Abstract
In this communication, we have presented a technique to synthesize resilient nonlinear mechanisms for the construction of substitution box for image encryption that utilizes a multiplicative group of nonzero elements of Galois field of order 256. The proposed nonlinear component assists in transforming the intelligible message or plaintext into an enciphered format by the use of exponential and Tinkerbell chaotic maps. The proposed substitution box is sensitive to the initial conditions provided to the chaotic system, which are subsequently used as parameters in creating an instance. The simulation results show that the use of the proposed substitution box to image encryption scheme provides an efficient and secure way for real-time communications.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Avoid common mistakes on your manuscript.
1 Introduction
The chaotic systems show random behavior and exhibit some attractive properties that are suitable for designing cryptographic algorithms. If the applied initial conditions to the system are known, the chaotic maps become deterministic for an observer, whereas without the knowledge of these parameters they show highly random characteristics. These random properties can be applied to the design of cryptographic systems where the substitution of original data needs to be carried out very carefully so that the risk of unauthorized use is minimized. In addition to the strength of the cryptographic system, it is important to design algorithms with low computational complexity, which is desirable in high-speed communication systems. The sensitivity to the initial conditions determines the ease of implementation to any cryptographic system and provides resistance against various types of attacks [1, 2].
In order to combat cryptanalyses, several chaotic-based nonlinear transformation methods are proposed in the literature. The cryptographic methods rely on some desirable properties exploited from the chaotic systems, thus providing amicable solutions for modern communication systems [3–13].
In this paper, we have proposed a method to design a substitution box (S-box) for the cryptographic systems. The S-box substitutes the original data in the plaintext and provides the diffusion properties while maintaining high entropy levels. This process resembles that the nonlinear transformation and the design of S-box must render high randomness in the encrypted data. We used exponential maps as a thresholding function which is embedded with Galois field of modulo classes and two-dimensional Tinkerbell chaotic maps [14, 15] for image encryption applications [16–38].
The remaining part of this paper is organized as follows. The mathematical models of chaotic maps are presented in Sect. 2. Section 3 enlists the basic steps of proposed S-boxes. The procedure for chaotic image encryption is presented in Sect. 4. In Sect. 5, the proposed S-box is analyzed for image encryption applications. The statistical investigations are performed for image encryption. Finally, we present the conclusion in last section.
2 Exponential chaotic map
When we design S-box, it is very important to find a proper permutation that has good properties in cryptology. We choose the following function g. Let g: N → N defined as:
where x = gx (mod 257), and x ∊ N = {0, 1, 2, …, 255}. We select g as a primitive element which generates the multiplicative group of nonzero elements of Galois field of order 256. There are 128 different values of g. In this case, the mapping \(x\, \mapsto\, g^{x} \;(\bmod \;257)\) is bijective. The \({\mathbf{\mathbb{Z}}}_{{ 2 5 7}}^{ *}\) is a multiplicative group of order φ(257) = 256, where 257 is a prime number, φ is the Euler totient function, and φ(m) is equal to the number of integers in the interval [1, m] which are relative prime to m. The order of an element \(a \in {\mathbf{\mathbb{Z}}}^{*}\) is the least positive integer t such that \(a^{t} \equiv 1\;(\bmod \;p)\). By Fermat’s Little Theorem, we know that, if gcd (a, p) = 1 and p is a prime number, then \(a^{p - 1} \equiv 1\;(\bmod \;p).\) Thus, \(45^{256} \equiv 1\;(\bmod \;257)\). By Lagrange’s Theorem, we also know that the order of 45 divides the group order, i.e., 256 and thus the order of 45 must be a power of 2. We observe that \(45^{128} \equiv 256\;(\bmod \;257),\) so that the smallest integer t (being a power of 2) such that \(45^{t} \equiv 1\;(\bmod \;257)\) is 256. Therefore, the order of 45 is equal to the group order, which proves that 45 is the generator of the group \({\mathbf{\mathbb{Z}}}_{{ 2 5 7}}^{ *}\). The group \({\mathbf{\mathbb{Z}}}_{{ 2 5 7}}^{ *}\) is thus cyclic, and we can write [38]
Thus, the function \(x\,\mapsto\,45^{x} \;(\bmod \;257)\), is a bijection from {0, 1, 2, …, 255} to {1, 2, 3, …, 256}.
