1 Introduction

With the development of computer and network technology, information security issues obtain great attention. Data encryption standard (DES) and advanced encryption standard (AES) are two traditional encryption algorithms. Intrinsic properties of chaotic systems lead to natural relationship and structural similarity between chaos and cryptography [1]. Chaos has been a hot topic in recent half-century [25]. Many digital image encryption schemes have been proposed based on chaotic systems [618]. However, the finite precision effect is a bottleneck of cryptography development.

Fractional-order chaotic systems have more complex characteristics. It has been found that fractional-order chaotic systems have wider applications in secure communication, signal processing, financial field, and digital watermark technology [1922]. Low-dimensional chaotic systems can be easily implemented based on hardware platform but of weak secrecy, whereas high-dimensional hyper-chaotic systems have opposite characters. In view of their contradictions and characteristics degradation of digital chaotic system under finite precision effect [2325], theory analysis about fractional-order systems is proposed [26]. The conceptual distinction between proper and improper fractional chaotic systems was put forward by Hu et al. in [27]. Fractional-order chaos has larger key space and more complex random sequences than integer-order chaos [16, 17]. But the research of image encryption based on fractional-order chaos is very few and will be a great valuable research topic.

This paper is organized as follows. In Sect. 2, a new fractional-order chaotic system is introduced. A novel image encryption algorithm is proposed in Sect. 3. In Sect. 4, two numerical examples are given to illustrate the effectiveness of the proposed algorithm. Finally, Sect. 5 concludes the paper.

2 A new fractional-order chaotic system

Based on the famous Lorenz chaotic system, Chu et al. [28] proposed a new three-dimensional chaotic system. The fractional-order form of it is given as follows:

$$\begin{aligned} \left\{ {{\begin{array}{l} {\frac{d^{q_1 }x}{dt^{q_1 }}=a(\mathrm{y-x})} \\ {\frac{d^{q2}y}{dt^{q_2 }}=xz-y} \\ {\frac{d^{q_3 }z}{dt^{q3}}=b-xy-cz} \\ \end{array} }} \right. \end{aligned}$$
(1)

where \(X=(x,y,z)^{T}\) is the state vector, and \((a,b,c)^{T}\) is the parameter vector. System (1) will be a true fractional-order system, if the maximum of three fractional orders \(q_1 ,q_2 ,q_3\) less than 1, i.e.,\(\max (q_1 ,q_2 ,q_3 )<1\). It is an integer-order chaotic system if \(q_1 =q_2 =q_3 =1\). If \(\max (q_1 ,q_2 ,q_3 )>1\), system (1) is called an improper fractional-order chaotic system. Using theoretical analysis of fractional-order stability [29] and numerical simulations, the system can be chaotic when three fractional orders are commensurate, and \(q_1 =q_2 =q_3 =q\in (0.912202,1.2)\), while parameters \(a=5,b=16\), and \(c=1\). Starting from \((x(0),y(0),z(0))=(0.2,0.21,0.3)\), 2D projections and 3D phase space of one typical chaotic attractor with \(q=1.1\) are shown in Fig. 1a, respectively. Correspondingly, time histories of three variables are plotted in Fig. 1b.

Fig. 1
figure 1

Improper fractional chaos with \(q=1.1\). a Projections of one chaotic attractor. b Time histories of three variables

Full size image

3 A novel digital image encryption algorithm

The original image (with \(M{*}N\) pixels size) is imported and transformed line by line to obtain the matrix of pixel as formula (2). The whole encryption process is shown in Fig. 2.

$$\begin{aligned} P\!=\!\left[ \!\! {{\begin{array}{cccc} {P(1)}&{} {P(2)}&{} \cdots &{} {P(N)} \\ {P(N\!+\!1)}&{} {P(N\!+\!2)}&{} \cdots &{} {P(2N)} \\ \vdots &{} \vdots &{} \vdots &{} \vdots \\ {P((M\!-\!1)N\!+\!1)}&{} {P((M\!-\!1)N\!+\!2)}&{} \cdots &{} {P(L)} \\ \end{array} }} \!\!\right] \end{aligned}$$
(2)

The key stream is constituted by initial state variables \((x(0),y(0),z(0))\), parameters \((a,b,c)\), and fractional orders \((q_1,q_2,q_3)\) of a chaotic system. In fact, the fractional-order chaotic system is highly sensitive to the secret key [26, 27]. In diffusion, parameter \(T=\text {mod}\,(\sum \nolimits _{i=1}^L {P(i)}, L)/(L-1)\) is used to disturb key, in order to ensure that the encrypted image is sensitive enough to original image. Based on initial condition key, the fractional-order chaotic system (1) generates chaotic sequences and iterates one thousand times in advance to eliminate transient response.

