1 Introduction

In these days information security has become an important issue due to the fact that every day the Internet has more and more activity such as online banking, e-commerce, e-mail. Considering that the internet is an open channel, the information circulating on it can be intercepted by other users, so in order to solve this drawback we make use of cryptography and an scheme of confidentiality.

A variety of ciphers have been proposed with the intention of providing confidentiality and keep secretly the information, but these ciphers have been proposed for text like DES [1, 2], IDEA [3], AES [4], RSA [5]. These encryption schemes do not seem to be ideal for image applications, due to some intrinsic features of images such as bulk data capacity, high pixel correlation and high redundancy.

On the other hand, dynamical systems have been a very active area of research and specifically those with chaotic behavior; since their inception they have been developed in many areas such as communication systems [6], neural networks [7], switching systems [8], synchronization [9] and cryptography [10]. There is a close relationship between chaos and cryptography, for example in [11] authors made a comparison between the properties of these areas and show that the ergodicity, sensitivity to initial conditions and the control parameter, mixing property, deterministic dynamics and complex structure are analogous to confusion, sensitivity to key, diffusion, deterministic pseudo-randomness and algorithm complexity, respectively.

Most of the image ciphers are in the framework of symmetric key, and they are based on blocks [12]. Stream ciphers may provide better security under the concept of perfect security; however, this kind of ciphers has various critical requirements and one of them is the randomness of the key stream.

There have been proposals of generators based on unimodals chaotic maps, for example in [13, 14] proposed a pseudo-random bit generator by using only one logistic map, but in [15] the authors pointed out that bit streams generated through only one chaotic system are potentially insecure due to the output may leak some information about the chaotic system. In order to overcome the aforementioned vicissitude, they proposed a pseudo-random bit generator based on a couple of piecewise linear chaotic maps, which are iterated independently and the bit streams are generated by comparing the outputs of these chaotic maps. A pseudo-random bit generator is proposed in [16] which employs the logistic map as a perturbation and a piecewise linear chaotic map as the main generator. Other works such as [1719] used two chaotic maps and combined to obtain a complex sequence of bits. In this paper we show how the use of only a multi-modal chaotic map may replace two unimodal chaotic maps in the generation of pseudo-random sequences.

In this work we propose a new architecture for a pseudo-random bit generator based on k-modal chaotic maps where we can yield a complex sequence of bits with one multi-modal map. The sequences are analyzed by the statistical suite of tests named NIST. This paper is organized as follows. In the next Section we introduce the k-modal maps. In Sect. 3 a pseudo-random bit generator is presented via k-modal maps. In Sect. 4 the statistical suite of tests of randomness proposed by NIST are used to prove safety of the sequences and the results of the tests are shown. In Sect. 5 we use a stream cipher and applied statistical security test like entropy, pixel correlation, encryption quality. Furthermore, we show that the proposed cryptosystem can resist the most common attacks such as chosen-plaintext attack and differential attack. Finally in Sect.  6 we give conclusions about the pseudo-random bit generator via multi-modal chaotic maps.

2 Multi-modal maps

A discrete-time dynamical system is used to construct a pseudo-random bit generator and is given as follows:

$$\begin{aligned} x_{n+1}= f(x_{n}),~n=0,1,2, \ldots , N, \end{aligned}$$

where \(x_{n} \in \mathfrak {R}\) and \(x_{0}\) is the initial condition, such dynamical system is usually referred to as map, as it is fully determined by its right-hand side. To ensure boundedness of trajectories, the study is usually restricted to maps that are mapping a compact interval into itself and without loss of generality we may consider only the compact interval [0, 1]. The simplest maps are the so-called unimodal maps like the logistic and tent maps, while their generalization, the so-called multi-modal or k-modal maps may present even more rich dynamical behaviors, [20, 21].

