Abstract
Image encryption is an evolving technique in the arena of data communication. In the last decade, many encryption schemes have been suggested. Unfortunately, most of the current schemes are unable to maintain a balance between security and computational complexity. To overcome this challenge, this paper introduces a novel encryption scheme that effectively maintains the trade-off between security and computational complexity. Initially, the plain image is randomized and scrambled by the Logistic map and Arnold’s scrambling technique. The intermediate image found above, is then encrypted by the special word-oriented feedback shift register (wfsr) to get the final cipher image. Wfsr is inherently suitable for high-quality pseudorandom number generation with good statistical properties. It usually posses high throughput. Further, the elliptic curve Diffie-Hellman (ECDH) is used for sharing the keys required for encryption and decryption process. The performance of the proposed cryptosystem is evaluated based on several statistical properties of the cipher image, the resistance of the cipher image to various attacks, and time required for encryption and key sharing process. The statistical properties of the encrypted image are found out through histogram analysis, correlation and entropy finding, key sensitivity analysis, chi-square test, and NIST randomness test. The resistance of the encrypted image to various attacks is either found out experimentally or indirectly by using metrics like Unified Average Changing Intensity (UACI), Number of Pixel Changing Rate (NPCR). The proposed encryption method compares favorably with similar image encryption schemes.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Nowadays, image encryption is extensively used for storage and transmission of images in various multimedia applications like telemedicine, military communication, border surveillance, etc. Therefore, security has become a priority concern. Usually, the digital images have long run of pixels with the same red, green, and blue (RGB) values making the encrypted images using conventional cryptographic primitives, susceptible to cryptographic attacks. The chaotic map is an effective method for randomization of image data to alleviate the mentioned problem. The chaotic map works through a special set of mathematical equations in the one-dimensional (1D), and two-dimensional (2D) platforms [19, 22, 31, 38, 39]. 1D maps allow the high-grade model of chaotic systems like the Logistic map, Henon map, Tent map [4, 18, 28, 41]. For more random performance multi-dimensional chaotic maps have been recommended [2, 3, 5, 9, 19]. Various research articles confirm that the introduction of a scrambling process before the encryption enhances the security level of the encryption scheme [20, 25, 29, 32]. Scrambling is the preprocessing technique that rearranges the pixel positions of the plain image. Arnold’s transform, Fibonacci transform, Magic square transform, Tangram algorithm, Hilbert curve method, etc., are some of the popular scrambling techniques that have been used in many encryption systems [11, 20]. Recent encryption schemes generally use Arnold’s transform which possesses better scrambling, and security enhancement features [25, 29, 33]. Thus, as mentioned above, the image encryption system is a multi-step process. At first, the plain image is randomized by different types of a chaotic system, and next the image pixel content is encrypted with strong cryptographic primitive. The cryptographic primitives such as symmetric cipher (stream cipher, block cipher, hash function), and asymmetric standards (like elliptic curve cryptography (ECC), RSA, etc.,) are frequently used for image encryption/decryption [1, 3, 6, 7, 10, 14, 16, 23,24,25, 27, 40, 44, 45]. In order to satisfy the high security in the encrypted image, the chaos-based permutation, diffusion, and substitution processes, as well as high computationally involved cryptographic algorithms are used to encrypt the image [14, 16, 20, 25, 29, 32, 43].
P. Praveenkumar et al. [32] introduced the medical image encryption system, and the scheme exhibited enhanced security performance by using cognitive radio technology. But this scheme suffers from computational delay, and also the scheme does not provide any key sharing techniques. Z. Gan et al. [20] proposed the color image encryption scheme based on three-dimensional (3D) Brownian motion. Their proposed scheme fulfills most of the underlying security requirements because of diffusion, confusion architecture. Moreover, the scheme poses with several complex function operations which lead to high-end delay. H. Liu et al. [29] proposed a chaos-based image encryption scheme with the provision of using different keys periodically. Their proposed system claims to achieve a high-level of security due to the use of multiple keys. However, statistical security of the scheme is not evaluated exhaustively. Later, J. Chen et al. suggested an advanced image encryption scheme using self-adaptive permutation diffusion and DNA random encoding [15]. A self-adaptive permutation diffusion consists of the iterative number of rounds, and therefore, it is unable to maintain a trade-off between security and time complexity. But, their detailed statistical and attack analysis confirmed that the encryption system provides satisfactory performance. A A Abd El-Latif et al. [3] proposed an image encryption scheme based on chaotic system and cyclic elliptic curve. D. S. Laiphrakpam et al. [25] extended a similar idea and performed the scrambled image encryption scheme using elliptic curve. To improve the security of the system, they used the elliptic curve points to generate the random sequence. Their proposed design enhances the security of the image encryption system, but their key sharing time has not been taken into consideration. Inspired by the concept of image encryption, a useful scheme is designed in this paper.
