1 Introduction

Digital images may be leaked due to the non-secure channels and lead to a significant threat to information security when they are transmitted on the internet. Therefore, image encryption before transmitting the information to the receiver is an efficient way to protect individual privacy and social safety. The digital images can be converted into binary data and encrypted with Advanced Encryption Standard. However, the high correlation between adjacent pixels may still be kept after encrypting a digital image without considering the property of digital images. Chaotic maps own some special features, i.e., high sensitivity to the initial conditions, unpredictable, ergodicity, etc., which have been widely implemented on image encryption [18, 19, 21, 24, 25, 36]. Moreover, coupled chaotic map is a new system that can be acquired by conducting combinations using one-dimensional (1D) chaotic maps. Thus, the coupled chaotic map has more complex chaotic behaviour than its seed maps [40]. In this algorithm, coupled chaotic maps are adopted to produce chaotic sequences with an excellent pseudo-randomness.

Cellular Automata (CA) is a typical discrete system [5]. In addition, a method of random sequence generation based on CA is proposed in [35], which is further used for image encryption [5, 10, 26]. There are mainly two CA-based image encryption methods, one is that CA can be used to produce pseudo-random numbers and the other is that CA is utilized to encrypt the image in bit-level. Specifically, in [23], a key matrix is built using pseudo-random numbers, which are generated by 1D CA. Random numbers in the key matrix are selected to encrypt the plain-image. In addition, an encryption algorithm using a second-order life-like CA is designed in [27], the image is transformed into binary matrix and is diffused by the life-like CA. In [28], reversible CA is applied to image encryption, and the pixels are confused by using CA and the histogram distribution of the encrypted image is more uniform because of the excellent pseudo-randomness of CA. Therefore, in this algorithm, CA is used to encrypt the scrambled image to reduce the correlation and further improve security.

Based on the above discussion, a novel image encryption scheme based on chaotic maps and CA is proposed. The following are the main contributions of this algorithm: (1) The new diffusion mechanism is designed and the confusion method of sorting is utilized by another form, which is different from others. The diffusion-confusion-CA transform architecture guarantees the nonlinear feature of the encryption method. (2) The plain image can get the hash value under the mapping of the hash function, and the initial value of the chaotic system can be obtained by using the designed formula. The generated chaotic sequences for encryption are sensitive to plain image, which guarantee the high sensitivity of the encryption algorithm. (3) In the proposed algorithm, 1D CA is used to encrypt the image in bit-level, and a new selection method of transform rules based on CA is presented. The sequence numbers based on CA are randomly generated by judging the interval of the values of the pseudo-random sequence. The selection of CA transform rules is more random.

The rest of this article is composed as follows. The fundamental knowledge about chaotic maps and CA are given in Section 2. Section 3 describes the proposed encryption algorithm. Simulation results and security performance analysis are discussed in Section 4. This paper is concluded in Section 5.

2 Preliminaries

2.1 Chaotic maps

The two-dimensional Logistic-Sine-Coupling Map (2D-LSCM) [12] is given by

$$ \left\{\begin{array}{l} x_{i+1}=\sin \left( \pi\left( 4 \theta x_{i}\left( 1-x_{i}\right)+(1-\theta) \sin \left( \pi y_{i}\right)\right)\right) \text{,}\\ y_{i+1}=\sin \left( \pi\left( 4 \theta y_{i}\left( 1-y_{i}\right)+(1-\theta) \sin \left( \pi x_{i+1}\right)\right)\right)\text{,} \end{array}\right. $$
(1)

where 𝜃 ∈ [0,1] is the control parameter. It has been demonstrated that the 2D-LSCM has chaotic behaviour when 𝜃 ∈ (0,1).

In addition, the Logistic-Sine-Cosine Map (LSCM) [13] is defined by

$$ x_{i+1}=\cos \left( \pi\left( 4 r x_{i}\left( 1-x_{i}\right)+(1-r) \sin \left( \pi x_{i}\right)-0.5\right)\right)\text{,} $$
(2)

where r ∈ [0,1]. It has been proved that the LSCM has more complex chaotic behaviour than the Logistic map.

