Color image encryption combining a reality-preserving fractional DCT with chaotic mapping in HSI space

Abstract

A color image encryption algorithm by combining the reality-preserving fractional DCT (RPFrDCT) with chaotic mapping in HSI space is presented, in which the generating sequence (GS) is introduced and produced by 2D chaotic mapping to ensure the uniqueness of the transform matrix and enlarge the cipher key space of the encryption system. In addition, the color image is converted from standard RGB space into HSI space and the nonlinearity of the spatial transform makes the proposed encryption algorithm more secure than linear ones. Three components, namely H, S and I, are encrypted by the RPFrDCT with fractional orders and GS as cipher keys. Three-dimensional (3D) scrambling is adopted to further enhance the security of the encryption algorithm. The nonlinearity of the spatial transform from RGB to HSI, the real-valued output and the high cipher key-sensitivity guarantee the security and the feasibility of the proposed encryption algorithm. Experimental results demonstrate that the proposed encryption algorithm is sensitive to cipher keys and, to some extent, robust to noise and occlusion attacks.

1 Introduction

Nowadays, the Internet and multimedia technology has grown fast and digital information can be acquired and transmitted easily. Digital images, especially color images, can provide more immediate visual information. As the problems of illegally obtaining personal privacy and data information on the Internet become more and more serious, information security is a vital issue in data storage and exchange. Generally, encryption is a good method to ensure the high security and usually implemented in spatial and frequency domains. In spatial domain, the basic principle of encryption includes three major forms: permutation, diffusion and their compound [6, 13, 15]. With the intrinsic features such as high sensibility dependence on initial conditions and control parameters, random-like behavior and low computational complexity, chaos becomes the most suitable candidate to encrypt images in spatial domain. Thus, a variety of chaos-based algorithms were proposed for image encryption [4, 14, 16, 23–25]. An example of image encryption based on chaos can be found in Ref. [2], in which a coupling of chaotic function and xor operator is applied to increase unpredictability in the encrypted image and a large key space is produced to resist brute-force attack. Zhou et al. proposed an image encryption using a new parametric switching chaotic system [27], in which a new parametric switching chaotic system composed of Logistic, Sine, and Tent mappings has more complex chaotic behavior and the encryption algorithm has a high level of security. In addition to the above mentioned spatial domain based methods, various encryption schemes in frequency domain have also been presented for the security of image information so far. In 1995, Refregier and Javidi proposed an optical encryption method in Fourier domain, in which the encrypted image is obtained by random-phase encoding in both the input and the Fourier planes [12]. Later on, Unnikrishnan et al. firstly presented optical image encryption in fractional Fourier domain, in which a primary image is encoded to stationary white noise with the fractional orders as the cipher keys [17]. And on this basis, the fractional Fourier transform (FrFT) and its optical implementation have been studied for many years. In FrFT based image encryption, the fractional orders are used as cipher keys, but the key space was relatively small. Liu and Sheridan proposed an image encryption method by jigsaw and Arnold transforms to scramble an image in the fractional Fourier domain, which provides an enlarged cipher key space and security level due to using the jigsaw permutation indices, Arnold frequencies and fractional Fourier orders as cipher keys [10]. The discrete FrFT has a certain relationship with the discrete fractional cosine and sine transforms. Pei et al. proposed the discrete fractional cosine and sine transforms, which help to reduce the computational load of discrete fractional Fourier transform [11]. After that, a number of scholars studied deeply about the discrete fractional cosine and sine transforms and the fractional Mellin transform are introduced into the field of image information security [21, 26, 28]. Liu and Nan proposed a color image security system using chaos and multiple-order discrete fractional cosine transform [9], which provides a large key space with the help of chaos to generate the transform orders. Yet, the output of most transform-based encryption algorithm is complex, which increases the burden of storage and transmission. In 2004, Venturini and Duhamel [18] proposed a method of reality-preserving treatment for a fractional transform, in which the coefficients of transform are real. Subsequently, Lang proposed the reality-preserving multiple-parameter FrFT [7], with the nature of real-valuedness as well as most properties required for a fractional transform. Zhou et al. proposed an image encryption method based on the reality preserving fractional Mellin transform (RPFrMT), in which the output of transform is real and the transform is nonlinear [29]. The above mentioned reality preserving transforms adopted the same way of transform, i.e., a reality-preserving transform matrix must be constructed and the reality-preserving fractional transform has lost some properties compared with non-reality preserving fractional transform. In view of this, image encryption based on a reality-preserving fractional DCT is proposed [8], where multiple generating sequences are employed to enlarge the key space of encryption system. In Ref. [20], three color images are firstly converted to three index-format images and then the three index-format images serve as three components, namely R, G, B, of a single color image. This method’s advantage is that the amount of data is reduced and the output of encrypted images is real. Yet the output is coded with float-point numbers due to the operation of DCT-based transform, which in turn expands the data amount.

