Abstract
A huge volume of image data is created every day, and it requires a fast and efficient encryption to keep them confidential. A chaos-based encryption is considered as the most suitable one for image encryption, and multiple image encryption is one of approaches to achieve the fast and efficient performance. However, the existing methods of multiple image encryption is with a lack of diffusion effect, inefficiency in using random number generated by chaotic map, and low speed. In this paper, a novel structure of chaos-based encryption is proposed to encrypt multiple images at the same time, in which the permutation and diffusion are integrated and they share the same chaotic map. The exclusive-OR operation is chosen for calculation and data manipulation during encryption. Therefore, the proposed structure allows to improve the efficiency and to reduce the time consumption for the encryption. In addition, the chaotic map is perturbed frequently and its dynamics is dependent on the content of images. It creates the dynamical session key, so the proposed structure can resist from the types of chosen-plaintext and chosen-ciphertext attacks. Two exemplar ciphers employing the proposed structure are demonstrated with the use of Logistic and Standard maps. The simulation results will be analysed and compared with those of existing methods to show the feasibility and effectiveness of the proposed structure of multiple image encryption.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Since chaos was discovered by E. Lorenz[35], it has been explored and developed in many fields of science and engineering [44]. One of prominent applications of chaos in information engineering is the chaos-based cryptography [6, 16, 28, 31]. In fact, a chaos-based cryptography utilizes the complexity of dynamics [27] rather than that of number theory and algebra as in the conventional cryptography. So far, many chaos-based image cryptosystems were proposed with various ranges of aspects, those employs from simple chaotic maps such as the Logistic map [30] to highly complicated ones such as fractional-order hyperchaotic system [22], from simple algorithms [6] to complicated ones e.g., quantum method [62, 63], etc.
Nowadays the image data is massively created by the technological advances in image acquisition. Among them, there are a high volume of image data such as medical images needed to keep confidential, so it requires to have fast and efficient algorithms. For decades, chaos-based image encryption has been researched because it provides the advantages with simple implementation and high performance for the bulk data like images and multimedia data. On aspects of performance, there are three main approaches to have a fast and efficient chaos-based image encryption, i.e., suitable selection of plaintext for encryption (e.g. selective encryption), computational optimization of encryption algorithms, and structural optimization of encryption. Firstly, the selective encryption is to consider to encrypt only part of image data what significantly contributes to the visual structure [4, 7, 9, 26, 29, 43, 53, 58]. However, the context of high security requires to encrypt all image data. Secondly, the computational optimization for the encryption algorithm is to choose the simple operators with low computation cost, switching mechanisms (e.g. DNA sequence [13, 29, 48, 55], look-up tables[10, 24]), or dealing with blocks of pixels [8, 15, 18, 54, 59]. Among them, the simplest way to enhance the speed of encryption algorithms is to choose the operators with low computational cost such exclusive-OR (XOR) and modulus in the digital platform, etc., for both the chaotic map and the ciphertext computation. However, most of existing encryption algorithms employ complicated operators such as multiplier, addition, cyclic shift, or even exponent. Thirdly, the structural optimization for an encryption algorithm is to arrange the entities in a cryptosystem in order to have high speed encryption. For example, the combination of permutation and diffusion (CPD) in the configuration of cryptosystem allows to reduce the number of access times to the data in the memory during encryption [10, 12, 14, 50]. However, all of existing encryption algorithms with the CPD were designed to encrypt a single image, so the efficiency of encryption is limited.
In addition, a chaotic map works as a pseudo-random number generator for chaos-based cryptosystems. Therefore, a fast and efficient encryption algorithm is achieved if pseudo-random numbers are used efficiently. In other words, for a certain number of bits generated by a chaotic map, the more pixels are encrypted, the more efficient cipher is. Multiple image encryption (MIE) is one of approaches to improve the efficiency for the chaos-based image encryption. Recently, there are several works on the MIE using chaos, e.g. [13, 23, 25, 32, 36, 37, 39, 40, 42, 45, 46, 48, 49, 51, 57,58,59,60,61, 63]. However, there are flaws in such the MIEs, i.e., a lack of diffusion effect in the encryption in [36, 40, 46, 48, 57,58,59,60, 60, 61], inefficiency in using bits generated by the chaotic map with the permutation separated from the diffusion [37,38,39,40, 46, 48, 56,57,58, 61, 63], choosing complicated computational operations [40, 46, 48, 56, 57, 60, 61, 63]. In addition, all of existing algorithms of MIE are designed for single round of encryption, so it can be broken more easily than that with multiple rounds of encryption [3, 20].
On aspects of security, Gonzalo Alvarez et. al. [1, 2] suggested that the dynamics of a chaotic map must be complicated enough to assure the security. One of methods to achieve complicated dynamics of a chaotic map is to make the chaotic map perturbed. It is proved that a perturbed chaotic map (PCM) has dynamics more complicated than that of original one [33, 47]. However, all of existing methods employ algebraic operations for the perturbation, so it takes large time consumption during iteration of PCMs. Besides, most of existing algorithms of MIE use the static session key, in which the session key is constant during encryption. Although the initial values of chaotic systems are calculated from the image content in terms of hash values as in [37,38,39,40, 56,57,58, 61], the session key is not changed during encryption, or it is static. In contrast, the dynamical session key is changed during encryption. In fact, a chaos-based cryptosystem with the dynamical session key can resist from the types of chosen-plaintext and chosen-ciphertext attacks. One of methods to have the dynamical session key is that the dynamics of chaotic map is involved by the image content during encryption as in [12, 17, 19, 21, 34, 41].
Overall, the existing algorithms of MIE are with a lack of diffusion effect, inefficiency in using random number generated by chaotic map, and low speed. In this paper, a novel structure of chaos-based encryption is proposed to encrypt multiple images at the same time, in which the permutation and diffusion are integrated and they share the same chaotic map. The XOR operation is chosen for calculation and data manipulation during encryption. Therefore, the proposed structure allows to improve the efficiency and to reduce the time consumption for the encryption. In addition, the chaotic map is perturbed frequently and its dynamics is dependent on the content of images. It creates the dynamical session key, so the proposed structure can resist from the types of chosen-plaintext and known-plaintext attacks. Two exemplar ciphers employing the proposed structure are demonstrated with the use of Logistic and Standard maps. The simulation results will be analysed and compared with those of existing methods to show the feasibility and effectiveness of the proposed structure of MIE.
