1 Introduction

Since chaos was discovered by E. Lorenz[35], it has been explored and developed in many fields of science and engineering [44]. One of prominent applications of chaos in information engineering is the chaos-based cryptography [6, 16, 28, 31]. In fact, a chaos-based cryptography utilizes the complexity of dynamics [27] rather than that of number theory and algebra as in the conventional cryptography. So far, many chaos-based image cryptosystems were proposed with various ranges of aspects, those employs from simple chaotic maps such as the Logistic map [30] to highly complicated ones such as fractional-order hyperchaotic system [22], from simple algorithms [6] to complicated ones e.g., quantum method [62, 63], etc.

Nowadays the image data is massively created by the technological advances in image acquisition. Among them, there are a high volume of image data such as medical images needed to keep confidential, so it requires to have fast and efficient algorithms. For decades, chaos-based image encryption has been researched because it provides the advantages with simple implementation and high performance for the bulk data like images and multimedia data. On aspects of performance, there are three main approaches to have a fast and efficient chaos-based image encryption, i.e., suitable selection of plaintext for encryption (e.g. selective encryption), computational optimization of encryption algorithms, and structural optimization of encryption. Firstly, the selective encryption is to consider to encrypt only part of image data what significantly contributes to the visual structure [4, 7, 9, 26, 29, 43, 53, 58]. However, the context of high security requires to encrypt all image data. Secondly, the computational optimization for the encryption algorithm is to choose the simple operators with low computation cost, switching mechanisms (e.g. DNA sequence [13, 29, 48, 55], look-up tables[10, 24]), or dealing with blocks of pixels [8, 15, 18, 54, 59]. Among them, the simplest way to enhance the speed of encryption algorithms is to choose the operators with low computational cost such exclusive-OR (XOR) and modulus in the digital platform, etc., for both the chaotic map and the ciphertext computation. However, most of existing encryption algorithms employ complicated operators such as multiplier, addition, cyclic shift, or even exponent. Thirdly, the structural optimization for an encryption algorithm is to arrange the entities in a cryptosystem in order to have high speed encryption. For example, the combination of permutation and diffusion (CPD) in the configuration of cryptosystem allows to reduce the number of access times to the data in the memory during encryption [10, 12, 14, 50]. However, all of existing encryption algorithms with the CPD were designed to encrypt a single image, so the efficiency of encryption is limited.

In addition, a chaotic map works as a pseudo-random number generator for chaos-based cryptosystems. Therefore, a fast and efficient encryption algorithm is achieved if pseudo-random numbers are used efficiently. In other words, for a certain number of bits generated by a chaotic map, the more pixels are encrypted, the more efficient cipher is. Multiple image encryption (MIE) is one of approaches to improve the efficiency for the chaos-based image encryption. Recently, there are several works on the MIE using chaos, e.g. [13, 23, 25, 32, 36, 37, 39, 40, 42, 45, 46, 48, 49, 51, 57,58,59,60,61, 63]. However, there are flaws in such the MIEs, i.e., a lack of diffusion effect in the encryption in [36, 40, 46, 48, 57,58,59,60, 60, 61], inefficiency in using bits generated by the chaotic map with the permutation separated from the diffusion [37,38,39,40, 46, 48, 56,57,58, 61, 63], choosing complicated computational operations [40, 46, 48, 56, 57, 60, 61, 63]. In addition, all of existing algorithms of MIE are designed for single round of encryption, so it can be broken more easily than that with multiple rounds of encryption [3, 20].

On aspects of security, Gonzalo Alvarez et. al.  [1, 2] suggested that the dynamics of a chaotic map must be complicated enough to assure the security. One of methods to achieve complicated dynamics of a chaotic map is to make the chaotic map perturbed. It is proved that a perturbed chaotic map (PCM) has dynamics more complicated than that of original one [33, 47]. However, all of existing methods employ algebraic operations for the perturbation, so it takes large time consumption during iteration of PCMs. Besides, most of existing algorithms of MIE use the static session key, in which the session key is constant during encryption. Although the initial values of chaotic systems are calculated from the image content in terms of hash values as in [37,38,39,40, 56,57,58, 61], the session key is not changed during encryption, or it is static. In contrast, the dynamical session key is changed during encryption. In fact, a chaos-based cryptosystem with the dynamical session key can resist from the types of chosen-plaintext and chosen-ciphertext attacks. One of methods to have the dynamical session key is that the dynamics of chaotic map is involved by the image content during encryption as in [12, 17, 19, 21, 34, 41].

Overall, the existing algorithms of MIE are with a lack of diffusion effect, inefficiency in using random number generated by chaotic map, and low speed. In this paper, a novel structure of chaos-based encryption is proposed to encrypt multiple images at the same time, in which the permutation and diffusion are integrated and they share the same chaotic map. The XOR operation is chosen for calculation and data manipulation during encryption. Therefore, the proposed structure allows to improve the efficiency and to reduce the time consumption for the encryption. In addition, the chaotic map is perturbed frequently and its dynamics is dependent on the content of images. It creates the dynamical session key, so the proposed structure can resist from the types of chosen-plaintext and known-plaintext attacks. Two exemplar ciphers employing the proposed structure are demonstrated with the use of Logistic and Standard maps. The simulation results will be analysed and compared with those of existing methods to show the feasibility and effectiveness of the proposed structure of MIE.

This paper contributes the followings.

  1. 1.

    To gain high speed and efficiency: the permutation and diffusion is integrated; only one chaotic map is required; and only the XOR operation is used in both the perturbation of chaotic map and the encryption equations of pixels.

  2. 2.

    To achieve high security: the dynamical session key is generated by a chaotic map with non-stationary dynamics by means of perturbation; and the image content is involved in the generation of session key by means of the chaotic dynamics during encryption.

The rest of paper is organized as follows. The configuration and operation of the proposed structure are presented in Section 2. The specific example illustrates in Section 3 with details about the simulation result, the statistical and security analyses, and the comparison with the results of existing methods. Section 4 presents the discussion and conclusion of the work.