In [8, 14, 15, 18, 23,24,25, 30, 36, 44,45,46,47], a large number of iterations are required for encryption and decryption system. So, the mentioned schemes suffer from a high computation cost. To maintain the computation complexity within the acceptable range, it is desirable to use a word-oriented feedback shift register (wfsr) in the final encryption stage instead of high processing cryptographic algorithm. Wfsr has a large period and capable of generating the cryptographically secure keystream. Usually, most of the classical Linear-feedback shift register (LFSR)-based stream ciphers are bit-oriented [17, 42]. With the rapid growth of multimedia technology, many emerging applications demand high-speed encryption with desirable randomness properties for dealing with high data volume. In that situation, bit-oriented stream ciphers do not provide adequate performance. So, this issue also may be addressed if one uses a word-oriented feedback shift register [12, 37]. In 2007, Zeng et al. [42] proposed special word-based LFSR. They designed the improved version of wfsr (called as σ-LFSR) that uses word-operations in modern processors with parallelism techniques [42]. Moreover, wfsr provides good quality pseudorandom sequence, high linear complexity, and it is (5-10) times faster than a block cipher in the software implementation [37, 42]. The cryptosystem will be considered as strong if the system generates highly random keystream. Therefore, the scheme is cryptographically secure when the attackers may not be able to obtain valuable information from statistical analyses, adding noise, and different types of attacks. After the image encryption, anonymous key sharing protocol is required that allows sender and receiver to establish the secret key over the insecure channel. ECDH is an efficient key sharing technique because it requires less computational complexity, bandwidth, and memory compared to other public cryptosystems [13]. That motivates to investigate strong cryptographic primitive in the proposed image encryption scheme.
The proposed work focuses on high-level confidentiality in the encryption system. The proposed structure consists of two cryptographic stages, namely, encryption and key sharing phase. The contributions are as follows:
In the encryption phase Logistic map, Arnold’s scrambling, and wfsr are used to produce the cipher image. The use of wfsr contributed to the generation of high-quality pseudorandom number with high speed.
The key of the encryption system has been efficiently transmitted by ECDH scheme.
Additionally, the proposed scheme is able to resist known and chosen-plaintext attack, Brute force attack, differential attack, and noise attack.
Before proceeding further, let us describe the organization of this paper. Section 2 presents the basic specifications of the scheme. Section 3 explains the proposed framework. Section 4 shows simulation and statistical result. Section 5 presents performance and security analyses of the proposed scheme. Section 6 provides comparative analysis. Finally, Section 7 concludes the paper.
2 Preliminaries
This section revisits some of the background studies about the Logistic map, Arnold’s transformation, and word-oriented feedback shift register.
2.1 Logistic map
The Logistic map represented as:
where, φ is the driving parameter. After using the equation, it provides the random sequence for a single pair of φ and x values. Here, the ranges of x is (0 < x < 1) and φ is (3 < φ < 4) respectively.
2.2 Arnold’s transformation
In the digital image, Arnold’s scrambling performed as:
where,
2.3 Word-oriented feedback shift register
This paper reconsiders some definitions and outcomes reported in [12, 37, 42]. In many of the effective applications, one generally uses finite fields with characteristic 2. We shall restrict to fields with characteristic 2 and their extensions. Throughout this paper, σ-LFSR shall be referred to as wfsr. The work represents as general by \(\mathbb {F}_{2}\) the finite field with 2 components, by \(\mathbb F_{2^{m}}\) the extended field of \(\mathbb {F}_{2}\) of degree m and by \(\mathbb {F}_{2}[Y]\) the ring of polynomials in one variable Y among coefficients in \(\mathbb {F}_{2}\). Let the ring R and assumed Md(R) is for the set of all d × d matrices with entries in R where, d is the integer. Subsequently use the positive integers m and n, and a vector space basis \(\{\omega _{0}, \dots , \omega _{m-1}\}\) of \({\mathbb F}_{2^{m}}\) over \(\mathbb F_{2}\). For convenience, any \(\textsf {s} \in {\mathbb F}_{2^{m}}\), there are particular equation \(\textsf {s}_{0}, \dots , \textsf {s}_{m-1} \in {\mathbb F}_{2}\) to the extent that s = s0ω0 + ⋯ + sm− 1ωm− 1, and next use the corresponding co-ordinate vector \((\textsf {s}_{0}, \dots , \textsf {s}_{m-1})\) of s by \(\mathcal {S}\). In fact, the union \(\textsf {s}\longmapsto \mathcal {S}\) provides a vector space isomorphism of \(\mathbb F_{2^{m}}\) onto \(\mathbb {F}_{2}^{m}\). Elements of \(\mathbb {F}_{2}^{m}\) might be formation of as row vectors and so \( \mathcal {S}B\) is the distinct element of \(\mathbb {F}_{2}^{m}\) for any \(\mathcal {S} \in \mathbb {F}_{2}^{m}\) and \(B\in M_{m}(\mathbb {F}_{2})\).