This paper contributes the followings.
-
1.
To gain high speed and efficiency: the permutation and diffusion is integrated; only one chaotic map is required; and only the XOR operation is used in both the perturbation of chaotic map and the encryption equations of pixels.
-
2.
To achieve high security: the dynamical session key is generated by a chaotic map with non-stationary dynamics by means of perturbation; and the image content is involved in the generation of session key by means of the chaotic dynamics during encryption.
The rest of paper is organized as follows. The configuration and operation of the proposed structure are presented in Section 2. The specific example illustrates in Section 3 with details about the simulation result, the statistical and security analyses, and the comparison with the results of existing methods. Section 4 presents the discussion and conclusion of the work.
2 Proposed structure of MIE
The configuration of the proposed structure of chaos-based MIE is illustrated in Fig. 1. Figure 1(a) displays the model to integrate the permutation and diffusion, in which only one PCM is used. Figure 1(b) shows the detail of the structure that the PCM provides chaotic values for the encryption and perturbed by pixel values. Pixels are shuffled and diffused one by one in every image.
2.1 Perturbed chaotic map
Here, the perturbed chaotic map [21] is employed for the proposed structure. Figure 2 illustrates the configuration of PCM, in which \(\Delta _{X_n}\) and \(\Delta _{\Gamma _n}\) are perturbation amounts applying to state variables and control parameters, respectively. There, D and G are the number of dimensions and that of control parameters, respectively. \(k_1\) is the length of the input bit sequence E, and R is the number of chaotic iterations at which values of state variables are read for the encryption. Equations for a generic PCM are expressed as
where F(.) is the chaotic function; \(X_n\), \(\hat{X}_n\), and \(\hat{\Gamma }_n\) are the vectors of state variables, perturbed state variables, and perturbed control parameters, respectively; \(X_0\) and \(\Gamma _0\) are initial values of state variable and control parameter, respectively. Assumed that the PCM is implemented on the digital platform, so values of \(X_n\) and \(\Gamma _n\) are represented in the format of fixed-point number of \(m_1\) and \(m_2\) bits, respectively. The perturbation amounts are constructed by
and
where n is current number of chaotic iterations; E is the external source represented by \(k_1\) bits and it can be constructed by bits of either initial values (\(kC^{-}_0\) and \(kP^{+}_0\)) or current values of pixels (\(p(i,j+1,k)\) and \(c(i,j-1,k)\), \(k=1..K\)); the rules of bit arrangement \(Y_i\), \(i=1..4\), are to construct the perturbation amounts; and \(\circ \) is the operator of bit arrangement.
In the operation, the PCM is firstly initialized by \(\Gamma _0\) and \(X_0\), then it iterates R times to produce chaotic values \(X_R\) for the encryption. It requires that values of \(\hat{\Gamma }_n\) and \(\hat{X}_n\) are always in the ranges such that the PCM exhibits chaotic behavior.
2.2 Bit arrangement
The bit arrangement rule Y is to construct new bit sequences from a given bit sequence. Assumed that A and B are bit matrices with the sizes \(I_A\times J_A\) and \(I_B\times J_B\), i.e., \(A=[a_{ij}]_{1\le i\le I_A,~1\le j\le J_A}\) and \(B=[b_{ij}]_{1\le i\le I_B,~1\le j\le J_B}\), and with \(a_{ij},b_{ij}\in \{0,1\}\). Bit matrix A is constructed from bits of matrix B by using the bit arrangement rule Y as
Here, the rule of bit arrangement is represented by an array of 2-tuples \(Y=[(y^{(r)}_{ij},y^{(c)}_{ij})]_{1\le i\le I_A,~1\le j\le J_A}\), in which \(y^{(r)}_{ij}\) and \(y^{(c)}_{ij}\) are row and column indexes of matrix B with \(y^{(r)}_{ij}\in [1,I_B]\) and \(y^{(c)}_{ij}\in [1,J_B]\). In fact, bits of A come from those of B as \(a_{ij}=b_{y^{(r)}_{ij}y^{(c)}_{ij}}\). As special cases, bits in A can be deliberately fixed at the logic ‘0’ or ‘1’, and in those cases the 2-tuple \((y^{(r)}_{ij},y^{(c)}_{ij})\) is denoted by \(B_0\) and \(B_1\) for the logic ‘0’ and ‘1’, respectively.
In this work, the bit matrix B is a representation of chaotic values of \(X_n\). Therefore, the bit matrix A can be used for constructing \(I_A\) bit sequences. Each bit sequence is a concatenation of bits in the same row of matrix A, i.e. \(A_i=||_{j=1}^{J_A} a_{i,j}\), where || denotes for the bit concatenation.
For example, the chaotic value \(X_R=(3.4162,1.1963)\) is represented in the format of fixed-point number with 18 bits as a whole and 16 bits for the fractional part (denoted as \(\left\langle 18,16\right\rangle \)). The value of \(X_R\) in binary is
Figure 3 illustrates the operation of bit arrangement in Eq. (4). The bit matrix B is a matrix representation of \(X_{bin}\). As a result, the bit matrix A is obtained, and the bit sequences \(A_1=1011\) and \(A_2=1010\) are concatenation of bits in rows of A as described above.
2.3 Bit manipulation
In this work, the block Bit manipulation (BM) in Fig. 1b performs combining two bit sequences \(E_1\) and \(E_2\), so as to have a bit sequence E. Let us denote |.| be the function returning the length of bit sequence, and \(\Updownarrow \) be the bit-interleaving concatenation. In fact, the bit-interleaving concatenation can be any rule of bit interleaving of two bit sequences. There are three cases of relative length of E, \(E_1\) and \(E_2\). If \(|E_1|+|E_2|=|E|\), the BM is simply \(E=E_1\Updownarrow E_2\). For two other cases of relative lengths, i.e., \(|E_1|+|E_2|> |E|\) and \(|E_1|+|E_2|<|E|\), in this work, the bit sequence E can be obtained by two simple procedures as followings. Respectively, T and \(T_i\) are denoted for the resultant bit sequence of interleaving and portion of T after division, respectively.