2 Proposed structure of MIE

The configuration of the proposed structure of chaos-based MIE is illustrated in Fig. 1. Figure 1(a) displays the model to integrate the permutation and diffusion, in which only one PCM is used. Figure 1(b) shows the detail of the structure that the PCM provides chaotic values for the encryption and perturbed by pixel values. Pixels are shuffled and diffused one by one in every image.

Fig. 1
figure 1

Proposed structure and its configuration

Full size image
Fig. 2
figure 2

The structure of PCM

Full size image

2.1 Perturbed chaotic map

Here, the perturbed chaotic map [21] is employed for the proposed structure. Figure 2 illustrates the configuration of PCM, in which \(\Delta _{X_n}\) and \(\Delta _{\Gamma _n}\) are perturbation amounts applying to state variables and control parameters, respectively. There, D and G are the number of dimensions and that of control parameters, respectively. \(k_1\) is the length of the input bit sequence E, and R is the number of chaotic iterations at which values of state variables are read for the encryption. Equations for a generic PCM are expressed as

$$\begin{aligned} \left\{ \begin{array}{ll} X_{n+1}&{}=F(\hat{X}_n,\hat{\Gamma }_n),\\ \hat{X}_n&{}=X_{n} \oplus \Delta _{X_n},\\ \hat{\Gamma }_n&{}=\Gamma _0 \oplus \Delta _{\Gamma _n}, \end{array}\right. \end{aligned}$$
(1)

where F(.) is the chaotic function; \(X_n\), \(\hat{X}_n\), and \(\hat{\Gamma }_n\) are the vectors of state variables, perturbed state variables, and perturbed control parameters, respectively; \(X_0\) and \(\Gamma _0\) are initial values of state variable and control parameter, respectively. Assumed that the PCM is implemented on the digital platform, so values of \(X_n\) and \(\Gamma _n\) are represented in the format of fixed-point number of \(m_1\) and \(m_2\) bits, respectively. The perturbation amounts are constructed by

$$\begin{aligned} \Delta _{\Gamma _n}=\left\{ \begin{array}{lll} Y_1 \circ E &{}\text {for} &{}n=0;\\ Y_2 \circ X_n &{}\text {for} &{}1 \le n\le R, \end{array} \right. \end{aligned}$$
(2)

and

$$\begin{aligned} \Delta _{X_n}=\left\{ \begin{array}{lll} Y_3 \circ E &{}\text {for} &{}n=0;\\ Y_4 \circ X_n&{}\text {for} &{}1 \le n\le R, \end{array} \right. \end{aligned}$$
(3)

where n is current number of chaotic iterations; E is the external source represented by \(k_1\) bits and it can be constructed by bits of either initial values (\(kC^{-}_0\) and \(kP^{+}_0\)) or current values of pixels (\(p(i,j+1,k)\) and \(c(i,j-1,k)\), \(k=1..K\)); the rules of bit arrangement \(Y_i\), \(i=1..4\), are to construct the perturbation amounts; and \(\circ \) is the operator of bit arrangement.

In the operation, the PCM is firstly initialized by \(\Gamma _0\) and \(X_0\), then it iterates R times to produce chaotic values \(X_R\) for the encryption. It requires that values of \(\hat{\Gamma }_n\) and \(\hat{X}_n\) are always in the ranges such that the PCM exhibits chaotic behavior.

2.2 Bit arrangement

The bit arrangement rule Y is to construct new bit sequences from a given bit sequence. Assumed that A and B are bit matrices with the sizes \(I_A\times J_A\) and \(I_B\times J_B\), i.e., \(A=[a_{ij}]_{1\le i\le I_A,~1\le j\le J_A}\) and \(B=[b_{ij}]_{1\le i\le I_B,~1\le j\le J_B}\), and with \(a_{ij},b_{ij}\in \{0,1\}\). Bit matrix A is constructed from bits of matrix B by using the bit arrangement rule Y as

$$\begin{aligned} A=Y\circ B. \end{aligned}$$
(4)

Here, the rule of bit arrangement is represented by an array of 2-tuples \(Y=[(y^{(r)}_{ij},y^{(c)}_{ij})]_{1\le i\le I_A,~1\le j\le J_A}\), in which \(y^{(r)}_{ij}\) and \(y^{(c)}_{ij}\) are row and column indexes of matrix B with \(y^{(r)}_{ij}\in [1,I_B]\) and \(y^{(c)}_{ij}\in [1,J_B]\). In fact, bits of A come from those of B as \(a_{ij}=b_{y^{(r)}_{ij}y^{(c)}_{ij}}\). As special cases, bits in A can be deliberately fixed at the logic ‘0’ or ‘1’, and in those cases the 2-tuple \((y^{(r)}_{ij},y^{(c)}_{ij})\) is denoted by \(B_0\) and \(B_1\) for the logic ‘0’ and ‘1’, respectively.

In this work, the bit matrix B is a representation of chaotic values of \(X_n\). Therefore, the bit matrix A can be used for constructing \(I_A\) bit sequences. Each bit sequence is a concatenation of bits in the same row of matrix A, i.e. \(A_i=||_{j=1}^{J_A} a_{i,j}\), where || denotes for the bit concatenation.

For example, the chaotic value \(X_R=(3.4162,1.1963)\) is represented in the format of fixed-point number with 18 bits as a whole and 16 bits for the fractional part (denoted as \(\left\langle 18,16\right\rangle \)). The value of \(X_R\) in binary is

$$\begin{aligned} X_{bin}=\left( \begin{array}{l} 11.0110101010001010\\ 01.0011001001000010 \end{array}\right) . \end{aligned}$$
(5)

Figure 3 illustrates the operation of bit arrangement in Eq. (4). The bit matrix B is a matrix representation of \(X_{bin}\). As a result, the bit matrix A is obtained, and the bit sequences \(A_1=1011\) and \(A_2=1010\) are concatenation of bits in rows of A as described above.