To be more specific, we denote \(\mathscr {I}:=[0,1]\) and recall, that the critical point c of the continuous piecewise smooth map \(f(x):\mathscr {I} \mapsto \mathscr {I}\) is \(c \in \mathscr {I}\) where f is differentiable and \(f'(c) =0\). The critical point c occurs for \(f'(c)=0\) or \(f'(c)\) does not exist. But continuous smooth maps always present \(f'(c)=0\).

Definition 1

[20] The map \(f: \mathscr {I}\mapsto \mathscr {I} \) is called a k-modal mapping, if it is continuous on \(\mathscr {I}\) and it has k critical points denoted by \(c_{0}, c_{1}\,\ldots \,c_{k-1}\) in \(\mathcal I\). Moreover, there exist intervals \(\mathscr {I}_{i}, i=0,\ldots ,k-1, \cup _{i=1}^{k} \mathscr {I}_{i-1}=\mathscr {I}\), such that \(\forall \) \(i=0,\ldots ,k-1 \) it holds \(c_{i}\in \mathscr {I}_{i}\) and \(f_\beta (c_i) > f_\beta (x), \forall x \in \mathscr {I}_{i}\) and \(x \ne c_i\), where \(\beta \) is a parameter. The case \(k=1\) is simply referred as to the so-called unimodal map.

The above definition does not constraint a function to have only k critical points. However, it only considered those that are local maximum on a subinterval. This means that the number k defines the maximal numbers of modals in a family \(\mathscr {F}\) and the interval \(\mathscr {I}=[a,b]\) is divided between k subintervals \(\mathscr {I}_{0}=[d_1,d_{2}), \mathscr {I}_{1}=[d_2,d_{3}),...,\mathscr {I}_{k-2}=[d_{k-2},d_{k-1}), \mathscr {I}_{k-1}=[d_{k-1},d_{k}]\) so the system \(f_{\beta }\) is a piecewise function by k unimodals maps.

The parameterized family \(\mathscr {F}\) of maps \(f_\beta (x)\) is defined by the following piecewise function

$$\begin{aligned} f_\beta (x)=\beta (d_{r+1}-x)(x-d_{r}), \; x\in \mathscr {I}_{r} \end{aligned}$$
(1)

where \(d_r=r/k, (r={0,1,2,...,k-1}), k\) is the number of modals, \(\beta =\beta (k,\gamma )\) is the bifurcation parameter, \(\gamma =1/k\) is the carrying on capacity. To obtain the maximum value of \(\beta \) with k modals there is a direct relationship, \(\beta _{\text {max}}=(4)(k)/(\gamma )\) for more detail information see ref. [20].

Let’s make an example of k-modal map with \(k=3\), to construct the function of the monoparametric family we use the equation (1) and we will have 3 subintervals \(\mathscr {I}_{r}, (r = 0, 1, 2)\), so the function \(f_{\beta }\) which is given by the equation (2) is expressed as follows

$$\begin{aligned} f_{\beta }(x)=\beta \left\{ \begin{array}{l@{\quad }l} (1/3-x)(x), &{} \hbox {for}\, x \in [0,1/3); \\ (2/3-x)(x-1/3), &{} \hbox {for}\, x \in [1/3,2/3); \\ (1-x)(x-2/3), &{} \hbox {for}\, x \in [2/3,1]; \end{array} \right. \end{aligned}$$
(2)

where \(\beta \in [0,36]\) is the bifurcation parameter, depending on the value of \(\beta \) the system may be unimodal, bi-modal or tri-modal.

Figure 1 shows a bifurcation diagram of the tri-modal map \(f_{\beta }(x)\). In order to demonstrate whether the system is chaotic, there are several ways, but the most common for discrete dynamical systems are based on the definition of Devaney [22] and Lyapunov exponent [23, 24]. In this paper we show that the system is chaotic by means of Lyapunov exponent which is denoted by \(\lambda \) as is shown in Fig. 2. When \(\lambda \le 0\) the system’s orbit converges to a fixed point or in a periodic orbit and when \(\lambda >0\) the system’s orbit behaves chaotically.