-
Case 1: For \(|E_1|+|E_2|> |E|\) Step 1: Concatenate two bit sequences \(T=E_1\Updownarrow E_2\). Step 2: Find integer n such that \((n-1)*|E|<|T|\le n*|E|\). Step 3: Separate sequence T into n portions \(T_i\), \(i=\{1...n\}\), such that \(|T_i|=|E|\) for \(i=1..n-1\) and the last portion \(T_n\) is with the length \(|T_n|\le |E|\). Step 4: Pad \(|E|-|T_n|\) bit zeros into sequence \(T_n\). Step 5: Perform XORing the bits at the same position in the sequences as \(E={\oplus }_{i=1}^n T_i\).
-
Case 2: For \(|E_1|+|E_2|\le |E|\) Step 1: Find integer m such that \((m-1)*(|E_1|+|E_2|)<|E|\le m*(|E_1|+|E_2|)\). Step 2: Concatenate m times \(E_1\Updownarrow E_2\) to get bit sequence T. Now, the relative length is \(|T|\ge |E|\). At this point, Steps 2 to 5 in Case 1 are performed on bit sequence T to obtain bit sequence E.
2.4 Permutation and diffusion for a pair of pixels
The permutation and diffusion are integrated in order to thoroughly exploit bits generated by the PCM. Assumed that the MIE performs encrypting K images at the same time and all images are with the same size. Let us denote 3-tuples (i, j, k) and \((i',j',k')\) be the coordinates of source and destination pixels, respectively, with \(i,i'\in [1,M]\), \(j,j'\in [1, N]\) and \(k,k'\in [1,K]\). Specifically, p(i, j, k) and \(p(i',j',k')\) are the source plain pixel and destination pixel of images \(P_k\) and \(P_{k'}\), respectively. Correspondingly, c(i, j, k) and \(c(i',j',k')\) are ciphered pixels of p(i, j, k) and \(p(i',j',k')\), respectively. Also, \(\Phi _k=[\phi _{2,k},\phi _{1,k}]\) (\(k=1...K\)) is denoted for the vector of values for the diffusion, where its members are constructed from bits of chaotic values. The permutation and diffusion for the encryption are carried out for every pair of pixels in K images by four steps as followings.
Step 1: For source pixels p(i, j, k), \(k=1...K\), calculate the coordinates of destination pixels, \(XY=\{XY_k|k=1...K\}\), and the vectors of values for the diffusion \(\Phi =\{\Phi _k|k=1...K\}\) as
where \(X_R\) is the vector of chaotic variables in binary what is generated by the PCM after R iterations; \(Y_{XY}=[Y_{XY_K},Y_{XY_{K-1}},...,Y_{XY_1}]^T\) and \(Y_{\Phi }=[Y_{\Phi _K},Y_{\Phi _{K-1}},...,Y_{\Phi _1}]^T\) are the rules of bit arrangements to extract bits from \(X_R\). The member of \(Y_{XY}\) and \(Y_{\Phi }\) are \(Y_{XY_k}=[Y_i~~Y_j~~Y_k]^T\) and \(Y_{\Phi _k}=[Y_{\phi _{2,k}}~~Y_{\phi _{1,k}}]^T\) are to construct the coordinate of destination pixels \(XY_k=(i',j',k')\) for the permutation and random values \(\Phi _k=(\phi _{2,k},\phi _{1,k})\) for the diffusion. Respectively, the coordinate of destination pixels \(XY_k\) and random values \(\Phi _k\) are calculated by
and
Step 2: Compute the ciphered values for both source and destination pixels by XORing as
Step 3: Permute ciphered source and destination pixels as
where temp is a temporary variable. For the context of MIE, a pixel of an image can be permuted with another pixel in either the same image (intra-image permutation when \(k'=k\)) or another image (inter-image when \(k'\ne k\)) as shown in Fig. 4.
For the inverse permutation and inverse diffusion of a pair of pixels, the order to compute values of recovered plain pixels is inverse in compared with that in the encryption. Specifically, the decryption algorithm is as
Step 1: For source pixels p(i, j, k), \(k=1...K\), calculate the coordinates of destination pixels, \(XY=\{XY_k|k=1...K\}\), and the vectors of values for the diffusion \(\Phi =\{\Phi _k|k=1...K\}\) exactly identical to those given in (6)-(8).
Step 2: Permute ciphered source and destination pixels as
Step 3: Compute the recovered plaintext values for both source and destination pixels as
2.5 Operation of encryption algorithm
The proposed structure in Fig. 1(b) operates with the flowchart as illustrated in Fig. 5(a). There are three phases, i.e., chaos iteration, calculation of coordinates and values, and diffusion and permutation.
At first, the PCM in (1) is iterated R times with its inputs \(\Gamma _0\), \(X_0\), and E. \(\Gamma _0\) and \(X_0\) are interfered by E at every iteration number \(n=0\) and by the feedback for \(1\le n\le R\) as given in (2) and (3). The perturbation amount E is the result of bit manipulation with inputs \(E_1\) and \(E_2\) as
and
where || is the bit concatenation; \(n_e\) is number of encryption rounds; \(p(i,j+1,k)\) and \(c(i,j-1,k)\) are neighbor plain and neighbor ciphered pixels of the current one p(i, j, k) in image k as depicted in Fig. 4; \(p_{0,k}\) and \(c_{0,k}\) are initial values for image k, and \(kC_0^{-}=\{c(0,k)|k=1...K\}\) and \(kP_0^{-}=\{c(0,k)|k=1...K\}\) are considered as part of the secret key. As illustrated in Figs. 1(b) and 5, \(kP^{+}=\{p(i,j+1,k)|k=1...K\}\) and \(kC^{-}=\{c(i,j-1,k)|k=1...K\}\) are vectors of neighbor plain pixels and neighbor ciphered pixels from K images.
From (2)-(3) and (13)-(14), the dynamics of PCM is involved by the content of plain and intermediate ciphered images by means of perturbation.
In the second phase, the coordinates of K destination pixels are computed as Step 1 in Subsection 2.4. In the third phase, the diffusion and permutation are performed as Steps 2 to 4 in Subsection 2.4.
In each encryption round, the source pixels from K images are scanned and processed sequentially from left to right and top to bottom of images. The encryption as a whole are repeated \(N_e\) times.