3 Algebraic expression of the proposed S-box
In this section, we mainly discussed the algebra of proposed S-box. The following are main steps in constructing proposed S-boxes [34, 35]:
-
Take the multiplicative inverse in the finite field \({\mathbf{\mathbb{Z}}}_{{ 2 5 7}}^{ *}\); the element 256 is mapped to 0
-
The multiplicative inversion operation in the construction of S-box is the inversion in \({\mathbf{\mathbb{Z}}}_{{ 2 5 7}}^{ *}\), with the extension 256 ↦ 0. We define the following function F(x) in \({\mathbf{\mathbb{Z}}}_{{ 2 5 7{\mathbf{}}}}^{ *}\) corresponding to this multiplicative inversion step:
Since \(x^{ - 1} = x^{{2^{s} - 1}} = x^{255} \;{\text{for}}\;x \ne 0\;{\text{in}}\;{\mathbf{\mathbb{Z}}}_{{ 2 5 7}}^{ *} ,\) we can rewrite as follows:
We decompose the affine transformation step in proposed S-box construction into two consecutive functions. Let LA(x) be a linear transformation in \({\mathbb{F}}_{{2^{8} }}\) which can be expressed as follows:
where
with xi is the ith bit of the byte x (x0 is the LSB) and yi is the ith bit of the byte y. As the permutation LA(x) is a \({\mathbf{\mathbb{Z}}}_{2}\) linear map, it can be expressed as a linearized polynomial [36] with eight terms:
The final sub-step in AES S-box construction is the addition with the constant values{63}. We define the affine transformation function H(x) in \({\mathbb{F}}_{{2^{8} }}\):
The proposed S-box is the combination of the power function F(x), the linear transformation LA(x), and the affine transformation H(x):
where
The linearized polynomial of any linear permutation LA(x) over \({\mathbb{F}}_{{2^{8} }}\) has at most eight terms. Therefore, if we substitute LA(x) by another linear permutation over \({\mathbb{F}}_{{2^{8} }}\) and/or change the constant {63} in H(x) by another value in \({\mathbb{F}}_{{2^{8} }}\). The proposed S-box is presented in Table 1.
4 Chaotic sequence for image encryption
For generating the initial condition, method described in [14] is used. Calculate two parameters c 1 and c 2 as in (11)
where P ij is the value of the image pixel at location (i, j) in the image. Additionally, let \(x'_{0} = 0.59\) and \(y'_{0} = 0.15\). Compute initial conditions as in (12).
The proposed algorithm uses Tinkerbell map based on chaotic sequence that is defined as in (13)
where a, b, c, and d are nonzero parameters, which are the part of secret key. For parameter values a = 0.9, b = −0.6, 013 c = 2.0, and d = 0.50, we get the chaotic attractor of this map. Such a chaotic motion gets controlled and display regular behavior for a = 0.9, b = −0.6, c = 2.0, and d = 0.27 and keeping other parameters same. Use x 0 and y 0 as the initial for Eq. (12) and obtain two matrices of size 1 × 256 as in Eq. (13):
Now for permuting the rows and columns, we will use the following relation given below:
5 Statistical analysis
The statistical analyses provide insight into the working of any cryptographic system. In order to evaluate the performance of the proposed S-box, we conduct histogram analysis, correlation analysis, entropy mean square error, peak signal-to-noise ratio, encryption quality, entropy, and sensitivity analyses which includes, mean absolute error (MAE), number of pixel changing rate (NPCR), and unified average changed intensity (UACI). The results of correlation analysis show the extent of similarity between the original and encrypted data. If there are any traces of correlation, there is a possibility that cryptanalysis may decipher the original data or may be able to partially interpret information. The mean square error (MSE) allows us to compare the pixel values of original image to encrypted image. The MSE represents the average of the squares of the errors between actual image and ciphered image. The error is the amount by which the values of the original image differ from the encrypted image. The PSNR computes the peak signal-to-noise ratio, in decibels, between two images. This ratio is often used as a quality measurement between the original and an encrypted image. The higher value of PSNR indicates better quality of the image encryption. With the application of encryption to a picture change happens in pixels values as contrasted with those qualities before encryption. Such change may be unpredictable. This implies that the higher the change in pixels values, the more successful will be the picture encryption and subsequently the encryption quality. So the encryption quality may be communicated as far as the aggregate changes in pixels values between the first picture and the scrambled one. A measure for encryption quality may be communicated as the deviation between the plain image and encoded image.