Fig. 3
figure 3

Example of bit arrangement

Full size image

2.3 Bit manipulation

In this work, the block Bit manipulation (BM) in Fig. 1b performs combining two bit sequences \(E_1\) and \(E_2\), so as to have a bit sequence E. Let us denote |.| be the function returning the length of bit sequence, and \(\Updownarrow \) be the bit-interleaving concatenation. In fact, the bit-interleaving concatenation can be any rule of bit interleaving of two bit sequences. There are three cases of relative length of E, \(E_1\) and \(E_2\). If \(|E_1|+|E_2|=|E|\), the BM is simply \(E=E_1\Updownarrow E_2\). For two other cases of relative lengths, i.e., \(|E_1|+|E_2|> |E|\) and \(|E_1|+|E_2|<|E|\), in this work, the bit sequence E can be obtained by two simple procedures as followings. Respectively, T and \(T_i\) are denoted for the resultant bit sequence of interleaving and portion of T after division, respectively.

  • Case 1: For \(|E_1|+|E_2|> |E|\) Step 1: Concatenate two bit sequences \(T=E_1\Updownarrow E_2\). Step 2: Find integer n such that \((n-1)*|E|<|T|\le n*|E|\). Step 3: Separate sequence T into n portions \(T_i\), \(i=\{1...n\}\), such that \(|T_i|=|E|\) for \(i=1..n-1\) and the last portion \(T_n\) is with the length \(|T_n|\le |E|\). Step 4: Pad \(|E|-|T_n|\) bit zeros into sequence \(T_n\). Step 5: Perform XORing the bits at the same position in the sequences as \(E={\oplus }_{i=1}^n T_i\).

  • Case 2: For \(|E_1|+|E_2|\le |E|\) Step 1: Find integer m such that \((m-1)*(|E_1|+|E_2|)<|E|\le m*(|E_1|+|E_2|)\). Step 2: Concatenate m times \(E_1\Updownarrow E_2\) to get bit sequence T. Now, the relative length is \(|T|\ge |E|\). At this point, Steps 2 to 5 in Case 1 are performed on bit sequence T to obtain bit sequence E.

2.4 Permutation and diffusion for a pair of pixels

The permutation and diffusion are integrated in order to thoroughly exploit bits generated by the PCM. Assumed that the MIE performs encrypting K images at the same time and all images are with the same size. Let us denote 3-tuples (ijk) and \((i',j',k')\) be the coordinates of source and destination pixels, respectively, with \(i,i'\in [1,M]\), \(j,j'\in [1, N]\) and \(k,k'\in [1,K]\). Specifically, p(ijk) and \(p(i',j',k')\) are the source plain pixel and destination pixel of images \(P_k\) and \(P_{k'}\), respectively. Correspondingly, c(ijk) and \(c(i',j',k')\) are ciphered pixels of p(ijk) and \(p(i',j',k')\), respectively. Also, \(\Phi _k=[\phi _{2,k},\phi _{1,k}]\) (\(k=1...K\)) is denoted for the vector of values for the diffusion, where its members are constructed from bits of chaotic values. The permutation and diffusion for the encryption are carried out for every pair of pixels in K images by four steps as followings.

Step 1: For source pixels p(ijk), \(k=1...K\), calculate the coordinates of destination pixels, \(XY=\{XY_k|k=1...K\}\), and the vectors of values for the diffusion \(\Phi =\{\Phi _k|k=1...K\}\) as

$$\begin{aligned} \left\{ \begin{array}{ll} XY&{}=Y_{XY}\circ X_R, \\ \Phi &{}=Y_{\Phi }\circ X_R, \end{array} \right. \end{aligned}$$
(6)

where \(X_R\) is the vector of chaotic variables in binary what is generated by the PCM after R iterations; \(Y_{XY}=[Y_{XY_K},Y_{XY_{K-1}},...,Y_{XY_1}]^T\) and \(Y_{\Phi }=[Y_{\Phi _K},Y_{\Phi _{K-1}},...,Y_{\Phi _1}]^T\) are the rules of bit arrangements to extract bits from \(X_R\). The member of \(Y_{XY}\) and \(Y_{\Phi }\) are \(Y_{XY_k}=[Y_i~~Y_j~~Y_k]^T\) and \(Y_{\Phi _k}=[Y_{\phi _{2,k}}~~Y_{\phi _{1,k}}]^T\) are to construct the coordinate of destination pixels \(XY_k=(i',j',k')\) for the permutation and random values \(\Phi _k=(\phi _{2,k},\phi _{1,k})\) for the diffusion. Respectively, the coordinate of destination pixels \(XY_k\) and random values \(\Phi _k\) are calculated by

$$\begin{aligned} \left\{ \begin{array}{ll} i'&{}=Y_{i}\circ X_R, \\ j'&{}=Y_{j}\circ X_R, \\ k'&{}=Y_{k}\circ X_R, \end{array} \right. \end{aligned}$$
(7)

and

$$\begin{aligned} \left\{ \begin{array}{ll} \phi _{2,k}&{}=Y_{\phi _2}\circ X_R,\\ \phi _{1,k}&{}=Y_{\phi _1}\circ X_R. \end{array}\right. \end{aligned}$$
(8)

Step 2: Compute the ciphered values for both source and destination pixels by XORing as

$$\begin{aligned} \left\{ \begin{array}{ll} c(i,j,k)&{}=p(i,j,k)\oplus c(i,j-1,k) \oplus \phi _{1,k}, \\ c(i',j',k')&{}=p(i',j',k')\oplus \phi _{2,k}. \end{array} \right. \end{aligned}$$
(9)

Step 3: Permute ciphered source and destination pixels as

$$\begin{aligned} \left\{ \begin{array}{ll} temp&{}=c(i,j,k),\\ c(i,j,k)&{}=c(i',j',k'),\\ c(i',j',k')&{}=temp, \end{array} \right. \end{aligned}$$
(10)

where temp is a temporary variable. For the context of MIE, a pixel of an image can be permuted with another pixel in either the same image (intra-image permutation when \(k'=k\)) or another image (inter-image when \(k'\ne k\)) as shown in Fig. 4.