2.2 Cellular automata

In 1D CA, the two neighbours of each cell have two values, i.e., zero or one. Therefore, for three adjacent cells, there are 2 × 2 × 2 = 23 possible states, which are 000, 001, 010, 011, 100, 101, 110, 111. The state function is given by

$$ S^{t+1}_{i}=f(S^{t}_{i-1},{S^{t}_{i}},S^{t}_{i+1}), $$
(3)

where t denotes the time, Si presents the current state of the ith cell, and \(S^{t+1}_{i}\) denotes the next state of Si at time t + 1.

The state of \(S^{t+1}_{i}\) is controlled by the ith cell’s state and the two neighbouring states of i − 1th cell and i + 1th cell at time t. \(f(S^{t}_{i-1},{S^{t}_{i}},S^{t}_{i+1}\)) denotes Boolean function, which means logical operation. Table 1 shows different logical operation mode. Taking three adjacent cells as an operational unit at time t, and there are eight possible states of an operational unit. The eight states of the ith at time t + 1 are obtained by using a kind of Boolean function. Then, eight binary numbers are converted into a decimal number and the decimal number is named as the rule number corresponding to this kind of Boolean function. For example, when rule 90 is selected to conduct the logical operation. The next state of Si can be shown as f(000) = 0, f(001) = 1, f(010) = 0, f(011) = 1, f(100) = 1, f(101) = 0, f(110) = 1, f(111) = 0. Number 90 represents the decimal number of the Si, that is (01011010)2=(90)10.

Table 1 Different rules of 1D CA
Full size table

3 The proposed encryption algorithm

3.1 Generating the initial values of chaotic maps

Hash function is used to transform the input with any length into a fixed-length output, which can be applied to authenticated encryption [37]. In this algorithm, the initial secret keys are obtained by employing the SHA-256 hash value of the original image, which is calculated as H. H represents 64 hexadecimal values since each hexadecimal denotes four binary values. Then, H is converted to decimal values and further divided into eight blocks. Each block includes eight values, which can be given by

$$ H=d_{1},d_{2},...,d_{7},d_{8}. $$
(4)

Then, the intermediate values α = d1d2d3d4, and β = d5d6d7d8.

Finally, the initial values are given by

$$ \left\{\begin{array}{l} x_{1}=\alpha(1) \oplus \alpha(2) \oplus \alpha(3) \oplus \alpha(4)\text{,} \\ y_{1}=\beta(1) \oplus \beta(2) \oplus \beta(3) \oplus \beta(4)\text{,} \\ z_{1}=\frac{x_{1}+y_{1}}{2}\text{.} \end{array}\right. $$
(5)

3.2 The process of encryption

The flow chat of the proposed method is displayed in Fig. 1, and the detailed encryption steps are presented next.

Fig. 1
figure 1

Flow chat of the proposed encryption algorithm

Full size image

Step 1. Suppose the original image is I, and the dimension of it is m × n. Initial values of two chaotic maps can be acquired according to H, which is represented in Section 3.1.

Step 2. The 2D-LSCM is iterated for m × n + 500 times by using x1, y1, and two sequences X, Y are obtained by discarding the former 500 values. Similarly, the chaotic sequence Z is generated by iterating the LSCM for m × n × 8 times using z1. Then, the sequence X is reshaped into matrix X1 with the same size as I. In addition, 2m values are selected from sequence Z, and quantification operations are performed by

$$ \left\{\begin{array}{l} Y_{1}=\text{mod}\ \left( \text {floor}\left( Y \times 10^{14}\right), 256\right)\text{,} \\ R=\text{mod}\ \left( \text {floor}\left( Z(1: n) \times 10^{14}\right), 256\right)\text{,} \\ C=\text{mod}\ \left( \text {floor}\left( Z(m+1: 2 m) \times 10^{14}\right), 256\right)\text{,} \end{array}\right. $$
(6)

where Z(1 : n) represents the first value to the nth value in sequence Z, Z(m + 1 : 2m) represents the (m + 1)th value to the 2mth value in sequence Z. The diffusion matrix D is obtained by reshaping vector Y1 into matrix.

Step 3. The plain-image is diffused by using the new diffusion method. Firstly, the pixels in the first row of plain-image are encrypted by vector R and the first row of matrix D, which is calculated by

$$ C_{1}(1, x)=\text{mod}\ (R(x)+I(1, x), 256) \oplus D(1, x), $$
(7)

where x ∈ [2,n], R is 1D vector produced by the LSCM.

