1 Introduction

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resource(e.g., network, servers, storage, applications)that can be rapidly provisioned and released with minimal management effort or service provider interaction. Attracted by these appealing features, both individuals and enterprises are actively outsourcing their data to the cloud. But, outsourcing sensitive information (such as e-mails, personal health records, company finance data, government documents, and secret images etc.) to remote servers will bring privacy concerns. The general approach of preserving privacy data is to encrypt it before outsourcing [10]. From a security point of view, this process mainly contains two aspects. On the one hand, the inverted sort index of the file needs to be encrypted [5, 26]. On the other hand, the file to be uploaded needs to be encrypted [18, 19]. Some encryption algorithms have been proposed to solve the latter problem, such as AES and DES algorithm. But, comparing these conventional encryption algorithms, chaos-based ones have suggested more secure and fast encryption methods [15, 24].

The first chaos-based encryption algorithm was proposed in 1989 [12]. Since then more and more researchers have investigated and analyzed many kinds of chaos-based encryption algorithms. The improvement of encryption algorithm mainly includes security and computational cost. In terms of security, some researchers were working to eliminate sufficiently the relativity of adjacent pixel in images [8, 13, 17, 27, 29, 30]. In addition, other researchers were studying how to increase the size of the key space to ensure the security of the encryption algorithm [7, 20, 28]. Moreover, some people even put forward the method of keeping secret communication from the angle of pulse synchronization [2, 22, 23, 25]. In terms of computational cost, a real-time and fast encryption method was presented based on orthonormal matrices [3]. The algorithm not only considers the statistical attack, but also pays more attention to the speed of encryption. In [21], a two stage combinational approach for image encryption was proposed. This algorithm need only one password for both stages and it had a low computational complexity. The above mentioned schemes have made a great contribution to the security and computational cost. However, there are few algorithms which can simultaneously take into account the two aspects. In [28], an image encryption scheme was designed based on 2D hyper-chaotic system. They claimed that the algorithm had high security. However, the computational cost of using two-dimensional hyper chaotic system was relatively high. If 1-D chaotic system be used in this algorithm, the speed of operation would be improved. But, the security could not be guaranteed. Moreover, the encryption scheme based on chaotic hiding and modulation of 1-D chaotic systems was decrypted by multi-step nonlinear prediction method. So, it is a great challenge to design a low dimensional chaotic encryption scheme with security and low computational cost. Fortunately, some people started to study this problem. In [14], the author proposed a new image encryption algorithm based on parameter-varied Logistic map. This method could resist the attack of phase space reconstruction, and it has a low computational complexity. However, the difference between some data which derived from Logistic map would be very small for different parameters. It may cause a larger calculation error and reduce the security of the algorithm. In order to make up for these deficiencies and expand the scope of the data, this paper proposes a new image encryption scheme based on Logistic map and dynatomic modular curve (DMC). In stage of diffusion, the original pixel values are sorted as index function which derives from the logistical map and the DMC. In stage of confusion, the XOR operation between the scrambled pixel sequence and projective transformation sequence is performed. The simulation experiments show that the proposed algorithm has a low computational complexity, and sensitivity to the key, and it has a good property of resistance statistical attack, differential attack, and malicious attack.

The advantages of the proposed scheme are summarized as follows:

  1. (1)

    The DMC is the first time to apply in image encryption. Not only it can help us improve the calculation precision by increasing infinity point and infinity line, but also can expand the scope of chaotic data.

  2. (2)

    The relationship between the Logistic map and the DMC is discussed, and it is used to encrypt and decrypt image.

  3. (3)

    Chi-square and Kolmogorov-Smirnov test are applied to verify the distribution of the encrypted image pixels and correlation coefficients in performance analysis. They can help us test the security of the encryption algorithm from the view of statistical analysis.

  4. (4)

    The key space is extended by introducing the adjustment parameter and amplification parameter.

The rest of this paper is organized as follows. In section 2, in order to find the relationship between the Logistic map and the DMC, the definition of the DMC and the type of period are introduced, and a property of the DMC is proved. In section 3, the relationship between the Logistic map and the DMC is discussed, and its role in image encryption is summarized. In section 4, image encryption and decryption algorithm based on the Logistic map and the DMC are given. In section 5, some images which selected from the USC-SIPI image database are used to test effectiveness of the proposed algorithm. And the Chi-square test is used to verify the histogram distribution of the encrypted image pixels. Performance analysis of the proposed algorithm is described in section 6. It includes statistical analysis, adjacent pixels correlation analysis and simulation, NPCR and UACI calculation and simulation, key sensitivity test, information entropy calculation and algorithm intensity analysis. In this section, the distribution of correlation coefficient of encrypted image is verified by K-S test, and the experimental results are compared with other algorithms from correlation coefficient, key sensitivity and computational complexity. Section 7 summaries the main innovative points of the proposed algorithm and lists some research problems in the future.

2 Dynatomic modular curve

Firstly, we introduce the definition of dynatomic polynomial and its periodic point in projective space. And then, the conception of the DMC is put forward. Finally, a property theorem of the DMC is proved.

Definition 1

[22] \( {\Phi}_n^{\ast }(z) \) is called the n -th dynatomic polynomial and is given by the following formula,

$$ {\Phi}_n^{\ast }(z)=\prod_{k\mid n}{\left({\phi}^k(z)- z\right)}^{\mu \left(\frac{n}{k}\right)}. $$

Here μ is the Mobius function. μ is defined byμ(1) = 1and

$$ \mu \left({p}_1^{e_1}{p}_2^{e_2}\cdots {p}_r^{e_r}\right)=\left\{\begin{array}{c}\hfill {\left(-1\right)}^r,\kern1em \mathrm{if}\kern0.5em {e}_1={e}_2=\cdots ={e}^r=1,\hfill \\ {}\hfill 0,\kern2.62em \mathrm{if}\kern0.5em \mathrm{any}\kern0.5em {e}_i\ge 2.\kern4em \hfill \end{array}\right. $$