Fig. 1
figure 1

Bifurcation diagram of the tri-modal map given by Eq. 2

Full size image
Fig. 2
figure 2

Lyapunov exponent of the tri-modal map

Full size image

3 Proposed pseudo-random bit generator

First we introduce some basic concepts of random and pseudo-random number generators which are given in [5].

Definition 2

A True Random Number Generator (TRNG) is characterized by the fact that its output cannot be reproduced, so this type of generator is based on physical processes like semiconductor noise. In cryptography, a TRNG is often needed for generating session keys but not for stream ciphers.

Definition 3

A pseudo-random number generator (PRNG) produces sequences which are computed from an initial seed value, note that a PRNG is not random in a true sense because it can be computed by an algorithm, thus it is completely deterministic. A common requirement of a PRNG is that it possesses good statistical properties, i.e., its output that resembles to a sequence of true random numbers.

Definition 4

A cryptographically secure pseudo-random number generator (CSPRNG) is a special type of PRNG which possesses the following additional property: a CSPRNG is a PRNG which is unpredictable. This means that given n consecutive bits of the key stream, there is no polynomial time algorithm that can predict the next bit \(s_{n+1}\) with better than 50 \(\%\) chance of success. Another property of CSPRNG is that given the above sequence, it is computationally unfeasible to compute any preceding bits \(s_{n-1}, s_{n-2}\).

In this paper we propose a CSPRNG using one k-modal map and a combination of its k-time series. The algorithm for the construction of the generator is given for any value of k and an example is also given for the particular case of tri-modal map. The algorithm to produce a CSPRNG is as follows:

Step 1 Set the value of \(k \in \EUR {N^+}\).

Step 2 Compute the values of \(\beta _j\), for \(j=1,\ldots , k\), by means of the following equations.

$$\begin{aligned}&\beta _1=(4)(k); \end{aligned}$$
(3)
$$\begin{aligned}&\beta _j=j*\beta _1; \quad for \quad j \ge 2. \end{aligned}$$
(4)

Taking these values of \(\beta _j\) we are avoiding periodic windows and guarantee chaotic orbits.

Step 3 Take the values of \(\beta _j\) and split the space into \(2*j\) regions \(\delta ^{j}_{1}, \ldots , \delta ^{j}_{2*j}\) which are determined by values \(\kappa ^j_1, \ldots ,\kappa ^j_{(2*j)-1}\). Iterating the system \(x^{j}_{n}=f_{\beta _j}(x_n)\) and depending on which region evolves, i.e., \(\delta ^{1}_{1}, \delta ^{1}_{2}\) represent the value of 0 or 1, this generates a binary sequence \(\zeta ^j\). Note that the generation of the number of 0’s is approximately equal to the number of 1’s in all generated sequences with a tolerance of 1%.

Step 4 A k number of chaotic time series are generated by \(x^{j}_{n}=f_{\beta _j}(x_n)\) and each one produces a binary sequence \(\zeta ^j\). These sequences are mixed and the final sequence Z is gotten as follows:

$$\begin{aligned} Z=\zeta ^1 \oplus \zeta ^2 \oplus ... \oplus \zeta ^k. \end{aligned}$$
(5)

