value of the proposed encryption algorithm is about 0.007, which tends towards zero. Moreover, Fig. 9 shows how grey values of the cameraman correlated in the horizontal direction in Fig. 9a, are spread in Fig. 9b. From these results, one can conclude that a statistical attack through correlation analysis between adjacent pixels cannot help to break the proposed encryption algorithm.

Table 2 Correlation coefficient of two adjacent pixels
Full size table
Fig. 9
figure 9

The horizontal direction correlation graphics. (a) Original cameraman image, (b) encrypted cameraman image

Full size image

5.1.3 Information entropy analysis

The information entropy gives an account of the quantum of randomness present in a message (m) as follows.

$$ H(m)=\sum \limits_{i=0}^{2^K-1}p\left({m}_i\right){\log}_2\left(1/p\left({m}_i\right)\right) $$
(20)

Where p(mi) represents the probability of symbolmi, K is the number of bits of the message and 2K all possible values. For a 256 grayscale image, the pixel data has 28 possible values and the ideal entropy of a true random image must be 8.

Table 3 shows entropy values of some images of the proposed encryption algorithm very close to 8 as expected, and slightly better than common ones in literature [48, 38].

Table 3 Information entropy of some plain images and their cipher image
Full size table

5.2 Key analysis

5.2.1 Key space

The key space for an encryption algorithm must be large enough to avoid brute force attack. According to ref. [17], a key size of 1030 is sufficient. The secret key of the proposed algorithm consists of 4 initial conditions (w0, x0, y0, z0), 5 control parameters (r1, r2, r3, r4, α), and five 8-bit values (C(1,1), C(1,2), C(1,3), C(2,1), C(3,1)), giving a total key space of (1015)4× (1015)5× (28) 5 = 101422475, if the decimal precision is set at 15. This key space is large enough to make brute force attack inefficient.

5.2.2 Key sensitivity

An encryption algorithm must be sensitive to the less significant decimal value of its key to resist chosen plain image or chosen cipher image attack due to an insensitive, weak or equivalent key. Therefore, an original key K1 = r1, r2, r3, r4, α, w0, x0, y0, z0, and the modified versions K2 (r2 = r2 + 10−15 for K2, the rest unchanged) and K3 (z0 = z0 + 10−15 for K3, the rest unchanged) on the 15th decimal are used to encrypt the same image. Then, the percentage of difference between pixels of encrypted images is calculated. Table 4 reports that the encrypted images obtained with the K1, K2 and K3 keys differ from one another by at least 99.62%. Such results are not surprising, considering the fact that the Lyapunov exponent of the new chaos is very high (Section 3). Furthermore, the airport image (Fig. 8c) encrypted with K1 is decrypted with K2 and K3 and shown in Fig. 10. The decrypted image with K2, K3, has a noise-like appearance.

Table 4 Proof of key sensitivity
Full size table
Fig. 10
figure 10

Decrypted airport image with slightly different keys, (a) K2, (b) K3

Full size image

5.3 Differential attack analysis

A cryptosystem must be sensitive with respect to plain text or plain images, if not, it can undergo a successful differential attack. The sensitivity of a cryptosystem is evaluated through NCPR (Number of Pixel Change Rate) (Eq. (21)) and UACI (Unified Average Change Intensity) (Eq. (22)) metrics [53], which consist of testing the influence of one pixel change on a plain image on the resulting cipher image.

$$ NPCR=\frac{\sum_{i,j}D\left(i,j\right)}{W\times H}\times 100\% $$
(21)
$$ UACI=\frac{1}{W\times H}\left[\sum \limits_{i,j}\frac{\mid {C}_1\left(i,j\right)-{C}_2\left(i,j\right)\mid }{255}\right]\times 100\% $$
(22)

Where C1 and C2 are two images with same size W × H. If C1(i, j) ≠ C2(i, j) then D(i, j) = 1, otherwise, D(i, j) = 0.

Table 5 gives the measurement of NCPR and UACI between two cipher images of the cameraman, Lena and the airport when a less significant bit (LSB) changed on the grey value in the first, middle, or last pixel’s position. The values obtained are around the average of 99.62 for NCPR and 33.51 for UACI. These values are a little better than the ones proposed in literature [18, 34, 44]. Such good values result from the PIST, because the latter accumulates all pixel information in the first row and the first column of the image, which are then used in the confusion step (Section 4). Table 6 shows the effect of one pixel change on component RGB of Lena coloured image.