In the entropy analysis, we determine the amount of randomness introduced in the plaintext. This measure is also useful in image encryption application where visual form of data may provide additional information about the original data. As a rule, an alluring trademark for a scrambled image is continuously touchy to the little changes in plain image (e.g., changing only one pixel). Enemy can make a little change in the information picture to watch changes in the result. By this system, the serious relationship between original image and cipher image can be found. In the event that one little change in the plain image can result in a significant change in the cipher image, with respect to diffusion and confusion, then the differential attack really loses its productivity and gets to be useless. There are three basic measures were utilized for differential analysis: MAE, NPCR, and UACI. The greater the MAE value, the better the encryption security. NPCR implies the number of pixels’ change rate of encoded picture, while one pixel of plain image is changed. UACI, which is the unified average changing intensity, measures the normal power of the contrasts between the plain image and encrypted image. We discuss in detail the implementation and analysis of the tests used to benchmark the performance of the proposed S-box.
5.1 Histogram
One of the best outstanding features for measuring the security of image encryption systems is uniformity of the image’s histogram of encrypted images [37]. We took six color images with size of 256 × 256 that have different contents, and their histograms are calculated. The histogram of plain images comprises huge sharp rises followed by sharp declines, and the histogram of all cipher images under the suggested procedure is equally identical and meaningfully diverse from that of the plain images, which makes statistical assaults tough (see Figs. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13). Hence, it does not provide any clue to be employed in a statistical analysis attack on the encrypted image. The equation used to calculate the uniformity of a histogram caused by the proposed encryption scheme is justified by the Chi-square test as follows:
where j is the number of gray levels (256); f 0 is the observed occurrence frequencies of each gray level (0–255); and fe is the expected occurrence frequency of each gray level, while fe = M × N/28, M and N are the height and width of the plain/cipher image, respectively. Hence, fe is equal to 256 for an image size of 256 × 256. The lower value of the Chi-square test indicates a better uniformity. Assuming a significant level of 0.05, \(\chi^{2}_{(255,0.05)} = 293.2478\). Chi-square value for the final encrypted Lena image of the proposed system is 195.32, i.e., χ 2(test) = 195.32. This implies that the null hypothesis is not rejected, and the distribution of the encrypted histogram is uniform χ2(test) < χ2(255, 0.05). The Chi-square values of plain images and cipher images are shown in Table 2.
5.2 Correlation
It is important to determine the similarity between the original image and the encrypted image. This measure is useful for image encryption applications where the cryptanalysis has an additional advantage of visually perceiving the encrypted image and extracting unauthorized information. This analysis is performed in three different steps, in which the correlation between adjacent pixels in horizontal and vertical directions is evaluated. The selected pairs of pixels in vertical and horizontal directions are processed for correlation in random locations in the data. Finally, the all the pixels are processed together to see the global perspective. These three cases are presented as:
-
Case 1: In this step, we select adjacent pixels (typically two) in horizontal and vertical directions from original and encrypted image and evaluate the coefficients. Table 2 shows the results from this test that show considerable reduction in correlations between the two images.