In order to clarify the mechanism to generate CSPRNG, we exemplify the process for \(k=3\) and iterate the system 1,000,000 times. So the first step is given by \(k = 3\). According to the second step, \(\beta _1=12, \beta _2=24, \beta _3=36\). The third step is to take \(\beta _1\) for obtaining the sequence \(\zeta ^1\), therefore the space is divided in two regions \(\delta ^1_1\) and \(\delta ^1_2\) split by \(\kappa ^1_1=1/6\). These regions represent a 0 and a 1, respectively, as is shown in Fig. 3. The histogram of the two regions is shown in Fig. 4. In the same step three, we need to compute \(\zeta ^2\) and \(\zeta ^3\), so carry on with \(\beta _2\), we have a bi-modal map with four regions \(\delta ^2_1, \ldots , \delta ^2_4\) separated by \(\kappa ^2_1=0.1521, \kappa ^2_2=0.40174, \kappa ^2_3=0.5954 \). In Fig. 5 is shown the bi-modal map for \(\beta _2\) and the regions \(\delta \)’s. Fig. 6 shows the histogram of the binary sequence \(\zeta ^2\). Now for the last case \(\beta _3\) splits the space in six regions \(\delta ^3_1, \ldots , \delta ^3_6\) which are determined by the values \(\kappa ^3_1=0.1465, \kappa ^3_2=0.396, \kappa ^3_3=0.639, \kappa ^3_4=0.8335, \kappa ^3_5=0.9572\).

Fig. 3
figure 3

Plot of the phase space of the tri-modal map with \(\beta =\beta _1\)

Full size image
Fig. 4
figure 4

Distribution of the 2 regions from the 3-modal map with \(\beta =\beta _1\)

Full size image
Fig. 5
figure 5

Plot of the phase space of the tri-modal map with \(\beta =\beta _2\)

Full size image
Fig. 6
figure 6

Distribution of the tri-modal map with \(\beta =\beta _2\)

Full size image

Finally, the sequences are mixed by \(Z=\zeta ^1\oplus \zeta ^2\oplus \zeta ^3\), where \(\oplus \) is the operation XOR. We have computed some values that \(\kappa \) can take for different values of \(k=1,\ldots ,4\) and they are shown in Table 1.

Table 1 Summary of values \(\kappa \)
Full size table

For security reasons and in order to increase the key space, we use the high sensitivity to initial conditions, then we iterate the algorithm 200 times without considering its output bits.

Thus, the correlation is checked between the produced sequences \(x^{j}_{n}=f_{\beta _j}(x_{n})\) by the proposed algorithm (step 3) with nearby keys and also it is verified the sensitivity to initial conditions. The correlation coefficient \(C_{xy}\) for each pair of sequences \(x=[x_1,...,x_N]\) and \(y=[y_1,...,y_N]\) are computed as follows [19]:

$$\begin{aligned} C_{xy}=\frac{\sum _{i=1}^{N}(x_i-\bar{x})(y_i-\bar{y})}{\left[ \sum _{i=1}^N(x_i-\bar{x})^2\right] ^{1/2}\left[ \sum _{i=1}^N(y_i-\bar{y})^2\right] ^{1/2}} \end{aligned}$$
(6)

where \(\bar{x}=\frac{1}{N}\sum _{i=1}^N x_i\) and \(\bar{y}=\frac{1}{N}\sum _{i=1}^N y_i\) are the mean values of x and y, respectively. The coefficients \(C_{xy}\) are computed for each pair of produced sequences with nearby initial conditions, and this has been done for every value of j. Remember when the parameter k increases, then the number of sequences and the number of initial conditions also increase, for example, in the case of bi-modal map \(k=2\). There are two sequences \(x^1_n\) and \(x^2_n\) with initial conditions \(x_{01}\) and \(x_{02}\) for evaluate \(C_{xy}\), we need other two sequences \(x'^1_n\) and \(x'^2_n\) with small different initial conditions \(x_{01}+\delta \) and \(x_{02}+\delta \). The corresponding data are listed in Table 2 where it is possible to see that there is no correlation between the generated sequences as a consequence that the chaotic map is very sensitive to very small changes in all initial conditions.

Table 2 Correlation coefficients of pseudo-random sequences
Full size table

4 The statistical suite test

In order to characterize the proposed generator and demonstrate that it is safe for use in cryptography, it must be analyzed with a variety of statistical tests. These statistical tests determine whether the generated sequences possess specific characteristics similar to truly random sequences. To achieve this goal there are several options available for analyzing the randomness of the pseudo-random bit generators, for example the suite developed by Beker and Piper [25], the Gustafson’s suite [26] or the DIEHARD suite [27]. However, the most used and standard test is defined by the NIST [28] that contains a sufficient number of independent statistical tests and detects any deviation from the randomness.

