1 Introduction

The popularization of the internet and cloud technology has given rise to the widespread transmission of digital images between network users. The security of the digital image information becomes increasingly important. Conventional encryption algorithms (i.e., DES, AES, and IDEA) are not appropriate for image encryption but for text data encryption, because the image has special characteristics such as large storage and high pixel correlation [1]. Therefore, a great many new and different image encryption schemes have been continuously put forward and explored.

At present, available image encryption schemes are mainly divided into two categories: chaos-based and non-chaos-based encryption algorithms. Chaos-based cryptosystems have been extensively investigated because chaos is characteristic of inner randomness and initial sensitivity. Moreover, a large amount of various chaotic maps have been proposed to encrypt the image with a permutation–diffusion structure, for example, Logistic map [2], Lorenz map [3], Tent map [4], Chen map [5], Jacobian elliptic map [6], Cat map [7], Hyper chaos [8], Laser chaos [9, 10], and the mixture of the above chaotic maps [11, 12]. Besides, many non-chaos-based encryption systems have been brought forward for the image encryption, for instance, block-based transformation algorithm [13], SCAN methodology [14], fractional Fourier transform (FRFT) [15], Rubik’s Cube principle [16], DNA encoding algorithm [17], Quantum Hash function [18], and combinational permutation technique based on pseudorandom sequences [19].

According to Shannon’s theory of secure communication [20], only the one-time pad cryptosystem is theoretically unbreakable. Moreover, the one-time pad key should be generated by true random number generator (TRNG), never be reused, and have the same length as the plain message. Therefore, the utilization of the true random number-based key may be the final solution to the image encryption. Recently, Liu et al. [21] has proposed that true random numbers from environmental noise serve as the one-time initial values of a chaotic system, and the image is finally encrypted by employing the sequences from the chaotic system to diffuse the pixels with the Exclusive OR (XOR) operation. T. Sivakumar et al. [22] have demonstrated that true random numbers from the noise audio signal are applied to XOR the scrambled image, the pixel position of which is permuted by Knight’s Travel Path. In general, the image encryption procedure mainly includes two steps, i.e., pixel permutation and diffusion. However, for the above image encryption schemes in [21, 22], the true random number is used as the encryption key only in the diffusion process to change the pixel values. To strengthen the security of the image encryption scheme, the true random number should be employed as the secret key in both the permutation and diffusion processes.

In this paper, the image encryption scheme based on physical random numbers from the chaotic laser system is proposed, where the physical random number sequences are constructed into the two random sequence image matrices to alter the pixel position in the permutation stage and change the pixel value in the diffusion phase.

2 Image encryption scheme

The schematic diagram of the image encryption based on physical random numbers extracted from the chaotic laser system is shown in Fig. 1. We refer to the transmitting end as Alice and the receiving end as Bob. The encrypted image messages can be transmitted on the internet by a set of protocols such as TCP/IP. In our scheme, we use the algorithm called one-time pad to encrypt the transmitted image, where the physical random numbers are utilized as the encryption key for both communication parties. In the encryption processes, a large number of the physical random numbers are first stored in the cloud by utilizing the advanced cloud technology [23]. Then, Alice and Bob download the same physical random numbers from the cloud on compact disks (CDs) or removable hard disks (HDs) with large capability storage. The common encryption key is extracted from the downloaded physical random number pool. The extraction approach of the secret key can function as the private key, which could be exchanged by means of quantum key distribution protocol [24] and the semiconductor lasers’ synchronization by injecting common light [25]. The image encryption/decryption process consisting of two distinct stages, namely permutation and diffusion, is depicted in the block diagram of Fig. 1. In the permutation phase (D), the pixel positions of the original image are completely randomly permutated and in the diffusion phase (F), the statistical pixel values are changed. The concrete encryption/decryption procedures are given below.