ϕ k(z)is the k -th iteration of ϕ. If we let ϕ(z) ∈ K[z] be a polynomial, where K[z] is a polynomial set on perfect field K. And consider that

$$ \phi (z)={\phi}_c(z)=-{z}^2+ c $$

Some expressions of \( {\Phi}_n^{\ast }(z) \) can be obtained,

$$ {\Phi}_1^{\ast }(z)={\Phi}_1^{\ast}\left( c, z\right)=\prod_{k\mid 1}{\left({\phi}^k(z)- z\right)}^{\mu \left(\frac{1}{k}\right)}=\phi (z)- z=-{z}^2- z+ c, $$
(1)
$$ \begin{array}{c}\hfill {\Phi}_2^{\ast }(z)={\Phi}_2^{\ast}\left( c, z\right)=\prod_{k\mid 2}{\left({\phi}^k(z)- z\right)}^{\mu \left(\frac{2}{k}\right)}={\left(\phi (z)- z\right)}^{\mu (2)}{\left({\phi}^2(z)- z\right)}^{\mu (1)}\hfill \\ {}\hfill \kern-01em ={\left(\phi (z)- z\right)}^{-1}\left({\phi}^2(z)- z\right)={z}^2- z+\left(1- c\right)\kern0.5em ,\hfill \end{array} $$
(2)
$$ \begin{array}{l}{\Phi}_3^{\ast }(z)={\Phi}_3^{\ast}\left( c, z\right)=\prod_{k\mid 3}{\left({\phi}^k(z)- z\right)}^{\mu \left(\frac{3}{k}\right)}={\left(\phi (z)- z\right)}^{\mu (3)}{\left({\phi}^3(z)- z\right)}^{\mu (1)}\hfill \\ {}\kern2.5em ={z}^6-{z}^5+\left(1-3 c\right){z}^4+\left(2 c-1\right){z}^3+\left(3{c}^2-3 c+1\right){z}^2\hfill \\ {}\kern.3em +\left(-{c}^2+2 c-1\right) z-\left({c}^3-2{c}^2+ c-1\right).\hfill \end{array} $$
(3)

Similarly, other expressions of \( {\Phi}_n^{\ast }(z) \) (n = 4 , 5 , ⋯) can be obtained. Let Φ n (P) = ϕ n(P) − P, we can make the following definition.

Definition 2

Let ϕ(z) ∈ K[z] be a rational map and let P∈ ℙ1 be a periodic point for ϕ, where P 1 represents 1-dimensional projective space.

  1. (1)

    P has period n if Φ n (P) = 0.

  2. (2)

    P has formal period n if \( {\Phi}_n^{\ast }(P)=0 \).

  3. (3)

    P has primitive (or exact) period n if Φ n (P) = 0 and Φ m (P) ≠ 0 for all m < n.

We set the notation

$$ \begin{array}{l}{\mathrm{Per}}_n\left(\phi \right)\kern-4.5em =\kern-4.55em \left\{ P\in {\mathrm{\mathbb{P}}}^1:\kern0.5em {\Phi}_n(P)=0\right\}\kern-4.5em ,\hfill \\ {}{{\mathrm{Per}}_n}^{\ast}\kern-4em \left(\phi \right)\kern-4.4em =\kern-4em \left\{ P\in {\mathrm{\mathbb{P}}}^1:{\Phi_n}^{\ast }(P)=0\right\}\kern-4em ,\hfill \\ {}{\mathrm{Per}}_n^{\ast \ast}\left(\phi \right)=\left\{ P\in {\mathrm{\mathbb{P}}}^1:{\Phi}_n(P)=0\kern0.5em \mathrm{and}\kern0.5em {\Phi}_m(P)\ne 0\kern0.5em \mathrm{for}\kern0.5em \mathrm{all}\;1\le m< n\right\}.\hfill \end{array} $$

Thus, Per n (ϕ) is the set of points of period n, \( {\mathrm{Per}}_n^{\ast}\left(\phi \right) \) is the set of points of formal period n, and \( {\mathrm{Per}}_n^{\ast \ast}\left(\phi \right) \) is the set of points of primitive (or exact) period n. This definition will be used to prove proposition theorm1. Beyond that, we also need the definition of the DMC.

Replacing c with y in Eq. (1), (2), (3) and so on, we can obtain affine curve in affine space. That is,

Definition 3

The dynatomic modular curve Y 1(n)⊂A 2 is the affine curve defined by the equation

$$ {\Phi_n}^{\ast}\left( y, z\right)=0. $$

The normalization of the projective closure of Y 1(n) is denoted by X 1(n).Where A 2 represents 2-dimensional affine space.

Indeed, Y 1(n) is a curve in affine space, which satisfies the equation Φ1 (y, z) = 0. (y, z) represents the coordinates of the curve Y 1(n). When (y, z) is replaced by homogeneous coordinates \( \left(\frac{y}{w},\frac{y}{w}\right) \), we can get projective curve X 1(n) in projective space (w is a constant). That is,

$$ {X}_1(n):\kern1em {\Phi_n}^{\ast}\left( y, z, w\right)=0. $$

X 1(n) is a curve in projective space, and there is a close correspondence between X 1(n) and Y 1(n). Such as, affine curve Y 1(1) satisfies Φ1 (y, z) = 0, that is, −z 2 − z + y = 0. And, projective curve X 1(1) satisfies Φ1 (y, z, w) = 0, that is, z 2 + zw − yw = 0. Similarly, the affine curve Y 1(2) satisfies z 2 − z + (1 − y) = 0. And projective curve X 1(2) satisfies z 2 − zw − yw + w 2 = 0. In [21], the author has shown that X 1(1)and X 1(2) are rational curve. Indeed, X 1(3) is a rational curve too.

Proposition 1

Let dynatomic modular curve Y 1(3) satisfies Φ3 (y, z) = 0. X 1(3) is the normalization of the projective closure of Y 1(n). So the X 1(3) is a rational curve.

