1 Introduction

In 1989, the first chaos-based encryption algorithm was proposed by the British mathematician Matthews [1], in which the logistic map was used to construct a key generator. Since then, cryptographers have proposed many kinds of chaotic image ciphers [28]. Particularly, with larger data capacity and higher correlation among pixels, encryption of colour images demands better statistic and diffusion properties of image algorithms than that of grey images. Thus, colour image encryption is really worth researching.

When designing a scheme, security is a basic property which should be considered. In recent years, cryptographers have proposed many new design methods to improve the security of colour image encryption.

In the earlier stage, a substitution–diffusion-based colour image cipher using chaotic standard and logistic maps was proposed by Patidar et al. [9]. But considering the interaction of different colours, multi-dimensional chaos systems were introduced into the design of colour image encryption scheme. There are many examples, such as the algorithm proposed by Wang et al. [10] which used chaotic system to encrypt the \(R, G, B\) components of a colour image at the same time and makes these three components affect each other, the algorithm proposed by Kanso et al. [11] in which 3D chaotic cat map was used to scramble shuffled pixels through mixing and masking rules, and the 6-dimensional generalized chaos synchronization system proposed by Han and Min which was based on 3D-Lorenz map to enhance the security of image information [12].

Apart from using multi-dimensional systems, the combination of different chaotic systems is another way used widely by cryptographers to enhance the scheme security. Wu et al. [13] proposed a colour image cryptosystem based on synchronization of two different six-dimensional hyperchaotic systems, which has high security and can resist noise and crop attacks. Wu et al. [14] proposed an algorithm to secure three colour images simultaneously by combining scrambling with the reality-preserving fractional discrete cosine transform. Sankaran et al. [15] proposed a scheme which employs one of the three dynamic chaotic systems (Lorenz or Chen or LU chaotic system selected based on 16-byte key) to shuffle the position of the image pixels (pixel position permutation) and to confuse the relationship between the cipher image and the plain image (pixel value diffusion), thereby significantly increasing the resistance to attacks. Zhang et al. [16] proposed a new scheme based on coupled logistic map, self-adaptive permutation and other structures to strength the security performance.

But relatively, cryptographers focus less on the speed performance. Little of recent papers on colour image encryption made the speed analysis. The most impressing result is that in 2014, Mohamed proposed a new tweakable construction of block-enciphers using second-order reversible cellular automata, which focuses on the performance of RGB-coloured image encryption, which can encrypt a 512*512 image in 0.75s using a Delphi 6 programming environment and an i7-2600 3.40 GHz platform [17].

At the same time, the analysis of chaotic image cipher is also much developed. In [18], the encryption algorithm of Fridirich [19] was cryptanalyzed by a chosen ciphertext attack based on casuality paths. In [20], a novel image encryption scheme based on improved hyperchaotic sequences was broken by known plaintext attack. Considering larger data capacity and higher correlation among pixels of colour images, colour image encryption algorithms are faced with more danger. Soon after the proposal of colour image encryption algorithm PPS09 [9], Rhouma et al. [21] developed an equivalent description of the PPS09 cryptosystem which facilitated it in the cryptanalysis of the original cipher in terms of chosen plaintext and known plaintext attacks. In [22], a chaos-based colour image encryption algorithm [10] which was proposed by cascading two position permutation operations and one substitution operation was broken by chosen plaintext attack. Thus, algorithm for colour image encryption with better statistic and diffusion properties and higher level of security is needed.

In this paper, a chaotic encryption algorithm for colour images is proposed, which uses 4-Pixel Feistel structure, multiple chaotic maps and systems and dependent encryption process to realize good performance. The rest of paper is organized as follows. The Sect. 2 contains the description of construction and the process of the proposed algorithm. Simulation results, performance analysis and cryptanalysis are reported in Sect. 3. Conclusions are drawn in the last section.

2 Algorithm proposed

In this section, the proposed algorithm will be introduced in three levels. The basic level is the functions based on multiple chaotic maps which will be used to construct the round functions. Intermediate level is the block operation including two rounds of 4-Pixel Feistel structure and its round functions. The top level is the dependent encryption process. Otherwise, the key generators will also be presented.

2.1 Functions based on multiple chaotic maps

Functions based on multiple chaotic maps (namely \(f\) and \({f}')\) are designed to realize the diffusion between 2 pixels, to improve the confusion effect of the cipher and to hide the plaintext for avoiding the plaintext participate in calculating directly.