Fig. 1
figure 1

The image encryption scheme based on physical random numbers from chaotic laser system. Symbols: A physical random number pool, B the constructed random sequence image \({\text{RS}}{{\text{I}}_{M,{N^1}}}\), C the constructed random sequence image \({\text{RS}}{{\text{I}}_{M,{N^2}}}\), D permutation operation in encryption, E the shuffled image, and F XOR operation in encryption

Full size image

3 Generation of random sequences

3.1 Experimental setup

The physical random number generation has been experimentally achieved using a chaotic laser as physical entropy source [26, 27]. Figure 2 shows our experimental setup of physical random number generation. The chaotic light source consists of a distributed-feedback (DFB) laser diode, a fiber coupler, a polarization controller (PC), a variable optical attenuator (VOA), and a fiber mirror (FM). More details are available in [27]. When the chaotic light source operates under the following parameters: the operating current is set to 1.5 times its threshold current (22 mA), the feedback strength is 30% of the laser output power, and the external cavity length is about 8.4 m, it generates chaotic signals with high frequency. The output chaotic light through an optical isolator (ISO) is converted to electrical signals by a photodetector (PD). The ISO ensures that the chaotic light has a one-way transmission direction. The detected chaotic signal is sampled by the 8-bit analog-to-digital (ADC) of an oscilloscope (OSC). The binary sequence is off-line obtained through the following procedure. A single 8-bit digital signal is first down-sampled to the lower sampling rate by the Clock. By XOR operating the corresponding pairs of bits in the 8-bit digital signal and its bit-delayed one stored in the Buffer, the single down-sampled 8-bit digital signal is further given. Finally from each sample, the least significant bits (LSBs) are selected and interleaved to achieve a binary sequence.

Fig. 2
figure 2

Experimental setup of physical random number generation

Full size image

3.2 Statistical properties of random sequence

Afterward, we analyze the statistical properties of the generated random sequence. Figure 3a displays the waveform of the chaotic signal acquired by the oscilloscope with the set sampling rates of 20 GS/s. To decrease the correlation of the adjacent samples, an external down-sampling to 2 GS/s is utilized, that is, one out of each ten samples is extracted. The randomness of the single random binary sequence is evaluated using the NIST test suite [28]. The test results show that for the constructed sequence by employing only one of the 8 bits at each sample, the first to seventh LSB can pass statistical tests of randomness but the most significant bit cannot. The reason why the most significant bit cannot pass the NIST test has been analyzed in detail in [29]. So, seven LSBs from each sample are adopted as a subset to construct a single bit sequence. The obtained random bit sequence is further tested and passes all of the NIST tests. The typical results are given in Fig. 4. Pass criteria are determined by the sequence length and the significance level. A significance level α = 0.01 is set for P value of each sequence test. For the 1000 samples of 1 Mb data, the proportion of sequences that satisfy P value > α is estimated to be 0.99 ± 0.0094392. Figure 3b depicts the autocorrelation trace of the obtained random sequence with characteristic of δ-like function. This means that the knowledge of the random bits for some given time does not predict the future evolution of the random sequence. Thus, the extracted random binary bit sequence can be applied to the encryption of the image.

Fig. 3
figure 3

a The extracted random sequence from chaotic signal and b autocorrelation trace of the extracted random sequence

Full size image
Fig. 4
figure 4

Results of NIST statistical tests. All tests are passed using 1000 samples of 1-Mb data at the significance level of α = 0.01 and with the proportion within the range of 0.99 ± 0.0094392

Full size image

4 Image encryption procedure

4.1 Preprocessing stages

  1. 1.

    Under normal circumstances, a gray digital image P is composed of a two-dimensional matrix, which contains integers ranging from 0 to 255. However, as is mentioned before, the key shared by Alice and Bob is an infinitely long binary sequence, \({B_i}={\text{ }}\left\{ {{b_1},{\text{ }}{b_2},{\text{ }} \ldots ,{\text{ }}{b_\infty }} \right\}\), where bi = 0 or 1. To further realize the image cryptography, we need to preprocess the binary sequence. Here, a double encryption method is employed in the proposed image encryption scheme. During the image encryption process, the two sets of different keys, namely \({K^1}={\text{ }}\left\{ {{k_1}^{1},{\text{ }}{k_2}^{1}, \ldots ,{\text{ }}{k_{\infty \,}}^{1}} \right\}\) and \({K^2}=\left\{ {{k_1}^{2},{k_2}^{2}, \ldots ,{k_{\infty \,}}^{2}} \right\}\), are constructed according to the following equation:

$$\begin{aligned} {k_i}^{{1,{\text{ }}2}}= & {b_{i \times 8+1}} \times {2^0}+{\text{ }}{b_{i \times 8+2}} \times {2^1}+{\text{ }}{b_{i \times 8+3}} \times {2^2}+{\text{ }}{b_{i \times 8+4}} \times {2^3}+{\text{ }}{b_{i \times 8+5}} \times {2^4} \\ ~ & \quad +{b_{i \times 8+6}} \times {2^5}+{b_{i \times 8+7}}^{1} \times {2^6}+{\text{ }}{b_{i \times 8+8}}^{1} \times {2^7}, \\ \end{aligned}$$
(1)

where i = 1, 2, ..., ki1, 2 ∈ [0, 255].

  1. 2.

    Next, a subset of integers from the data set K1 and K2 is selected and further processed into K1′ and K2′, respectively, which are two arrays of M × N data elements with M rows and N columns. The concrete processing rules are given as follows:

$${K^{1^{\prime}}} \leftarrow {\text{reshape}}({K^1},M,N)$$
(2)
$${K^{2^{\prime}}} \leftarrow {\text{reshape}}({K^2},M,N),$$
(3)

where reshape means to change the size of K1 and K2 to M × N array. The result of this operation will obtain two arrays, K1′ and K2′, containing a M × N number of elements. K1′ and K2′ can be also represented as two image matrices labeled as the Random Sequence Image \({\text{RS}}{{\text{I}}_{M,{N^1}}}\) and \({\text{RS}}{{\text{I}}_{M,{N^2}}}\), which correspond to B and C in Fig. 1, respectively. Here, they will serve as the permutation mask in the permutation phase and the substitution mask in the diffusion stage.

4.2 Image position shuffling

The plain image data have strong correlations between the adjacent pixels. To eliminate the high pixel correlation, \({\text{RS}}{{\text{I}}_{M,{N^1}}}\) is utilized to shuffle the position of the original image in the permutation stage. The procedure of shuffling image is described as follows:

  1. 1.

    The elements of \({\text{RS}}{{\text{I}}_{M,{N^1}}}\) are sorted in ascending order according to their pixel values. The \({\text{RS}}{{\text{I}}_{M,{N^1}}}\) is transformed into a new image matrix known as \({\text{RS}}{{\text{I}}_{M,{N^{1^{\prime}}}}}\). Each element of the \({\text{RS}}{{\text{I}}_{M,{N^{1^{\prime}}}}}\) constitutes the indices for position shuffling of the original image P.

  2. 2.

    All the M columns and N rows of P with \({\text{RS}}{{\text{I}}_{M,{N^{1^{\prime}}}}}\) are shuffled into the intermediate transformation matrix E (shown in Fig. 1).

4.3 Image statistics change

In the diffusion stage, the image matrix \({\text{RS}}{{\text{I}}_{M,{N^2}}}\) derived from Eq. (3) is utilized to alter the statistical information of the intermediate transformation image E through the XOR operation. The symbol ⊕ represents the bit-by-bit XOR operation. Thus, the cipher image Pc is obtained according to the following formula:

$${{\text{P}}^{\text{c}}} \leftarrow {\text{ }}E \oplus {\text{RS}}{{\text{I}}_{M,{N^2}}}.$$
(4)

The decryption procedure is similarly performed in terms of the encryption one listed above. The same key sets K1 and K2 at the receiving end are first achieved as indicated in preprocessing stages. Then, we carry out the anti-XOR and reverse permutation operation to correctly recover the original image P.

5 Security analysis

It is well known that a high-equality encryption algorithm should resist all kinds of brute force attacks, such as cryptanalytic and statistical attacks. Here, we examine the security of the proposed image encryption scheme by utilizing this scheme to encrypt a Lena BMP image with the size 256 × 256 shown in Fig. 5a. Some security tests including statistical analysis, sensitivity analysis, and key space analysis on our image encryption scheme have been performed in the following.