-
Case 2: The pixels located diagonally in an image are processed to see the correlation between closely located pixels. A random selection of approximately 1,000 pair of pixels, located in diagonal directions, is processed to determine the correlation.
-
Case 3: All the pixels are represented by tow variables X and Y, which is the global representation of the entire image. The correlation for this entire set of pixels is calculated as [7]:
where σXY is covariance of random variables X and Y; μX, μY are expected value of X and Y; and σ 2X , σ 2Y are variances of random variables X and Y, respectively. Each term is defined as follows:
Finally, Fig. 14 shows the correlation distribution of two horizontally adjacent pixels in the plain image and that in the ciphered image. It is quite evident from the analyses of these correlation images that the proposed algorithm is capable of breaking the correlation among the pixels in neighboring which is astonishing achievement of anticipated scheme.
5.3 Mean square error
To evaluate the reliability of the proposed algorithm, mean square error (MSE) between encrypted image and original image is measured. MSE is calculated using the following equation [8]:
where M × N is the size of the image. The parameters P(i, j) and C(i, j) refer to the pixels located at the ith row and the jth column of original image and encrypted image, respectively. The larger the MSE value, the better the encryption security (see Table 3).
5.4 Peak signal-to-noise ratio
The encrypted image quality is evaluated using peak signal-to-noise ratio (PSNR) [8] which is described by the following expressions:
where I max is the maximum of pixel value of the image. The PSNR should be a low value which corresponds to a great difference between the original image and the encrypted image. The effectiveness of the proposed method evaluated in terms of MSE and PSNR are tabulated in Table 3.
5.5 Encryption quality
Plain image pixels’ gray levels change after image encryption as compared to their original values before encryption. This means that the higher the change in pixels’ values, the more effective will be the image encryption and hence the encryption quality (EQ). The quality of image encryption may be determined as follows: let C(i, j) and P(i, j) be the gray value of the pixels at ith and jth in cipher and plain image, each of size M × N pixels with L gray levels and C(i, j), P(i, j) ∊ {0, 1, 2, …, L − 1}. We will define HL(P) and HL(C) as the number of occurrences for each gray level L in the plain image and cipher image, respectively. The EQ represents the average number of changes to each gray level L. The larger the EQ value, the better the encryption security (see Table 3). The EQ is calculated as:
5.6 Entropy
The texture of an image can be characterized by the measurement of entropy. This quantity is defined as:
where a random variable, X, takes n outcomes, i.e., {x 0, x 1, x 2, …, x n}; p(xj) is the probability mass function of outcome xj, and b is the base of the logarithm used. A benchmark for the entropy analysis is presented in Table 3. The results show that the performance of the proposed S-box better that some of the prevailing S-boxes used in image encryption applications [7].
5.7 Sensitivity analysis
Attackers often make a small change to the plain image and use the proposed algorithm to encrypt the plain image before and after this change. By comparing these two encrypted images, they find out the relationship between the plain image and the cipher image. This kind of attack is called differential attack. In order to resist differential attack, a minor alternation in the plain image should cause a substantial change in the cipher image [29, 30]. To test the influence of one-pixel change on the whole image encrypted by the proposed algorithm, three common measures can be used: mean absolute error (MAE), number of pixels’ change rate (NPCR), and unified average changing intensity (UACI).
5.7.1 Mean absolute error
The mean absolute error (MAE) is a criterion to examine the performance of resisting differential attack. Let C(i, j) and P(i, j) be the gray level of the pixels at the ith row and the jth column of an M × N cipher and plain image, respectively. The MAE between these two images is defined as [8]:
The larger the MAE value, the better the encryption security. The mean absolute error (MAE) is figured to measure how the cipher image C(i, j) is not the same as the plain image P(i, j).