\(f\) and \({f}'\) both have four integer numbers between 0 and 255 as inputs, namely \(a, b.1, b.2\) and \(b.3\). And the output of \(f\)is an integer number between 0 and 255. Meanwhile, \(f\) and \({f}'\) are same in the structure, both contains three parts: Parameter generator based on logistic map \(LM0\), initial condition generator based on piecewise linear function \(PL0\) and output generator based on piecewise linear function \(PL1\). The difference of \(f\) and \({f}'\) is the use of different parameters, initial conditions and initialization iteration times to update \(LM0\) and \(PL0\) before encryption (Fig. 1).

Fig. 1
figure 1

Functions based on multiple chaotic maps \(f\) and \({f}'\)

Full size image

2.1.1 Logistic map \(LM0\)

The output \(xlc\) of logistic map \(LM0\) is used to generate parameter \(pin\) of piecewise linear function \(PL1\). The logistic map is described as follows:

$$\begin{aligned} x({t+1} )=px(t)({1-x(t)}) \end{aligned}$$
(1)

when \(3.57<p\le 4\) and \(0<x(t)<1\), the map is chaotic, and \(x(t)\) is ergodic on \(({0,1})\).

The initialization of \(LM0\) is determined by two parts: a fixed parameter \(3.57<p\le 4\) and parts of keys of algorithm, including initial condition \(xlc10\) (\(xlc10\) for \(f\) and \(xlc20\) for \({f}')\) and initialization iteration times \(pre1\) (\(pre1\) for \(f\) and \(pre2\) for \({f}')\). After initialization, the output \(xlc\) of \(LM0\) updates when \(f\) (or \({f}')\) is operated.

2.1.2 Piecewise linear function \(PL0\)

The output \(xpc\) of piecewise linear function \(PL0\) is used to generate parameter \(xin\) of piecewise linear function \(PL1\). The piecewise linear function is described as follows,

$$\begin{aligned} x( {t+1} )=\left\{ {\begin{array}{ll} {x( t )}/p,&{}\quad 0\le x( t )<p \\ {( {x( t )-p} )}/( {0.5-p} ),&{}\quad p\le x( t )<0.5 \\ {( {1-x( t )-p} )}/( {0.5-p} ),&{}\quad 0.5\le x( t )<1-p \\ {( {1-x( t )} )}/p&{}\quad 1-p\le x( t )\le 1, \\ \end{array}}\right. \end{aligned}$$
(2)

where \(x\in [ {0,1}],p\in ({0,0.5})\), the map is chaotic and \(x(t)\) is ergodic on \(({0,1})\).

The initialization of \(PL0\) is determined by two parts: a fixed parameter \(p\in ({0,0.5})\) and parts of keys of algorithm, including initial condition \(xpc10\) (\(xpc10\) for \(f\) and \(xpc20\) for \({f}')\) and initialization iteration times \(pre3\; (pre3\) for \(f\) and \(pre4\) for \({f}')\). After initialization, the output \(xpc\) of piecewise linear function \(PL0\) updates when \(f\) (or \({f}')\) is operated.

2.1.3 Piecewise linear function \(PL1\)

The output \(xout\) of piecewise linear function \(PL1\) is used to generate output of \(f\) (or \({f}')\). The piecewise linear function \(PL1\) is described as follows,

$$\begin{aligned} xout=\left\{ {\begin{array}{ll} {xin}/pin,&{}\quad 0\le xin<pin \\ {( {xin-pin} )}/( {0.5-pin} ),&{}\quad pin\le xin<0.5\\ {({1-xin-pin})}/({0.5-pin}),&{}\quad 0.5\le xin<1-p in \\ {\left( {1-xin} \right) }/pin&{}\quad 1-pin\le xin\le 1 \\ \end{array}} \right. \end{aligned}$$
(3)

Parameter \(pin\) of \(PL1\) is generated by formula (4), and initial condition \(xin\) of \(PL1\) is generated by formula (5).

$$\begin{aligned} pin= & {} {fraction({{({b.1+b.2+b.3})}/{765}+xlc})}/2\end{aligned}$$
(4)
$$\begin{aligned} xin= & {} fraction( {a/{255}+xpc}) \end{aligned}$$
(5)

where \(fraction()\) means taking the fraction part of the number.

With the ergodicity of \(LM0\) and \(PL0\) on \(({0,1})\), we can easily find that \(xin\in ({0,1}), pin\in ({0,0.5})\). And thus, the piecewise linear function \(PL1\) makes sense on mathematics.