A random process means lack of pattern or predictability in events, and it is a sequence of random variables describing a process whose outcomes do not follow a deterministic pattern, but follow an evolution described by probability distributions. So a randomness is a probabilistic property; that is, a theoretical reference distribution of this statistic is determined by mathematical methods, in addition the results of statistical testing must be interpreted with some care and caution to avoid incorrect conclusions about a specific generator. First we need to define a significance level \(\sigma \). Typically, it is chosen in the range [0.001, 0.01], by default \(\sigma =0.01\) and indicates that one would expect one sequence of 100 sequences to be rejected by the test if the sequence is random.

The NIST has adopted two ways to interpret results. In this paper we used the examination of the proportion of sequences that pass a statistical test. For this we need the confidence interval defined as:

$$\begin{aligned} (1-\sigma )\pm 3\sqrt{\frac{1-(1-\sigma )}{m}}, \end{aligned}$$
(7)

where \(\sigma =0.01\) and m is the sample size of sequences that in our case is 1,000 sequences and each has 1,000,000 of elements. If the proportion falls outside of this interval, then there is evidence that the data is non-random.

In Figs. 7 and 8, we show the confidence interval of sequences generated with \(k=1,...,4\). The dash-dot line with marker plus “+” represents the result for unimodal map or logistic map, and we can see that there are some results outside of the confidence interval then we cannot use this sequence for cryptography. On the other hand, the dot line with marker empty circle “\(\circ \)” corresponds to the bi-modal map, the dash line with marker square “\(\Box \)” corresponds to the tri-modal map, and the solid line with marker diamond “\(\diamond \)” is the quad-modal map. This information is summarized in Tables 3 and 4.

Table 3 Part 1 of results from statistical suite of tests
Full size table
Table 4 Part 2 of results from statistical suite of tests
Full size table
Fig. 7
figure 7

Part 1 of the results of the suite of statistical tests

Full size image
Fig. 8
figure 8

Part 2 of the results of the suite of statistical tests

Full size image

It is clear that the maps with \(k\ge 2\) lie inside the confidence interval; hence, these sequences are cryptographically secure according to the suite of tests proposed by NIST.

4.1 Differential attack

This technique of cryptanalysis is mainly applicable on block ciphers and was introduced by Biham and Shamir [29]. The basic idea is to analyze the effect of a small difference in two inputs and the difference of corresponding two cipher outputs. In this case we applied the same idea to pseudo-random sequences and instead of having two inputs with plaintext, there are two initial conditions and an output with the corresponding sequences, the difference can be used as:

  1. 1.

    Sum of absolute difference (SAD) which is applicable to sequences \(x^j_n \in \mathfrak {R}\) and is defined by SAD\(=|(x^j_n-x'^j_n)|\) where the sequences \(x^j_n\) and \(x'^j_n\) are obtained with initial conditions \(x_{01}\) and \(x_{01}+\delta \), respectively.

  2. 2.

    XOR difference is applicable to sequences \(Z, Z' \in \{0,1\}\) and is defined by \(D=Z \oplus Z'\) where the sequences Z and \(Z'\) are obtained with k initial conditions.