5.7.2 NPCR analysis
In this analysis, we consider two encrypted images whose source images only differ by one pixel. If the first image is represented by C 1(i, j) and the second as C 2(i, j), the NPCR is evaluated as [31]:
where D(i, j) is defined as:
5.7.3 UACI analysis
The UACI analysis is mathematically represented as,
In this work, we have performed tests on a sample image of dimension 256 × 256 with 256 levels of gray. The results of MAE are shown in Table 5 where the performance is seen with fluctuation between rows and columns. The encryption performance increases with larger values of MAE results. The outcome of other two tests, NPCR and UACI are shown in Table 4. The NPCR analysis shows response to changes of 0.01 % in the input images. In addition, the UACI show the response to a change in one pixel, which is very low. A rapid change in the original image show little changes in the resulting encrypted image. The results of these three tests are shown in Tables 4 and 5, respectively.
6 Conclusion
In this paper, an updated version of image encryption algorithm has been proposed which is based on multiplicative group of nonzero elements of Galois field \({\mathbf{\mathbb{Z}}}_{257}\), exponential, and Tinkerbell chaotic maps. The experimental analysis and results demonstrate that the proposed algorithm has desirable properties such as high sensitivity to a small change in plain image, low correlation coefficients, low Chi-square scores, high mean square values, low peak signal-to-noise ratio, high encryption quality, and large information entropy. All these features verify that the proposed algorithm is robust and effective for image encryption. The NPCR and UACI scores show that proposed version is very sensitive to a slight change in the plain image. Several other simulation analyses and comparative studies validate the improved security performance of the proposed version.
Change history
12 August 2024
This article has been retracted. Please see the Retraction Notice for more detail: https://doi.org/10.1007/s00521-024-10337-5
References
Alvarez G, Li S (2006) Some basic cryptographic requirements for chaos-based cryptosystems. Int J Bifurc Chaos Appl Sci Eng 16(8):2129–2153
Jakimoski G, Kocarev L (2001) Chaos and cryptography: block encryption ciphers. IEEE Trans Circuits Syst I Fundam Theory Appl 48(2):163–169
Tang G, Liao X, Chen Y (2005) A novel method for designing S-boxes based on chaotic maps. Chaos, Solitons Fractals 23:413–419
Khan M, Shah T (2014) A novel construction of substitution box with Zaslavskii chaotic map and symmetric group. J Intell Fuzzy Syst. doi:10.3233/IFS-141434
Khan M, Shah T (2014) A novel image encryption technique based on Hénon chaotic map and S8 symmetric group. Neural Comput Appl 25:1717–1722
Khan M, Shah T (2014) A literature reviews on image encryption. 3D Res 5(4):29–1722. doi:10.1007/s13319-014-0029-0
Khan M, Shah T, Batool SI (2014) Texture analysis of chaotic coupled map lattices based image encryption algorithm. 3D Res 5:19. doi:10.1007/s13319-014-0019-2
Khan M, Shah T (2014) A novel statistical analysis of chaotic s-box in image encryption. 3D Res 5:16. doi:10.1007/s13319-014-0016-5
Khan M, Shah T, Mahmood H, Gondal MA (2013) An efficient method for the construction of block cipher with multi-chaotic systems. Nonlinear Dyn 71(3):489–492
Khan M, Shah T, Mahmood H, Gondal MA (2013) An efficient technique for the construction of substitution box with chaotic partial differential equation. Nonlinear Dyn 73(2013):1795–1801
Khan M, Shah T (2013) An efficient construction of substitution box with fractional chaotic system. Signal Image Video Process. doi:10.1007/s11760-013-0577-4
Khan M, Shah T (2014) A construction of novel chaos base nonlinear component of block cipher. Nonlinear Dyn 76:377–382
Khan M, Shah T, Mahmood H et al (2012) A novel technique for the construction of strong S-boxes based on chaotic Lorenz systems. Nonlinear Dyn 70:2303–2311