The participation of pseudo-random numbers is to extend the data range of the parameters and initial situations. If there are not the pseudo-random numbers, the data range of the parameters will be just 766 numbers, namely \(\{ {0,1/{1530},2/{1530},\ldots ,1/2}\}\) and the data range of the initial situations will be 256 numbers, namely \(\{ {0,1/{255},2/{255},\ldots ,1} \}\). Because of the ergodicity of logistic map and the piecewise linear map, with the participation of the pseudo-random numbers, the data range of parameters will be the whole interval \(({0,1/2} )\), and the data range of initial situations will be the whole interval \(({0,1})\).

2.1.4 Structure of function \(f\) and \({f}'\)

The calculation process is as below.

  • Before encrypting, \(LM0\) and \(PL0\) should finish initialization.

  • \(LM0\) and \(PL0\) generate two pseudo-random numbers \(xlc\) and \(xpc\) between 0 and 1. And then, generate parameter \(pin\) of \(PL1\) by formula (4), and initial condition \(xin\) of \(PL1\) by formula (5).

  • \(PL1\) generates a pseudo-random number \(xout\) between 0 and 1. And then, generate an integer output between 0 and 255 by formula (6) (Fig. 2).

$$\begin{aligned} fout= & {} f( {a,b.1,b.2,b.3})\nonumber \\ {}= & {} \lfloor {xout\times 10^{14}} \rfloor \mod 256 \end{aligned}$$
(6)
Fig. 2
figure 2

Structure of function \(f\) and \({f}'\)

Full size image

2.2 4-Pixel Feistel structure and round functions

4-Pixel Feistel structure and round functions are designed to improve the diffusion properties of algorithm. Respectively, 4-Pixel Feistel structure focuses more on diffusion among 4 pixels and round functions focus more on the diffusion among three colours of pixels.

2.2.1 Pixel Feistel structure

The smallest block that we use to operate the encryption and decryption is 4 pixels. The operation is inspired by the 4-branch Feistel structure of CLEFIA [23]. But differently, the number of rounds is 2 and is enough to realize the whole diffusion. More rounds can be accepted, and in theory, the security intensity will be promoted, but in cost of the speed (Figs. 3, 4)

Fig. 3
figure 3

Block of operation

Full size image
Fig. 4
figure 4

4-Pixel Feistel structure of encryption

Full size image

\(K\) is 3-dimensional vector \(( {k_1 ,k_2 ,k_3 })\) generated by Lorenz system, and \({K}'\) is 3-dimensional vector \(({k_1 ^{\prime },k_2^{\prime },k_3 ^{\prime }})\) generated by Chen’s system.

There are two reasons why we design 4-Pixel Feistel structure. Firstly, as a character of Feistel structures, the encryption and the decryption have similar structures. It permits us to use relatively complex functions in the encryption and decryption process. Secondly, 4-Pixel Feistel structure can be calculated by parallel computing. It provides a potential of higher encryption speed.

2.2.2 Round functions

Round functions (namely \(pf\) and \(p{f}')\) are 3-dimensional functions, respectively, constructed by \(f\) and \({f}'\) to improve the diffusion properties among three colours of pixels by the rotation of colours participating in operation. The mathematical description of \(pf\) and \(p{f}'\) is abstract and helpless. We can simply observe how \(pf\) and \(p{f}'\) work by the description of one round operation of 4-Pixel Feistel structure.

We suppose that the RGB value of pixel \(p\) can, respectively, be presented as \(p.r\), \(p.g\), \(p.b\). \(( k_1 ( i ),k_2 ( i ),k_3 ( i ) )\) and \(( {k_1 ^{\prime }( i ),k_2 ^{\prime }( i ),k_3 ^{\prime }( i )} )\) are round keys generated in the key expansion.