Secondly, the pixels in the first column of plain-image are encrypted by vector C and the first column of matrix D, which is calculated by

$$ C_{1}(y, 1)=\text{mod}\ (C(y)+I(y, 1), 256) \oplus D(y, 1), $$
(8)

where y ∈ [2,m], C is 1D vector produced by the LSCM.

Finally, when x ∈ [2,m], y ∈ [2,n], other pixels are encrypted by the corresponding values in matrix D, which is shown in

$$ \begin{array}{c} C_{1}(x, y)=\text{mod}\ \left( C_{1}(x-1, y-1)+I(x, y), 256\right)\oplus D(x, y)\text{.} \end{array} $$
(9)

Specially, the first value I(1,1) is encrypted by

$$ C_{1}(1,1)=\text{mod}\ (I(1,1)+R(1), 256) \oplus D(1,1)\text{.} $$
(10)

Step 4. The process of permutation is presented. The values in every row and column of the key matrix X1 are sorted in ascending order. Figure 2 shows the process of generating the index matrices for permutation when the size of the image is 4 × 4. In detail, the first row in X1 is 0.697,0.027,0.002,0.998. After sorting in ascending, this row changed to 0.002,0.027,0.697,0.998. The original sequence 1,2,3,4 is changed to new sequence 3,2,1,4, which is shown in the first row of X2. As a result, two index matrices X2 and X3 are obtained. In this algorithm, the permutated image C2 can be acquired by using the index matrices to confuse the diffused image.

Fig. 2
figure 2

The process of generating index matrices with the size of 4×4

Full size image

Step 5. CA transform is adopted to obtain the final cipher-image. Eight CA transform rules in Table I are randomly selected to encrypt the image in this paper. The selection of the rule number is controlled by the sequence numbers Ri. For example, if Ri is five, the Rule 165 CA is selected to transform the pixel in bit-level. Ri can be obtained by judging the interval of the values of chaotic sequences Z produced by the LSCM. Ri is given by

$$ R_{i}=\left\{\begin{array}{l} 1,0 \leq Z(i) \leq 0.125, \\ 2,0.125<Z(i) \leq 0.25, \\ 3,0.25<Z(i) \leq 0.375, \\ 4,0.375<Z(i) \leq 0.5, \\ 5,0.5<Z(i) \leq 0.625, \\ 6,0.625<Z(i) \leq 0.75, \\ 7,0.75<Z(i) \leq 0.875, \\ 8,0.875<Z(i) \leq 1, \end{array}\right. $$
(11)

where i denotes the iterating time, and i ∈ [1,m × n × 8]. Ri denotes the sequence numbers, and Ri ∈ [1,8].

What’s more, the Rule numbers in the process of CA transform are randomly selected. The chaotic sequence Z is obtained by iterating the LSCM and the initial value of the LSCM is related with plain-image, which certifies that the process of CA transform is sensitive to plain-image.

Step 6. The permuted matrix C2 is reshaped into a vector, and the vector is transformed into sequence C3. The value in C3 is binary, and the length of C3 is m × n × 8. Then, C3 is regarded as the input of CA, and the corresponding rules of CA transform are values in the sequence Zi. The output can be obtained after conducting CA transform, and the output is converted into decimal vector C4. Finally, the vector C4 is reshaped into the final encrypted image.

For better understanding the process of encryption. Figures 3 and 4 are regarded as an example to explain the process of encrypting an image with the size of 4 × 4. Firstly, the vector C, R, and diffusion matrix D can be obtained according to the description in Step 2. The first row in Fig. 3 shows the result of diffusion, which is calculated according to Step 3. The rows of diffused image C1 are reordered by using the index matrix X2, and then the columns are reordered by using the index matrix X3. In Fig. 4, the permutated image C2 is transformed into sequence. The first pixel in the sequence is regarded as an example to conduct CA transform. The decimal number 141 is blue, and the binary form of it is 10001100. From Table 1, it can be seen that the corresponding rule numbers represented by sequence R(1,8,7,8,3,6,4,1) are 30,101,105,101,150,86,153,30. According to the Boolean function, the transform result can be obtained, that is 10100111. So, 141 is converted into 167. Decimal number 167 is remarked in yellow. Similarly, other pixels are conducted the same process. CA transform result is obtained, and it is reshaped into the final cipher image with the size of 4 × 4.