Definition 1
Let \(B_{0}, B_{1}, \dots , B_{n-1} \in M_{m}(\mathbb F_{2})\). For any n-tuple \((\mathcal {S}_{0}, \dots , \mathcal {S}_{n-1})\) of elements of \(\mathbb F_{2^{m}}\), let \((\mathcal {S}_{i})_{i=0}^{\infty }\) represent the infinite sequence of elements of \({\mathbb F}_{2^{m}}\). It can be measured by the linear recurrence equation:
In general, the equation (3) is called by wfsr of order n over \(\mathbb F_{2^{m}}\), while the sequence \((\mathcal {S}_{i})_{i=0}^{\infty }\) is quoted as the sequence generated by the wfsr (3). So, the n-tuple \((\mathcal {S}_{0},\mathcal {S}_{1}, \ldots , \mathcal {S}_{n-1})\) is represented as initial state of the wfsr (3) and the polynomial ImYn − Bn− 1Yn− 1 −⋯ − B1Y − B0 with matrix coefficients is the matrix polynomial of the wfsr (3). The string \((\mathcal {S}_{i})_{i=0}^{\infty }\) is basically periodic if there are integers r,n0 with r ≥ 1 and n0 ≥ 0 such that \(\mathcal {S}_{j+r}=\mathcal {S}_{j}\) for all j ≥ n0. The least positive integer r with this property is the period of \((\mathcal {S}_{i})_{i=0}^{\infty }\) and the corresponding least nonnegative integer n0 is the preperiod of \((\mathcal {S}_{i})_{i=0}^{\infty }\). The sequence \((\mathcal {S}_{i})_{i=0}^{\infty }\) is periodic if its preperiod is 0.
The subsequent outcome provides some interesting facts about wfsr.
Proposition 1
In [37] , pseudorandom sequence \((\mathcal {S}_{i})_{i=0}^{\infty }\) produced by the wfsr (3) of order n over \(\mathbb F_{2^{m}}\), it consists
- (i)
\((\mathcal {S}_{i})_{i=0}^{\infty }\) has periodic behaviour, and the period is 2mn − 1;
- (ii)
if B0 is nonsingular, then \((\mathcal {S}_{i})_{i=0}^{\infty }\) is periodic; in an opposite way, if \((\mathcal {S}_{i})_{i=0}^{\infty }\) is periodic whenever the initial state is of the form \((b, 0, {\dots } , 0)\), where, \(b\in \mathbb F_{2^{m}}\) with b≠ 0, then B0 is nonsingular.
The wfsr of order n over \(\mathbb F_{2^{m}}\) is primitive if for any variety of nonzero initial state, the sequence produced by that wfsr has periodic behaviour of period 2mn − 1. By Proposition 1 if \(I_{m}Y^{n} -B_{n-1}Y^{n-1}- {\cdots } -B_{1}Y-B_{0} \in M_{m} \left (\mathbb {F}_{2}\right )[Y]\) is the matrix polynomial of primitive wfsr, then the matrix B0 is assuredly nonsingular. Connected with a matrix polynomial \(I_{m}Y^{n} -B_{n-1}Y^{n-1}- \cdots -B_{1}Y-B_{0} \in M_{m}(\mathbb {F}_{2})[Y]\), it can be represented as a (m,n)-block companion matrix \({\textsf B}_{\textsf {wfsr}} \in M_{mn}(\mathbb {F}_{2})\) as follows
where, Im represent the m × m identity matrix over \(\mathbb {F}_{2}\), while 0 signifies the zero matrix in \(M_{m}(\mathbb {F}_{2})\). Applying a Laplace expansion or the proper order of elementary column operations, it is clear to identify \(\det {\textsf B}_{\textsf {wfsr}} = \pm \det (B_{0})\). As a result,
where, \(\operatorname {GL}_{m}(\mathbb {F}_{2})\) is the general linear group of m × m nonsingular matrices over \(\mathbb {F}_{2}\). With regard to the above mentioned that the block companion matrix (4) is the state transition matrix for the wfsr (3). Certainly, the l-th state \(\mathcal {S}_{\textsf {l}}:=\left (\mathcal {S}_{\textsf {l}}, \mathcal {S}_{\textsf {l}+1}, \dots , \mathcal {S}_{\textsf {l}+n-1}\right ) \in \mathbb {F}_{2^{m}}^{n}\) of the wfsr (3) is acquired from the initial state \(\mathcal {S}_{0}:=\left (\mathcal {S}_{0}, \mathcal {S}_{1}, \dots , \mathcal {S}_{n-1}\right ) \in \mathbb {F}_{2^{m}}^{n}\) by \(\mathcal {S}_{\textsf {l}} = \mathcal {S}_{0} {\textsf B}_{\textsf {wfsr}}^{\textsf {l}}\), for any l ≥ 0. Here, wfsr can be recognized by (3) the block companion matrix (4).