In this paper, we proposed a color image encryption algorithm based on a reality-preserving fractional DCT (RPFrDCT) in HSI space, by taking the advantages of both the reality of RPFrDCT and the nonlinearity of the transform of RGB-to-HSI. First, the original RGB image is converted into HSI space, which is more desirable to human visual properties than RGB space. The RGB model is mostly oriented toward hardware and is not simply synthesized by three primary-color images to one image in practice, while the HSI model corresponds closely with the way humans describe and interpret colors. Human likes to use hue, saturation and intensity to describe objects. The HSI model is an ideal tool for the color image encryption. Its advantage is that it can decouple the color and the gray-scale information in an image in a nonlinear way. Then, each component of the color image in HSI space is transformed with the RPFrDCT. The RPFrDCT has unitary, real orthogonal and a unique orthogonal basis, in which choosing a specific sequence called as a generating sequence (GS) of the RPFrDCT has resolved the nonuniqueness of a fractional operator. In RPFrDCT, only two generating sequences are employed to make the encryption algorithm simpler and more effective. And then a 2D chaotic mapping is employed to generate the random GS. Finally, to further enhance the security of the system, a three-dimensional (3D) scrambling is utilized to scramble the positions of the coefficients in RPFrDCT domain, thus the three components of a color image mutually affect each other. Experimental results demonstrate that the proposed algorithm is feasible, secure, sensitive to keys and, to some extent, robust to noise and occlusion attacks.

The rest of this paper is organized as follows. The theoretical background for RPFrDCT and the chaotic mapping are reviewed in Section 2. The new color image encryption algorithm based on the HSI space, RPFrDCT and chaos is introduced in Section 3. Experimental results and analysis are conducted in Section 4. And finally, the conclusions are drawn in the last section.

2 Theoretical background

2.1 Reality-preserving fractional DCT

The reality-preserving fractional DCT (RPFrDCT) matrix C _α is defined as [1, 8, 19, 20]:

$$ \begin{array}{l}{\mathbf{C}}_{\alpha }=2\mathrm{R}\mathrm{e}\left[{\displaystyle \sum_{n=1}^{N/2}{\mathbf{U}}_n{\lambda}_n^{\alpha }}\right]=2\mathrm{R}\mathrm{e}\left[{\displaystyle \sum_{n=1}^{N/2}{\mathbf{U}}_n{e}^{j\left({\varphi}_n+2\pi {q}_n\right)\alpha }}\right]\\ {}\kern1.25em ={\displaystyle \sum_{n=1}^{N/2}\left({\mathbf{A}}_n \cos {\omega}_n\alpha +{\mathbf{B}}_n \sin {\omega}_n\alpha \right)}\end{array} $$

(1)

where α is the fractional order, N is an integer multiple of 4, U _n  = u _n u ^∗ _n is unitary matrices, u _n is the n-th eigenvector of the N × N DCT matrix, A _n  = 2Re[U _n ], B _n  = − 2Im[U _n ], ω _n  = φ _n  + 2πq _n , 0 < φ _n  < π, n = 1, 2,...,N/2, q _n is an arbitrary integer, q = (q ₁,q ₂,...,q _{N /2}) is called the generating sequence (GS) of the RPFrDCT. The RPFrDCT matrix C _α becomes unique for N = 4N ₀ with a specific GS. The RPFrDCT inherits all features of DCT, such as having a unique orthonormal basis, the reality preservation and index additivity, except periodicity. Different q can result in different matrix C _α . The detailed derivation of C _α can be found in Ref. 20.