Fig. 2
figure 2

Block diagram of the chaotic encryption algorithm

Full size image

The state vector \(\{ {x,y,z} \}\) is obtained from all of iterations to generate encryption sequence. The combination form of chaos sequences is generated using parameter \(m=\text {mod}\,(\hbox {abs}(x+y+z),4)\). Temporally, one empty matrix \(B\) is created. Then, \(B\) is assigned variably with respect to parameter \(m\). The assignments of \(B\) are shown in Table 1.

Table 1 The combination form of chaotic sequences
Full size table

Suppose that \(K(i)=10^{n}(B(i)-round(B(i)))\), where \(n=14\) is a positive integer. Self-correlations of sequence \(K\) fluctuate around zero. As shown in Fig. 3, vast majority of them locate in the interval of \([-0.005,0.005]\).

Fig. 3
figure 3

Autocorrelation of sequence \(K\)

Full size image

The original image is divided into four parts to diffuse the pixel values one by one. For any pixel at position \(i\), pixel substitution abides by the following algorithm:

$$\begin{aligned}&C(1)=[P(1)+K(1)]\text {mod}\,256\nonumber \\&\quad \oplus [P(L)+K(L)]\text {mod}\,256\nonumber \\&for\;i=2:\frac{L}{4} \nonumber \\&C(i)=[P(i)+K(i)]\text {mod}\,256\oplus [C(i-1)\nonumber \\&\quad +K(L)]\text {mod}\,256 \nonumber \\&end \nonumber \\&C\left( \frac{L}{4}+1\right) \!=\!\left[ P\left( \frac{L}{4}+1\!\right) \!+\!K\left( \frac{L}{4}+1\!\right) \!\right] \text {mod}\,256\nonumber \\&\quad \oplus [P(L)+K(L)]\text {mod}\,256\nonumber \\&for\;i=\frac{L}{4}+2:\frac{L}{2} \nonumber \\&C(i)=[P(i)+K(i)]\text {mod}\,256\oplus [2^*C(i-1)\nonumber \\&\quad +K(L)]\text {mod}\,256 \nonumber \\&end \nonumber \\&C\left( \frac{L}{2}+1\!\right) \!=\!\left[ P\left( \frac{L}{2}\!+\!1\!\right) \!+\!K\left( \frac{L}{2}+1\!\right) \!\right] \text {mod}\,256\nonumber \\&\quad \oplus [P(L)+K(L)]\text {mod}\,256\nonumber \\&for\;i=\frac{L}{2}+2:\frac{3L}{4} \nonumber \\&C(i)=[P(i)+K(i)]\text {mod}\,256\oplus [3^*C(i-1)\nonumber \\&\quad +K(L)]\text {mod}\,256\nonumber \\&end \nonumber \\&C\left( \frac{3L}{4}\!+\!1\!\right) \!=\!\left[ \!P\left( \frac{3L}{4}\!+\!1\!\right) \!+\!K\!\left( \frac{3L}{4}\!+\!1\!\right) \!\right] \text {mod}\,256\nonumber \\&\quad \oplus [P(L)+K(L)]\text {mod}\,256\nonumber \\&for\;i=\frac{3L}{4}+2:L \nonumber \\&C(i)=[P(i)+K(i)]\text {mod}\,256\oplus [4^*C(i-1)\nonumber \\&\quad +K(L)]\text {mod}\,256 \nonumber \\&end \end{aligned}$$
(3)

A pixel value sequence \(\left\{ {C(i),\;i=1,2,\ldots ,L} \right\} \) is hereby transformed into an \(M\times N\) matrix. Whereby, an encrypted image \(256\times 256\) is generated. For the given symmetric algorithm, decryption is the inverse-operation of encryption.