For each round, the encryption operation can be expressed as:

$$\begin{aligned}&\left\{ {\begin{array}{l} pixel1.r=pixel4.g\oplus f( {pixel1.b\oplus k_1 ( i ),pixel3.r,pixel3.g,pixel3.b} ) \\ pixel1.g=pixel4.b\oplus f( {pixel1.r\oplus k_2 ( i ),pixel3.r,pixel3.g,pixel3.b} ) \\ pixel1.b=pixel4.r\oplus f( {pixel1.g\oplus k_3 ( i ),pixel3.r,pixel3.g,pixel3.b} ) \\ \end{array}} \right. \end{aligned}$$
(7)
$$\begin{aligned}&\left\{ {\begin{array}{l} pixel2.r=pixel1.r \\ pixel2.g=pixel1.g \\ pixel2.b=pixel1.b \\ \end{array}} \right. \end{aligned}$$
(8)
$$\begin{aligned}&\left\{ {\begin{array}{l} pixel3.r=pixel2.b\oplus {f}'(pixel3.g\oplus k_1 ^{\prime }\left( i \right) ,pixel1.r,pixel1.g,pixel1.b) \\ pixel3.g=pixel2.r\oplus {f}'(pixel3.b\oplus k_2 ^{\prime }\left( i \right) ,pixel1.r,pixel1.g,pixel1.b) \\ pixel3.b=pixel2.g\oplus {f}'(pixel3.r\oplus k_3 ^{\prime }\left( i \right) ,pixel1.r,pixel1.g,pixel1.b) \\ \end{array}} \right. \end{aligned}$$
(9)
$$\begin{aligned}&\left\{ {\begin{array}{l} pixel4.r=pixel3.r \\ pixel4.g=pixel3.g \\ pixel4.b=pixel3.b \\ \end{array}} \right. \end{aligned}$$
(10)

The diffusion among 3 colours is realized by the rotation of colours participating in operations. Thus, the change of any pixel’s colour can affect the other pixels’ colours.

2.3 3D chaotic key generators aiming at colour images

For colour images, each pixel has three colours as parameters. Using 3D chaotic system can generate three keys at one time. Using two different chaotic systems can effectively avoid the interaction of keys generated by two systems.

2.3.1 Lorenz system

The Lorenz system is described as follows:

$$\begin{aligned} \left\{ {\begin{array}{l} \dot{x}_1 =p( {x_2 -x_1 }) \\ \dot{x}_2 =-x_1 x_3 +rx_1 -x_2 \\ \dot{x}_3 =x_1 x_2 -tx_3 \\ \end{array}} \right. \end{aligned}$$
(11)

when \(p=10, r=28, t=8/3\), the system is chaotic.

For Lorenz system, with an initial condition \((x_1^*(0),x_2^*(0),x_3^*(0))\), use fourth-order Runge-Kutta to solve the Lorenz system with a step of \(h=0.001\). Firstly, iterate the Lorenz system \(M_0 \) times to generate the real initial condition \(( {x_1 (0),x_2 ( 0 ),x_3 ( 0 )})\), and for the next \(i\)th solution \(( {x_1 ( i ),x_2 ( i ),x_3 ( i )} )\) of Lorenz system, the key \(( {k_1 ( i ),k_2 ( i ),k_3 ( i )} )\) is generated by

$$\begin{aligned} \left\{ {\begin{array}{l} k_1 ( i )=\lfloor {( {x_1 ( i )-\lfloor {x_1 ( i )} \rfloor } )\times 10^{14}} \rfloor \mod 256 \\ k_2 ( i )=\lfloor {( {x_2 ( i )-\lfloor {x_2 ( i )} \rfloor } )\times 10^{14}} \rfloor \mod 256 \\ k_3 ( i )=\lfloor {( {x_3 ( i )-\lfloor {x_3 ( i )} \rfloor } )\times 10^{14}} \rfloor \mod 256 \\ \end{array}} \right. \end{aligned}$$
(12)

2.3.2 Chen’s system

The Chen’s system is described as follows:

$$\begin{aligned} \left\{ {\begin{array}{l} \dot{x}_4 =a( {x_5 -x_4 } ) \\ \dot{x}_5 =( {c-a} )x_4 -x_4 x_6 +cx_5 \\ \dot{x}_6 =x_4 x_5 -bx_6 \\ \end{array}} \right. \end{aligned}$$
(13)

when \(a=35, b=3, c=28\), the system is chaotic.