In previous section we analyzed the sequences \(x^j_n \in \mathfrak {R}\) with nearby initial conditions, now the goal in this section is to analyze the \(Z, Z' \in \{0,1\}\) sequences (step 4 of the proposed algorithm) with nearby initial conditions through the XOR Difference. Recall that for obtaining the sequence Z we need k initial conditions, for example if \(k=3\) we need three initial conditions \(x_{01},x_{02},x_{03}\) to obtain the sequence Z, and three initial conditions \(x'_{01},x'_{02},x'_{03}\) to obtain the sequence \(Z'\) and then apply the XOR Difference. In the worst case of nearby initial conditions we have \(x_{01}=x_{02}=x_{03}=x'_{01}=x'_{02}, x'_{03}=x_{03}+\delta \), with \(\delta \ne 0\) which means that we have the same initial conditions to generate \(x^1_n, x^2_n\) and small difference in \(x^3_n\) for \(Z'\). When we applied the XOR Difference to Z and \(Z'\), we obtain that approximately 50% of the elements in the sequences are different. Even if we have the same initial condition \(x_{01}=x_{02}\) the series \(x^1_n \ne x^2_n\) because the \(f_{\beta _j}(x_n)\) is different in each case. We can conclude that there is no correlation between the binary sequences Z and \(Z'\), so the chaotic map is very sensitive in \(x^j_n\) and Z.

5 Chaos based gray-scale image cryptosystem

In this section we show a stream cipher algorithm for cipher gray-scale images and the impact of using multi-modal maps, i.e., the quality of the cipher image depends on the pseudo-random bit generator employed. At the end of the last section, we can infer that a multi-modal map generates a sequence cryptographically secure, but in order to determine which sequence is better, we need a statistical security analysis applied to cipher images instead of key stream.

We use the following algorithm for cipher the gray-scale image:

  • First we consider an image of N x M pixels, secondly we add a column of random values \(R(i,1) \in \{0,1,\dots ,255\}\) with \(i=1,...,N\), so the size of the image increases to N x \((M+1)\). This image will be called augmented image \((\bar{P})\) with a total of \((N)(M+1)\) pixels.

  • Compute pixel by pixel as follows:

    $$\begin{aligned} \left\{ \begin{array}{ll} C_1=\bar{P_1} \oplus Z_1 \oplus IV \\ C_i=\bar{P_i} \oplus Z_i \oplus C_{i-1} \\ \end{array} \right. \end{aligned}$$
    (8)

    where \(C_i\) is the ith pixel of the cipher image, \(\bar{P_i}\) is the ith pixel of the augmented image, note that the value of \(\bar{P_1}=R(1,1), Z_i\) is the key stream according to the proposed algorithm given in Sect. 3, IV \(\in \{0,255\}\) is an initialization vector of 8 bits, it is used only once and \(\oplus \) is the operation XOR bit by bit. We generate different key streams from multi-modal maps with \(k=1,2,3,4\).

For decrypt the image we need the same key stream for this we need the values: k, the initial conditions \(x_{01},x_{02},...,x_{0k}\) and the initialization vector (IV) as follows:

$$\begin{aligned} \left\{ \begin{array}{ll} \bar{P_1}=C_1 \oplus Z_1 \oplus IV \\ \bar{P_i}=C_i \oplus Z_i \oplus C_{i-1} \\ \end{array} \right. \end{aligned}$$
(9)

Note that the decrypted image is the augmented image then has one extra column so when the process of decrypt is completed we need to remove this column to get original size of the image (N)(M). In Fig. 9 are some examples of encrypt and decrypt images.

Fig. 9
figure 9

Different plain images and encrypted-images with the proposed algorithm. a Lenna with its histogram for plain and encrypted image, b Baboon with its histogram for plain and encrypted image, c Einstein with its histogram for plain and encrypted image

Full size image

Some statistical analysis has been performed on the proposed image encryption scheme, including the correlation of pixels, entropy and quality encryption, as demonstrated in the following subsections.

5.1 Key space analysis

A good encryption algorithm must have a large key space enough to render brute-force attacks unfeasible. For the proposed image encryption algorithm, the key is given by the initial conditions \(x_{01},...,x_{0k}\), where each initial condition has a double precision. According to the IEEE floating-point standard [30], the computational precision of the 64-bit double-precision number is about \(10^{15}\); thereby, the total space depends on the number of initial conditions, for \(k=3\) the key space is:

$$\begin{aligned} \simeq 1 \times 10^{47}\simeq 2^{159}. \end{aligned}$$

As the number k increases so does the key space but without loss of generality with \(k=3\), we assure that the key space is enough to resist brute-force attacks.