Fig. 4
figure 4

All possible destination pixels \(p(i',j',k')\) for source pixel p(ijk) in image \(P_k\)

Full size image

For the inverse permutation and inverse diffusion of a pair of pixels, the order to compute values of recovered plain pixels is inverse in compared with that in the encryption. Specifically, the decryption algorithm is as

Step 1: For source pixels p(ijk), \(k=1...K\), calculate the coordinates of destination pixels, \(XY=\{XY_k|k=1...K\}\), and the vectors of values for the diffusion \(\Phi =\{\Phi _k|k=1...K\}\) exactly identical to those given in (6)-(8).

Step 2: Permute ciphered source and destination pixels as

$$\begin{aligned} \left\{ \begin{array}{ll} temp&{}=c(i,j,k),\\ c(i,j,k)&{}=c(i',j',k'),\\ c(i',j',k')&{}=temp. \end{array}\right. \end{aligned}$$
(11)

Step 3: Compute the recovered plaintext values for both source and destination pixels as

$$\begin{aligned} \left\{ \begin{array}{ll} p(i,j,k)&{}=c(i,j,k)\oplus c(i,j-1,k) \oplus \phi _{1,k}, \\ p(i',j',k')&{}=c(i',j',k')\oplus \phi _{2,k}. \end{array}\right. \end{aligned}$$
(12)

2.5 Operation of encryption algorithm

The proposed structure in Fig. 1(b) operates with the flowchart as illustrated in Fig. 5(a). There are three phases, i.e., chaos iteration, calculation of coordinates and values, and diffusion and permutation.

Fig. 5
figure 5

The flowchart of encryption and decryption algorithms

Full size image

At first, the PCM in (1) is iterated R times with its inputs \(\Gamma _0\), \(X_0\), and E. \(\Gamma _0\) and \(X_0\) are interfered by E at every iteration number \(n=0\) and by the feedback for \(1\le n\le R\) as given in (2) and (3). The perturbation amount E is the result of bit manipulation with inputs \(E_1\) and \(E_2\) as

$$\begin{aligned} E_1=\left\{ \begin{array}{lll} ||^K_{k=1} c_{0,k} &{}\text { for} &{}(i,j)=(1,1), k=1..K\text { and } n_e=1;\\ ||^K_{k=1} c(i,j-1,k) &{}\text { for} &{}(i,j)\ne (1,1), k=1..K\text { and } 2\le n_e\le N_e, \end{array}\right. \end{aligned}$$
(13)

and

$$\begin{aligned} E_2=\left\{ \begin{array}{lll} ||^K_{k=1} p_{0,k} &{}\text { for} &{}(i,j)=(M,N), k=1..K \text { and } n_e=N_e;\\ ||^K_{k=1} p(i,j+1,k) &{}\text { for} &{}(i,j)\ne (M,N), k=1..K \text { and } 1\le n_e < N_e, \end{array} \right. \end{aligned}$$
(14)

where || is the bit concatenation; \(n_e\) is number of encryption rounds; \(p(i,j+1,k)\) and \(c(i,j-1,k)\) are neighbor plain and neighbor ciphered pixels of the current one p(ijk) in image k as depicted in Fig. 4; \(p_{0,k}\) and \(c_{0,k}\) are initial values for image k, and \(kC_0^{-}=\{c(0,k)|k=1...K\}\) and \(kP_0^{-}=\{c(0,k)|k=1...K\}\) are considered as part of the secret key. As illustrated in Figs. 1(b) and 5, \(kP^{+}=\{p(i,j+1,k)|k=1...K\}\) and \(kC^{-}=\{c(i,j-1,k)|k=1...K\}\) are vectors of neighbor plain pixels and neighbor ciphered pixels from K images.

From (2)-(3) and (13)-(14), the dynamics of PCM is involved by the content of plain and intermediate ciphered images by means of perturbation.

In the second phase, the coordinates of K destination pixels are computed as Step 1 in Subsection 2.4. In the third phase, the diffusion and permutation are performed as Steps 2 to 4 in Subsection 2.4.

In each encryption round, the source pixels from K images are scanned and processed sequentially from left to right and top to bottom of images. The encryption as a whole are repeated \(N_e\) times.

According to the procedure as described above, the configuration of the decryption is identical to that of the encryption as illustrated in Fig. 1(b), but it is performed in reverse order. Specifically, the order of pixels is reverse in compared with that in the encryption, i.e. pixels from bottom to top and right to left. The flowchart of decryption algorithm is shown in Fig. 5(b).

Remarks for the design criteria:

There are some important points in the proposed structure when it is employed in the design of a cryptosystem. Those are related to the criteria in choosing values of parameters for the design.

  1. 1.

    For the selection of chaotic map model: In fact, any chaotic map can be used for the proposed structure. However, the number of computational operations of a encryption algorithm is dependent on the complexity of chaotic map’s model. Therefore, the criteria to choose a chaotic map model in the proposed structure is that the number of dimensions is as small as possible, but the number of flippable bits is large enough to construct the perturbation amounts, and other values for the encryption. Anyways, the number of bits representing for the fractional portion must greater than 32 to avoid the deterioration of dynamics of chaotic map.

  2. 2.

    For the bit arrangement rules Y: There are two types of bit arrangement in the proposed structure, i.e., \(Y_i\) within the PCM and the set of \(Y_{XY}\) and \(Y_{\Phi }\) for the permutation and diffusion. Firstly, \(Y_i\) (\(i=1..4\)) are to construct the perturbation amounts to the PCM. The criteria for \(Y_i\) is that the PCM must work in chaotic behavior. So, they are chosen so that some bits at specific positions of values of control parameters and of state variables are fixed at the logic ’0’ or ’1’. Secondly, \(Y_{XY}\) and \(Y_{\Phi }\) are to induce for coordinates of pixels in the permutation as well as for random values in the diffusion. In fact, \(Y_{XY}\) and \(Y_{\Phi }\) should be chosen so that pixels at the same coordinates should be shuffled with those at different destination coordinates and random values have a uniform distribution. Therefore, it is suggested in [21] that the bits at positions at least the fifth and beyond after the decimal point should be used for both the types of bit arrangements.