According to the procedure as described above, the configuration of the decryption is identical to that of the encryption as illustrated in Fig. 1(b), but it is performed in reverse order. Specifically, the order of pixels is reverse in compared with that in the encryption, i.e. pixels from bottom to top and right to left. The flowchart of decryption algorithm is shown in Fig. 5(b).
Remarks for the design criteria:
There are some important points in the proposed structure when it is employed in the design of a cryptosystem. Those are related to the criteria in choosing values of parameters for the design.
-
1.
For the selection of chaotic map model: In fact, any chaotic map can be used for the proposed structure. However, the number of computational operations of a encryption algorithm is dependent on the complexity of chaotic map’s model. Therefore, the criteria to choose a chaotic map model in the proposed structure is that the number of dimensions is as small as possible, but the number of flippable bits is large enough to construct the perturbation amounts, and other values for the encryption. Anyways, the number of bits representing for the fractional portion must greater than 32 to avoid the deterioration of dynamics of chaotic map.
-
2.
For the bit arrangement rules Y: There are two types of bit arrangement in the proposed structure, i.e., \(Y_i\) within the PCM and the set of \(Y_{XY}\) and \(Y_{\Phi }\) for the permutation and diffusion. Firstly, \(Y_i\) (\(i=1..4\)) are to construct the perturbation amounts to the PCM. The criteria for \(Y_i\) is that the PCM must work in chaotic behavior. So, they are chosen so that some bits at specific positions of values of control parameters and of state variables are fixed at the logic ’0’ or ’1’. Secondly, \(Y_{XY}\) and \(Y_{\Phi }\) are to induce for coordinates of pixels in the permutation as well as for random values in the diffusion. In fact, \(Y_{XY}\) and \(Y_{\Phi }\) should be chosen so that pixels at the same coordinates should be shuffled with those at different destination coordinates and random values have a uniform distribution. Therefore, it is suggested in [21] that the bits at positions at least the fifth and beyond after the decimal point should be used for both the types of bit arrangements.
-
3.
For the number of iterations R: In the proposed structure, the PCM is iterated R times before chaotic value \(X_R\) is used for the encryption. So, the value of R is chosen as small as possible to save the encryption time. In fact, if the PCM is set up to work in chaotic behavior, the value of R should be in the range of 1 to 5 is acceptable.
Next, the exemplar simulation using the proposed structure is carried out, then, the security analysis is shown.
3 Exemplar simulation
Let us consider the example with the use of two well-known chaotic maps, i.e. Logistic and Standard maps. Values of state variables and control parameters are represented in the format of fixed-point number. To avoid the degradation of chaotic orbits, the fraction portion of the chaotic value must be at least 32 bits. Here, the bit patterns for the state variables and control parameters are designated so that the PCMs exhibit the chaotic behavior.
3.1 Chosen PCMs
3.1.1 The perturbed Logistic map
The perturbed Logistic map is expressed by
where \(\gamma _n^{(1)}\) and \(x_n^{(1)}\) are the control parameter and the state variable, respectively; and perturbed state variable and control parameter are \(\hat{\gamma }_n^{(1)}\) and \(\hat{x}_n^{(1)}\). The bit patterns for values of state variable and control parameter are chosen as given in Table 1. Notably, there are some bits being kept constant at ‘0’ or ‘1’ while ‘x’ is denoted for bits whose state can be flippable. The bit pattern of \(x_n^{(1)}\) with bit ‘1’ at the rightmost is to ensure that the value of state variable is never got stuck at the unstable fixed point, i.e., 0.0.
The rules of bit arrangements are chosen for the perturbed Logistic map as given in Table 2.
3.1.2 The perturbed standard map
The perturbed Standard map is chosen as
where, the vectors of state variables and control parameter are \(X_n=[x^{(2)}_{n}~~x^{(1)}_{n}]^T\) and \(\Gamma _n=\gamma _n^{(1)}\), respectively. Accordingly, the vectors of perturbed state variables and control parameter are \(\hat{X}_n=[\hat{x}^{(2)}_{n}~~\hat{x}^{(1)}_{n}]^T\) and \(\hat{\Gamma }_n=\hat{\gamma }_n^{(1)}\).
The bit patterns for values of state variables and control parameter of the perturbed Standard map are chosen as shown in Table 3. Bit ‘1’ in the bit pattern of the control parameter makes the value range discontinued in four sub-ranges, i.e., [1.0, 2.0), [3.0, 4.0), [5.0, 6.0) and [7.0, 8.0). It is noted that the right-most bits ‘1’ in the bit patterns of state variables are to avoid the fixed point at (0, 0) of chaotic attractor.
The rules of bit arrangements are chosen for the perturbed Standard map as given in Table 4.
3.2 Chosen values of parameters for MIE
In this example, a set of 8 images (\(K=8\)) with the size of \(M=256\), \(N=256\) are encrypted at the same time, i.e. Lena, Cameraman, House, Boat, Clock, Black and White as in the first column of Fig. 6. Each pixel is represented in 8-bit grayscale, so \(E_1\) and \(E_2\) are of 64 bits constructed by \(kC^-\) and \(kP^+\) as given in (13)–(14). The required number of bits representing for E is dependent on the PCM for the MIE. As shown in Tables 1 and 3, the number of flippable bits in the value representation of control parameters and state variables is 61 and 102 bits for the perturbed Logistic and Standard maps, respectively. The rules of bit arrangements for \(Y_i\) (\(i=1..4\)) of the perturbed Logistic and Standard maps are shown in Tables 2 and 4, respectively.
The adopted values for the initial conditions of the perturbed Logistic and Standard maps are shown in Table 5. The value for \(kC^-_0\) and \(kP_0^+\) is chosen as in Table 6. Tables 7 and 8 show the bit arrangements \(Y_{XY_k}=[Y_i~~Y_j~~Y_k]^T\) and \(Y_{\Phi }=[Y_{\phi _1}~~Y_{\phi _2}]^T\) for inducing the coordinates of destination pixels \((i',j',k')\) for the permutation and \(\Phi =[\phi _1~~\phi _2]\) for the diffusion in each of PCMs. It is noted that the inter-image permutation is applied in the simulation.
3.3 Simulation results
The encrypted images using the proposed structure are carried out with the use of perturbed Logistic and Standard maps for the fixed number of chaotic iterations \(R=5\) and various number of encryption rounds \(N_e=1..5\). To save the space, only those with the perturbed Logistic map are shown in Fig. 6, and those look like random images. Next, the quantitative estimation will be shown in the statistical analysis.