For an image f, its two-dimensional RPFrDCT is given by:

$$ \mathbf{F}={\mathbf{C}}_{\alpha}\mathbf{f}{\mathbf{C}}_{\beta}^{\prime } $$

(2)

where α and β are the fractional orders of row and column, respectively, and ′ denotes the operation of transposition. The inverse of the two-dimensional RPFrDCT is simply given by:

$$ \mathbf{f}={\mathbf{C}}_{-\alpha}\mathbf{F}{\mathbf{C}}_{-\beta}^{\prime } $$

(3)

2.2 GS based on the 2D chaotic mapping

The 2D chaotic mapping is exploited to generate the GS, since it has more initial and system parameters than in one dimensional case, thus the space of cipher key is enlarged and the security is enhanced. The 2D chaotic mapping, also called the generalized Arnold mapping, is expressed as [5]:

$$ \left\{\begin{array}{l}{x}_{n+1}={x}_n+a{y}_n\kern0.5em \mod \kern0.5em 1\\ {}{y}_{n+1}=b{x}_n+\left(1+ ab\right){y}_n\kern0.5em \mod \kern0.5em 1\end{array}\right. $$

(4)

where x _n , y _n  ∈ (0, 1), n = 0, 1, 2, … are the random iterative values and x ₀, y ₀ are the initial values. If a > 0 and b > 0, the generalized Arnold mapping will exhibit chaotic behavior. Large number of random iterative values limited in (0, 1) and the desirable properties of non-correlation, pseudo-randomness can be generated through iterating Eq. (4). x ₀, y ₀, a and b are used as the cipher keys. For an image of size M × N, two generating sequences of length M/2 and N/2 are necessary for the RPFrDCT. Then, two random sequences are obtained by iterating Eq. (4) and denoted as x and y

$$ \begin{array}{c}\hfill \boldsymbol{x}=\left\{{x}_n,n=0,1,2,\dots, K+M/2-1\right\}\hfill \\ {}\hfill \boldsymbol{y}=\left\{{y}_n,n=0,1,2,\dots, K+N/2-1\right\}\hfill \end{array} $$

The previous K entries are discarded in the calculating process of x and y for enhancing randomness and confusion, resulting in two new random sequences x and y of length M/2 and N/2, respectively.

Since GS is a random integer sequence, a threshold function is defined as follows:

$$ \begin{array}{l}{q}_x(n)=\left\{\begin{array}{l}0,\begin{array}{cc}\hfill \hfill & \hfill 0<{x}_n\le 0.25\hfill \end{array}\\ {}1,\begin{array}{cc}\hfill \hfill & \hfill 0.25<{x}_n\le 0.5\hfill \end{array}\\ {}2,\begin{array}{cc}\hfill \hfill & \hfill 0.5<{x}_n\le 0.75\hfill \end{array}\\ {}3,\begin{array}{cc}\hfill \hfill & \hfill 0.75<{x}_n<1\hfill \end{array}\end{array}\right.\begin{array}{cc}\hfill \hfill & \hfill n=1,2,\dots, M/2\hfill \end{array}\\ {}{q}_y(n)=\left\{\begin{array}{l}0,\begin{array}{cc}\hfill \hfill & \hfill 0<{x}_n\le 0.25\hfill \end{array}\\ {}1,\begin{array}{cc}\hfill \hfill & \hfill 0.25<{x}_n\le 0.5\hfill \end{array}\\ {}2,\begin{array}{cc}\hfill \hfill & \hfill 0.5<{x}_n\le 0.75\hfill \end{array}\\ {}3,\begin{array}{cc}\hfill \hfill & \hfill 0.75<{x}_n<1\hfill \end{array}\end{array}\right.\begin{array}{cc}\hfill \hfill & \hfill n=1,2,\dots, N/2\hfill \end{array}\end{array} $$