5.2 Correlation pixels

In general for any original image P, each pair of adjacent pixels is highly correlated in horizontal, vertical or diagonal direction; however, a cryptosystem should produce changes in all pixels and low correlation in adjacent pixels. To quantify and compare the correlations of adjacent pixels in the plain and cipher image, we use the correlation coefficient \(r_{xy}\) defined by

$$\begin{aligned}&r_{xy}=\frac{cov(x,y)}{\sqrt{D(x)}\sqrt{D(y)}}, \end{aligned}$$
(10)
$$\begin{aligned}&E(x)=\frac{1}{\eta }\sum \limits _{i=1}^\eta x_i, \end{aligned}$$
(11)
$$\begin{aligned}&D(x)=\frac{1}{\eta }\sum \limits _{i=1}^\eta \left( x_i-E(x)\right) ^2, \end{aligned}$$
(12)
$$\begin{aligned}&cov(x,y)=\frac{1}{\eta }\sum \limits _{i=1}^\eta (x_i-E(x))(y_i-E(y)), \end{aligned}$$
(13)

where x and y denote two adjacent pixels and \(\eta \) is the total number of duplets (xy) in this case \(\eta =2,000\). In Table 5 we show the results of three different images and it is possible to see that the adjacent pixels of the original plain image (P) are highly correlated in any direction unlike the cipher image (C), the adjacent pixels are low correlated. This demonstrate the performance of the stream cipher algorithm.

Table 5 Correlation coefficients of two adjacent pixels
Full size table

5.3 Information entropy

As it is known, the entropy is a statistical measure of randomness that can be used to characterize the texture of the image and can be defined by [31]:

$$\begin{aligned} H(s)=-\sum ^{2^n-1}_{i=0}Pr(s_i)log_2Pr(s_i), \end{aligned}$$
(14)

where n = 8 is the number of bits to represent a symbol \(s_i \in s\) and \(Pr(s_i)\) represents the probability of the symbol \(s_i\) then the entropy is expressed in bits, for a cipher gray-scale image with 256 levels, the entropy should ideally be \(H(s)=8\).

The entropies for plain images and cipher images using various k-modal maps are calculated and listed in Table 6. According to the Table 6, it is possible to see that when the number of modals is increased so does the entropy of each encrypted image.

Table 6 Entropy for plain image and cipher image with \(k=1,2,3,4\)
Full size table

5.4 Encryption quality

The encryption creates large changes in the value of pixels, these pixels should be completely different from the original image, these changes are irregular and more changes in the value of pixels show more effectiveness of encryption algorithm and thus better quality. The encryption quality represents the average number of changes to each gray level according to [32] and can be expressed as:

$$\begin{aligned} Q=\frac{\sum ^{255}_{L=0} |H_L(C)-H_L(\bar{P})|}{256}, \end{aligned}$$
(15)

where L is the gray levels of the images, \(H_L(C)\) and \(H_L(\bar{P})\) are the numbers of repetition from each gray value in the original and the encrypted image, respectively. The results of this test are shown in Table 7, where it is possible to see that if the k number of a multi-modal map increases then the encryption quality of the cipher image increases too.

Table 7 Encryption quality for cipher images with \(k=1,2,3,4\)
Full size table

5.5 Chosen-plaintext attack

One common weakness in many ciphers is when the algorithm encrypts an original image twice using the same set of keys the cipher images are always the same, this provides the opportunity to break the algorithm using the chosen-plaintext attack. In this kind of attack somewhat the attacker has temporary access to the encryption algorithm and he can choose the image to encrypt and obtains its corresponding cipher image then trying to find the equivalent key stream image.