This paper studies a special set of wfsr. The value of the word size (m) is identified as (8/16/32/64/128). In the proposed work, 32-bit output based wfsr architecture has been considered and shown in Fig. 1. Before the output sequence generation, the structure must be initialized with nonzero key/seed values. In this case, wfsr loaded by 16 blocks of Hex value and per block contains 32-bit (i.e. 16 × 32 = 512-bit).
3 Proposed framework
The proposed cryptosystem is presented in three parts, namely, key sharing, encryption, and decryption. The block diagram of the proposed cryptosystem is shown in Fig. 2.
3.1 Key sharing
After the image encryption system, the user sends the encryption key to the receiver by any public-key sharing algorithm like a digital envelope. Figure 2 illustrates the generic key sharing system.
- 1.
As already discussed, proposed work considered 32-bit wfsr, and it uses 512-bit key value (κ) as shown in Appendix A.
- 2.
In a general way, the sender generates \({E_{{R}_{pub}}(x_{0}, \varphi , \widehat {r}, \kappa )}\) and shared with the receiver by the public key of the receiver. All the notations are mentioned in Fig. 2.
- 3.
Next, the receiver extracts the file \({D_{{R}_{pri}}\left (E_{{R}_{pub}}(x_{0}, \varphi , \widehat {r}, \kappa )\right )}\) by own private key.
In the asymmetric key sharing cryptosystem, particularly ECDH have a great prospect to satisfy the requirements of high security as well as less computation time. The proposed scheme has used ECDH key sharing algorithm and summarized in Section 5.8.
3.2 Encryption scheme
In this work, the cipher image is generated by a strong cryptosystem. The steps for generating a cipher image is as follows:
- 1.
Select the plain image of size (n × n).
- 2.
In the plain image, Logistic map has been used to provide random behavior in the digital image. As discussed, the ranges of φ and x in the Section 2.1.
- 3.
Let (x,y) coordinate belongs to the plain image. The Arnold’s cat map performed on the pair (x,y), and it becomes \((x^{\complement }, y^{\complement })\). Next, the value of \(\mathcal {A}\) and \({}\) are set to 1 (see (2)). Here, the number of scramble rounds termed as \(\widehat {r}\).
- 4.
A special kind of 32-bit wfsr is used for further encryption system. Now it is important to explain, how many times wfsr run to obtain pseudorandom sequence. Wfsr output sequence depends on the number of pixel values of the scrambled image (as the value of RGB is \(\frac {n \times n \times 3 \times 8}{m}\)). A pixel value typically consists of (3×8 = 24) bits for the color image that is one byte each for R, G, and B, and m = 32 is the output size/clock of the wfsr. For example, if (256 × 256) RGB image is used, and run the wfsr upto \(\left [\frac {256 \times 256 \times 3 \times 8}{32} = 49152\right ]\) times for random number sequence generation.
- 5.
Next, perform Exclusive OR (XOR) operation of the keystream of wfsr, and the binary pixel values of the scrambled image. From this result, the cipher image has been obtained.
3.3 Decryption scheme
Decryption is the inverse process of encryption system.
- 1.
Select the cipher image. Also collect the values of (x0, φ, \(\widehat {r}\), and κ). Specifically, (x0, φ) values for Logistic map, \(\widehat {r}\) for Arnold’s cat-map round number, and κ for wfsr key.
- 2.
Now receiver run the wfsr based on the cipher image pixel size as mentioned in step number 4 of the encryption system 3.2.
- 3.
XOR (cipher image pixel value, wfsr keystream).
- 4.
Perform Logistic map using the parameters of (x0, φ).
- 5.
Unscramble the scrambled image by using Arnold’s cat map round (\(\widehat {r}\)) and get the original image.
4 Simulation and statistical analysis
In this section, simulation result has been performed to show the resistance of the proposed scheme against several statistical properties. A sample of plain images (a-d), scrambled images (e-h), and cipher images (i-l) are presented in Fig. 3 respectively. This encryption system is operated on Matlab 2016, Mathematica 10, SageMath Version 7.0, and GCC-4.8. It may be noted that (512 × 512) cipher images are considered in the paper. But the sake of simplicity, (201 × 201) dimension images have been shown in the article. In order to assess the plain image and cipher image quality, two important metrics, namely structural similarity (SSIM) index, and Peak signal-to-noise ratio (PSNR) have been measured and shown in Table 1.
In this section, we have presented histogram, correlation coefficient, entropy, and Chi-square test for the proposed cryptosystem.
4.1 Histogram analysis
In digital image processing, the histogram of an image usually indicates the frequency distribution of the pixel intensity values. Cryptographic primitive is intended to make good cipher image which comprises the uniform distribution of pixel intensity values. Thus the attacker is unable to obtain valuable data from the cipher image. Figure 4 illustrates the histogram plot of plain images, and its corresponding cipher images.