(5)

where q _x (n) is the n-th entry in q _x , and similar to q _y (n). q _x and q _y are specified as the generating sequences for the rows and the columns of RPFrDCT, respectively. In Eq. (5), x and y are mapped into four different values. Of course, x and y can also be mapped to more integer values which have better chaotic property. The experiments in Section 4 verify that the decrypted image quality is sensitive to the initial values of the 2D chaotic mapping, if x and y are mapped into at least four different integer values.

3 Image encryption based on the RPFrDCT and chaos

As shown in Fig. 1, the proposed encryption system consists of four parts, i.e., the RGB-to-HSI model transform, the RPFrDCT, scrambling and quantization.

Fig. 1

Diagram of the proposed encryption system

The specific encryption steps are described as follows:

1. (1)

   The original image is converted from RGB space to HSI space.

   For an RGB color image, each pixel is represented by the values of three components, but the three components are not independent—they have a strong correlation. The HSI space decouples the three components. In addition, the spatial transform between RGB and HSI is nonlinear and benefits to image encryption.

2. (2)

   H ₀, S ₀ and I ₀ are obtained by RPFrDCT with the specific generating sequences q _x and q _y . And the fractional orders α and β, the number K of discarded entries and the chaotic parameters for generating q _x and q _y are cipher keys.

3. (3)

   In the RPFrDCT domain, further scrambling operations are conducted as:

   1. (a)

      Two random matrices P ₁ and P ₂ are generated as permutation matrices with seeds s ₁ and s ₂, the size of the random matrices is the same as the image size. P ₁ and P ₂ are obtained by the low triangular matrix and the upper triangular matrix (LU) decomposition [29].

   2. (b)

      A 2D scrambling for three components are obtained by:

      $$ \left\{\begin{array}{c}\hfill {\mathrm{H}}_1=\left({\mathrm{P}}_1{\mathrm{P}}_2\right){\mathrm{H}}_0\left({\mathrm{P}}_2{\mathrm{P}}_1\right)\hfill \\ {}\hfill {\mathrm{S}}_1=\left({\mathrm{P}}_1{\mathrm{P}}_2\right){\mathrm{S}}_0\left({\mathrm{P}}_2{\mathrm{P}}_1\right)\hfill \\ {}\hfill {\mathrm{I}}_1=\left({\mathrm{P}}_1{\mathrm{P}}_2\right){\mathrm{I}}_0\left({\mathrm{P}}_2{\mathrm{P}}_1\right)\hfill \end{array}\right. $$

      (6)
   3. (c)

      A random matrix of size 3 × 3 is produced by the seed s ₃. Then, the permutation matrix P ₃ is obtained using the same method as step (a). A 3D scrambling is obtained by confusing H ₁, S ₁ and I ₁:

      $$ \left\{\begin{array}{c}\hfill {\mathbf{H}}_{2\mathrm{A}}\left(i,j\right)={\mathbf{P}}_3\left(1,:\right)\left[{\mathbf{H}}_{1\mathrm{A}}\left(i,j\right),{\mathbf{S}}_{1\mathrm{B}}\left(i,j\right),{\mathbf{I}}_{1\mathrm{C}}\left(i,j\right)\right]^{\prime}\hfill \\ {}\hfill {\mathbf{S}}_{2\mathrm{A}}\left(i,j\right)={\mathbf{P}}_3\left(2,:\right)\left[{\mathbf{H}}_{1\mathrm{D}}\left(i,j\right),{\mathbf{S}}_{1\mathrm{A}}\left(i,j\right),{\mathbf{I}}_{1\mathrm{B}}\left(i,j\right)\right]^{\prime}\hfill \\ {}\hfill {\mathbf{I}}_{2\mathrm{A}}\left(i,j\right)={\mathbf{P}}_3\left(3,:\right)\left[{\mathbf{H}}_{1\mathrm{C}}\left(i,j\right),{\mathbf{S}}_{1\mathrm{D}}\left(i,j\right),{\mathbf{I}}_{1\mathrm{A}}\left(i,j\right)\right]^{\prime}\hfill \end{array}\right. $$