Proof. In order to parameterize X 1(3), suppose that ϕ(z) = Az 2 − Bz + C is any quadratic polynomial with a periodic point of primitive period 3. Note that, as long as the field K does not have characteristic 2, the any quadratic polynomial ϕ(z) = Az 2 − Bz + C can be put into the form (−z 2 + c) as the following method. Let \( f(z)=\frac{B-2 z}{2 A} \), which results to \( {f}^{-1}(z)=\frac{B}{2}- Az \). Thus

$$ {\phi}^f(z)=\left({f}^{-1}\circ \phi \circ f\right)(z)=-{z}^2+\left(\frac{B^2}{4}- AC+\frac{B}{2}\right). $$
(4)

Then, conjugating by a linear map z ↦ αz + β, we may assume that the given 3-cycle has the form 0 → 1 →t → 0for some t.This gives the equations

$$ \left\{\begin{array}{c}\hfill \phi (0)= C=1,\kern4.5em \hfill \\ {}\phi (1)= A- B+ C= t,\kern1.12em \hfill \\ {}\phi (t)={At}^2- B t+ C=0.\hfill \end{array}\right. $$

Solving for A, B, C in terms of t yields

$$ A=\frac{t^2- t+1}{t-{t}^2},\kern1em B=\frac{t^3-{t}^2+1}{t-{t}^2},\kern1em C=1. $$

Put A, B and C into the expressions of ϕ f(z) and f −1(z), we obtain

$$ \begin{array}{l}{\phi}^f(z)=-{z}^2+\frac{t^6-4{t}^5+9{t}^4-8{t}^3+4{t}^2-2 t+1}{4{t}^4-8{t}^3+4{t}^2},\hfill \\ {}\hfill {f}^{-1}(0)=\frac{t^3-{t}^2+1}{2 t-2{t}^2}.\hfill \end{array} $$

It shows that for every value of t ∉ {0, 1}, the point

$$ {P}^{\ast }=\left(\frac{t^6-4{t}^5+9{t}^4-8{t}^3+4{t}^2-2 t+1}{4{t}^4-8{t}^3+4{t}^2},\frac{t^6-4{t}^5+9{t}^4-8{t}^3+4{t}^2-2 t+1}{4{t}^4-8{t}^3+4{t}^2}\right), $$

is a solution to the equation

$$ \begin{array}{l}{\Phi}_3^{\ast}\left( y, z\right)={z}^6-{z}^5+\left(1-3 y\right){z}^4+\left(2 y-1\right){z}^3+\left(3{y}^2-3 y+1\right){z}^2\\ {}\kern3.86em +\left(-{y}^2+2 y-1\right) z-\left({y}^3-2{y}^2+ y-1\right)=0.\end{array} $$

It also can be verified by using a computer. That is to say, \( {P}^{\ast}\in {\mathrm{Per}}_3^{\ast}\left(\phi \right) \) and it is formal period 3. We have thus constructed a nonconstant rational map

$$ {\mathrm{\mathbb{P}}}^1\to {X}_1(3),\kern0.5em t\mapsto \left(\frac{t^6-4{t}^5+9{t}^4-8{t}^3+4{t}^2-2 t+1}{4{t}^4-8{t}^3+4{t}^2},\frac{t^3-{t}^2+1}{2 t-2{t}^2}\right). $$
(5)

That is, rational map can be obtained for t ∉ {0, 1} from (5). Thus, X 1(3) is a rational curve.

Moreover, X 1(3) is birational to 1 based on Lüroth’s theorem [6]. For it, we can make further explanation. Assuming that (c, b) be a root of \( {\Phi}_3^{\ast } \), and set g(z) = (−b 2 + c − b)z + b. So, g sends 0 to b and 1 to ϕ(b). Then

$$ g{}^{-1}(z)=\frac{z- b}{-{b}^2- b+ c}, $$

and

$$ {\phi}^g(z)=\left({g}^{-1}\circ \phi \circ g\right)(z)=-\left(-{b}^2- b+ c\right){z}^2-2 bz+1. $$
(6)

It can be computed that ϕ g(0) = 1, ϕ g(1) = b 2 − b − c + 1 from (6), and

$$ \begin{array}{l}{\phi}^g\left({b}^2- b- c+1\right)={b}^6-{b}^5+\left(1-3 c\right){b}^4+\left(2 c-1\right){b}^3+\left(3{c}^2-3 c+1\right){b}^2\\ {}\kern6.80em -\left({c}^2-2 c+1\right) b-\left({c}^3-2{c}^2+ c-1\right).\end{array} $$

Since (c, b) is a root of \( {\Phi}_3^{\ast } \), that is to say \( {\Phi}_3^{\ast}\left( c, b\right)=0 \). Putting (c, b) into \( {\Phi}_3^{\ast } \), we may obtain

$$ {\phi}^g\left({b}^2- b- c+1\right)={\Phi}_3^{\ast}\left( c, b\right)=0. $$

Thus we can get the 3-cycle for ϕ g, that is, 0 → 1 → b 2 − b − c + 1 → 0. Compared with the above 3-cycle, it gives the map

$$ \begin{array}{cc}\hfill {X}_1(3)\to {\mathrm{\mathbb{P}}}^1,\hfill & \hfill \left( c, b\right)\mapsto {b}^2- b- c+1,\hfill \end{array} $$
(7)

which is inverse to (5), this can also be checked directly with a computer yet. For example, let

$$ \begin{array}{cc}\hfill y(t)=\frac{t^6-4{t}^5+9{t}^4-8{t}^3+4{t}^2-2 t+1}{4{t}^4-8{t}^3+4{t}^2},\hfill & \hfill z(t)=\frac{t^3-{t}^2+1}{2 t-2{t}^2}.\hfill \end{array} $$

When t = 0.35, the correspondence y = 5.3964 , z = 2.7083. At this time,z 2 − z − y + 1 = 0.35 = t.

Since (7) is the inverse mapping of (5), there is a one to one mapping between P 1 and X 1(3). This mapping can be used to encrypt and decrypt private data. This scheme has the following two advantages.

  1. (a)

    Increasing infinity point and infinity line can reduce effectively calculation error, and improve the calculation accuracy.

For example, let t 1 = 0.000012. When reserved four decimal places, it will produce larger rounding error by direct calculation in affine space. However, in projective space, we can let w = 0.00001. Then we can obtain t 1  = 1.2, which will reduce calculation error if we use this value to calculate.