4.2 Correlation coefficient
The Correlation coefficient signifies the correlation or similarity among two adjacent pixels in the digital image. Usually, image pixels are extremely repetitive, so they have a large correlation among adjacent pixels. In that regard, the cipher image should be produced in such a way that the image has a low correlation among the adjacent pixels and it would be hard to recognize the similarity between the pixel contents by the attacker. It is measured as follows:
where,
The correlation coefficients results of the plain images and cipher images are tabulated in Table 2. The tabulated results are close to zero that indicates there is no correlation among the adjacent pixels of the cipher images in horizontal, vertical, and diagonal areas. Correlation plot for plain and cipher Baboon image along horizontal, vertical, and diagonal element are illustrated in Fig. 5a-f.
4.3 Information entropy
Shannon proposed the fundamental notion of information entropy, and it is reported in [35]. It can be defined as follows:
where, p(xi) is the probability mass function. In data communications, the word ‘entropy’ associates to the relative degree of randomness. Thus, a high value of the entropy indicates the high-level of randomness. Table 3 summarizes the entropy results of plain images and the corresponding cipher images.
4.4 Chi-square test
Chi-square test measuring the difference between the observed and the expected result to evaluate the statistical value of the uniform distribution of pixels in the cipher image. There is a well-known equation for measuring this Chi-square test (χ2):
where,
- O i :
-
: observed intensity distribution of each gray level (0-255)
- E i :
-
: expected intensity distribution of each gray level (0-255)
In this test, α = 0.05 value has been preferred for the significance level, which is the default value for the Chi-square test. Next, the Chi-square values of the different size cipher images are tabulated in Table 4. Chi-square test reveals that the cipher image produces a uniform distribution of pixel values.
5 Security and performance analysis
This section provides known and chosen-plaintext attack, key sensitivity test, differential attack, noise attacks, occlusion attack, NIST randomness test, encryption time, and ECDH performance analysis.
5.1 Known and chosen-plaintext attack
In the chosen plaintext attack, an attacker can choose random plaintext data to encrypt and get the ciphertext. After achieving good cryptographic results also, a few image encryption systems have been vulnerable to known and chosen-plaintext attacks [20]. In the suggested scheme, firstly the plain image pixel has been randomized by the Logistic map and further, it has been scrambled by Arnold’s scrambling technique. Next, the highly random keystream is used for cipher image generation. Therefore, it is extremely difficult for an attacker to obtain any information from plain and cipher image. Hence, it can be claimed that the proposed encryption system efficiently resists known-plaintext and chosen-plaintext attacks.
5.2 Key analysis
Key analysis is used to show the sensitivity of the image encryption scheme for the input key. A small level of difference in the key may produce a severe difference in the output image. Kerckhoffs stated [21]: ‘A cryptosystem should be secure even if everything about the system, except the key, is public knowledge'. In general, the bigger keyspace helps to resist the ciphers Brute force attack. In this scheme, 512-bit key has been used. That signifies 2512 keyspace of the proposed scheme has enough capability to resist the Brute force attack.
Typically, the key sensitivity analysis of the cryptosystem can be judged by two phases: (a) solely modified plain image should be obtained while slightly altered keys are used to decrypt the same cipher image; (b) the cipher image should not be extracted in the correct manner if there is a small change between the encryption and decryption keys.
In order to evaluate the key sensitivity test, two types of faulty key has been used which is simply (i) a bit and (ii) a word changed from the original key of the recipient. As seen from Fig. 6, that the proposed scheme performs no similarity between the original cipher image and wrong decipher image.
5.3 Differential attack
In general, NPCR and UACI are used to compute the differential attack resistance of the cryptographic system. Specifically, NPCR means the rate of variation of pixel position between the original and the cipher image, and UACI represented as the variations in average intensity rates among the plain and cipher image. The NPCR and UACI formulas are specified as follows:
where,
The NPCR and UACI results are tabulated in Table 5, and it is observed that the proposed scheme has the ability to avoid the differential attack.
5.4 Noise attack analysis
Noise attack is one of the powerful attacks for the cipher image. If anyone imposes high noise on the cipher image, it would be very difficult to obtain the original image. In order to evaluate the robustness test of the proposed scheme against noise attacks, two types of noises, namely the Gaussian, salt and pepper are applied in the encrypted images. The data obtained from the experiments are presented in the following parts.
5.4.1 Gaussian noise
This part measures the robustness test, i.e., how the proposed scheme is resisting against the four variances of Gaussian noise. Figure 7a-d shows the Baboon cipher images, (e-h) Baboon decrypted images, and (i-l) Nehu decrypted images. As seen from Fig. 7, that if the attacker attaches different parameters of noises (like 0.01, 0.02, 0.03, and 0.05), the proposed scheme has the capability to recover the maximum information of the image.
5.4.2 Salt and pepper attack
This noise is popular as impulse noise. Here, the noise can be affected by sharp and unexpected interruptions inside the image signal. The performance of the cipher image has been evaluated using various levels of salt and pepper noise. After imposing 10%, 20%, 30%, and 50% salt and pepper noise, it is capable of recovering the original images, as shown in Fig. 8.