      (7)

   where ′ denotes transposition. H ₁, S ₁ and I ₁ are respectively divided into four parts as shown in Fig. 2, in which A, B, C, and D represent different parts in matrix. For example, H _1A(i, j) indicates the entry of the i-th row and the j-th column in Part A of H ₁ and similar to the S _1B(i, j) and I _1C(i, j). H _2A(i, j) represents the entry of the i-th row and the j-th column in Part A of the scrambled result H ₂ and similar to the S _2A(i, j) and I _2A(i, j). P ₃(i, :) represents the i-th (i = 1, 2, 3) row of matrix P ₃. The rest parts of H ₂, S ₂ and I ₂ can be obtained similarly from Eq. (7) with combination of three parts of A, B, C and D of H ₁, S ₁ and I ₁. For example, H _2B can be obtained using H _1B, S _1C and I _1D.

   Fig. 2

   

   Division diagrams of matrix

4. (4)

   Each of the three components, H ₂, S ₂ and I ₂, is uniformly quantized with 8 bits for a pixel, resulting in three components H ₃, S ₃ and I ₃, which can be stored in a bitmap format, the same way like the original image. The three components are not converted back to RGB and comprise directly the encrypted image, as shown in the right-most block in Fig. 1.

The decryption process is the inverse of encryption with the fractional orders for RPFrDCT α′ = − α, β′ = − β and all other cipher parameters unchanged. The near-lossless image reconstruction can be achieved if all cipher keys are correct.

4 Experimental results and analysis

Experiments are performed to test the proposed color image encryption method. According to Section 2.1, the length of signal is the integer multiple of 4, the color image, Lena, with the size of 512 × 512 × 3 (Fig. 3a) is adopted as the original test image. An average value should be subtracted to remove the direct current (DC) component, so that in the quantization process after the RPFrDCT the quantization error can be as small as possible. Since the values of three components range from 0 to 1 after the spatial transform from RGB to HSI, 0.5 is selected as an approximation of the DC value for convenience. a, b, x ₀, y ₀, s ₁, s ₂, s ₃ and K are the cipher keys. Since the decrypted image quality is not sufficiently sensitive to the fractional orders α and β, the fractional orders serve as the auxiliary keys and set to be 0.7689 and 0.4578, respectively. According to Section 2.2, the parameters {a, b, x ₀, y ₀, K} are randomly chosen within the above specified intervals. In our experiment, they are {3.13, 6.32, 0.348921, 0.456932, 1000}. Certainly, these parameters can be set to be any values satisfying the conditions. Besides, three seeds, s ₁, s ₂ and s ₃, used in three dimensional scrambling are set to be 0.234, 0.345 and 0.5624, respectively. If any other values are chosen, the performance of the algorithm is not affected. All simulations are performed using MATLAB 2007(a) in a computer with Intel Core2 CPU 2.93GHz, 1.96GB of memory. The encrypted and decrypted images are shown in Fig. 3b and c, respectively.

Fig. 3

Test image and results: (a) Lena, (b) Encrypted Lena and (c) Decrypted Lena

4.1 Key space and sensitivity analysis

A secure encryption scheme should be sensitive to its cipher keys, i.e., a slight difference of cipher keys will result in a complete different decrypted image [22]. In this paper, the cipher key parameters are {a, b, x ₀, y ₀, s ₁, s ₂, s ₃, K}. Figure 4 illustrates the decrypted images with a slight deviation of one cipher key while other cipher keys remain correct. s ₁, s ₂ and s ₃ are seeds of 2D scrambling and 3D scrambling. From Fig. 4, one cannot distinguish the content of the decrypted images even the deviation is as small as 10^− 15. Thus, the proposed algorithm is sensitive to the cipher keys. If the deviations of a, b, x ₀, y ₀, s ₁, s ₂ and s ₃ are 10^− 15, the decrypted images (Fig. 4) are still messy. Then the size of key space comes out to be 10¹⁰⁵. In addition, K can also be used as the cipher keys. Thus, the key space is large enough to resist brute-force attack.