  3. 3.

    For the number of iterations R: In the proposed structure, the PCM is iterated R times before chaotic value \(X_R\) is used for the encryption. So, the value of R is chosen as small as possible to save the encryption time. In fact, if the PCM is set up to work in chaotic behavior, the value of R should be in the range of 1 to 5 is acceptable.

Next, the exemplar simulation using the proposed structure is carried out, then, the security analysis is shown.

3 Exemplar simulation

Let us consider the example with the use of two well-known chaotic maps, i.e. Logistic and Standard maps. Values of state variables and control parameters are represented in the format of fixed-point number. To avoid the degradation of chaotic orbits, the fraction portion of the chaotic value must be at least 32 bits. Here, the bit patterns for the state variables and control parameters are designated so that the PCMs exhibit the chaotic behavior.

3.1 Chosen PCMs

3.1.1 The perturbed Logistic map

The perturbed Logistic map is expressed by

$$\begin{aligned} x^{(1)}_{n+1}=\hat{\gamma }^{(1)}_n \hat{x}^{(1)}_n (1-\hat{x}^{(1)}_n), \end{aligned}$$
(15)

where \(\gamma _n^{(1)}\) and \(x_n^{(1)}\) are the control parameter and the state variable, respectively; and perturbed state variable and control parameter are \(\hat{\gamma }_n^{(1)}\) and \(\hat{x}_n^{(1)}\). The bit patterns for values of state variable and control parameter are chosen as given in Table 1. Notably, there are some bits being kept constant at ‘0’ or ‘1’ while ‘x’ is denoted for bits whose state can be flippable. The bit pattern of \(x_n^{(1)}\) with bit ‘1’ at the rightmost is to ensure that the value of state variable is never got stuck at the unstable fixed point, i.e., 0.0.

Table 1 The bit patterns and value ranges of perturbed Logistic map
Full size table

The rules of bit arrangements are chosen for the perturbed Logistic map as given in Table 2.

Table 2 Bit arrangements in the perturbed Logistic map
Full size table

3.1.2 The perturbed standard map

The perturbed Standard map is chosen as

$$\begin{aligned} \left[ \begin{array}{ll} x^{(2)}_{n+1}\\ x^{(1)}_{n+1}\end{array} \right] =MOD\left( \left[ \begin{array}{c} \hat{x}^{(2)}_n + \hat{\gamma }_n^{(1)} sin(\hat{x}^{(2)}_n+\hat{x}^{(1)}_n)\\ \hat{x}^{(1)}_n +\hat{x}^{(2)}_n \end{array}\right] , 2\pi \right) \end{aligned}$$
(16)

where, the vectors of state variables and control parameter are \(X_n=[x^{(2)}_{n}~~x^{(1)}_{n}]^T\) and \(\Gamma _n=\gamma _n^{(1)}\), respectively. Accordingly, the vectors of perturbed state variables and control parameter are \(\hat{X}_n=[\hat{x}^{(2)}_{n}~~\hat{x}^{(1)}_{n}]^T\) and \(\hat{\Gamma }_n=\hat{\gamma }_n^{(1)}\).

The bit patterns for values of state variables and control parameter of the perturbed Standard map are chosen as shown in Table 3. Bit ‘1’ in the bit pattern of the control parameter makes the value range discontinued in four sub-ranges, i.e., [1.0, 2.0), [3.0, 4.0), [5.0, 6.0) and [7.0, 8.0). It is noted that the right-most bits ‘1’ in the bit patterns of state variables are to avoid the fixed point at (0, 0) of chaotic attractor.

Table 3 The bit patterns and value ranges of perturbed Standard map
Full size table

The rules of bit arrangements are chosen for the perturbed Standard map as given in Table 4.

Table 4 Bit arrangements in the perturbed Standard map
Full size table

3.2 Chosen values of parameters for MIE

In this example, a set of 8 images (\(K=8\)) with the size of \(M=256\), \(N=256\) are encrypted at the same time, i.e. Lena, Cameraman, House, Boat, Clock, Black and White as in the first column of Fig. 6. Each pixel is represented in 8-bit grayscale, so \(E_1\) and \(E_2\) are of 64 bits constructed by \(kC^-\) and \(kP^+\) as given in (13)–(14). The required number of bits representing for E is dependent on the PCM for the MIE. As shown in Tables 1 and 3, the number of flippable bits in the value representation of control parameters and state variables is 61 and 102 bits for the perturbed Logistic and Standard maps, respectively. The rules of bit arrangements for \(Y_i\) (\(i=1..4\)) of the perturbed Logistic and Standard maps are shown in Tables 2 and 4, respectively.

The adopted values for the initial conditions of the perturbed Logistic and Standard maps are shown in Table 5. The value for \(kC^-_0\) and \(kP_0^+\) is chosen as in Table 6. Tables 7 and 8 show the bit arrangements \(Y_{XY_k}=[Y_i~~Y_j~~Y_k]^T\) and \(Y_{\Phi }=[Y_{\phi _1}~~Y_{\phi _2}]^T\) for inducing the coordinates of destination pixels \((i',j',k')\) for the permutation and \(\Phi =[\phi _1~~\phi _2]\) for the diffusion in each of PCMs. It is noted that the inter-image permutation is applied in the simulation.