  1. (b)

    It can help us expand or compress the scope of data by choosing an appropriate value of w.

For example, given arbitrarily t 2 ∈ (0, 1), we may choose w = 0.01, and it makes t 2∗ ∈ (0, 100). Similarly, if we choose w = 100, the scope of t will be compressed to (0, 0.01). This property can be used to adjust the scope of chaotic attractor according to the requirement of the problem.

However, due to the existence of periodic points, it is not enough to use the above properties to design the encryption algorithm. In order to get rid of periodic points, we must build the relationship between the Logistic map and the DMC.

3 The relationship between logistic map and dynatomic modular curve

In this section, the relationship between the Logistic map and the DMC is discussed. In addition, the periodic points are analyzed, in order to ensure the security of the proposed algorithm.

Now we see that the expression of ϕ(z) =  − z 2 + c play an important role for dynatomic polynomial \( {\Phi}_n^{\ast }(z) \). It has close relationship for Logistic map.

$$ z\left( n+1\right)= az(n)\cdot \left[1- z(n)\right], a\in \left[0,4\right], z(n)\in \left(0,1\right) $$
(8)

Given some parameters and initial values, some sequences can be obtained from (8), which would be used in the next section. Equation (8) can be described by ψ(z) = a(z − z 2), and it can be transformed into the form −z 2 + c based on the process of proposition1. Such as, let \( h(z)=\frac{1}{2}+\frac{1}{2} \), thus \( {h}^{-1}(z)=-\frac{a}{2}+ az \).

Then

$$ {\psi}^h(z)=\left({h}^{-1}\circ \psi \circ h\right)(z)=-{z}^2+\left(\frac{a^2}{4}-\frac{a}{2}\right). $$

The expression of ψ h(z) is consistent with (4). Therefore, we can analyze Logistic map as the method in section 2. That is to say, when a and t satisfies the equation

$$ \frac{a^2}{4}-\frac{a}{2}=\frac{t^6-4{t}^5+9{t}^4-8{t}^3+4{t}^2-2 t+1}{4{t}^4-8{t}^3+4{t}^2}, $$
(9)

we can obtain rational map (5) and (7). That is, Logistic map can be considered a special kind of the DMC based on Eq. (9).

Let a = 3.8355, then t =  − 0.7356 from (9). It makes (1.76, 0.0238) is the solution to \( {\Phi}_3^{\ast}\left( y, z\right)=0 \). So, 0.0238 is the formal period 3 point of ψ. According to Li-Yorke theorm, ψ can produce chaos when a = 3.8355. Thus, the chaotic state of the Logistic map is verified from the perspective of the DMC. Since 0.0238 ∈ (0, 1), we should get rid of this periodic point in encryption algorithm. Therefore, for arbitrary parameters a ∈ [0, 4], we need remove the periodic point which belongs to (0, 1) to improve the security of the algorithm. But, when a = 4, there exists t = 2.8794, which makes (2, 1.5321) is the solution to the equation \( {\Phi}_3^{\ast}\left( y, z\right)=0 \). So, 1.5321 is also the formal period 3 point of ψ. Since 1.5321 ∉ (0, 1) in Logistic map, we can use sequences to encrypt the image directly, instead of eliminating it in advance. Anyhow, the processes of removing the periodic points need to be discussed in design of algorithm.

In order to obtain more secure encrypted image, not only we should get rid of those periodic points, but also ensure that sequence after transformation is far from them. Therefore, an adjustment coefficient b is introduced into the encryption algorithm.

4 Image encryption based on chaos and dynatomic modular curve

4.1 Image encryption flowchart

From Fig. 1, we can see that the proposed algorithm mainly adopts Logistic map, and the most important step is projective transform. After it, we can obtain two sequences. One is used to scramble the original image pixels and another is used to replace pixel values.

Fig. 1
figure 1

Block diagram of the encryption algorithm

Full size image

4.2 Encryption and decryption algorithm

According to the flowchart, the process of the proposed algorithm can be summarized as follows:

  1. Step 1:

    Set effective parameter and initial value, and one sequence T = {t 1, t 2,  ⋯ , t N } can be generated from the Logistic map. N = m × k is the length of the sequence, where m is the number of rows of the image matrix and k is the number of columns of the image matrix.

  2. Step 2:

    Projective transform. Suppose t i  ∈ T, i = 1 , 2 ,  ⋯  , N.Using the projective transform (5), t i is changed into (y i , z i ), y i forms a set Y. And another set \( Z=\left\{{z}_i^{\prime}\right\} \) can be obtained by the following function.

$$ {z}_i^{\prime }=\left\lfloor {10}^p\cdot \left({bz}_i-\left\lfloor {bz}_i\right\rfloor \right)\right\rfloor \mod\ 256 $$
(10)

where b is called adjustment coefficient and p is called amplification parameter. z i (i = 1, 2,  ⋯ , N) can be converted to some other elements which belong to [0, 255] by Eq. (10).

  1. Step 3:

    Image scrambling. Assume that the original image matrix X = {x ij |i = 1, 2,  ⋯ , m; j = 1, 2,  ⋯ , k}.

Then the elements of Y are sorted by the ascending order. In fact, this rearrangement is a kind of transformation. We can rearrange original image pixels according to this transformation function. The pixel set after scrambling is denoted as \( {X}^{\prime }=\left\{{x}_{ij}^{\prime}\left| i=1,2,\cdots, m; j=1,2,\cdots, k\right.\right\} \).

  1. Step 4:

    Pixel replacement. Performing the operation of XOR between the sequence Z and the scrambled image sequence X as follows:

$$ {y}_{i j}={z}_i^{\prime}\oplus {x}_{i j}^{\prime }. $$
(11)

Then, we obtain a set Y  = {y ij |i = 1, 2,  ⋯ , m; j = 1, 2,  ⋯ , k}, which is the pixel set of the encrypted image.

The decryption is the inverse process of the encryption. Firstly, do the operations as step 1 to 2 in the encryption algorithm. Secondly, the XOR operation is performed between the encrypted image data and the sequence Z. Finally, the scrambling operation is performed by using of index inverse transform function and reconstructs the original image.