3.4 Statistical analyses
In order to confirm the feasibility of the proposed structure, the statistical analyses are considered for the simulation results. Histogram, information entropy and correlation of two adjacent pixels are measured for the encrypted images. In the context of multiple images, the average values are determined for the effectiveness of the MIE.
3.4.1 Histogram analysis
The distribution of pixel values of an image can be analysed and further analysis for the histogram can be measured by means of \(\chi ^2\). For a 8-bit grayscale image, \(\chi ^2\) is calculated by
where the expected occurrence frequency \(E_i\) for the image with the size of \(M\times N\) is \(\frac{M*N}{256}\); the observed occurrence frequency \(O_i\) is the number of pixels with the value i. Here, the hypothesis test is accepted if \(\chi ^2\le \chi ^2_\alpha (255)\); \(\alpha \) is the significance level. Here, it is chosen as \(\alpha =0.05\), so \(\chi ^2_{0.05}(255)=293.247\); it means that the histogram is considered as a uniform distribution if \(\chi ^2\le 293.247\).
Table 9 shows the \(\chi ^2\)-test results for the original and the ciphered images with various number of encryption rounds. For \(N_e\ge 3\), the histogram of all individual encrypted images meets the condition of uniform distribution, i.e., (\(\chi ^2 \le \chi ^2_{0.05}(255)\)). Overall, the average values of \(\chi ^2\) tests for the histogram analysis also indicate that the uniform distribution is obtained with \(N_e\ge 2\).
3.4.2 Information entropy
Information entropy (IE) of an image indicates the probability of pixel value \(v_i\), \(p(v_i)\), for a 8-bit grayscale image and it is computed by
It is expected that encrypted images have IE as close to the ideal value, i.e., 8 bits, as possible. Table 10 displays the information entropy of original and encrypted images with various number of encryption rounds. IE of individual encrypted images and the averages are very close to the ideal value, 8 bits, for any number of encryption rounds. For \(N_e\ge 2\), the entropy is greater than 7.9962 and its average is 7.9972.
3.4.3 Correlation of two adjacent pixels
The correlation of two adjacent pixels can be measured by the correlation coefficient \(\rho _{X,Y}\). For the grayscale image, the correlation coefficient is considered for pairs of adjacent pixels in three directions, i.e., horizontal, vertical and diagonal. An image with lower absolute values of correlation coefficients is more random in pixel values, or less visual structure. The equation for the Pearson correlation coefficient of two sequences X and Y is
where \(x_i\) and \(y_i\) are values of adjacent pixels in the sequences X and Y, respectively; \(N_{pair}\) is the number of adjacent pixel pairs from an image; \(\overline{X}\) and \(\overline{Y}\) are the means of X and Y, respectively. The pairs of adjacent pixels are chosen in three directions, i.e., horizontal, vertical and diagonal.
Respectively, Tables 11, 12 and 13 show the correlation coefficients in horizontal, vertical and diagonal of original and ciphered images with various number of encryption rounds. Obviously, the correlation coefficients of encrypted images are very small and significantly less than those of original images in every direction. It means that the visual structure of original images are completely removed in the ciphered images. The average values of correlation coefficients are also relatively small and those fluctuate around zero regardless of number of encryption rounds with both PCMs.
3.5 Security analyses
Below is the security analyses based on the space of secret key, the sensitivity of secret key, and the sensity of plaintext. It is noted from the tables that if values are displayed in italic, those are not passed the random test.
3.5.1 Space of secret key
In the proposed structure, the secret key consists of the initial values of \(\Gamma _0\) and \(X_0\), as well as those of \(kC_0^-\) and \(kP_0^+\). For the initial values of PCMs, only flippable bits in the state variables and control parameters are counted for the space of secret key. The number of bits for \(kC_0^-\) and \(kP_0^+\) is dependent on the number of images K and number of bits representing for a pixel.
According to Tables 1 and 3, the number of flippable bits in the initial values of Logistic and Standard maps is 61 and 102 bits, respectively. Also, the number of bits representing for initial values of \(kC_0^-\) and \(kP_0^+\) is 128 bits for eight images with each pixel of 8-bit grayscale. So, the space of secret key of the cryptosystems is \(2^{189}\) and \(2^{230}\) for Logistic and Standard maps, respectively. With these numbers of key space, the exemplar cryptosystems are secured with modern computers.
3.5.2 Sensitivity of secret key
The sensitivity of secret key can be measured for the difference between two versions of ciphertexts being encrypted by two secret keys. Among two secret keys, one secret key is obtained with little modification to the other one. The number of pixels change rate (NPCR) and unified averaged changed intensity (UACI) are used for evaluating the sensitivity of secret key.
Let us call \(C_1\) and \(C_2\) be ciphertexts obtained by encrypting the same plaintext using two secret keys S and \(S'\), respectively. The modified secret key is \(S'=S+\Delta _S\). Here, \(\Delta _S\) is the tolerance of one certain element of secret key, and \(\Delta _S\) is smallest value but larger than zero. Here, Tables 14 and 15 show original and modified secret keys for the simulation of sensitivity of secret key. Tables 16 and 17 display the tolerance of secret key \(\Delta _S\) for the values of initial state variables, control parameters, plaintexts and ciphertexts. In order to measure the sensitivity of small changes in the secret key, the simulation is carried out for each tolerance individually while the others are kept intact as defined in Tables 5 and 6.
Let us consider the difference between two images \(C_1\) and \(C_2\). Firstly, the difference function between two values a and b is Difp(a, b) defined by
Secondly, the difference between two images \(C_1\) and \(C_2\) is considered by the difference for every pair of pixels at the same position (i, j), i.e., \(C_1(i,j)\) and \(C_2(i,j)\) for \(i=1..M\) and \(j=1..N\). The NPCR and UACI are measured by
and
In this work, NPCR and UACI are tested for the randomness in response to the small change in the secret key with a significance level \(\alpha \) for 8-bit grayscale images of the size \(256\times 256\) as presented in [52]. The randomness tests are passed if \(NRCP>NRCP^{*}_{\alpha }\) and \(UACI^{*-}_{\alpha }< UACI < UACI^{*+}_{\alpha }\). The critical values at \(\alpha =0.05\) for both NPCR and UACI are \(NRCP^{*}_{0.05}=99.5693\%\), \(UACI^{*-}_{0.05}=33.2824\%\) and \(UACI^{*+}_{0.05}=33.6447\%\).