Fig. 5
figure 5

Histograms of the images

Full size image

5.1 Statistical analysis

In fact, many cryptographic algorithms have been successfully cracked by employing the statistical analysis. Here, to further demonstrate the robustness of our image encryption procedure, we have carried out statistical analysis by calculating the histograms of the encrypted images and the correlations of two adjacent pixels.

5.1.1 Histogram analysis

Figure 5a, c, e presents the plain image of Lena, the shuffled intermediate image, and the final ciphered image, respectively. Their corresponding computed gray-scale histograms are depicted in Fig. 5b, d, f. From the statistical information depicted in Fig. 5d, we can see that the shuffled image has the same statistical histograms as the original image although it does not display portrait information of Lena. From the viewpoint of statistical attack, it is not safe. Thus, the XOR operation on the shuffled image in the diffusion phase is necessary to further alter the statistical information. Figure 5f clearly shows that the histogram of the finally encrypted image is fairly uniform and distinctly different from the histogram of the plain image. We further quantitatively compare the statistics of the plain and ciphered images. The average value and standard deviation of the plain image are 97.772 and 52.778, respectively. The average value and standard deviation of the ciphered image are 127.451 and 74.064, respectively. Moreover, the statistics of the other plain and ciphered images obtained by our image encryption algorithm are quantitatively tested as well. The results demonstrate that the average values and standard deviations of all the ciphered images are approximately 127 and 74, respectively, no matter what the gray-scale distribution of the original image is. Therefore, any clue cannot be provided from the altered statistical histograms to perform any statistical attack on our image encryption scheme.

5.1.2 Correlation analysis

Apart from the histogram analysis, the correlations between two adjacent pixels in the plain image and its encrypted image are analyzed as well. First, 1000 pairs of two adjacent pixels are randomly selected along horizontal, vertical, and diagonal directions from an image, respectively. Then, the correlation coefficient of each pair is calculated according to the following formulas [7]:

$$\begin{gathered} E(x)=\frac{1}{N}\sum\limits_{{i=1}}^{N} {{x_i}} , \hfill \\ D(x)=\frac{1}{N}\sum\limits_{{i=1}}^{N} {({x_i}} - E(x){)^2} \hfill \\ {\text{cov}}(x,y)=\frac{1}{N}\sum\limits_{{i=1}}^{N} {({x_i}} - E(x))({y_i} - E(y)) \hfill \\ \end{gathered}$$
$${r_{xy}}=\frac{{{\text{cov}}(x,y)}}{{\sqrt {D(x)} \sqrt {D(y)} }},$$
(5)

where x and y are gray-scale values of two adjacent pixels in the image, respectively, and N = 1000 is total number of pixels. Figure 6 illustrates the correlation distribution of two adjacent pixels along the horizontal, vertical and diagonal directions in the plain and ciphered images. The corresponding correlation coefficients are shown in Table 1. From Fig. 6 and Table 1, we can see that the correlation between the two adjacent pixels in the encrypted image is negligible although it is high in the plain image. So, our image encryption scheme meets a strict criterion that the correlation values of adjacent pixels should be minimal for the encrypted image.

Fig. 6
figure 6

Correlations of two adjacent pixels in the original image (upper row) and the encrypted image (lower row). a, d Horizontal direction. b, e Vertical direction. c, f Diagonal direction

Full size image
Table 1 Correlation coefficients of two adjacent pixels in the original and encrypted images
Full size table

5.2 Sensitivity analysis

In this section, the sensitivity analysis of our image encryption scheme is further performed. We analyze the image decryption effect for the various extraction methods of the secret key. As is mentioned before, the secret keys for the image encryption and decryption are generated by utilizing Eq. (1). Figure 7a illustrates the decrypted image when the decryption key extracted from the random number sequence has only a delay bit with the encryption key. The result shows that the plain image cannot be correctly retrieved. Only when the decryption process is completely consistent with the encryption one can the encryption system get the correct decrypted image, as illustrated in Fig. 7b.