5.5 Occlusion attack
When the sender send some images and if knowingly or unknowingly, some portion of the image pixel values are dissipated is known as occlusion attack. To evaluate the proposed scheme, different levels of occlusions (like 6.25%, 12.5%, 25%, and 50%) are tempered with the encrypted images. Figure 9i-l illustrates the decrypted images of Fig. 9a-d, respectively. As seen from Fig. 9, that even after contaminated by different levels of occlusions, the plain image can be recovered to some extent.
Different noise variances against PSNR (dB) results are plotted graphically, and shown in Fig. 10. Further, Mean square error (MSE) and SSIM results for the different types of noise attacks are tabulated in Table 6. From the result, it is clear that the mentioned attacks unable to affect the proposed scheme.
5.6 Randomness analysis
The randomness test plays a vital role in the design of cryptosystem because it easily detects the weaknesses of the crypto structure. Randomness test of the selected cipher images has been carried out by NIST test suite [34]. For randomness test, at least 106 (1 Million) keystream is required from cipher image pixel value. The result of the randomness test is analyzed by P-value. Throughout the test, the P-value is evaluated, if the P-value is less than 0.01, then the selected keystream is supposed to be non-random else it is judged to be random. NIST test suite consists of 15 different statistical tests. NIST randomness test results of cipher images are elaborated in Table 7.
5.7 Encryption time
Computational speed is very much important for real-time encryption system. The configuration of the system is as follows: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3408 MHz, 4 Core(s), 8 Logical processor(s). The encryption time requirement is measured by the sum of time spent during wfsr random number generation, XOR operation of wfsr keystream sequence with scrambled image bitstream, and parameter initialization. The average encryption time (in seconds) taken by the algorithm for (512 × 512) sized image is presented in Table 8.
5.8 Performance analysis of ECDH
In a generic way, the proposed scheme has shown that digital envelope has used for key exchange among sender and receiver. Usually, RSA, Diffie-Hellman, ECDH, Curve25519, etc., are some common public key protocols generally considered for key exchange. But, in the proposed scheme, the key exchange protocol needs to be lightweight. The ECDH key sharing protocol [13] is normally much faster than other conventional public key systems. Additionally, ECDH has some benefits in terms of key length and secure performance. The elliptic curve discrete logarithm problem (ECDLP) [26] is assumed to be a hard problem by the state of till date best practices technology. But still, there are a few uncertainties linked with it because of the lack of mathematical proof.
In this experimental work, ECDH has been implemented in C language. Moreover, key exchange time performances have been analyzed by two important attainable parameters, namely encryption time and decryption time. Experimental results are tabulated in Table 9. Specifically, the proposed method uses 512-bit lengths key in ECDH, which requires in total 0.150202 seconds for encryption and decryption.
6 Comparison
This section highlights the performance of the proposed system compared with state-of-the-art schemes [2, 3, 5, 9, 10, 20, 25, 29, 32]. Table 10 shows the comparison result of some important performance metrics such as entropy, NPCR, UACI, and correlation coefficient (in terms of HC, VC, DC). As seen from Table 10, proposed scheme performance metrics results are better and close to the recent schemes. Projected system security is enhanced by wfsr, which is designed as a high-quality pseudo-random number generator. Despite this pseudo-random behavior, the system can maintain a proper balance between robustness and computational performance. Regarding the computation cost as one of the tools to resolve the complexity of the system; Table 8 reveals that the proposed system is faster than the schemes of [2, 5, 9, 25] for encryption speed. Compared to Ref. [2, 5, 9, 25] key sharing time has not considered while it has been addressed in the proposed method and shown in Table 9. Therefore, the comparative evaluation assures that the performance of the proposed system has the ability to maintain the trade-off between high security with computational complexity.
7 Conclusions
The proposed method is an efficient and secure image encryption scheme. A three-level image encryption method is implemented where first two levels namely Logistic map and Arnold’s scrambling are used for the randomization of pixel values, and third-level encrypt the pixel values by the keystream generated by a special wfsr. The wfsr offers not only fast software encryption but also provides high-quality pseudorandom sequences with desired level statistical properties. Next, the ECDH scheme has been suggested for the image encryption key sharing. Simulations and performance evaluations showed that the scheme requires lower time complexity in encryption and key sharing. Detailed statistical analyses like entropy, correlation coefficient, keyspace, key sensitivity, NIST randomness test were carried out to show the effectiveness of the proposed system. The various security analyses show that the proposed scheme can resist many attacks like known and chosen-plaintext attack, differential attack, different types of noise attacks. Further, some important metrics are compared with state-of-the-art schemes, and the proposed method exhibits superior performance. Therefore, the proposed system has good prospects in real-time multimedia-based applications.
