Deciphering an image cipher based on 3-cell chaotic map and biological operations

Abstract

In recent years, it is popular that the combination of chaos and DNA is employed for image ciphers. There have been a great number of image ciphers which are designed based on chaos and DNA, but the corresponding cryptanalytic works are insufficient and in-depth study should be made. In this paper, we decipher an image cipher combining a 3-cell chaotic map with DNA. It was claimed that this cipher has high security and can resist different well-known attacks. However, we demonstrate that the claim is not reasonable, since the cipher can be broken by chosen plaintext attack with the complexity \(O({\alpha \beta })\), where \(\alpha \) and \(\beta \) represent the number of the image rows and columns, respectively.

1 Introduction

Nowadays the usages of image data have become more and more widespread over various networks, thus the corresponding security has been receiving increasing attention. Chaos is one of the most common tools to protect image data since it has the sensitivity to initial condition and control parameter, which is similar to the basic properties of cryptography, confusion and diffusion. Meanwhile, the cryptanalysis of chaos-based image cipher is a vital work for its development. Alvarez and Li presented a general framework of basic guidelines involved with three main issues including implementation, key management and security analysis that a cryptosystem should follow [1]. In [2], chosen plaintext attack and chosen ciphertext attack were separately employed to break an image encryption algorithm based on hyper-chaos without any knowledge of the key value and with only three couples of plaintext/ciphertext. Rhouma and Belghith cryptanalyzed a chaos-based cipher for images and videos with two different attacks due to the weakness in the generation of the keystream [3]. The knowledge and significance of the cryptanalysis of chaotic ciphers have been discussed in [4, 5] in detail. Çokal and Solak applied chosen plaintext and known plaintext attacks to reveal the secret parameters of a chaos-based image encryption algorithm [6]. Two image encryption schemes consisting of a permutation operation and an XOR-like transformation of the shuffled pixels were cracked in [7] by use of a chosen plaintext attack. A differential cryptanalysis was leveraged by Li et al. [8] to aim at the Yen–Chen–Wu multimedia cryptography system with only seven chosen plaintexts. The image encryption cryptosystems based on multi-chaotic systems and improved hyper-chaotic sequences were also analyzed in terms of security in [9, 10], respectively. In addition, Bigdeli algorithm was broken by using Çokal and Solak attack in [11]. In recent years, it is very interesting to combine the biological characteristics like DNA with chaos system for image ciphers. So far, a large number of image ciphers based on DNA and chaos have been designed [12–25]. Their basic idea is to encode the original image into DNA sequence according to some mapping rule. The obtained DNA sequence is then processed in the some way with the help of the secret DNA keystream which is typically controlled by chaos. The processed DNA sequence is finally decoded into the cipher image. In addition, some chaos-based cryptographic features can also be embedded to enhance the security. On the other hand, a small number of cryptanalytic works for a few of these image ciphers have been done [26–32], which stimulates the further development of the image ciphers based on DNA and chaos. In spite of this, such cryptanalytic works are insufficient and in-depth study should be made.

In [33], the combination of a 3-cell chaotic map and DNA is employed for designing image cipher. Specifically, the original image is firstly converted to a DNA sequence. Then, the obtained DNA sequence is scrambled under the control of cycling chaos. After that, a secret DNA sequence is generated by using cycling chaos to mask the scrambled DNA sequence. The results are decoded to form the final cipher image. It was claimed that this cipher has high security and can resist different well-known attacks. In this paper, we demonstrate that the claim is not reasonable, since the cipher can be broken by known attacks. The rest of the paper is organized as follows. The next section overviews the original image cipher based on 3-cell chaotic map and biological operations. Section 3 gives the corresponding cryptanalysis for the original image cipher followed by some discussions in Sect. 4. The last section concludes this paper.

2 Overview of the image cipher based on 3-cell chaotic map and biological operations

This section firstly re-introduces the preparatory work for the cipher design and then re-describes the original image cipher.

2.1 The preparatory work

The 3-cell cyclic chaos map used in the image cipher is defined as

$$\begin{aligned} \left\{ {\begin{array}{l} x_{n+1} =\delta _1 x_n -x_n^3 -\chi \left| {y_n } \right| ^{p}x_n \\ y_{n+1} =\delta _2 y_n -y_n^3 -\chi \left| {z_n } \right| ^{p}y_n \\ z_{n+1} =\delta _3 z_n -z_n^3 -\chi \left| {x_n } \right| ^{p}z_n \\ \end{array}} \right. . \end{aligned}$$

(1)