Fig. 7
figure 7

Sensitivity test. a The decrypted image using the decrypted key having a delay bit with the encrypted key. b The decrypted image with correct key

Full size image

5.3 Key space analysis

In general, a secure image encryption system should have a large enough key space to ensure that the brute force attack is infeasible. The presented image encryption scheme belongs to one-time pad system. The random numbers generated by chaotic laser system are used as the secret key to encrypt the plain image. Thus, an image cipher has a very large key space of size 2M×N, which is determined by the size of the plain image. As is mentioned before, an image with the size of 256 × 256 is chosen and the corresponding key space size is 2256×256. This pretty exhaustive key space makes our system resistant to brute force attack. Actually, the multiple initial values of chaotic laser system and many key extraction methods from long enough random number sequence ensure that the attackers cannot do anything about our image encryption system.

5.4 Resistance to attacks

At present, there are four classical types of attacks based on the level of knowledge of the attackers to the cryptosystem, which are enumerated from the hardest to the easiest: ciphertext only, known plaintext, chosen plaintext, and chosen ciphertext. According to Kerchoff’s principle, cryptanalyst knows everything about the cryptosystem except the secret key. Therefore, the chaos-based or non-chaos-based image encryption algorithms have a theoretical possibility of cracking when the above four types of attacks are utilized. However, our image encryption scheme adopting one-time pad encryption method is explored, which is theoretically unbreakable in term of Shannon’s theory. So, our image encryption scheme may resist these four types of attacks.

5.5 Speed analysis

For a good image encryption algorithm, the computational complexity is also an important aspect. As is illustrated above, the proposed image encryption scheme mainly consists of two parts: the generation of true random numbers as one-time pad key and the image encryption/decryption procedure. The security of our image encryption scheme relies not on the encryption algorithm itself but on the secret key. Therefore, the image encryption/decryption procedure is extremely simple. The physical random number sequences from chaotic laser entropy source are constructed into two random sequence image matrices to alter the pixel position in the permutation stage and change the pixel value in the diffusion phase, respectively. The average encryption/decryption time is 0.017 s on a gray-scale image of the size 256×256. The time analysis has been done on personnel computer with clock speed of 3.60 GHz and 8 GB of RAM memory.

6 Discussion

Compared with the proposed scheme in [21], our image encryption scheme has two obvious advantages, although both encryption schemes are based on physical random numbers. On the one hand, in our proposed scheme, the chaotic laser is utilized as an entropy source to extract physical random numbers. Compared with the environment noise, the chaotic laser has higher spectral density and in the same bandwidth has higher output power, which is more prone to generate high-quality physical random numbers. The generated random numbers pass the NIST test. On the other hand, our scheme explores one-time pad encryption method to achieve the image encryption, where the physical random numbers are directly constructed into two random sequence image matrices to shuffle the pixel position of the original image and change its pixel value, respectively. However, for the proposed scheme in [21], the physical random numbers are served as the one-time initial values of a chaotic system, and the image is finally encrypted by employing the sequences from the chaotic system to diffuse the pixels with the XOR operation. Therefore, compared with the key space (1059) of the proposed scheme in [21], our scheme has larger key space with the size of 2256×256 ≈ 10183, which ensures higher security of our image encryption scheme. Besides, the security of our scheme only depends on the secret key whereas the security of the proposed scheme in [21] is related to not only the secret key itself but also the encryption algorithm. Thus, our scheme provides simpler image encryption means and shorter measurement time when the encrypted image sizes are same.

7 Conclusions

In conclusion, a novel one-time pad image encryption scheme based on physical random numbers from chaotic laser system is proposed and verified. The statistical properties of the experimentally generated physical random numbers serving as the secret keys are analyzed and tested. The image encryption/decryption procedures are given in detail. Some tests such as statistical analysis, sensitivity analysis, and key space analysis demonstrate that the proposed image encryption scheme has superior performance compared with many existing image encryption algorithms, such as the theoretically absolute security, the good statistical property, and the high sensitivity. So, our encryption scheme will show potential application prospect in the field of image encryption.