Fig. 4

Decrypted images with only one wrong cipher key. a Δx ₀ = 10^− 15, b Δy ₀ = 10^− 15, c Δa = 10^− 15, d Δb = 10^− 15, e Δs ₁ = 10^− 15, f Δs ₂ = 10^− 15, g Δs ₃ = 10^− 15, h ΔK = 1

4.2 Statistical analysis

Histograms and correlations of different test images have been considered. Due to the limit of paper length, only Lena, Peppers, Barbara and Baboon images (Fig. 5) are adopted as test images for histogram analysis. As shown in Fig. 6, the histograms of the three components of original images are entirely different, while those of the encrypted images are all like Gaussian distribution and obviously different from those of the corresponding original color images. And experimental results indicate that the histograms of the encrypted images for different plain-images are all similar to each other, which declares that the attackers could not obtain any valid information about the original images through analyzing the histograms of the encrypted images. Thus, the proposed algorithm is able to resist statistical attacks.

Fig. 5

Test images for histogram analysis: (a) Lena, (b) Peppers, (c) Barbara and (d) Baboon

Fig. 6

Histograms of the original Lena for (a) R, (b) G, (c) B components, the original Peppers for (g) R, (h) G, (i) B components, the original Barbara for (m) R, (n) G, (o) B components and the original Baboon for (s) R, (t) G, (u) B components and histograms of the encrypted Lena for (d) R, (e) G, (f) B components, the encrypted Peppers for (j) R, (k) G, (l) B components, the encrypted Barbara for (p) R, (q) G, (r) B components and the encrypted Baboon for (v) R, (w) G, (x) B components

Each pixel is usually correlated with its adjacent pixels in a normal image [22]. Attackers can utilize the correlation of the encrypted image to decode. The expression of the self-correlation coefficient r(u, v) is shown as:

$$ r\left(u,v\right)=\frac{{\displaystyle \sum_{x,y}\left[f\left(x,y\right)-\overline{f}\right]\left[f\left(x-u,y-v\right)-\overline{f}\right]}}{\sqrt{{\displaystyle \sum_{x,y}{\left[f\left(x,y\right)-\overline{f}\right]}^2{\displaystyle \sum_{x,y}{\left[f\left(x-u,y-v\right)-\overline{f}\right]}^2}}}} $$

(8)

where f(x, y) is the pixel value of the image at the coordinate (x, y), \( \overline{f} \) is the mean of all pixel values of f(x, y), and u, v are the offsets of x -direction and y -direction, respectively.

As shown in Fig. 7a, self-correlation coefficients include positive and negative values, and the surface is rough, where the maximum value comes out to be in the center. However, those are almost even except the maximum value after encryption, as shown in Fig. 7b, which shows that the correlation among pixels is weak. The self-correlations of the other components of the original image and the encrypted image have similar behaviors. Therefore, the proposed algorithm has an ability of de-correlation and the attackers cannot obtain any valid information with correlation analysis.

Fig. 7

Self-correlation of R component for Lena. a the original image and b the encrypted image

4.3 Robustness analysis

The quantization leads to somewhat error between the decrypted and original images even during completely correct decryption. To evaluate the quality of decrypted images, the peak signal-to-noise ratio (PSNR) is adopted:

$$ \mathrm{PSNR}=10{ \log}_{10}\left(\frac{255^2\times M\times N}{{\displaystyle \sum_{i=1}^M{\displaystyle \sum_{j=1}^N{\left[\mathbf{O}\left(i,j\right)-\mathbf{I}\left(i,j\right)\right]}^2}}}\right)\left(\mathrm{dB}\right) $$

(9)

where M × N is the size of image, I(i, j) and O(i, j) are the pixel values of the original image and decrypted image at (i, j), respectively. For a color image, the PSNR can be calculated as the mean of PSNRs of three components.