A 120-bit external key \(k=k_{120} ,k_{119} ,k_{118} ,\ldots ,k_1 \) is applied for providing the three initial values \(x_1 \), \(y_1 \), \(z_1 \) and the parameter p by the following formulas:

$$\begin{aligned} \left\{ {\begin{array}{ll} x_1 &{}=\left( {\frac{\hbox {sum of } K_1 \,bits}{35}\times 4} \right) -2,-2<x_1 <2,\\ &{} \quad K_1 =k_{120} ,k_{119} ,k_{118} ,\ldots ,k_{86}\\ y_1 &{}=\left( {\frac{\hbox {Decimal value of }K_2 }{2^{35}}\times 4} \right) -2,-2<y_1 <2,\\ &{} \quad K_2 =k_{85} ,k_{84} ,k_{83} ,\ldots ,k_{51} \\ z_1 &{}=\left( {\frac{\hbox {sum of }K_3 \,bits}{35}\times 4} \right) -2,-2<z_1 <2,\\ &{} \quad K_3 =k_{50} ,k_{49} ,k_{48} ,\ldots ,k_{16} \\ p&{}=\left( {{\frac{\hbox {Decimal value of }K_4 }{2^{15}}}\Big /5} \right) -0.1,0.1<p<0.3,\\ &{} \quad K_4 =k_{15} ,k_{14} ,k_{13} ,\ldots ,k_1 \\ \end{array}} \right. . \end{aligned}$$

(2)

Each 8-bit pixel can be comprised of four 2-bits, i.e., 00, 01, 10 and 11, which can correspond to four nucleic acid bases T (thymine), A (adenine), C (cytosine), G (guanine), where A and T are complementary, while G and C are complementary, according to Watson–Crick complement rule, as shown in Table 1. The DNA algebraic operations including addition and subtraction are shown in Tables 2 and 3, respectively.

Table 1 Watson–Crick complement rule

Table 2 DNA addition operation

Table 3 DNA subtraction operation

2.2 The encryption algorithm

The original image is firstly converted to a DNA sequence. Then, the obtained DNA sequence is scrambled under the control of cycling chaos. After that, a secret DNA sequence is generated by using cycling chaos to mask the scrambled DNA sequence. The results are decoded to form the final cipher image. The specific procedures are as follows:

• Step 1: The DNA encoding phase

  Encode each pixel of the original image into a DNA image according to the rule: “00”-A, “01”-C, “10”-G, and “11”-T.

• Step 2: The scrambling phase

  1. a.

     Let the number of the image rows and columns be \(\alpha \) and \(\beta \), respectively, and divide the DNA image into N equal blocks.

  2. b.

     Generate the chaotic sequences \(X=x_0 ,x_1 ,x_2 ,\ldots ,x_\alpha \), \(Y=y_0 ,y_1 ,y_2 ,\ldots ,y_{4\beta } \), and \(Z=z_0 ,z_1 ,z_2 ,\ldots ,z_N \) with the initial values \(x_1 \), \(y_1 \), \(z_1 \) and the parameter p;

  3. c.

     Normalize the values in the sequence Z to the integers between 1 to N;

  4. d.

     Rearrange these integers into a new matrix \({Z}'\);

  5. e.

     Scramble the blocks using \({Z}'\);

  6. f:

     Normalize the values in X and Y to the integers between 1 to \(\alpha \) and between 1 to \(\beta \), respectively, rearrange these integers into row matrix and column matrix \({X}'\) and \({Y}'\);

  7. g:

     Scramble the nucleic acid base values using the ordered pair \(\left( {{x}',{y}'} \right) \in \left( {{X}',{Y}'} \right) \).

• Step 3: The mask phase

  1. a.

     Generate the chaotic sequence \(X=x_0 ,x_1 ,x_2 ,\ldots ,x_{4\alpha \,\beta } \) with the initial values \(x_1 \), \(y_1 \), \(z_1 \) and the parameter p;

  2. b.

     Construct the mask image M in which each pixel value can be generated using the following formula:

     $$\begin{aligned} \left\{ {\begin{array}{l} A,-2<X\le 1.1 \\ C,-1.1<X\le -0.2 \\ G,0.2\le X<1.1 \\ T,1.1\le X<2 \\ \end{array}} \right. \end{aligned}$$

     (3)
  3. c.

     Perform the DNA addition of the scrambled DNA image and the mask image.

• Step 4: The decoding phase

Decode the result into the final cipher image according to the same encoding rule: “00”-A, “01”-C, “10”-G, and “11”-T.