Tables 18 and 20 present NPCR for the sensitivity of secret key with the use of perturbed Logistic and Standard maps, respectively. It is almost insensitive to a small change in \(kP_0^+\). For the rest of state variables and control parameters, more than 98.639% and 99.300% pixels of ciphertexts are changed due to the tolerance \(S'\) in the modified secret key in the perturbed Logistic and Standard maps, respectively. Except for \(kP_0^+\), all individual and averaged values of NPCR are passed the random test (or greater than \(NRCP^{*}_{\alpha }\)) for \(N_e\ge 2\). In other words, the cryptosystems employing the proposed structure using the perturbed Logistic and Cat, Standard maps are with high sensitivity to the secret key.
In addition, the change in the intensity UACI for the sensitivity of secret key with the use of perturbed Logistic and Standard maps for each element of secret key is also seen in Tables 19 and 21, respectively. Similar to the NCPR, for \(N_e\ge 2\), all values of UACI and its averages are passed the random tests, or the values of UACI are within in the range of (33.2824%,33.6447%) with \(\alpha =0.05\) for all of perturbed Logistic and Standard maps.
As seen from Tables 18, 19, 20, and 21 for both NPCR and UACI, the cryptosystem using any PCMs is almost insensitivity to \(kP_0^+\). According to (14), the value of \(kP_0^+\) is only used for the last pixels of plain images in the last round of encryption. As given in Table 17, the tolerance is occurred for the last pixel of only one of eight images. This makes a few pixels related to the tolerance of \(kP^+_0\) changed in the final round of encryption. However, the encryption is highly sensitive to \(kC_0^{-}\). That is because the encryption is the forward direction of pixel scanning. Therefore, the decryption is the reverse direction, so it will be highly sensitive to \(kP_0^+\) and insensitive to \(kC_0^{-}\). The sensitivity of \(kC^-_0\) and \(kP^+_0\) is significant, but it is asymmetry in the encryption and decryption.
3.5.3 Sensitivity of plaintext
A cryptosystem can resist from the types of known-plaintext and chosen-plaintext attacks if its sensitivity of plaintext is significant. In general, the original image is with little modification to become the modified plain image. Both the original and modified plain images are encrypted using the same value of secret key to produce two ciphered images. Sensitivity of the plaintext is obtained by means of statistical comparison between such two ciphered images. In this work, due to the encryption of multiple images at the same time, a set of modified images for analysis consists of one modified image and other original ones. The modified image is chosen alternatively among eight original images. Therefore, there are eight sets of modified plain images as listed in Table 22. Encryption is carried out for the set of original images and eight sets of modified plain images separately for analysis. To analyze the sensitivity of plaintext on a certain plain image, every pair of ciphered images obtained by encrypting two sets (original and modified images) are compared reciprocally. Then, average values are calculated for every pair of sets for comparison.
Here, the modification is made to only one pixel to get a modified image. Because the direction of pixel scanning in the encryption is left to right and top to bottom, the last pixels of original images, p(255, 255, k) for \(k=1..K\), are chosen to modify for each sets. The chosen pixels are either added 1 to if their values are less than 255 or subtracted 1 from if their values are equal to 255. With the direction of pixel scanning, the modification of the last pixel makes less affect to other pixels in the first encryption round.
The sensitivity of plaintext is measured by means of NPCR and UACI. The randomness test is also examined for the uniform distribution similar to that in Subsection 3.5.2. Tables 23, 24, 25, and 26 show the values of NCPR and UACI and its averages using the perturbed Logistic and Standard maps, respectively. In the first round of encryption, all randomness tests for both NPCR and UACI are not passed for all cases of chaotic maps. From the second round of encryption and beyond, all values of NPCR and UACI are passed the randomness tests. Importantly, all the average values of NPCR and UACI are also satisfied the condition to pass the randomness tests, i.e. \(NPCR_{avg}>99.5693\) and \(UACI_{avg}\in (33.2824,33.6447)\).
In summary, the sensitivity of plaintext is significant for the perturbed Logistic and Standard maps for \(N_e\ge 2\). In fact, that must be higher in the first round of encryption if the modified pixels are as close as the first pixels of images, i.e. p(1, 1, k) for \(k=1..K\).
3.6 Comparison with existing methods of MIE
3.6.1 The statistical results and security
In this section, the results obtained from the exemplar simulation using the proposed structure are compared with those of existing, recent methods of MIE, in terms of statistical analysis and security analysis. Here, the values obtained on the exemplar simulation at \(N_e\ge 2\) are used the comparison as shown in Table 27. In fact, the effectiveness of the proposed structure can be seen via the comparison that most of the results from the examples using the proposed structure are almost comparable to those from the existing methods, except for the space of secret key. Even though the comparable result is obtained in the exemplar simulation, the cryptosystem requires number of encryption rounds \(N_e\ge 3\) because of requirements of statistical analyses in Subsection 3.4. In practice, the space of secret key of chaos-based cryptosystem in these examples can be easily extended by increasing the number of bits representing for the fractional part in the fixed-point number for the value of state variables and control parameters. More information about the space of secret key and efficiency of the proposed structure will be discussed in Section 4.
3.6.2 The computational cost
It is noted that all the existing methods of MIE were designed for a single round of encryption. For a fair comparison, the required computational resource of the proposed structure is considered for an individual round of encryption. Here, the computational resource is in terms of the number of operations as well as the amount of memory.
Table 28 presents the required computational resource of the proposed structure and existing methods of MIE. Here, only the significant number of operations and the significant amount of memory in byte that are dependent on the size of inputs are retained. Overall, the required amounts of computational resource for the proposed structure are less than most of existing methods of MIE. In fact, the number of operations for the chaotic iterations in the proposed structure is greater than that of [40] and [39], but the number of operations for others is significantly less than those in the mentioned works. Besides, the proposed structure requires the memory space almost equivalent to that of existing methods of MIE. In other words, the proposed structure with lower number of operations offers higher speed and more efficient in compared with the existing methods of MIE.