Figure 2 shows the index transform function and its inverse function for some data.

Fig. 2
figure 2

Index transform diagram between original and ascending order

Full size image

From Fig. 2, the index of the sorted elements has a corresponding relationship with the original elements. Assume φ represents the function between the indexes, we can obtain that

$$ \begin{array}{l}\varphi (1)=1,\varphi (2)=7,\varphi (3)=12,\varphi (4)=3,\varphi (5)=2,\varphi (6)=8,\hfill \\ {}\varphi (7)=11,\varphi (8)=4,\varphi (9)=5,\varphi (10)=6,\varphi (11)=9,\varphi (12)=10.\hfill \end{array} $$

And

$$ \begin{array}{l}{\varphi}^{-1}(1)=1,{\varphi}^{-1}(2)=5,{\varphi}^{-1}(3)=4,{\varphi}^{-1}(4)=8,{\varphi}^{-1}(5)=9,{\varphi}^{-1}(6)=10,\hfill \\ {}{\varphi}^{-1}(7)=2,{\varphi}^{-1}(8)=6,{\varphi}^{-1}(9)=11,{\varphi}^{-1}(10)=12,{\varphi}^{-1}(11)=7,{\varphi}^{-1}(12)=3.\hfill \end{array} $$

This algorithm can make full use of the advantages of the DMC to improve the security of the encrypted image, and it can reduce calculation error. These conclusions can be verified by the following experiments.

5 Experimental results

Five images are taken for testing effectiveness of the proposed algorithm and they are two gray images (256 × 256,512 × 512) and three color images (256 × 256,512 × 512,600 × 400). R represents red, G represents green, and B represents blue in color images. The histograms of the original image and encrypted image are shown in Figs. 3, 4, 6, 7, and 8. The histograms of decrypted image are shown in Fig. 5. Choose parameters a = 3.8355 , p = 10 , b = 2.345 and initial valuez(0) = 0.58.

Fig. 3
figure 3

The histograms of the original and encrypted gray image (256 × 256)

Full size image
Fig. 4
figure 4

The histograms of the original and encrypted color image (256 × 256)

Full size image
Fig. 5
figure 5

The histograms of the decrypted images

Full size image

From Figs. 3, 4, 6, 7, and 8, histograms of the original image and the encrypted image are very different. The histogram of encrypted image is uniform distribution. Indeed, it can be verified by Chi-square test for each image. Here, we take the gray image as an example to verify this conclusion.

  • H 0: Encrypted pixel values of the gray image obey uniform distribution.

  • H 1: Encrypted pixel values of the gray image not obey uniform distribution.

Fig. 6
figure 6

The histograms of the original and encrypted gray image

Full size image
Fig. 7
figure 7

The histograms of the original and decrypted color image (512 × 512)

Full size image
Fig. 8
figure 8

The histograms of the original and encrypted color image (600 × 400)

Full size image

Assume that n 1 represents the number of samples, X i (i = 1, 2,  ⋯ , n 1) represent random variable of encrypted gray values, and all samples are divided into m 1 groups, f j (j = 1, 2,  ⋯ , m 1) represents frequency of group j. Let \( \overline{X} \) represents the mean value, θ and ω are parameters of this distribution. Then, the estimated value of θ and ω can be obtained by the point estimate method.

$$ \begin{array}{l}\widehat{\theta}=\overline{x}-\sqrt{\frac{3}{n_1}\sum_{i=1}^{n_1}{\left({x}_i-\overline{x}\right)}^2}=0,\hfill \\ {}\widehat{\omega}=\overline{x}+\sqrt{\frac{3}{n_1}\sum_{i=1}^{n_1}{\left({x}_i-\overline{x}\right)}^2}=256.\hfill \end{array} $$

The probability p j {X = j} , j = 1 , 2 ,  ⋯  , m 1 can be calculated as uniform distribution which parameters have been known. Finally, we can make a decision through comparing the value of

$$ {\chi}^2=\sum_{j=1}^{m_1}\frac{{\left({f}_j-{n}_1{p}_j\right)}^2}{n_1{p}_j}, $$

with χ 2(97). Results are listed in Table 1 which derives from SPSS statistics 19.

Table 1 The results of Chi-square test for gray image (α = 0.05)
Full size table

Table 1 demonstrates the progressive significance p  > 0.05. So, we can’t reject H 0.That is to say, encrypted pixel values of the gray image obey uniform distribution. As is known to all, the color image is composed of three pixel matrixes, which are R matrix, G matrix and B matrix. Each pixel matrix can be encrypted and decrypted according to the same processing method of gray image. Then, encrypted image can be got by merging them. So, the proposed scheme is feasible to color image. Moreover, it can also be verified that encrypted pixel values of the color image obey uniform distribution through Chi-square test. Results are listed in Table 2.

Table 2 The results of Chi-square test for color image (α = 0.05)
Full size table

Table 2 shows that each progressive significance value P is far greater than 0.05. Moreover, all values of progressive significance are greater than 0.454. That is to say, the proposed encryption algorithm works better for color image.

The computational time of these images is listed in Table 3. In addition, other seventeen color images which have different size are selected from the USC-SIPI image database. Encryption and decryption time of all images are shown in Fig. 9. And all the algorithms are calculated by MATLAB R2013a on the same computer with Inter Xeon E5-2630v2/16G, DDR3.

Table 3 Computational time of five different images
Full size table
Fig. 9
figure 9

Encryption and decryption time of different images

Full size image

Let T e represents encryption time, T d represents decryption time, and P s represents the size of images. Thus, T e and T d of different images which size belongs to (10,000, 160,000) are shown in Fig. 9a. T e and T d of different images which size belongs to (10,000, 640,000) are shown in Fig. 9b. Figure 9 indicate that T e and T d of different images increase with the size of images. Specially, for different size of images, the shortest T e  = 0.2196s and T d  = 0.1335s, and the longest T e  = 2.4534s and T d  = 2.5047s. Moreover, the relationship between T e and P s can be approximately represented by T e  = 3.6714 × 10−6 P s  + 0.1705, which derives from fitting (Fig. 10a). Similarly, the relationship between T d and P s can be approximately represented by T d  = 3.6271 × 10−6 P s  + 0.1586 (Fig. 10b). Thus, the encryption and decryption time of all images in the USC-SIPI image database can be estimated through the above two linear function. For example, a color peppers (512 × 512) image is selected to verify it, and its file name is 4.2.07 in the USC-SIPI image database. When P s  = 262144, we can obtain that T e  = 1.1329s and T d  = 1.1094s.They are very close to the experimental results in Table 3. Therefore, the proposed algorithm is applicable to any image of this database. And because of it, we use the above five images as the representative to analysis the performance of the proposed algorithm in the next section.