Seeking to solve this problem we add one column of random values (noise) in the original image, with this each time, we encrypt the image, these values will be different, even if we use the same set of keys so we obtain a different cipher image each time. We encrypt an image twice using the same set of keys, and the results are shown in Fig. 10: (a)Plain image of Lenna, (b) encrypted image in the first time \(C_1\), (c) the encrypted image second time with the same set of keys \(C_2\), (d) the pixel difference \(|C_1-C_2|\) and the histogram for each image, respectively. This ensures that the proposed algorithm is able to resist the chosen-plaintext attack.

Fig. 10
figure 10

a Plain Image of Lenna, b Encrypted Image of Lenna for first time \(C_1\), c Encrypted Image of Lenna for second time \(C_2\), d the pixel difference \(|C_1-C_2|\) and its histogram for each image, respectively

Full size image

5.6 Differential attack

In the differential attack the opponent can usually perform a slight change just by modifying a pixel of the original image in order to observe the changes on the corresponding cipher image, trying to find a relationship between the plain image and the cipher image. If one minor change in the plain image produces a significant change in the cipher image then this attack becomes very inefficient and practically useless. As we can see in the previous section each time we encrypt the image the result is different then without modifying the original image the result between the cipher images is different with this the differential attack is unfeasible but we are able to measure how different are the images when we encrypt twice. This can be measured by two criteria, the number of pixel change rate (NPCR) and the unified average changing intensity (UACI).

The NPCR measures the number of different pixels between two cipher images.

$$\begin{aligned}&{\text {NPCR}}=\frac{\sum _{i,j} \delta _a(i,j)}{\nu } \times 100\,\%. \end{aligned}$$
(16)
$$\begin{aligned}&\delta _a(i,j) = \left\{ \begin{array}{l@{\quad }l} 0 &{} \text{ if }\, C_1(i,j) = C_2(i,j);\\ 1 &{} \text{ if }\, C_1(i,j) \ne C_2(i,j).\end{array} \right. \end{aligned}$$
(17)

where \(\nu \) is the total number of pixels in the image, \(C_1\) and \(C_2\) are the cipher images encrypted twice with the same set of keys.

The second criterion, UACI can be defined as:

$$\begin{aligned} {\text {UACI}}=\frac{1}{\nu }\left[ \sum \limits _{i,j}\frac{|C_1(i,j)-C_2(i,j)|}{2^8-1}\right] \end{aligned}$$
(18)

Results of these tests are shown in Table 8. These results show that the algorithm produces complete different cipher images even using the same set of keys. Thus the algorithm can resist differential attack and chosen-plaintext attack.

Table 8 NPCR and UACI from an image encryption twice
Full size table

6 Conclusion

In this work we present a Cryptographically Secure Pseudo-random Bit Generator based on discrete dynamical system of one-dimensional and multi-modal or k-modal map. A key stream was constructed by means of the combination of k sequences and were evaluated with the statistical suite of test from the NIST, satisfactory results were obtained which show that these sequences possess statistical properties like truly random sequences and show that the k-modal map is highly sensitive to initial conditions. Furthermore, we use the Pseudo-random Bit Generator like a key stream and show the impact of using multi-modal maps which are reflected in the encryption quality. Finally, a preprocessing in image was proposed by which the encryption process becomes probabilistic. In other words, in this approach it is achieved that an encrypted image twice under the same set of keys, the encrypted image is different each time, while the process of decryption remains deterministic. However if the encryption function is modified as follows: \(C_i = \bar{P_i} \oplus Z_i \oplus C_{i-1} \oplus C_{i-1} = \bar{P_i} \oplus Z_i\), if we consider the assumption that all values \(\bar{P_i}\) are zero, it is possible to retrieve the image with the exception of the \(\bar{P}(i,1)\) column, in summary this requires extra computation and the assumption that \(\bar{P_i}=0\) for all values of i. We are currently working to build a probabilistic encryption scheme in which this point would be infeasible.