3 The deciphering process

After carefully observing the encryption algorithm, it seems that the security of the algorithm depends mainly on the 120-bit external key, which manipulates the generation of the three initial values \(x_1 \), \(y_1 \), \(z_1 \) and the parameter p for 3-cell cycling chaos map. However, with respect to different images, the same external key is utilized, thus keeping the same \(x_1 \), \(y_1 \), \(z_1 \) and p. Furthermore, the chaotic sequences remain unchanged, therefore \({X}'\), \({Y}'\), \({Z}'\) and M are fixed. The encryption algorithm possesses the architecture of scrambling mask. The encoding and decoding phases do not involve cryptographic behaviors. The scrambling phase contains two operations. One is to scramble the blocks using \({Z}'\) and the other is to process the whole bases using \({X}'\) and \({Y}'\). The mask phase only leverages the mask image M. The goal of deciphering the image encryption algorithm is to reveal \({X}'\), \({Y}'\), \({Z}'\) and M. In order to be understood for the proposed cryptanalysis, the encryption algorithm was simplified as:

• Step 1: The DNA encoding phase

  $$\begin{aligned}&P\left( {00,01,10,11} \right) \mathop {\xrightarrow {\qquad \qquad \mathrm{Encode}\qquad \qquad }}\limits _{\text {00-A,01-C,10-G,11-T}}\nonumber \\&\quad \times {P}'\left( {A,C,G,T} \right) \end{aligned}$$

  (4)

• Step 2: The scrambling phase

  $$\begin{aligned}&{P}'\left( {A,C,G,T} \right) \mathop {\xrightarrow {\qquad \mathrm{1st \,Scramble}\qquad }}\limits _{{Z}'}\nonumber \\&\quad {P}'_{S^{1}} \left( {A,C,G,T} \right) \end{aligned}$$

  (5)
  $$\begin{aligned}&{P}'_{S^{1}} \left( {A,C,G,T} \right) \mathop {\xrightarrow {\qquad \mathrm{2st \,Scramble}\qquad }}\limits _{{X}',{Y}'}\nonumber \\&\quad \times {P}'_{S^{2}} \left( {A,C,G,T} \right) \end{aligned}$$

  (6)

• Step 3: The mask phase

  $$\begin{aligned} {P}'_{S^{2}} \left( {A,C,G,T} \right) \mathop {\xrightarrow {\qquad \mathrm{Mask}\quad }}\limits _{M} {P}'_{M,S^{2}} \left( {A,C,G,T} \right) \end{aligned}$$

  (7)

• Step 4: The decoding phase

  $$\begin{aligned}&{P}'_{M,S^{2}} \left( {A,C,G,T} \right) \mathop {\xrightarrow {\qquad \qquad \mathrm{Decode}\qquad \qquad }}\limits _{\text {A-00,C-01,G-10,}T\text {-11}}\nonumber \\&\quad \times C\left( {A,C,G,T} \right) \end{aligned}$$

  (8)

Our attack adopts chosen plaintext attack. The basic idea is to select one or more special images, which are not or regularly affected by the scrambling phase. So the attacker can infer the mask image M at first with the knowledge of one or more pairs of plain/cipher images. The specific procedures are the followings:

1. (1)

   Select a special plain image, where each 8-bit pixel consists of the same four 2-bits, i.e.,

   $$\begin{aligned}&P\left( {00,00,00,00} \right) , \quad P\left( {01,01,01,01} \right) ,\\&P\left( {10,10,10,10} \right) \quad \hbox {and}\quad P\left( {11,11,11,11} \right) , \end{aligned}$$

   corresponding to \({P}'\left( {A,A,A,A} \right) \), \({P}'\left( {C,C,C,C} \right) \), \({P}'\left( {G,G,G,G} \right) \) and \({P}'\left( {T,T,T,T} \right) \). Without loss of generality, \(P\left( {00,00,00,00} \right) \) is selected.

2. (2)

   The two scrambling operations do not work for \({P}'\left( {A,A,A,A} \right) \), thus

   $$\begin{aligned} {P}'\left( {A,A,A,A} \right)= & {} {P}'_{S^{1}} \left( {A,A,A,A} \right) \nonumber \\= & {} {P}'_{S^{2}} \left( {A,A,A,A} \right) \end{aligned}$$

   (9)
3. (3)

   The mask phase is changed as

   $$\begin{aligned} {P}'\left( {A,A,A,A} \right) \mathop {\xrightarrow {\quad \mathrm{Mask}\quad }}\limits _{M} {P}'_M \left( {A,C,G,T} \right) \end{aligned}$$

   (10)

   The decoding phase is

   $$\begin{aligned} {P}'_M \left( {A,C,G,T} \right) \mathop {\xrightarrow {\qquad \mathrm{Decode}\qquad }}\limits _{\text {A-00,C-01,G-10},T\text {-11}} C^{1}\left( {A,C,G,T} \right) \end{aligned}$$

   (11)
4. (4)

   \(P\left( {00,00,00,00} \right) \)and \(C^{1}\left( {A,C,G,T} \right) \) are known, so \({P}'\left( {A,A,A,A} \right) \quad {P}'_M \left( {A,C,G,T} \right) \) are also known. With the addition and subtraction operation rules in Tables 2 and 3 together with Eq. (10), the mask image M can be immediately calculated.