Time complexity is an important index for all of algorithms. Time complexity of generating key is \(O(M\cdot N)\) and image block is \(O(1)\). Fractional-order chaotic systems generate chaos sequences with time complexity \(O(T^{2})\). Pixel substitution has time complexity \(O(M\cdot N)\). At each step, the total time complexity is:

$$\begin{aligned}&O(M\times N)+O(1)+O(T^{2})+O(M\times N)\nonumber \\&\quad =\left\{ {{\begin{array}{l} {O(T^{2})\;,\;\quad \quad \;if\;M\times N\le T} \\ {O(M\times N),\;\;if\;M\times N>T} \end{array} }} \right. , \end{aligned}$$
(4)

where \(T\) is the iterate number of fractional-order chaos.

4 Numerical simulations and performance analysis

4.1 Histogram analysis

In the following implementations, an 8-bit gray level (standard) Lena image (Fig. 4a) with \(256\times 256\) pixels and a Babara image (Fig. 5a) with \(720 \times 580\) pixels are taken as the original images. After one round of pixel value substitution encryption, there is no visual information can be observed in the encryption images, as shown in Figs. 4b and 5b, respectively. Histogram distributions of the encrypted images (Figs. 4b, 5b) are uniform comparatively. It is clearly shown that the encrypted images completely abide by obscure gray distribution law. The simulations show that the novel algorithm improves the resistance on spiteful attacks effectively.

Fig. 4
figure 4

Lena image. a Plain Lena. b Encrypted Lena. c Histogram of plain image. d Histogram of encrypted image

Full size image
Fig. 5
figure 5

Babara image. a Plain Babara. b Encrypted Babara. c Histogram of plain Babara. d Histogram of encrypted Babara

Full size image

4.2 Information entropy

For an image with \(n\) gray level, the information entropy of it can be calculated quantitatively with

$$\begin{aligned} H(x)=-\sum _{i=1}^n {p(x_i)\;\log _2 p(x_i)}, \end{aligned}$$
(5)

in which \(p(x_i)\) indicates the probability of pixel value \(x_i\).

The entropies of plain image Lena and Babara are 7.447144 and 7.670496, respectively. Nevertheless, the entropies of encrypted Lena image and Babara image are 7.989529 and 7.991614, respectively. The entropies of encrypted images are so close to the ideal information ones that their gray distributions are relatively uniform. Therefore, the encrypted algorithm has better ability to resist statistical attacks. That is to say, the information leakage in present encryption process is negligible.

4.3 Correlation coefficients of adjacent pixels

Encryption algorithm is designed to reduce the correlation coefficients of adjacent pixels between the plain images and encrypted images for resisting statistical attacks. Correlation coefficients of entire randomly selected 3,000 pairs of horizontally, vertically, diagonally adjacent pixels are determined. The correlation coefficients between two adjacent pixels in an image are determined by the following formula:

$$\begin{aligned} R_{xy} =\frac{\text {Conv}(x,y)}{\sqrt{D(x)}\sqrt{D(y)}}, \end{aligned}$$
(6)

where

$$\begin{aligned} E(x)&= \frac{1}{N}\sum _{i=1}^N {x_i}, D(x)=\frac{1}{N}\sum _{i=1}^N {[x_i } -E(x)]^{2}\;\;\text {and}\\&\text {Conv}(x,y)= \frac{1}{N}\sum _{i=1}^N {[x_i}-E(x)][y_i \!-\!E(y)]. \end{aligned}$$

Figures 6, 7 and Table 2 display the distributions of the randomly selected pairs of adjacent pixels in three directions of the original and encrypted images. The graphical results emphasize that there is hardly any correlation between the pixels in encrypted images. It is clear that the correlation coefficient of the proposed algorithm is smaller than that of other methods proposed in Refs. [30, 31] and AES.