Fig. 3
figure 3

The process of diffusion and permutation

Full size image
Fig. 4
figure 4

The process of CA transform

Full size image

3.3 The process of decryption

Obviously, the decryption process is the inverse of encryption. The detail is presented as follows.

Step1: The chaotic sequences X, Y, and Z are generated by iterating the chaotic systems using secret keys. Then the quantification operations are conducted by using (6). Sequences Y1, R, and C are obtained. X is reshaped into a matrix X1, which is named as the key matrix. And Y1 is reshaped into diffusion matrix D. According to Z and (11), the Rule sequence Ri is obtained.

Step2: The cipher image is transformed into binary sequence C4. Then, it is regarded as the input of CA. The output can be obtained after conducting CA transform by using Rule sequence Ri. The output is converted into decimal vector C3, and further reshaped into matrix C2.

Step3: Two index matrices X2, and X3 are obtained by using X1 according to the description of Step 4 in Section 3.2. The elements of the column in matrix C2 are recovered according to the position of index matrix X2. Further, the reverse permutation is finished by using the index matrix X3. The result is named as C1.

Step4: Firstly, the pixel values other than the first row and the first column are decrypted by

$$ I(x, y)=\text{mod}\ \left( C_{1}(x, y) \oplus D(x, y)-C_{1}(x-1, y-1), 256\right), $$
(12)

where x ∈ [m,2], and y ∈ [n,2].

Secondly, the pixels of first row excluded the first position are decrypted by

$$ I(1, x)=\text{mod}\ \left( C_{1}(1, x) \oplus D(1, x)-R(x), 256\right), $$
(13)

where x ∈ [n,2]. Similarly, the pixels of first column excluded the first position are decrypted by

$$ I(y, 1)=\text{mod}\ \left( C_{1}(y, 1) \oplus D(y, 1)-C(y), 256\right), $$
(14)

where y ∈ [m,2]. Finally, the last decrypted pixel is obtained by

$$ I(1,1)=\text{mod}\ \left( C_{1}(1,1) \oplus D(1,1)-R(1), 256\right). $$
(15)

Then, the decrypted image I is recovered.

4 Experimental results and security analysis

Experimental results are displayed in this part and security analysis is discussed in detail. Three standard images are tested, and the size of them is 512 × 512. No useful information can be acquired from encrypted images, which are represented in Fig. 5, and the plain-images can be successfully recovered.

Fig. 5
figure 5

Experimental results. a-c original images; d-f encrypted images; g-i decrypted images

Full size image

4.1 Differential attack

After a tiny modification is made for plain-image, hackers can obtain one new image and encrypt the modified image. Then, attackers may compare the difference between two encrypted images to seek out secret keys. Generally, the number of pixel change rate (NPCR) and unified average changing intensity (UACI) are selected to assess the capacity for withstanding the differential attack, which are defined by [4]

$$ NPCR=\frac{{\sum}_{i, j} D(i, j)}{m \times n} \times 100 \%\text{,} $$
(16)
$$ UACI=\frac{1}{m \times n}\left[\sum\limits_{i, j} \frac{\left|T_{1}(i, j)-T_{2}(i, j)\right|}{255}\right] \times 100 \%\text{,} $$
(17)

where m × n is the dimension of image. T1 and T2 are encrypted images, and their corresponding plain-images differ by one pixel. When T1(i,j)≠T2(i,j), the difference matrix D(i,j) = 1; or else, D(i,j) = 0.

In this test, three images are tested, and 100 pixels are selected randomly with adding one for each time. The test results are listed in Table 2. The results indicate that the average values are approximate to the expected value [11], which certifies that the algorithm can resist differential attack.

Table 2 NPCR and UACI of different images
Full size table

4.2 Key space

Key space ought to be large enough to withstand brute force attack, and the key space in an encryption scheme is usually required to reach 2100 [2]. The secret keys in this paper includes two control parameters r, 𝜃, initial values x1, y1, z1. The accuracy of the computer is limited, assuming it is 10− 15 [14], the whole key space in this work is 2260. Therefore, the proposed algorithm can defend against brute-force attack.