Zhang Qiang, Guo Ling, Wei Xiaopeng (2010) Image encryption using DNA addition combining with chaotic maps. Math Comput Model 52:2028–2035
Saha LM, Tehri R (2010) Applications of recent indicators of regularity and chaos to discrete maps. Int J Appl Math Mech 6(1):86–93
Prokhorow MD, Ponomarenko VI (2008) Encryption and decryption of information in chaotic communication systems governed by delay-differential equations. Chaos, Solitons Fractals 35:871–877
Tang Y, Wang Z, Fang J (2010) Image encryption using chaotic coupled map lattices with time-varying delays. Commun Nonlinear Sci Numer Simul 15:2456–2468
Wang Y, Xie Q, Wu Y et al (2009) A software for S-box performance analysis and test. In: 2009 international conference on electronic commerce and business intelligence. Beijing, China, p 125–128
Webster A, Tavares S (1986) On the design of S-boxes. In: Advances in Cryptology: Proceedings of Crypto’85, Santa Barbara, USA. Lecture notes in computer science. 218: 523–534
Adams C, Tavares S (1989) Good S-boxes are easy to find. In: Advances in Cryptology: Proceedings of Crypto’89, Santa Barbara, USA. Lecture notes in computer science. 435: 612–615
Biham E, Shamir A (1991) Differential cryptanalysis of DES-like cryptosystems. J. Cryptol 4(1):3–72
Cusick TW, Stanica P (2009) Cryptographic boolean functions and applications. Elsevier, Amsterdam
Youssef AM, Tavares SE, Gong G (2006) On some probabilistic approximations for AES-like S-boxes. Discrete Math 306(16):2016–2020
Youssef AM, Tavares SE (2005) Affine equivalence in the AES round function. Discrete Appl Math 148(2):161–170
Jing-mei L, Bao-dian W, Xiang-guo C et al (2005) Cryptanalysis of Rijndael S-box and improvement. Appl Math Comput 170(2):958–975
Borujeni SE, Eshghi M (2011) Chaotic image encryption system using phase-magnitude transformation and pixel substitution. J Telecommun Syst. doi:10.1007/s11235-011-9458-8
Faraoun Kamel (2010) Chaos-based key stream generator based on multiple maps combinations and its application to images encryption. Int Arab J Inf Technol 7:231–240
Zhu C (2012) A novel image encryption scheme based on improved hyperchaotic sequences. J Opt Commun 285:29–37
Zhang G, Liu Q (2011) A novel image encryption method based on total shuffling scheme. J Opt Commun 284:2775–2780
Mazloom S, Eftekhari-Moghadam AM (2009) Color image encryption based on coupled nonlinear chaotic map. J Chaos Solitons Fractals 42:1745–1754
Kwok HS, Tang WKS (2007) A fast image encryption system based on chaotic maps with finite precision representation. J Chaos Solitons Fractals 32:1518–1529
Rhouma R, Belghith S (2008) Cryptanalysis of a new image encryption algorithm based on hyper-chaos. J Phys Lett A 372:5973–5978
Zhang Q, Guo L, Wei X (2010) Image encryption using DNA addition combining with chaotic maps. J Math Comput Model 52:2028–2035
Ferguson N, Schroeppel R, Whiting D (2001) A simple algebraic representation of Rijndael. In: Selected areas in cryptography SAC01, LNCS. 2259:103–111
Mentens N, Batina L, Preneel B, Verbauwhede I (2005) A systematic evaluation of compact hardware implementations for the Rijndael S-box. CT RSA LNCS 3376:323–333
Lidl R, Niederreiter H (1994) Introduction to finite fields and their applications. Cambridge University Press, Cambridge
Khanzadi H, Omam MA, Lotfifar F, Eshghi M (2010) Image encryption based on gyrator transform using chaotic maps. IEEE Conference signal process 2608–2612
Baigèneres T, Lu Y, Vaudenay S, Junod P, Monnerat J (2005) A classical introduction to cryptography exercise book. Springer, US
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Khan, M., Shah, T. RETRACTED ARTICLE: An efficient chaotic image encryption scheme. Neural Comput & Applic 26, 1137–1148 (2015). https://doi.org/10.1007/s00521-014-1800-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-014-1800-0