Fig. 10
figure 10

The fitting curve of encryption and decryption time for different images

Full size image

6 Performance analysis

In this section, the performances of the encryption algorithm are measured by calculating the correlation coefficient, the information entropy, the values of NPCR and UACI. Moreover, the key space, the key sensitivity and the algorithm intensity are discussed.

6.1 Correlation coefficient

Correlation coefficient measures the dependence of two adjacent variables at a certain direction. The closer this value is zero the less correlation exists between two adjacent. Conversely, the value is to 1. The two variables are not relevant and unpredictable when correlation coefficient is close to 0. The calculation formula of correlation coefficient is as follows [9].

$$ r=\frac{n\left(\sum_{i=1}^n{x}_i{y}_i\right)-\left(\sum_{i=1}^n{x}_i\right)\left(\sum_{i=1}^n{y}_i\right)}{\sqrt{\left[ n\left(\sum_{i=1}^n{x}_i^2\right)-{\left(\sum_{i=1}^n{x}_i\right)}^2\right]\left[ n\left(\sum_{i=1}^n{y}_i^2\right)-{\left(\sum_{i=1}^n{y}_i\right)}^2\right]}} $$
(12)

where \( n\left(\sum_{i=1}^n{x}_i{y}_i\right)-\left(\sum_{i=1}^n{x}_i\right)\left(\sum_{i=1}^n{y}_i\right) \) represents the sample variation, \( \left[ n\left(\sum_{i=1}^n{x}_i^2\right)-{\left(\sum_{i=1}^n{x}_i\right)}^2\right] \) and \( \Big[ n\left(\sum_{i=1}^n{y}_i^2\right) \) \( -{\left(\sum_{i=1}^n{y}_i\right)}^2\Big] \) are the sample standard variation of X j and Y j (j = 1, 2,  ⋯ , m), respectively.

All correlation coefficients of adjacent pixel of the original and encrypted image are calculated from the horizontal, vertical and diagonal directions. For example, let X j  = {x j1, x j2⋯, x jn } represents one pixel vector of the gray image, the adjacent pixel vector of X j is Y k  = {y k1, y k2⋯, y kn }, which satisfies k = j + 1 ,  j = 1 , 2 ,  ⋯  , m − 1. According to (12), the correlation coefficient of X j and Y k can be calculated. Finally, the correlation coefficient of the gray image in a fixed direction is obtained by averaging. For color images, the correlation coefficients of R, G and B matrices are calculated respectively. And then their average value which represents the correlation coefficients of the color image is calculated. Thus, the number of correlation coefficient varies with the size of the image. Some computational results are listed in Table 4, which only includes average values. Each value of correlation coefficients is shown in Figs. 11, 12, 13, 14, and 15.

Table 4 Average correlation coefficients of different images
Full size table
Fig. 11
figure 11

All the correlation coefficients of gray image (Lena)

Full size image
Fig. 12
figure 12

All the correlation coefficients of color image (Lena)

Full size image
Fig. 13
figure 13

All the correlation coefficients of gray image (Filtration)

Full size image
Fig. 14
figure 14

All the correlation coefficients of color image (Vegetables)

Full size image
Fig. 15
figure 15

All the correlation coefficients of color image (Elephant)

Full size image

Table 4 shows that correlation coefficients of the different original images in horizontal, vertical and diagonal directions are close to 1. However, they are close to 0 after encryption. More specifically, the correlation coefficient of the original Filtration image is 0.991562 in vertical direction, but it drops to 0.000097 by encrypting. Similar results can be obtained in horizontal and diagonal direction.

The adjacent pixels of the original image have a significant correlation from Figs. 11, 12, 13, 14, and 15a. However, the correlation disappeared after encryption. Moreover, all correlation coefficients of the encrypted image evenly are distributed in the small range of zero from Figs. 11, 12, 13, 14, and 15b. In order to more accurately determine the distribution type of the correlation coefficients in the encrypted image, we describe the frequency charts in different directions in Fig. 16.

Fig. 16
figure 16

correlation coefficient’s frequency distribution of encrypted gray image (Lena)

Full size image

Figure 16 shows that the correlation coefficients of the encrypted image obey normal distribution, and this conclusion can be verified by single sample K-S test. The process of this test is given as follows.

  • H 0: Correlation coefficients of the encrypted image obey normal distribution.

  • H 1: Correlation coefficients of the encrypted image don’t obey normal distribution.

Let x i represents sample, F 0(x) represents theory distribution function, and \( {F}_{n_2}(x) \) represents sample cumulative frequency function. And let

$$ D= \max \left|{F}_{n_2}(x)-{F}_0(x)\right|. $$

In order to obtain F 0(x), we must estimate μ and σ, which are parameters of normal distribution in H 0. They can be obtained by the following formulas,

$$ \widehat{\mu}=\frac{1}{n_2}\sum_{i=1}^{n_2}{x}_i=\overline{x},\kern0.5em {\widehat{\sigma}}^2=\frac{1}{n_2}\sum_{i=1}^{n_2}{\left({x}_i-\overline{x}\right)}^2. $$

And, \( {F}_{n_2}(x)= F/{n}_2 \), where F represents cumulative frequency, and n 2 represents sample size. When D > D(n 2, α) (α is significance level, here α = 0.05), reject H 0. Otherwise, accept H 0.

SPSS is used to test correlation coefficient’s distribution. The results of K-S test are listed in Table 5.