5. (5)

   After revealing M, the resultant encryption algorithm turns into a scrambling-only framework. The effect of the second scrambling is obviously stronger than that of the first one. The first scrambling can be integrated into the second one. The two scrambling operations can be equivalent to only once nucleic acid base value scrambling. The equivalent matrices for \(\left( {{X}',{Y}'} \right) \) and \({Z}'\) which need to be revealed are marked as \(\left( {{X}'',{Y}''} \right) \).

6. (6)

   Alter three 2-bits of four 2-bits as 01, 10, and 11 for the first pixel in P( 00, 00, 00, 00 ). After the scrambling, the positions of these three altered values can be found such that three ordered pairs in \(( {{X}'',{Y}''} )\) are obtained. Next, the same processing way for the following pixels is repeatedly performed till the whole ordered pairs in \(( {{X}'',{Y}''} )\) are revealed.

The above steps demonstrate that the encryption algorithm can be broken by using chosen plaintext attack. The mask phase requires an image, while the scrambling phase requires about \({4\alpha \beta }\big /3\) images. Thus, the complexities in the mask and scrambling phases are O( 1 ) and \(O( {{4\alpha \beta }\big /3} )\), respectively. The whole complexity is confined to \(O( {\alpha \beta })\), which is low. If there needs to be a blurry or rough image through the cryptanalysis, the number of the images when deciphering the scrambling phase can be further optimized by the methods [34, 35], in which the scrambling-only image ciphers have been thoroughly and systematically cryptanalyzed. Figure 1 shows a validation example, in which a–c represents the original test image, the corresponding encrypted image and the cryptanalyzed image, respectively. It is worth mentioning in the end that the algebraic attack against the image encryption algorithm consisting of chaos and DNA is an efficient tool of the cryptanalysis. For example, in [27], Belazi et al. came up with an algebraic analysis against a RGB image encryption algorithm based on DNA encoding and chaotic map by constructing some systems of linear equations. However, in [33], the introduction of permutation which has the linearity impedes the construction of linear equations. Thus, the algebraic attack does not take effect on the cipher in [33].

Fig. 1

Test of the attack. a The original test image; b the corresponding encrypted image; c the cryptanalyzed image

4 Discussion

In the following, some improvements and suggestions with respect to the encryption algorithm are given:

1. 1.

   There are eight kinds of coding schemes in total that satisfy the Watson–Crick complement rule. In the encryption algorithm, the coding rule is fixed and no cryptographic features are embedded in the encoding phase. Therefore, a new key can be added to control the encoding and decoding rules.

2. 2.

   For the DNA algebraic operations, another DNA XOR operation can also be introduced to change the base values in the mask phase. For example, one possible definite for DNA operation is shown in Table 4. The DNA XOR operation corresponds to the binary XOR operation, which has been widely used in the field of cryptography.

3. 3.

   The leading reason why the encryption algorithm is vulnerable to chosen plaintext attack is not related to plaintext information. The algorithm should depend on the plain image information during the encoding, scrambling and mask phases. As a result, different plain images can generate inconsistent keystreams.

4. 4.

   In the scrambling and mask phases, the same initial values and parameter should not be utilized. Once one part of keystream is revealed by the attacker, the other part may also be known at once. The keystream used in mask phase can be perturbed by the encryption result in the scrambling phase to avoid the same keys and enhance the security

5. 5.

   The A, C, G and T in the mask image are not uniform in terms of the distribution situation due to the fact that in general, the track of chaos system is not uniform. Thus, the encryption algorithm easily suffers from statistical attack. Some excellent DNA cipher techniques like [15] are worth referencing for better image cipher based on DNA and chaos.

Table 4 One possible DNA XOR operation

5 Conclusion

An encryption algorithm based on a 3-cell chaotic map and DNA, including the encoding, scrambling, mask and decoding phases, has been analyzed in terms of security in this paper. The algorithm can be broken by chosen plaintext attack with a low complexity \(O( {\alpha \beta } )\). At the same time, some improvements and suggestions have also been proposed for the purpose of designing better image ciphers based on DNA and chaos and stimulating the further development.