Table 5 NCPR and UACI measure after a LSB change
Full size table
Table 6 NCPR and UACI measures On Lena RGB image
Full size table

5.4 Cryptanalysis

Some recent encryption algorithms failed the chosen plain image or/and chosen cipher image attack with all-zero or all-one images [5, 13, 15, 26, 29, 33, 34, 41, 47, 52]. Both attacks are applied to the proposed cryptosystem.

5.4.1 Chosen plain image attack

The opener has an encrypted image C but does not know the key. However, he possesses a plain image P0 of all-zero (or all-one), and its encrypted version C0 obtained with the same unknown key. He extracts the sub-key used for pixel encryption as follows:

$$ S{k_0}^{i,j}={C_0}^{i,j}\oplus {P_0}^{i,j} $$
(23)

Where P0i, j =0, 0, 0... is a null-image in terms of grey values, and C0i, j, its corresponding cipher image, and (i, j) denotes the 2D-position of the pixels. The operation (C0i, j ⊕ P0i, j)extracts the key streamSk0i, j.

Then, the sub-key extracted is used to recover the plain image P of the encrypted one C with Eq. (24).

$$ {P}^{i,j}={C}^{i,j}\oplus S{k_0}^{i,j} $$
(24)

Where Pi, jis an image with the same size as C0i, j and Ci, j is its encrypted version.

In Fig. 11a, the chosen plain image attack on the airport encrypted image using a null-image has failed because, the scrambling-masking process and the shuffling process rely on the PIST which is highly sensitive to insignificant changes of a grey value. Therefore each encrypted image is specific to its plain image pixel characteristics.

Fig. 11
figure 11

Cryptanalysis. a Chosen plain image attack on grey Airport and its histogram, b chosen cipher image attack on colour Lena and its histograms

Full size image

5.4.2 Chosen cipher image attack

This time, the opener possesses an encrypted image C0 made of all-zero (or all-one) and its corresponding decrypted version P0. He still wants to determine the key-stream (according to Eq. (23)) necessary to recover the plain image P (colour Lena) from its encrypted image C using Eq. (24). For the same reasons mentioned above (Section 5.4.1), and as shown by Fig. 11b, this type of attack does not work.

5.5 Encryption/decryption time analysis

Table 7 reports a comparison of encryption time by the proposed algorithm with some in literature for different images. The algorithm written under Matlab platform was not optimize.

Table 7 Encryption time in seconds under Matlab 2012b
Full size table

The computer time consumption is smaller than those of [6, 9], while the proposed algorithm is faster than those in literature.

5.6 Overall comparison with other encryption algorithms

The performances of the proposed algorithm is here compared (Table 8) to those of some recent and good standing papers of the literature. Test are done using the colour Lena of size 512×512, and the time encryption is evaluated under visual C++ 2010 platform in accordance with real time multimedia application.

Table 8 Comparison of the proposed algorithm with others
Full size table

The metrics of the proposed cryptosystem reported in Table 8 suggests that, the key space, the NCPR, the encryption time, and the entropy wise are the best values. As far as key sensitivity, correlation and UACI are concerned, the values are in the order of the best values in literature.

6 Conclusion

In this paper, the proposed image encryption algorithm is based on many new 1D chaotic maps, and a substitution technique based plain image and S-boxes. The new chaotic maps are a combination of Logistic, May, Gompertz, and Gaussian maps, and have better maximum Lyapunov exponents, and therefore better chaotic properties than the originals. The encryption uses firstly, the PIST for image sensitiveness enhancement, secondly, S-boxes constructed with PRNS of the new chaos (LOMA, LOGOS, LOGAS, MAGOS, MAGAS, GAGOS, MAGOS); and thirdly, a scrambling-masking technique which permutes and diffuses image pixels in a single process with the help of S-boxes. The evaluation metrics of the proposed cryptosystem NCPR, UACI, correlation coefficient, entropy, key space and key sensitivity are amongst the best values in literature. More interestingly, a LSB change in any pixel value results in a totally different encrypted image, and chosen plaintext attack or chosen cipher image conducted is inefficient, proving the robustness of the cryptosystem. The encryption speed obtained with the non-optimized algorithm is fast enough in his current version for online multimedia communication. This proposed encryption algorithm can surely guarantee security and speed of all types of digital data transfer in a digital network.