Table 5 Single sample K-S test for correlation coefficient of the encrypted images
Full size table

From Table 5, the maximum value of progressive significant is 0.9645 and the minimum value is 0.6251. Each value of progressive significant is greater than 0.05. Moreover, the mean value and standard deviation are close to zero. The results indicate that the correlation coefficients of the encrypted image obey normal distribution.

In addition, we randomly select two adjacent pixel vectors in the original image and the encrypted image. And the distribution of these pixel values is shown in Figs. 17 and 18.

Fig. 17
figure 17

The distribution of two adjacent pixel vectors for the original image (Lena)

Full size image
Fig. 18
figure 18

The distribution of two adjacent pixel vectors for the encrypted image (Lena)

Full size image

Before encryption, the distribution of two adjacent pixel vectors is close to a straight line. However, the distribution is not regular after encryption. Therefore, it is difficult for the attacker to analyze the distribution law of the image under such an irregular distribution.

6.2 Resistance statistical analysis

We have done statistical analysis for the proposed algorithm in section 5. The results show that the histogram of encrypted image is uniform distribution. That is to say, the frequency of each pixel value is very close after encryption. The result is quite different from the distribution of the original image. It makes the attacker cannot obtain the statistical law of the encrypted image, which is a precondition for breaking the code. Moreover, Correlation coefficient analysis demonstrates that all correlation coefficients of different encrypted images are close to zero in section 6.1. It makes the attacker cannot predict the original image by analyzing the statistical characteristics of the encrypted image. So, the proposed algorithm can resist statistical attack.

6.3 Key sensitivity

A good encryption algorithm should be very sensitive to the key. A slight variation of the key should result in totally different image in the reconstructing process. Figure 19a–e show some decrypted images with the correct key. Figure 19f–j show some decrypted images with different keys which have a slightly change.

Fig. 19
figure 19

Key sensitivity test for different images

Full size image

In this algorithm, all the original images can be recovered when using of the correct keys ((Fig. 19a–e). However, when the parameter or the initial value of Logistic map is changed slightly, it can’t obtain the original image (Fig. 19f–g). If parameter p is changed to 9 from 10, it can’t obtain the original image (Fig. 19h), and if parameter b is changed to 2.3450001 from 2.345, it can’t obtain the original image yet (Fig. 19i). If all keys are changed slightly, the original image is more difficult to obtain (Fig. 19j). Moreover, each histogram of decrypted image obeys uniform distribution when used wrong key. So, the proposed algorithm is sensitive to the key.

6.4 NPCR and UACI

NPCR is the comparison of relational positions between original and encrypted images in order to ensure that the pixels of every level matrix can be altered. UACI is, on the other hand, the percentage of the average level matrix change between the relational positions of two images [9]. The following equations define NPCR and UACI:

$$ \begin{array}{l} NPCR=\kern-2em \frac{\sum_{i=0}^{M-1}{\sum}_{j=0}^{N-1} D\left( i, j\right)}{M\times N}\times \kern-2.5em 100\kern-2em \%\kern-2em ,\hfill \\ {} UACI=\frac{1}{M\times N}{\sum}_{i=0}^{M-1}{\sum}_{j=0}^{N-1}\frac{\left| A\left( i, j\right)-{A}_{CS}\Big( i, j\Big)\right|}{255}\times 100\%,\hfill \end{array} $$

and

$$ D\left( i, j\right)=\left\{\begin{array}{c}\hfill 0,\kern1.5em A\left( i, j\right)={A}_{CS}\left( i, j\right)\hfill \\ {}\hfill \hfill \\ {}\hfill 1,\kern1.5em A\left( i, j\right)\ne {A}_{CS}\left( i, j\right)\hfill \end{array}\right.\begin{array}{c}\hfill, \hfill \\ {}\hfill \hfill \\ {}\hfill, \hfill \end{array} $$

where A is the original image of M × N dimension, and A cs is the encrypted image. M and N are width and height of the image. Taking the gray image as an example, we discuss the influence of the parameter p on the NPCR and UACI. Figure 20 shows that the values of NPCR and UACI are different for different parameter p. It has a fixed trend when p → ∞. That is to say, NPCR and UACI are invariable for some p. A few precise values of NPCR and UACI are listed in Table 6.

Fig. 20
figure 20

Simulation of NPCR and UACI with different p

Full size image
Table 6 Values of NPCR and UACI with different p
Full size table

From Table 6, there exists large difference when p ≥ 19, which is caused by the calculation accuracy. Moreover, experiments show that each pixel value of encrypted image is equal after p = 24, which also consists of 8-bit integer and 16-bit decimal numbers. In this time, Eq. (10) will fail. That is, the proposed algorithm only contains scrambling process without replacement. Thus, the value of NPCR is 99.3790% which stay away from the ideal value. The same reason is for UACI. In addition, the values of NPCR and UACI are unsatisfactory when p = 1. Moreover, it is found that they are still close to the ideal values when p isn’t an integer by experiments, such as p = 9.5812. At this time, the information of the encrypted image is completely different from that of the other p. So, we should choose p ∈ (2, 18) to achieve the best encryption effect in our computer. If our algorithm can be combined with cloud computing, the scope of p will dramatically increase.

We also discuss the influence of adjustment coefficient b on NPCR and UACI for different p. Values of NPCR and UACI are shown in Figs. 21 and 22.

Fig. 21
figure 21

Simulation of NPCR with different b and p

Full size image
Fig. 22
figure 22

Simulation of UACI with different b and p

Full size image

When p = 10, the average value of NPCR and UACI is 99.6145% and 32.5906%, respectively. They have litter change for different b. We can get the same conclusion by simulation experiments when p ∈ (2, 18) and b ∈ R . When p ≥ 19, the average value of NPCR and UACI remains unchanged with different b. But, the difference between them and the ideal value becomes lager duo to the role of the parameter p. Therefore, the values of NPCR and UACI are not affected by the adjustment coefficient b. Other values of NPCR and UACI are listed in Table 7 for different images whenp = 10 , b = 2.345.