Fig. 6
figure 6

Correlation coefficients of original and encrypted Lena images, from left to right: in horizontal, vertical, diagonal direction, respectively

Full size image
Fig. 7
figure 7

Correlation coefficients of original and encrypted Babara images, from left to right: in horizontal, vertical, diagonal direction, respectively

Full size image
Table 2 Correlation coefficients of the original and the encrypted images in three directions
Full size table

4.4 Resistance to differential attacks

Based on principles of cryptology, a good encryption algorithm should be sensitive to the plaintext sufficiently. The sensitivity of the encryption algorithm can be quantified as Number of Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI). NPCR is defined to find out some meaningful relationships between the original image and encrypted image. UACI is used to measure average of two different encrypted images. Respectively, NPCR and UACI are defined as following,

$$\begin{aligned} \text {NPCR}&= \frac{1}{M\times N}\sum _{i=1}^M {\sum _{j=1}^N {D(i,j)\times 100\,\%}}, \nonumber \\ \text {UACI}&= \frac{1}{255\times M\times N}\sum _{i=1}^M \sum _{j=1}^N \left| C_1 (i,j)\right. \nonumber \\&\left. -C_2 (i,j) \right| \times 100\,\%. \end{aligned}$$
(7)

In (7), \(D(i,j)=\left\{ {{\begin{array}{l} {0\;,\;C_1 (i,j)=C_2 (i,j),} \\ {1\;,\;C_1 (i,j)\ne C_2 (i,j),} \end{array} }} \right. \) where \(C_1 (i,j)\) and \(C_2 (i,j)\) indicate pixel value of two encrypted images at location \((i,j)\). \(M\) and \(N\) represent the number of row and column of the original image, respectively.

In addition, the ideal values of NPCR and UACI can be calculated by the following formula,

$$\begin{aligned} \text {NPCR}_E&= (1-2^{-n})\times 100\,\% , \nonumber \\ \text {UACI}_E&= \frac{1}{2^{2n}}\frac{\sum \nolimits _{i=1}^{2^{n}-1} {i(i+1)}}{2^{n}-1} \times 100\,\% \nonumber \\&= \frac{1}{3}(1+2^{-n})\times 100\,\% , \end{aligned}$$
(8)

where \(n\) is the number of bits used to represent the different bit planes of an image. A gray scale image is 8 bits per pixel, \(n=8\).

In our experiment, five groups of Lena images are encrypted. In every group, one is the original image, while the other is the original image with only one randomly changed pixel value. The test results are shown in Table 3. It can be found that every value fluctuates nearby the ideal values. Obviously, the given encryption algorithm is very sensitive to small changes in the plain image such that it has great capacity of resistance to differential attacks.

Table 3 Measurements of the sensitivity of the plain image and encrypted image
Full size table

4.5 Key space and key sensitivity analysis

In the algorithm, every number consists of two integers and fourteen decimals. If the state variables and parameters are included in secret key, the key space is \(2^{318}\). If fractional orders are added as secret key, the key space increases to \(2^{478}\), which is equivalent to binary key with 478-bits. Obviously, larger key space improves the ability to resist exhaustive attacks. A good encryption algorithm should be sensitive to secret key. Little changes of decryption key will lead to failed decrypted images. In the following simulations, when \(q_2 =1.1\) and \(q_2 =1.1+10^{-12}\) are selected in key space, the decrypted images are shown in Fig. 8a, b, respectively. The decryption is successful even though the images are attacked by the salt-and-pepper noise. It can be seen that some important features of the original image are preserved in Fig. 8c.

Fig. 8
figure 8

Sensitivity tests of different keys: a decrypted Lena when \(q_2 =1.1\), b decrypted Lena when \(q_2 =1.1+10^{-12}\), c decrypted Lena image under salt-and-pepper noise

Full size image

5 Conclusions

Based on an improper fractional-order chaotic system, a new chaotic encryption algorithm is proposed. The modified chaotic sequence has good random uniform distributions, and every pixel value of the original image affects the secret key. Small changes of the plain images may arouse great difference in encrypted images. The results demonstrate that the algorithm is so strong that it can resist differential attacks. The ability is strutted by two metrics, namely, NPCR and UACI. Compared with AES and other algorithms, the present algorithm has better performance.