Table 5 Initial values for simulation
Full size table
Table 6 Initial values of \(kC_0^-\) and \(kP_0^+\) for simulation
Full size table
Table 7 Bit arrangements for permutation and diffusion of the MIE using the perturbed Logistic map
Full size table
Table 8 Bit arrangements for permutation and diffusion of the MIE using the perturbed Standard map
Full size table

3.3 Simulation results

The encrypted images using the proposed structure are carried out with the use of perturbed Logistic and Standard maps for the fixed number of chaotic iterations \(R=5\) and various number of encryption rounds \(N_e=1..5\). To save the space, only those with the perturbed Logistic map are shown in Fig. 6, and those look like random images. Next, the quantitative estimation will be shown in the statistical analysis.

Fig. 6
figure 6

Encrypted images using the perturbed Logistic map with \(R=5\) and various number of encryption rounds \(N_e=1..5\)

Full size image

3.4 Statistical analyses

In order to confirm the feasibility of the proposed structure, the statistical analyses are considered for the simulation results. Histogram, information entropy and correlation of two adjacent pixels are measured for the encrypted images. In the context of multiple images, the average values are determined for the effectiveness of the MIE.

3.4.1 Histogram analysis

The distribution of pixel values of an image can be analysed and further analysis for the histogram can be measured by means of \(\chi ^2\). For a 8-bit grayscale image, \(\chi ^2\) is calculated by

$$\begin{aligned} \chi ^2=\sum _{i=0}^{255}\frac{(O_i-E_i)^2}{E_i}, \end{aligned}$$
(17)

where the expected occurrence frequency \(E_i\) for the image with the size of \(M\times N\) is \(\frac{M*N}{256}\); the observed occurrence frequency  \(O_i\) is the number of pixels with the value i. Here, the hypothesis test is accepted if \(\chi ^2\le \chi ^2_\alpha (255)\); \(\alpha \) is the significance level. Here, it is chosen as \(\alpha =0.05\), so \(\chi ^2_{0.05}(255)=293.247\); it means that the histogram is considered as a uniform distribution if \(\chi ^2\le 293.247\).

Table 9 shows the \(\chi ^2\)-test results for the original and the ciphered images with various number of encryption rounds. For \(N_e\ge 3\), the histogram of all individual encrypted images meets the condition of uniform distribution, i.e., (\(\chi ^2 \le \chi ^2_{0.05}(255)\)). Overall, the average values of \(\chi ^2\) tests for the histogram analysis also indicate that the uniform distribution is obtained with \(N_e\ge 2\).

Table 9 Histogram analysis for \(\chi ^2\) Test
Full size table
Table 10 Information Entropy
Full size table

3.4.2 Information entropy

Information entropy (IE) of an image indicates the probability of pixel value \(v_i\), \(p(v_i)\), for a 8-bit grayscale image and it is computed by

$$\begin{aligned} \begin{array}{cc} IE=\sum ^{255}_{i=0}p(v_i)log_2\frac{1}{p(v_i)}&~~\text {(bits)}. \end{array} \end{aligned}$$
(18)

It is expected that encrypted images have IE as close to the ideal value, i.e., 8 bits, as possible. Table 10 displays the information entropy of original and encrypted images with various number of encryption rounds. IE of individual encrypted images and the averages are very close to the ideal value, 8 bits, for any number of encryption rounds. For \(N_e\ge 2\), the entropy is greater than 7.9962 and its average is 7.9972.

3.4.3 Correlation of two adjacent pixels

The correlation of two adjacent pixels can be measured by the correlation coefficient \(\rho _{X,Y}\). For the grayscale image, the correlation coefficient is considered for pairs of adjacent pixels in three directions, i.e., horizontal, vertical and diagonal. An image with lower absolute values of correlation coefficients is more random in pixel values, or less visual structure. The equation for the Pearson correlation coefficient of two sequences X and Y is

$$\begin{aligned} \rho _{X,Y}=\frac{\sum ^{N_{pair}}_{i=1}(x_i-\overline{X})(y_i-\overline{Y})}{\sqrt{\left( \sum ^{N_{pair}}_{i=1}(x_i-\overline{X})^2\right) \left( \sum ^{N_{pair}}_{i=1}(y_i-\overline{Y})^2\right) }}, \end{aligned}$$
(19)

where \(x_i\) and \(y_i\) are values of adjacent pixels in the sequences X and Y, respectively; \(N_{pair}\) is the number of adjacent pixel pairs from an image; \(\overline{X}\) and \(\overline{Y}\) are the means of X and Y, respectively. The pairs of adjacent pixels are chosen in three directions, i.e., horizontal, vertical and diagonal.

Respectively, Tables 1112 and 13 show the correlation coefficients in horizontal, vertical and diagonal of original and ciphered images with various number of encryption rounds. Obviously, the correlation coefficients of encrypted images are very small and significantly less than those of original images in every direction. It means that the visual structure of original images are completely removed in the ciphered images. The average values of correlation coefficients are also relatively small and those fluctuate around zero regardless of number of encryption rounds with both PCMs.

Table 11 Correlation coefficients of horizontal direction
Full size table
Table 12 Correlation coefficients of vertical direction
Full size table
Table 13 Correlation coefficients of diagonal direction
Full size table

3.5 Security analyses

Below is the security analyses based on the space of secret key, the sensitivity of secret key, and the sensity of plaintext. It is noted from the tables that if values are displayed in italic, those are not passed the random test.

3.5.1 Space of secret key

In the proposed structure, the secret key consists of the initial values of \(\Gamma _0\) and \(X_0\), as well as those of \(kC_0^-\) and \(kP_0^+\). For the initial values of PCMs, only flippable bits in the state variables and control parameters are counted for the space of secret key. The number of bits for \(kC_0^-\) and \(kP_0^+\) is dependent on the number of images K and number of bits representing for a pixel.

According to Tables 1 and 3, the number of flippable bits in the initial values of Logistic and Standard maps is 61 and 102 bits, respectively. Also, the number of bits representing for initial values of \(kC_0^-\) and \(kP_0^+\) is 128 bits for eight images with each pixel of 8-bit grayscale. So, the space of secret key of the cryptosystems is \(2^{189}\) and \(2^{230}\) for Logistic and Standard maps, respectively. With these numbers of key space, the exemplar cryptosystems are secured with modern computers.