References
Abd EL-Latif AA, Abd-El-Atty B, Venegas-Andraca SE (2019) A novel image steganography technique based on quantum substitution boxes. Opt Laser Technol 116:92–102
Abd El-Latif AA, Niu X (2013) A hybrid chaotic system and cyclic elliptic curve for image encryption. AEU-Int J Electron C 67(2):136–143
Abd El-Latif AA, Li L, Niu X (2014) A new image encryption scheme based on cyclic elliptic curve and chaotic system. Multimed Tools Appl 70(3):1559–1584
Abd El-Latif AA, Li L, Wang N, Peng J-L, Shi Z-F, Niu X (2012) A new image encryption scheme for secure digital images based on combination of polynomial chaotic maps Research Journal of Applied Sciences. Eng Technol 4(4):322–328
Abd El-Latif AA, Li L, Wang N, Qi H, Niu X (2013) A new approach to chaotic image encryption based on quantum chaotic system, exploiting color spaces. Signal Process 93(11):2986–3000
Aïssa B, Nadir D, Mohamed R (2013) Image encryption using stream cipher based on nonlinear combination generator with enhanced security. New Trends in Mathematical Sciences 1(1):10–19
Akhavan A, Samsudin A, Akhshani A (2015) Cryptanalysis of ”an improvement over an image encryption method based on total shuffling”. Opt Commun 350:77–82
Abd El-Latif AA, Wang N, Peng J-L, Li Q, Niu X (2013) A new encryption scheme for color images based on quantum chaotic system in transform domain. In: Fifth International Conference on Digital Image Processing (ICDIP 2013), vol 8878. International society for optics and photonics, pp 88781s
Belazi A, Abd El-Latif AA, Diaconu A-V, Rhouma R, Belghith S (2017) Chaos-based partial image encryption scheme based on linear fractional and lifting wavelet transforms. Opt Lasers Eng 88:37–50
Belazi A, Khan M, Abd El-Latif AA, Belghith S (2017) Efficient cryptosystem approaches: S-boxes and permutation–substitution-based encryption. Nonlinear Dyn 87 (1):337–361
Benrhouma O, Hermassi H, Abd El-Latif AA, Belghith S (2015) Cryptanalysis of a video encryption method based on mixing and permutation operations in the dct domains. SIViP 9(6):1281–1286
Bishoi SK, Haran HK, Ul Hasan S (2017) A note on the multiple-recursive matrix method for generating pseudorandom vectors. Discret Appl Math 222:67–75
Bos JW, Alex Halderman J, Heninger N Jonathan Moore, Michael Naehrig, and Eric Wustrow. Elliptic curve cryptography in practice. Cryptology ePrint Archive, Report 2013/734, 2013. Available: https://eprint.iacr.org/2013/734
Chai X, Yang K, Gan Z (2017) A new chaos-based image encryption algorithm with dynamic key selection mechanisms. Multimed Tools Appl 76(7):9907–9927
Chen J, Zhu Z-l, Zhang L-b, Zhang Y, Yang B-q (2018) Exploiting self-adaptive permutation–diffusion and dna random encoding for secure and efficient image encryption. Signal Process 142:340–353
Das P, Deb S, Kar N, Bhattacharya B (2015) An improved dna based dual cover steganography. Procedia Computer Science 46:604–611
Deb S, Bhuyan B, Ch. Gupta N (2018) Design and analysis of lfsr-based stream cipher. In: Mandal JK, Saha G, Kandar D, Maji AK (eds) Proceedings of the International Conference on Computing and Communication Systems. Springer, Singapore, pp 631–639
Dzwonkowski M, Papaj M, Rykaczewski R (2015) A new quaternion-based encryption method for dicom images. IEEE Trans Image Process 24(11):4614–4622
Fridrich J (1998) Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurcation Chaos 8(06):1259–1284
Gan Z, Chai X, Zhang M, Yang L (2018) A double color image encryption scheme based on three-dimensional brownian motion. Multimed Tools Appl 77(21):27919–27953
Kerckhoffs A (1883) La cryptographic militaire. Journal des Sciences Militaires IX:5–38
Kocarev L (2001) Chaos-based cryptography: a brief overview. IEEE Circuits Syst Mag 1(3):6–21
Kumar P, Rana SB (2016) Development of modified aes algorithm for data security. Optik-International Journal for Light and Electron Optics 127(4):2341–2345
Kumar M, Iqbal A, Kumar P (2016) A new rgb image encryption algorithm based on dna encoding and elliptic curve diffie–hellman cryptography. Signal Process 125:187–202
Laiphrakpam DS, Khumanthem MS (2018) A robust image encryption scheme based on chaotic system and elliptic curve over finite field. Multimed Tools Appl 77 (7):8629–8652
Lauter KE, Stange KE The elliptic curve discrete logarithm problem and equivalent hard problems for elliptic divisibility sequences. Cryptology ePrint Archive, Report 2008/099, 2008. Available: https://eprint.iacr.org/2008/099
Li L, Abd ElLatif AA, Qi H, Niu X (2012) An improved additively homomorphic image encryption scheme based on elliptic curve elgamal. International Journal of Advancements in Computing Technology 4:223–230