4 Discussion and Conclusion
The proposed structure can be employed to design chaos-based cryptosystems of MIE. The proposed structure provides the structural and cryptographic advantages over the existing methods. For the structural advantages, the proposed model accepts any model of chaotic map, and it requires only a single chaotic map. Besides, the permutation and diffusion are integrated in processing K pixels at the same time, and the perturbation to the chaotic map and data manipulation are performed by the XOR operation. As a consequence, a crypstosystem employing the proposed structure requires less computational resource in compared with the existing methods of MIE.
For the cryptographic advantages, the proposed structure also provides the elastic key space and the content-dependent encryption. Firstly, because the values of state variables and control parameters are represented in the format of fixed-point number, so the key space can be extended by increasing the number of bits in the fractional portions. The key space can also be enlarged by increasing the number of pixels \(kC^-_0\) and \(kP^+_0\) in the secret key. In that case, more than one neighboring pixel is used in the diffusion process in (9) instead of single neighbor pixel in the exemplar simulation. Secondly, the perturbation amounts to the chaotic map is constructed with the involvement of the image content by means of E as in (1)-(3), in other words, the encryption is dependent on the image content. The benefit of the content-dependent encryption is that it can resist from the types of chosen-plaintext and known-plaintext attacks. In addition, the diffusion effect is obtained not only via (9) directly but also via the dynamics of chaotic map indirectly by the perturbation.
In conclusion, the example and simulation results shows the feasibility and effectiveness of the proposed structure for fast and efficient cryptosystems. In the future work, specific cryptosystems using above-mentioned chaotic maps will be implemented in hardware for applications.
References
Alvarez G, Li S (2006) Some basic cryptographic requirements for chaos-based cryptosystems. Journal of Bifurcation and Chaos 16(08):2129–2151
Alvarez G, Amigó JM, Arroyo D, Li S (2011) Lessons Learnt from the Cryptanalysis of Chaos-Based Ciphers, Springer Berlin Heidelberg, Berlin, Heidelberg pp 257–295
Arroyo D, Diaz J, Rodriguez F (2013) Cryptanalysis of a one round chaos-based substitution permutation network. Signal Processing 93(5):1358–1364
Ayoup AM, Hussein AH, Attia MAA (2016) Efficient selective image encryption. Multimedia Tools and Applications 75(24):17171–17186
Banik A, Shamsi Z, Laiphrakpam DS (2019) An encryption scheme for securing multiple medical images. J Inf Sec Appl 49:102398
Baptista MS (1998) Cryptography with chaos. Physics Letters A 240(1):50–54
Bhatnagar G, Wu QMJ (2012) Selective image encryption based on pixels of interest and singular value decomposition. Digital Signal Processing 22(4):648–663
Chai X, Gan Z, Zhang M (2017) A fast chaos-based image encryption scheme with a novel plain image-related swapping block permutation and block diffusion. Multimed Tools Appl vol 76 p 15561–15585
Cheng S, Wang L, Ao N, Han Q (2020) A selective video encryption scheme based on coding characteristics. Symmetry 12(3):332
Cheng P, Yang H, Wei P (2015) A fast image encryption algorithm based on chaotic map and lookup table. Nonlinear Dynnamics vol 79 p 2121–2131
Deepak M, Ashwin V, Amutha R (2014) A new multistage multiple image encryption using a combination of chaotic block cipher and iterative fractional Fourier transform. In: 2014 First International Conference on Networks Soft Computing (ICNSC2014), pp 360–364
Diab H (2018) An efficient chaotic image cryptosystem based on simultaneous permutation and diffusion operations. IEEE Access vol 6 p 42227–42244
Enayatifar R, Guimarães FG, Siarry P (2019) Index-based permutation-diffusion in multiple-image encryption using DNA sequence. Optics and Lasers in Engineering vol 115 p 131–140
Farajallah M, Assad SE, Deforges O (2016) Fast and secure chaos-based cryptosystem for images. International Journal of Bifurcation and Chaos 26(02):1650021
Fouda JAE, Effa JY, Sabat SL, Ali M (2014) A fast chaotic block cipher for image encryption. Communications in Nonlinear Science and Numerical Simulation 19(3):578–588
Fridrich J (1998) Symmetric ciphers based on two-dimensional chaotic maps. International Journal of Bifurcation and Chaos 08(06):1259–1284
Gayathri J, Subashini S (2018) A spatiotemporal chaotic image encryption scheme based on self adaptive model and dynamic keystream fetching technique. Multimed Tools Appl vol 77 p 24751–24787
Hanis S, Amutha R (2019) A fast double-keyed authenticated image encryption scheme using an improved chaotic map and a butterfly-like structure. Nonlinear Dynamics vol 95 p 421–432
Hoang TM (2021) Perturbed chaotic map with varying number of iterations and application in image encryption. In: 2020 IEEE Eighth International Conference on Communications and Electronics (ICCE), pp 413–418
Hoang TM, Thanh HX (2018) Cryptanalysis and security improvement for a symmetric color image encryption algorithm. Optik vol 155 p 366–383
Hoang TM, Assad SE (2020) Novel models of image permutation and diffusion based on perturbed digital chaos. Entropy 22(5):548
Hosny KM, Kamal ST, Darwish MM (2022) Novel encryption for color images using fractional-order hyperchaotic system. J of Ambient Intell Humanized Comput 13(2):973–988
Jahangir S, Shah T (2021) A novel multiple color image encryption scheme based on algebra \(m(2, f2[u]/<u^8>)\) and chaotic map. J Inf Sec Appl vol 59 p 102831
Jx Chen, Zhu Zl FuC, Lb Zhang, Zhang Y (2015) An efficient image encryption scheme using lookup table-based confusion and diffusion. Nonlinear Dynamics 81(3):1151–1166
Karawia A (2018) Encryption algorithm of multiple-image using mixed image elements and two dimensional chaotic economic map. Entropy vol 20 p 801