Similarly with Lorenz system, for Chen’s system, with an initial condition \(( {x_4^*( 0 ),x_5^*( 0 ),x_6^*( 0 )} )\), use fourth-order Runge-Kutta to solve the Chen’s system with a step of \(h=0.001\). Firstly, iterate the Chen’s system \(N_0 \) times to generate the real initial condition \(( {x_4 ( 0 ),x_5 ( 0 ),x_6 ( 0 )} )\), and for the next \(i\)th solution \(( {x_4 ( i ),x_5 ( i ),x_6 ( i )} )\) of Chen’s system, the key \(( {k_1 ^{\prime }( i ),k_2 ^{\prime }( i ),k_3 ^{\prime }( i )} )\) is generated by

$$\begin{aligned} \left\{ {\begin{array}{l} k_1 ^{\prime }( i )=\lfloor {( {x_4 ( i )-\lfloor {x_4 ( i )} \rfloor } )\times 10^{14}} \rfloor \mod 256 \\ k_2 ^{\prime }( i )=\lfloor {( {x_5 ( i )-\lfloor {x_5 ( i )} \rfloor } )\times 10^{14}} \rfloor \mod 256 \\ k_3 ^{\prime }( i )=\lfloor {( {x_6 ( i )-\lfloor {x_6 ( i )} \rfloor } )\times 10^{14}} \rfloor \mod 256 \\ \end{array}} \right. \end{aligned}$$
(14)

2.3.3 Key space

The proposed algorithm has a large key space composed of 10 double numbers and six integer numbers.

They are,

  • The initial condition of Lorenz System \(( x_1^*( 0 ),x_2^*( 0 ),x_3^*( 0) )\);

  • The initial condition of Chen’s System \(( x_4^*( 0 ),x_5^*( 0 ),x_6^*( 0) )\);

  • The initial conditions of two logistic maps \(xcl10\) and \(xcl20\);

  • The initial conditions of two piecewise linear functions \(xpie10\) and \(xpie20\)

  • The initial iteration times of Lorenz System \(M_0 \)

  • The initial iteration times of Chen’s System \(N_0 \)

  • The initial iteration times of two logistic maps \(pre1\) and \(pre2\)

  • The initial iteration times of two piecewise linear functions \(pre3\) and \(pre4\)

2.4 Dependent encryption process

Establishing dependent relationship among pixels is an effective mean to resist many cryptanalysis methods, such as known-/chosen plaintext attack and chosen cipher attack. In the proposed algorithm, the dependent relationship among pixels is established in the encryption process.

The block \(({i,j})\) presents a block as follows,

$$\begin{aligned} \left( {\begin{array}{ll} p( {i,j} )\quad \quad p( {i\!+\!2\!\times \! \lfloor {{( {j\!+\!1} )}/\mathrm{width}} \rfloor ,( {j\!+\!1})(\mod \mathrm width)}) \\ p( {i\!+\!1,j} )\;\;p( {i\!+\!1\!+\!2\!\times \! \lfloor {{( {j\!+\!1} )}/\mathrm{width}} \rfloor ,( {j\!+\!1} )( \mod \mathrm width)} ) \\ \end{array}} \right) \end{aligned}$$

\(0\le i\le Height-2,0\le j\le width-1, Height\) and \(width\) represent the height and width of the image.

With the defined block of operation, the \(height\times width\) image can be transferred into a new image with \(heigh{t}'=2\) and \(widt{h}'={height\times width}/2\). The new image is quite easy to apply the proposed diffusion operation (Figs. 5, 6).

Fig. 5
figure 5

Origin image

Full size image
Fig. 6
figure 6

New image

Full size image

In the encryption process, after handling the first block, the colours of last 2 pixels depend on all the colours of 4 pixels. And then, when we handle the second block, the first 2 pixels are the last 2 pixels of the first block, and then the dependent relationship is established block by block (Fig. 7).

Fig. 7
figure 7

Intersection of two blocks

Full size image

But we can also find that last block cannot affect previous block, thus, another time of encryption is needed.

The process of encryption can be described by pseudocode as follows,

$$\begin{aligned} \begin{array}{l} Lorenz\;System\;Initialized \\ Chen{\prime }s\;System\;Initialized \\ Logistic\;Maps\;Initialized \\ Piecewise\;Linear\;Functions\;Initialized \\ K\;and\;{K}'\;generated \\ for\;i=i+2\;from\;0\;to\;height-2 \\ \quad for\;j=j+1\;from\;0\;to\;width-1 \\ \quad \quad block\;operation\_en\left( {i,j} \right) ; \\ \quad end for \\ end\;for \\ for\;i=i-2\;from\;height-2\;to\;0 \\ \quad for\;j=j-1\;from\;width-1\;to\;0 \\ \quad \quad block\;operation\_en\left( {i,j} \right) ; \\ \quad end for \\ end\;for \\ \end{array} \end{aligned}$$

The \(block\;operation\_en\left( {i,j} \right) \) represents the block operation of encryption for the block \(\left( {i,j} \right) \).