3.5.2 Sensitivity of secret key

The sensitivity of secret key can be measured for the difference between two versions of ciphertexts being encrypted by two secret keys. Among two secret keys, one secret key is obtained with little modification to the other one. The number of pixels change rate (NPCR) and unified averaged changed intensity (UACI) are used for evaluating the sensitivity of secret key.

Let us call \(C_1\) and \(C_2\) be ciphertexts obtained by encrypting the same plaintext using two secret keys S and \(S'\), respectively. The modified secret key is \(S'=S+\Delta _S\). Here, \(\Delta _S\) is the tolerance of one certain element of secret key, and \(\Delta _S\) is smallest value but larger than zero. Here, Tables 14 and 15 show original and modified secret keys for the simulation of sensitivity of secret key. Tables 16 and 17 display the tolerance of secret key \(\Delta _S\) for the values of initial state variables, control parameters, plaintexts and ciphertexts. In order to measure the sensitivity of small changes in the secret key, the simulation is carried out for each tolerance individually while the others are kept intact as defined in Tables 5 and 6.

Table 14 The original value of secret key and its modified versions for the perturbed Logistic map
Full size table
Table 15 The original value of secret key and its modified versions for the perturbed Standard map
Full size table
Table 16 Tolerance in the value of state variables and control parameters for NPCR and UACI
Full size table
Table 17 Tolerance in the value of \(kC_0^-\) and \(kP_0^+\) for NPCR and UACI
Full size table

Let us consider the difference between two images \(C_1\) and \(C_2\). Firstly, the difference function between two values a and b is Difp(ab) defined by

$$\begin{aligned} Difp(a,b)=\left\{ \begin{array}{ll} 1, &{}\text {for } a\ne b;\\ 0, &{}\text {for } a= b. \end{array} \right. \end{aligned}$$
(20)

Secondly, the difference between two images \(C_1\) and \(C_2\) is considered by the difference for every pair of pixels at the same position (ij), i.e., \(C_1(i,j)\) and \(C_2(i,j)\) for \(i=1..M\) and \(j=1..N\). The NPCR and UACI are measured by

$$\begin{aligned} NPCR=\frac{\sum _{i,j} Difp(C_1(i,j),C_2(i,j))}{M\times N}\times 100\%, \end{aligned}$$
(21)

and

$$\begin{aligned} UACI=\frac{1}{M\times N}\left[ \sum _{i,j} \frac{|C_1(i,j)-C_2(i,j)|}{255}\right] \times 100\%. \end{aligned}$$
(22)

In this work, NPCR and UACI are tested for the randomness in response to the small change in the secret key with a significance level \(\alpha \) for 8-bit grayscale images of the size \(256\times 256\) as presented in [52]. The randomness tests are passed if \(NRCP>NRCP^{*}_{\alpha }\) and \(UACI^{*-}_{\alpha }< UACI < UACI^{*+}_{\alpha }\). The critical values at \(\alpha =0.05\) for both NPCR and UACI are \(NRCP^{*}_{0.05}=99.5693\%\), \(UACI^{*-}_{0.05}=33.2824\%\) and \(UACI^{*+}_{0.05}=33.6447\%\).

Tables 18 and 20 present NPCR for the sensitivity of secret key with the use of perturbed Logistic and Standard maps, respectively. It is almost insensitive to a small change in \(kP_0^+\). For the rest of state variables and control parameters, more than 98.639% and 99.300% pixels of ciphertexts are changed due to the tolerance \(S'\) in the modified secret key in the perturbed Logistic and Standard maps, respectively. Except for \(kP_0^+\), all individual and averaged values of NPCR are passed the random test (or greater than \(NRCP^{*}_{\alpha }\)) for \(N_e\ge 2\). In other words, the cryptosystems employing the proposed structure using the perturbed Logistic and Cat, Standard maps are with high sensitivity to the secret key.

In addition, the change in the intensity UACI for the sensitivity of secret key with the use of perturbed Logistic and Standard maps for each element of secret key is also seen in Tables 19 and 21, respectively. Similar to the NCPR, for \(N_e\ge 2\), all values of UACI and its averages are passed the random tests, or the values of UACI are within in the range of (33.2824%,33.6447%) with \(\alpha =0.05\) for all of perturbed Logistic and Standard maps.

As seen from Tables 18, 19, 20, and 21 for both NPCR and UACI, the cryptosystem using any PCMs is almost insensitivity to \(kP_0^+\). According to (14), the value of \(kP_0^+\) is only used for the last pixels of plain images in the last round of encryption. As given in Table 17, the tolerance is occurred for the last pixel of only one of eight images. This makes a few pixels related to the tolerance of \(kP^+_0\) changed in the final round of encryption. However, the encryption is highly sensitive to \(kC_0^{-}\). That is because the encryption is the forward direction of pixel scanning. Therefore, the decryption is the reverse direction, so it will be highly sensitive to \(kP_0^+\) and insensitive to \(kC_0^{-}\). The sensitivity of \(kC^-_0\) and \(kP^+_0\) is significant, but it is asymmetry in the encryption and decryption.