4.3 Key sensitivity

Encryption method ought to be sensitive enough to the encryption key, which means that an enormous variation will be taken place in cipher-image when the secret key is altered slightly. To prove the key sensitivity, the initial parameter 𝜃 is changed slightly to \(\theta ^{\prime }=\theta +10^{-16}\).

Figure 6c shows the new cipher-image when \(\theta ^{\prime }\) is utilized to encrypt the 512 × 512 “Lena”. In addition, Fig. 6d-g show the other new encrypted images when other keys are modified. Figure 6h-l indicate that there is an enormous difference between Fig. 6c-g and b.

Fig. 6
figure 6

a plain-image of “Lena”; b cipher-image with original keys; c-g cipher-images with modified keys; h-l difference images between b and c-g

Full size image

Figure 7a shows the decrypted image using correct keys, and Fig. 7b-f display wrong decrypted images by using modified keys. The results show that the plain-image can’t be recovered correctly using modified keys even the keys are changed slightly.

Fig. 7
figure 7

a decrypted image using original keys; b-f decrypted image using modified keys

Full size image

What’s more, the decrypted image by using an error key has an enormous difference from the correct decrypted image. Usually, this difference can be evaluated by the peak signal-to-noise ratio (PSNR) and mean square error (MSE) [6], which are calculated by [8]

$$ P S N R=10 \log_{10} \frac{255^{2}}{M S E}\text{,} $$
(18)
$$ M S E=\frac{1}{m \times n} \sum\limits_{x=1}^{m} \sum\limits_{y=1}^{n}[D(x, y)-P(x, y)]^{2}\text{,} $$
(19)

where D represents decrypted image by using a wrong key and P is the original image. A small value of PSNR demonstrates that there is a great difference between image P and D [15]. The key sensitivity can be also evaluated by NPCR and UACI. The results are listed in Table 3, which certifies that the proposed algorithm has good performance in key sensitivity.

Table 3 Key sensitivity about decrypted image
Full size table

4.4 The histogram analysis

Histogram of an image shows each pixel value’s distribution [38]. If the histogram is not uniform, the exposed information may be utilized by attackers. Figure 8 displays the histograms of encrypted images, which are balanced distribution. Hence, the proposed algorithm is resistant to statistical attack.

Fig. 8
figure 8

a-c Histograms of “Lena”, “Baboon”, and “Barbara”. d-f Histograms of their cipher-images

Full size image

4.5 Correlation analysis

The strong correlation in horizontal(HL), vertical(VL), and diagonal(DL) directions exist commonly between two adjacent pixels, which indicates that the original image contains a lot of redundant information. Hence, a secure encryption algorithm ought to eliminate these correlations. The correlation coefficients corxy can be calculated by [7]

$$ \operatorname{cor}_{x y}=\frac{{\sum}_{i=1}^{N}\left( x_{i}-\omega_{x}\right)\left( y_{i}-\omega_{y}\right)}{\sqrt{{\sum}_{i=1}^{N}\left( x_{i}-\omega_{x}\right)^{2}\left( y_{i}-\omega_{y}\right)^{2}}}\text{,} $$
(20)

where \(\omega _{x}={\sum }_{i=1}^{N}x_{i}\), \(\omega _{y}={\sum }_{i=1}^{N}y_{i}\) , xi and yi represent gray values of adjacent pixels in an image. Figure 9 displays the correlation of adjacent pixels in three directions of “Lena” and its encrypted image, respectively. In addition, Table 4 gives the correlation coefficients of test images. The correlation coefficients of encrypted images in this paper are near to zero. So the proposed algorithm is able to eliminate the correlation effectively.

Fig. 9
figure 9

Correlation distribution. a-c correlation distributions in three directions of original “Lena”; d-f correlation distributions in in three directions of encrypted “Lena”

Full size image
Table 4 Correlation coefficient of original and encrypted images
Full size table

4.6 Information entropy analysis

The randomness of information can be described by information entropy, which can be calculated by [7]

$$ H(s)=\sum\limits_{i=0}^{2^{n}-1} p\left( s_{i}\right) \log_{2} \frac{1}{p\left( s_{i}\right)}\text{,} $$
(21)

where p(si) is the probability of si. In a fully uniform image with 28 gray level, the expected value of entropy is eight [23]. The nearer the entropy is to eight of cipher-image, the higher security of the scheme [32]. In the proposed scheme, “Lena”, “Baboon”, “Barbara”, and the corresponding cipher-images are tested. The results for three tested images are listed in Table 5. The information entropies of the encrypted image in this paper are close to eight, which prove that the proposed scheme has good randomness.