The process of encryption can be described by flowchart as follows (Fig. 8),

Fig. 8
figure 8

Flowchart of the encryption process

Full size image

The encryption result and corresponding decryption result of “Lena” (512*512) and all-zero image (512*512) show in figure below. (Using key \(x_1^*=\hbox {3.05152212424679}\), \(x_2^*=\hbox {1.58254212245123}\), \(x_3^*=\hbox {15.6238853231785}\), \(x_4^*=\hbox {4.78999921123234}\), \(x_5^*=\hbox {1.98243221252248}\), \(x_6^*=\hbox {14.2532112455785}\), \(M_0 =20\), \(N_0 =30\), \(xcl10=\hbox {0.589756425683531}\), \( xcl20=0.286245832183542, xpie10=0.96311588683553, xpie20=0.732108327953574, prel=40, pre2=50, pre3=55, pre4=45. \) If there is no other announce, all the encryption and decryption examples use the above key in this paper.) (Fig. 9)

Fig. 9
figure 9

Results of “Lena” and all-zero image. a Plain image “Lena”. b Encrypted image. c Recovered image. d all-zero Image. e Encrypted image. f Recovered image

Full size image

3 Experimental results and cryptanalysis

In the following experimental environment, CPU: Intel Core i5-4210U CPU 1.70 GHz; Memory: 4.00 GB; Operating system: Windows 8.1; Coding tool: Visual studio 2012, the experiments include histogram analysis, correlation of two adjacent pixels, NPCR and UACI, sensitivity to cipher image, information entropy, key sensitivity, key space analysis and speed analysis.

3.1 Histogram analysis

Histograms show the distribution of pixel values in an image. The ideal histogram of a cipher image is uniform. In Figure below, we show the histograms of RGB values of the plain image “Lena” and those of the cipher image (Fig. 10 ).

Fig. 10
figure 10

a Histogram of red channel of “Lena”. b Histogram of green channel of “Lena”. c Histogram of blue channel of “Lena”. d Histogram of red channel of cipher © Histogram of green channel of cipher. f Histogram of blue channel of cipher

Full size image

In Figure below, we show the histograms of RGB values of the plain image, an all-zero image and those of the cipher image (Fig. 11 ).

Fig. 11
figure 11

a Histogram of red channel of all-zero image. b Histogram of green channel of all-zero image. c Histogram of blue channel of all-zero image. d Histogram of red channel of cipher \({\copyright }\) Histogram of green channel of cipher. f Histogram of blue channel of cipher

Full size image

We can find that the histograms of the cipher image are close to uniform. Thus, a frequency analysis cannot be used to break the algorithm.

Table 1 Correlation between plain image “Lena” and its cipher image
Full size table

3.2 Correlation of two adjacent pixels

The correlation of two adjacent pixels can be calculated according to the following formula:

$$\begin{aligned} r_{xy} =\frac{cov( {x,y} )}{\sqrt{D( x )}\sqrt{D( y )}} \end{aligned}$$
(15)

where

$$\begin{aligned} \hbox {cov}( {x,y} )= & {} \frac{1}{N}\sum _{i=1}^N {( {x_i -E( x )} )( {y_i -E( y )} )},\\ E( x )= & {} \frac{1}{N}\sum _{i=1}^N {x_i } , E( y )=\frac{1}{N}\sum _{i=1}^N {y_i } ,\\ N= & {} height\times width. \end{aligned}$$

First, we test the correlation between various colours of “Lena” and its cipher image, and compare the results with the algorithm PPS09 and mPPS09 [24] (Table 1).

We can find that the proposed algorithm have a much better statistic properties than PPS09 and mPPS09.

We will test the correlation of two adjacent in three directions, namely horizontal, vertical and diagonal. As the algorithm is for colour image, correlation of different channels should also been considered (Tables 2, 3, 4).

Table 2 Horizontal correlation of “Lena” Cipher
Full size table
Table 3 Vertical correlation of “Lena” Cipher
Full size table
Table 4 Diagonal correlation of “Lena” Cipher
Full size table

And then, as \(D\left( x \right) =0\) for all-zero image, we cannot test the correlation between various colours of all-zero image and its cipher image. But we can test the correlation of two adjacent of its cipher in three directions (Tables 5, 6, 7).