Table 7 Values of NPCR and UACI for different images
Full size table

According to the principle of cryptography, a good encryption algorithm should be fully sensitive to the clear text. This sensitivity is stronger; the ability to resist differential attack will be stronger. The sensitivity of the encryption algorithm to the clear text can be characterized by the number of pixels change rate (NPCR) [4]. That is to say, NPCR is an important measure index of resisting differential attack. From Table 7, the values of NPCR are very close to the ideal value 99.6094% when p = 10 and b = 2.345. The results show that the information of original images has a good spread to encryption image and the proposed algorithm can resist differential attack.

6.5 Information entropy

The information entropy of image actually measures the distribution of gray value in the image. Greater information entropy represents higher uniformity of the images. Generally, an ideal value of information entropy is approaching to 8 for an image after encryption. The closer the entropy of an encryption algorithm is to 8 the less predictable, and this scheme is more secure. It is defined as follows [29]:

$$ H(m)=\sum_{i=1}^{2^n-1} p\left({m}_i\right) \log 2\left(\frac{1}{p\left({m}_i\right)}\right), $$

where m i is i-th gray value of the image, p(m i ) represents the probability of occurrence of m i .The information entropy of different encrypted images are calculated and the results are listed in Table 8. It shows that the entropy value of the encrypted image is close to the ideal value, especially for color images.

Table 8 Entropy values of different encrypted images
Full size table

6.6 Key space

In our algorithm, the parameter value of the Logistic map a = 3.8355 is used as secret key. So, we need 32 bits to store this value (single float number in MATLAB). Another 32 bits is needed for storing initial value 0.58. Finally, adjustment parameter b = 2.345 and amplification parameter p ∈ (2, 18) are also used as secret key. We need 64 bits to store them according to the analysis of parameter b and p in subsection 6.4. Therefore, the total number of bits used to store all the key values is 128. Thus, the cryptosystem has at least 2128 different combinations and this large key space is enough to resist brute force attack.

6.7 Algorithm intensity analysis

A malicious attacker may destroy the encrypted image, and the legitimate receiver can decrypt the image successfully. Destroyed encryption images are shown in Fig. 23a–e, and the corresponding decrypted images are shown in Fig. 23f–j.

Fig. 23
figure 23

Algorithm intensity test for different images

Full size image

Figure 23 demonstrates that, even if an encrypted image is destroyed by an attacker, the legitimate receiver can decrypt the image successfully, only noise exists. Hence, the encryption algorithm can resist illegal tampering.

6.8 Comparison with some existing encryption algorithms

6.8.1 Comparison of correlation coefficient

In order to reflect the advantages of the proposed algorithm in terms of security, comparison of the correlation coefficient between original image and encrypted image is preformed in Table 9. Better results are achieved than most of the schemes mentioned in this paper, such as multi-chaotic system based schemes [8], bit level permutation based schemes [13], chaotic system based schemes [27], DNA computing based schemes [30], and secure image encryption based schemes [17].

Table 9 Comparison results of correlation coefficient for gray image (Lena)
Full size table

From Table 9, the average value of correlation coefficient of the proposed algorithm is 0.0053, which is smaller than Huang’s, Lin’s, Ye’s, Zhang’s and Zahra’s. This means that, the attacker will be more difficult to discover the distribution law of the encrypted image when compared with the above algorithms, and the proposed algorithm has better effect in resistance statistical attack.

6.8.2 Comparison of key sensitivity

Since the key sensitivity is an important index of the security, we also compare it with the same algorithm without the projective transformation in reference [16], which used Henon map to encrypt image. Our results are shown in Fig. 19. Their results are shown in Fig. 24.

Fig. 24
figure 24

Testing of key sensitivity for other algorithms

Full size image

From Fig. 24, we can’t get the original image when parameter u = 1.77(the correct parameter u = 1.76 in [16]). However, we can obtain main information of the original image when the value of u is changed very small, such as u = 1.7601(Fig. 24c, f, h, j, l). It means that the main information has been leaked when differences reach 10−4 between the correct and the wrong key. There is no doubt that the security of algorithm is not guaranteed to resist brute force attack. But, the attacker could not obtain any information about the original image when differences reach 10−15 in our algorithm. The results show that the proposed algorithm has a higher security.

6.8.3 Comparison of computational complexity

Apart from the security consideration, some other issues on an image encryption scheme are also important, including the computational complexity which is composed of time complexity and space complexity, particularly for real-time Internet applications. The computational complexity of the proposed encryption algorithm depends on data generating operation, projective transform operation, image scrambling operation, and pixel replacement operation. The complexity of the first two steps for an image is O(n), and the latter two steps is O(n2). So the total computational complexity is O(n2). Specifically, the execution time of the above five images is faster than some well-known encryption algorithms [1, 11] in the same MATLAB R2013a platform. The results of execution time for different algorithms are shown in Fig. 25a. In addition, the occupied space is also being compared, and the results are shown in Fig. 25b.

Fig. 25
figure 25

Comparison of computational complexity for different algorithms

Full size image

Figure 25a shows that T e of the proposed algorithm are faster than some other algorithms, such as AES and DES. From Fig. 25b, when the size of color image is 256 × 256, the occupied space of all algorithms is very close to 18.5642 MB. Moreover, the advantage of the proposed algorithm is further strengthened with the increase of the image size. Generally, the occupied space of our algorithm is lower than other algorithms when the size of the image is more than750 × 750.

In order to compare the running speed of the algorithms, we let S pe  = S pa /T e . Where S pe represents the running speed, S pa represents the occupied space. Thus, the running speed of the proposed algorithm is faster than other algorithms (Fig. 25c). Concretely, the average running speed of the proposed algorithm is 44.0836 MB/s, and it is much higher than 14.4591 MB/s which is the maximum of the AES and DES algorithm. Therefore, our algorithm is more suitable for image encryption.

7 Conclusions

In this paper, we have proposed a secure and effective encryption algorithm for images based on Logistic map and the DMC. One of the most benefits of the proposed algorithm is that we increase the diffusivity by using of projective transformation. It makes our algorithm has many good performances, which can resist statistical attack, brute force attack and differential attack.

In the future, we will continue to discuss the following problems.

  1. (1)

    Research the relationship between Henon map and dynatomic modular curve.

  2. (2)

    Applying our scheme to the video encryption algorithm, and evaluating its performance.