Table 18 Sensitivity of the secret key by means of NPCR with the perturbed Logistic map
Full size table
Table 19 Sensitivity of the secret key by means of UACI with the perturbed Logistic map
Full size table
Table 20 Sensitivity of the secret key by means of NPCR with the perturbed Standard map
Full size table
Table 21 Sensitivity of the secret key by means of UACI with the perturbed Standard map
Full size table
Table 22 Original and modified images for the sensitivity of plaintext
Full size table
Table 23 Sensitivity of the plaintext by means of NPCR using the perturbed Logistic map
Full size table
Table 24 Sensitivity of the plaintext by means of UACI using the perturbed Logistic map
Full size table
Table 25 Sensitivity of the plaintext by means of NPCR using the perturbed Standard map
Full size table
Table 26 Sensitivity of the plaintext by means of UACI using the perturbed Standard map
Full size table

3.5.3 Sensitivity of plaintext

A cryptosystem can resist from the types of known-plaintext and chosen-plaintext attacks if its sensitivity of plaintext is significant. In general, the original image is with little modification to become the modified plain image. Both the original and modified plain images are encrypted using the same value of secret key to produce two ciphered images. Sensitivity of the plaintext is obtained by means of statistical comparison between such two ciphered images. In this work, due to the encryption of multiple images at the same time, a set of modified images for analysis consists of one modified image and other original ones. The modified image is chosen alternatively among eight original images. Therefore, there are eight sets of modified plain images as listed in Table 22. Encryption is carried out for the set of original images and eight sets of modified plain images separately for analysis. To analyze the sensitivity of plaintext on a certain plain image, every pair of ciphered images obtained by encrypting two sets (original and modified images) are compared reciprocally. Then, average values are calculated for every pair of sets for comparison.

Here, the modification is made to only one pixel to get a modified image. Because the direction of pixel scanning in the encryption is left to right and top to bottom, the last pixels of original images, p(255, 255, k) for \(k=1..K\), are chosen to modify for each sets. The chosen pixels are either added 1 to if their values are less than 255 or subtracted 1 from if their values are equal to 255. With the direction of pixel scanning, the modification of the last pixel makes less affect to other pixels in the first encryption round.

The sensitivity of plaintext is measured by means of NPCR and UACI. The randomness test is also examined for the uniform distribution similar to that in Subsection 3.5.2. Tables 23, 24, 25, and 26 show the values of NCPR and UACI and its averages using the perturbed Logistic and Standard maps, respectively. In the first round of encryption, all randomness tests for both NPCR and UACI are not passed for all cases of chaotic maps. From the second round of encryption and beyond, all values of NPCR and UACI are passed the randomness tests. Importantly, all the average values of NPCR and UACI are also satisfied the condition to pass the randomness tests, i.e. \(NPCR_{avg}>99.5693\) and \(UACI_{avg}\in (33.2824,33.6447)\).

In summary, the sensitivity of plaintext is significant for the perturbed Logistic and Standard maps for \(N_e\ge 2\). In fact, that must be higher in the first round of encryption if the modified pixels are as close as the first pixels of images, i.e. p(1, 1, k) for \(k=1..K\).

3.6 Comparison with existing methods of MIE

3.6.1 The statistical results and security

In this section, the results obtained from the exemplar simulation using the proposed structure are compared with those of existing, recent methods of MIE, in terms of statistical analysis and security analysis. Here, the values obtained on the exemplar simulation at \(N_e\ge 2\) are used the comparison as shown in Table 27. In fact, the effectiveness of the proposed structure can be seen via the comparison that most of the results from the examples using the proposed structure are almost comparable to those from the existing methods, except for the space of secret key. Even though the comparable result is obtained in the exemplar simulation, the cryptosystem requires number of encryption rounds \(N_e\ge 3\) because of requirements of statistical analyses in Subsection 3.4. In practice, the space of secret key of chaos-based cryptosystem in these examples can be easily extended by increasing the number of bits representing for the fractional part in the fixed-point number for the value of state variables and control parameters. More information about the space of secret key and efficiency of the proposed structure will be discussed in Section 4.

Table 27 Comparison with other methods of MIE
Full size table

3.6.2 The computational cost

It is noted that all the existing methods of MIE were designed for a single round of encryption. For a fair comparison, the required computational resource of the proposed structure is considered for an individual round of encryption. Here, the computational resource is in terms of the number of operations as well as the amount of memory.

Table 28 presents the required computational resource of the proposed structure and existing methods of MIE. Here, only the significant number of operations and the significant amount of memory in byte that are dependent on the size of inputs are retained. Overall, the required amounts of computational resource for the proposed structure are less than most of existing methods of MIE. In fact, the number of operations for the chaotic iterations in the proposed structure is greater than that of [40] and [39], but the number of operations for others is significantly less than those in the mentioned works. Besides, the proposed structure requires the memory space almost equivalent to that of existing methods of MIE. In other words, the proposed structure with lower number of operations offers higher speed and more efficient in compared with the existing methods of MIE.

Table 28 Comparison of the computational cost with other methods of MIE
Full size table

4 Discussion and Conclusion

The proposed structure can be employed to design chaos-based cryptosystems of MIE. The proposed structure provides the structural and cryptographic advantages over the existing methods. For the structural advantages, the proposed model accepts any model of chaotic map, and it requires only a single chaotic map. Besides, the permutation and diffusion are integrated in processing K pixels at the same time, and the perturbation to the chaotic map and data manipulation are performed by the XOR operation. As a consequence, a crypstosystem employing the proposed structure requires less computational resource in compared with the existing methods of MIE.

For the cryptographic advantages, the proposed structure also provides the elastic key space and the content-dependent encryption. Firstly, because the values of state variables and control parameters are represented in the format of fixed-point number, so the key space can be extended by increasing the number of bits in the fractional portions. The key space can also be enlarged by increasing the number of pixels \(kC^-_0\) and \(kP^+_0\) in the secret key. In that case, more than one neighboring pixel is used in the diffusion process in  (9) instead of single neighbor pixel in the exemplar simulation. Secondly, the perturbation amounts to the chaotic map is constructed with the involvement of the image content by means of E as in  (1)-(3), in other words, the encryption is dependent on the image content. The benefit of the content-dependent encryption is that it can resist from the types of chosen-plaintext and known-plaintext attacks. In addition, the diffusion effect is obtained not only via  (9) directly but also via the dynamics of chaotic map indirectly by the perturbation.

In conclusion, the example and simulation results shows the feasibility and effectiveness of the proposed structure for fast and efficient cryptosystems. In the future work, specific cryptosystems using above-mentioned chaotic maps will be implemented in hardware for applications.