Liu W, Sun K, Zhu C (2016) A fast image encryption algorithm based on chaotic map. Opt Lasers Eng 84:26–36
Liu H, Kadir A (2015) Asymmetric color image encryption scheme using 2d discrete-time map. Signal Process 113:104–112
Meenpal T, Banik S, Maitra S (2017) A scheme for conditional access-based systems using index locations of dct coefficients. J Real-Time Image Proc 13(2):363–373
Praveenkumar P, Amirtharajan R, Thenmozhi K, Rayappan JBB (2015) Medical data sheet in safe havens–a tri-layer cryptic solution. Comput Biol Med 62:264–276
Praveenkumar P, Kerthana Devi N, Ravichandran D, Avila J, Thenmozhi K, Rayappan JBB, Amirtharajan R (2018) Transreceiving of encrypted medical image–a cognitive approach. Multimed Tools Appl 77(7):8393–8418
Roy S, Pal AK (2018) An svd based location specific robust color image watermarking scheme using rdwt and arnold scrambling. Wirel Pers Commun 98 (2):2223–2250
Rukhin A, Soto J, Nechvatal J, Smid M, Barker E (2001) A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, National Institute of Standards and Technology
Shannon CE (1948) A mathematical theory of communication. Bell Syst Tech J 27(3):379–423
Teng L, Wang X (2012) A bit-level image encryption algorithm based on spatiotemporal chaotic system and self-adaptive. Opt Commun 285(20):4048–4054
Ul Hasan S, Panario D, Wang Q (2018) Nonlinear vectorial primitive recursive sequences. Cryptogr Commun 10(6):1075–1090
Wang L, Dong T, Ge M-F (2019) Finite-time synchronization of memristor chaotic systems and its application in image encryption. Appl Math Comput 347:293–305
Wang X, Teng L, Qin X (2012) A novel colour image encryption algorithm based on chaos. Signal Process 92(4):1101–1108
Zaghloul A, Zhang T, Hou H, Amin M, Abd El-Latif AA, Abd El-Wahab MS (2014) A block encryption scheme for secure still visual data based on one-way coupled map lattice. International Journal of Security and Its Applications 8 (4):89–100
Zaghloul A, Zhang T, Amin M, Abd El-Latif AA (2014) Color encryption scheme based on adapted quantum logistic map. In: Sixth International Conference on Digital Image Processing (ICDIP 2014), vol 9159. International Society for Optics and Photonics, pp 915922
Zeng G, Han W, He K High efficiency feedback shift register: σ −lfsr. Cryptology ePrint Archive, Report 2007/114, 2007. Available: https://eprint.iacr.org/2007/114
Zhang TJ, Abd El-Latif AA, Amin M, Zaghloul A (2014) Diffusion-substitution mechanism for color image encryption based on multiple chaotic systems. In: Electronic Engineering and Information Science, vol. 981 of Advanced Materials Research, pp 327–330. Trans Tech Publications Ltd 8
Zhang Y, Di X (2013) Double optical image encryption using discrete chirikov standard map and chaos-based fractional random transform. Opt Lasers Eng 51 (4):472–480
Zhang T, El-Fatyany A, Li L, Amin M, Abd El-Latif AA (2015) Secret sharing-based chaotic image encryption. International Journal of Security and Its Applications 9(7):217–224
Zhang TJ, Manhrawy IM, Abdo AA, Abd El-Latif AA, Rhouma R (2014) Cryptanalysis of elementary cellular automata based image encryption. In: Electronic Engineering and Information Science, vol 981 of advanced materials research, pp 372–375. Trans tech publications ltd, 8
Zhao T, Ran Q, Chi Y (2015) Image encryption based on nonlinear encryption system and public-key cryptography. Opt Commun 338:64–72
Acknowledgements
The authors would like to thank Dr. P. Praveenkumar and Dr. Sartaj Ul Hasan for suggesting the problem and for discussions. We are also thankful to the editor and the anonymous reviewers for the useful comments and it has immensely helped us to significantly improve both technical and editorial quality of the manuscript.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix A: wfsr details
Note for Test Vectors:
In [42, B, Page No. -13], all the polynomial equations are listed. As mentioned earlier, 32-bit wfsr has been considered. Initially, 16 blocks of Hex value (i.e., 16 × 32 = 512 bit key/seed value) are loaded in the wfsr and as shown in below.
Appendix B: PSNR, MSE, and SSIM
where,
m × n: image size
where,
Ii,j: plain image pixel
Ki,j: cipher image pixel
where,
ηx: Average of x
ηy: Average of y
τxy: Covariance of x, y
τx: St. Dev of x
τy: St. Dev of y
ε1: 0.01
ε2: 0.03
l1: (ε1b)2
l2: (ε2b)2
b: 2Number of bits per pixel - 1
Rights and permissions
About this article
Cite this article
Deb, S., Biswas, B. & Bhuyan, B. Secure image encryption scheme using high efficiency word-oriented feedback shift register over finite field. Multimed Tools Appl 78, 34901–34925 (2019). https://doi.org/10.1007/s11042-019-08086-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-019-08086-y