Table 5 Information entropies of different images and the comparison results
Full size table

4.7 Data loss and noise attack analysis

The information may be lost due to the effect of congestion network or noise when the cipher-image is transmitted over internet [20]. Therefore, it is essential for the cryptosystem to have the ability to resist data loss and noise attacks [9].

The cipher-image “Lena” with different cropped parts and the decrypted results are displayed in Fig. 10. The recovered images can still be identified in spite of there are a large number of data is lost in cipher-images. Hence, the proposed algorithm can resist data loss attack effectively.

Fig. 10
figure 10

Data loss attack. a-d cipher image with 19.5% data loss, e-f cipher image with 25% data loss; g-l corresponding decrypted images

Full size image

In addition, the Gaussian Noise(GN) is tested, which can be added to the encrypted image C by [17]

$$ C^{\prime}=C+k G_{N}\text{,} $$
(22)

where \(C^{\prime }\) is a new encrypted image after adding GN, k is noise intensity, and GN is the standard GN. The decrypted results after adding GN are represented in Fig. 11, in which the recovered images can be recognized when k = 30. Therefore, the proposed algorithm is resistant to GN attack.

Fig. 11
figure 11

Decrypted images under different GN intensities: a-d: k= 5,10,20,30

Full size image

What’s more, the decrypted image after adding Salt and Pepper Noise(SPN) with different densities is given in Fig. 12. The results indicate that the encryption scheme is capable of resisting SPN attack.

Fig. 12
figure 12

Decrypted images under different SPN densities a: 1%; b: 5%; c: 10%; d: 15%

Full size image

4.8 Known/chosen plaintext attack analysis

Initial values of the 2D-LSCM and the LSCM in the proposed algorithm are calculated by SHA-256 hash value of plain-image, which indicates that the encrypted image is highly sensitive to the plain-image. What’s more, attackers usually choose a special image such as all black and the secret key may be found according to the chosen-plaintext attack [16]. Figure 13 shows the cipher-images of all black and white, and their histograms. In addition, Table 6 shows the entropies and correlation coefficients of cipher-images. The results indicate that the attackers cannot get any valuable information from the encrypted images. Hence, the proposed scheme can withstand the known/chosen plaintext attack.

Fig. 13
figure 13

a-b images of all black and white, c-d encrypted images, e-f histograms of c-d

Full size image
Table 6 Performance evaluation results of special images
Full size table

4.9 Encryption speed analysis and comparison

The encryption efficiency of the algorithm is an important index to measure the encryption performance of the cryptographic system. The experimental environment is based on MATLAB R2018b with Intel Core i3-8100 CPU @ 3.6GHz, 8G RAM. The operating system is Windows 10. “Lena” image with the size of 512 × 512 is encrypted, and the time of each process and the total encryption time are listed in Table 7.

Table 7 Encryption speed analysis
Full size table

In addition, recent methods are compared with the proposed algorithm, which is listed in Table 8. In Table 8, the entropy in the proposed method is lower than [29, 30, 33]. However, the encryption efficiency of this scheme is much faster than [29, 30, 33] when the size of test image is 256 × 256. Further, the encryption speed of proposed algorithm is slower than [3], but it is faster than [21] and [22]. Finally, the proposed scheme has similar performance compared with other algorithms in other respects, including NPCR, UACI, entropy, and correlation coefficients. Therefore, the proposed algorithm has good safety and effectiveness.

Table 8 Comparison result with other schemes
Full size table

5 Conclusion

Based on chaotic maps and CA, a novel image encryption algorithm is proposed in this paper. Firstly, initial secret keys of the chaotic maps are calculated by using the SHA-256 hash value of the original image, which guarantees high key sensitivity. Then, the plain-image is diffused and scrambled. The final encrypted image is obtained by transforming the scrambled image using CA. Experimental results and security analysis demonstrate the proposed scheme has good performance in key sensitivity, information entropy, and it can resist attacks, i.e., noise and data loss attacks. In the future, the robustness of resisting noise attack will be increased, and the effectiveness of this algorithm can be improved further.