The proposed encryption algorithm is compared with the encryption algorithm based on RPFrMT in Ref. [29]. The output of the encrypted image in Ref. [29] is real, however, the disadvantages are its floating-point output and data expansion with respect to the original image. However, the proposed algorithm in this paper has not any data expansion, as shown in Table 1.

Table 1 Information of encrypted images

The Gaussian noise is added into the encrypted image as follows:

$$ {\mathbf{E}}^{\mathbf{\prime}}=\mathbf{E}+k\mathbf{N} $$

(10)

where E′ and E are the encrypted images with and without noise, respectively. k is a coefficient representing the added noise intensity. The larger the k is, the stronger the noise is. N is the Gaussian noise with zero-mean and unit standard deviation. Three channels of the encrypted image are added noise with the same intensity.

The PSNRs of the decrypted images decoded from encrypted images affected by different intensities of noise are shown in Table 2. The more the noise intensity k increases, the more the PSNR decreases. By comparison, the PSNRs of the decrypted images are higher than those in Ref. [29]. For example, intuitively, the details of Lena’s eyes can be discerned in Fig. 8c while they cannot be identified in Fig. 8g. As a result, the proposed algorithm has the ability of anti-noise to some extent. Furthermore, the ability of anti-noise of the proposed algorithm is stronger than that of the proposed algorithm in Ref. [29].

Table 2 PSNRs for different noise intensities k

Fig. 8

Decrypted images by RPFrDCT with different Gaussian noise intensities of (a) 10, (b) 30, (c) 50 and (d) 100; Decrypted images by RPFrMT [29] with different Gaussian noise intensities of (e) 10, (f) 30, (g) 50 and (h) 100

The encrypted images with an occlusion of ratios of 1/16, 1/4, 1/8 and 1/2 and the corresponding decrypted results are shown in Fig. 9. And the PSNRs of decrypted images are shown in Table 3. In spite of partial data cropping and a decrease in PSNR, the decrypted images can still be recognized. The PSNRs of decrypted images are higher than those in Ref. [29]. From Table 3 and Fig. 9, the proposed algorithm has a stronger ability of anti-cropping than that in Ref. [29].

Fig. 9

Results of anti-occlusion attacks: The encrypted images by RPFrDCT with an occlusion of (a) 1/16, (b) 1/8, (c) 1/4 and (d) 1/2; (e), (f), (g) and (h) are decrypted images from (a), (b), (c) and (d), respectively; (i), (j), (k) and (l) are decrypted images by RPFrMT [29] under the same occlusions as in (a), (b), (c) and (d), respectively

Table 3 PSNRs for different cropped ratios

4.4 Known/chosen plaintext attack

Practically, there exist four potential types of attacks including cipher only attack, known plaintext attack, chosen plaintext and chosen cipher-text attack [9]. Generally, chosen plaintext is the most powerful attack. If an encryption system is linear, it is vulnerable to the attack of known plaintext and chosen plaintext [3]. In this paper, not only the spatial transform is nonlinear but also the 2D scrambling and 3D scrambling strengthen the nonlinearity of the encryption system. Thus, the proposed algorithm can resist these classical types of attacks.

5 Conclusion

An RPFrDCT based color image encryption algorithm is proposed in HSI space. The HSI model is a nonlinear spatial transform and an ideal tool for developing image processing algorithms based on color descriptions that are natural and intuitive to humans. In HSI space, three channel components are encrypted by RPFrDCT, in which the GS is used as main cipher keys and generated by the 2D chaotic mapping. To further enhance the security, scrambling operation is exploited to scramble the three components, which makes the three components of a color image mutually affect each other. Experimental results show that the proposed scheme has a high key-sensitivity, a sufficiently large key space and, to some extent, robustness against noise and occlusion attacks. The advantages of the encryption algorithm is the nonlinearity of the spatial transform RGB-to-HSI, the real-valued output of RPFrDCT for real input, which is beneficial for storage, display and transmission of images.