Khan J, Ahmad J (2019) Chaos based efficient selective image encryption. Multidimensional Systems and Signal Processing vol 30 p 943–961
Kocarev L (2001) Chaos-based cryptography: A brief overview. IEEE Circuits and Systems Magazine 1(3):6–21
Kocarev L, Lian S (2011) Chaos-based Cryptography. Springer
Kulsoom A, Xiao D, ur Rehman A, Abbas SA (2016) An efficient and noise resistive selective image encryption scheme for gray images based on chaotic maps and DNA complementary rules. Multimedia Tools and Applications 75(1):1–23
Kumar M, Gupta P (2021) A new medical image encryption algorithm based on the 1D Logistic map associated with pseudo-random numbers. Multimedia Tools and Applications 80(12):18941–18967
Kumar M, Saxena A, Vuppala SS (2020) A Survey on Chaos Based Image Encryption Techniques, Springer International Publishing, Cham pp 1–26
Li X, Meng X, Wang Y, Yang X, Yin Y, Peng X, He W, Dong G, Chen H (2017) Secret shared multiple-image encryption based on row scanning compressive ghost imaging and phase retrieval in the Fresnel domain. Optics and Lasers in Engineering vol 96 p 7–16
Liu L, Liu B, Hu H, Miao S (2018) Reducing the dynamical degradation by bi-coupling digital chaotic maps. International Journal of Bifurcation and Chaos 28(05):1850059
Liu W, Sun K, Zhu C (2016) A fast image encryption algorithm based on chaotic map. Optics and Lasers in Engineering vol 84 p 26–36
Lorenz EN (1963) Deterministic nonperiodic flow. J Atmos Sci 20(2):130–141
Malik DS, Shah T (2020) Color multiple image encryption scheme based on 3D-chaotic maps. Mathematics and Computers in Simulation vol 178 p 646–666
Patro KAK, Acharya B (2018) Secure multi-level permutation operation based multiple colour image encryption. J Inf Sec Appl vol 40 p 111–133
Patro KAK, Soni A, Netam PK, Acharya B (2020) Multiple grayscale image encryption using cross-coupled chaotic maps. J Inf Sec Appl vol 52 p 102470
Patro KAK, Acharya B (2020) A novel multi-dimensional multiple image encryption technique. Multimedia Tools and Applications 79(19):12959–12994
Sahasrabuddhe A, Laiphrakpam DS (2020) Multiple images encryption based on 3D scrambling and hyper-chaotic system. Inf Sci
Shen Q, Liu W (2017) A novel digital image encryption algorithm based on orbit variation of phase diagram. Int J of Bifurcation Chaos 27(13):1750204
Situ G, Zhang J (2006) Position multiplexing for multiple-image encryption. J Opt A Pure Appl Opt 8(5):391–397
Som S, Kotal A, Mitra A, Palit S, Chaudhuri BB (2014) A chaos based partial image encryption scheme. In: 2014 2nd International Conference on Business and Information Management (ICBIM), pp 58–63
Strogatz S (2015) Nonlinear Dynamics and Chaos : with Applications to Physics, Biology, Chemistry, and Engineering. Westview Press
Sui LS, Duan KK, Liang JL, Zhang ZQ, Meng HN (2014) Asymmetric multiple-image encryption based on coupled logistic maps in fractional Fourier transform domain. Opt Lasers Eng vol 62
Tang Z, Song J, Zhang X, Sun R (2016) Multiple-image encryption with bit-plane decomposition and chaotic maps. Opt Lasers Eng vol 80 p 1–11
Tao S, Ruli W, Yixun Y (1998) Perturbance-based algorithm to expand cycle length of chaotic key stream. Electronics Letters 34(1):873–874
ul Haq T, Shah T, (2020) Algebra-chaos amalgam and DNA transform based multiple digital image encryption. J Inf Sec Appl vol 54 p 102592
Wang X, Zhao D (2011) Multiple-image encryption based on nonlinear amplitude-truncation and phase-truncation in Fourier domain. Opt Commun 284(1):148–152
Wang Y, Wong KW, Liao X, Chen G (2011) A new chaos-based fast image encryption algorithm. Applied Soft Computing 11(1):514–522
Wang Y, Quan C, Tay C (2014) Nonlinear multiple-image encryption based on mixture retrieval algorithm in fresnel domain. Opt Commun vol 330 p 91–98
Wu Y, Noonan JP, Agaian S (2011) NPCR and UACI randomness tests for image encryption. In: Cyber Journals: Multidisciplinary Journals in Science and Technology, Journal of Selected Areas in Telecommunications (JSAT) 1(2):31 – 38
Xiang T, Wong KW, Liao X (2007) Selective image encryption using a spatiotemporal chaotic system. Chaos vol 17 p 023115
Xiao JT, Wang Z, Zhang M, Liu Y, Xu H, Ma J (2015) An image encryption algorithm based on the perturbed high-dimensional chaotic map. Nonlinear Dyn 80(3):1493–1508
Yang Z, Liang D, Ding D, Hu Y (2021) Dynamic analysis of fractional-order memristive chaotic system with time delay and its application in color image encryption based on DNA encoding. The European Physical Journal Special Topics vol 230 p 1785–1803
Zarebnia M, Pakmanesh H, Parvaz R (2019) A fast multiple-image encryption algorithm based on hybrid chaotic systems for gray scale images. Optik vol 179 p 761–773
Zhang X, Wang X (2019) Multiple-image encryption algorithm based on DNA encoding and chaotic system. Multimedia Tools and Applications 78(6):7841–7869
Zhang L, Zhang X (2020) Multiple-image encryption algorithm based on bit planes and chaos. Multimedia Tools and Applications 79(29):20753–20771
Zhang X, Wang X (2017) Multiple-image encryption algorithm based on mixed image element and chaos. Comput Electr Eng vol 62 p 401–413
Zhang X, Wang X (2017) Multiple-image encryption algorithm based on mixed image element and permutation. Opt Lasers in Eng vol 92 p 6–16
Zhang X, Wang X (2018) Multiple-image encryption algorithm based on the 3D permutation model and chaotic system. Symmetry vol 10 p 660
Zhou NR, Huang LX, Gong LH, Zeng QW (2020) Novel quantum image compression and encryption algorithm based on QWT and 3D hyper-chaotic henon map. Quantum Inf Process 19(9):284
Zhou N, Yan X, Liang H (2018) Multi-image encryption scheme based on quantum 3D Arnold transform and scaled Zhongtang chaotic system. Quantum Inf Process vol 17 p 338
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Hoang, T.M. A novel structure of fast and efficient multiple image encryption. Multimed Tools Appl 83, 12985–13028 (2024). https://doi.org/10.1007/s11042-023-15880-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-023-15880-2