Table 5 Horizontal correlation of all-zero’s Cipher
Full size table
Table 6 Vertical correlation of all-zero’s Cipher
Full size table
Table 7 Diagonal correlation of all-zero’s Cipher
Full size table

The results show that different colours in different directions have little correlation.

3.3 NPCR and UACI

Number of Pixels Change Rate (NPCR) stands for the number of pixels change rate while one pixel of plain image changed. The NPCR gets closer to 100 %, the more sensitive the cryptosystem to the changing of plain image, and the more effective for the cryptosystem to resist plaintext attack. UACI(Unified Average Changing Intensity) stands for the average intensity of differences between the plain image and ciphered image. The UACI gets closer to 33.333...%, the more effective for the cryptosystem to resist differential attack.

NPCR and UACI can be calculated as follows,

$$\begin{aligned} \mathrm{NPCR}= & {} \frac{\sum _{ij} {D\left( {i,j} \right) } }{\mathrm{Width}\times \mathrm{Height}}\times 100\,\%\end{aligned}$$
(16)
$$\begin{aligned} \mathrm{UACI}= & {} \frac{1}{\mathrm{Width}\times \mathrm{Height}}\\\nonumber&\quad \times \left[ {\sum _{ij} {\frac{| {c_1 ( {i,j} )-c_2 ({i,j})} |}{255}} } \right] \times 100\,\% \end{aligned}$$
(17)

where \(c_1 ( {i,j} )\) and \(c_2 ( {i,j})\) are, respectively, the cipher image before and after one pixel of the plain image is changed. And if \(c_1 ( {i,j} )\ne c_2 ( {i,j} )\), \(D( {i,j} )=1\); otherwise, \(D( {i,j} )=0\).

The results of changing the red value of a pixel show in the Tables 8 and 9

Table 8 Results of NPCR and UACI of “Lena”
Full size table
Table 9 Results of NPCR and UACI of all-zero image
Full size table

The results show that bit change of the value of a colour channel of one pixel can cause change of whole cipher image. The good diffusion property is demonstrated. And the algorithm can resist plaintext attack and differential attack (Figs. 12, 13).

Fig. 12
figure 12

a Origin Image “Lena”. b Encrypted Image of “Lena”. c Encrypted Image of “Lena” changing red value of one pixel

Full size image
Fig. 13
figure 13

a Origin Image all-zero image. b Encrypted Image of all-zero image. c Encrypted Image of all-zero image changing red value of one pixel

Full size image

3.4 Sensitivity to cipher image

As is done in [11], when one pixel of cipher image is changed, the recovered plain image exhibits no correlation to the plain image, then the cipher can resist chosen cipher attack. Similarly, we calculate the NPCR and correlation for recovered image and plain image (Figs.  14, 15; Table 10).

Table 10 Results of Sensitivity to cipher image of “Lena”
Full size table
Fig. 14
figure 14

a Encrypted Image of “Lena”. b Decrypted Image of (a). c Decrypted Image of (a) with a red value of one pixel of cipher changed

Full size image
Fig. 15
figure 15

a Encrypted Image of all-zero image. b Decrypted Image of (a) c. Decrypted Image of (a) with a red value of one pixel of cipher changed

Full size image

Also as \(D(x )=0\) for all-zero image, we cannot test the correlation between various colours of the recovered image and plain image (Table 11).

Table 11 Results of Sensitivity to cipher image of all-zero image
Full size table

The results show that the algorithm can resist chosen cipher attack.

3.5 Information entropy

The method to calculate information entropy of an image can be expressed as below,

$$\begin{aligned} H(m)=\sum _{i=0}^{2^{N}-1} {p({m_i })\log _2 \frac{1}{p({m_i })}} \end{aligned}$$
(18)

where \(p({m_i})\) represents the probability of symbol \(m_i \), and \(\log _2 \) represents the base 2 logarithm so that the entropy is expressed in bits, \(N\) represents the number of bits we use to represent a pixel, and for one colour channel of a pixel, it is clear that \(N=8\). If an image is ideal random, then for each \(i,p({m_i})=1/{256}\), and we can easily find that \(H(m)=8\). And the results of cipher image of “Lena” and all-zero image are below (Tables 12, 13).

Table 12 Information Entropy of “Lena” cipher image
Full size table
Table 13 Information Entropy of all-zero’s cipher image
Full size table

The results show that entropy of all the three colour channels are close to the ideal value 8. Thus, the algorithm is secure upon the entropy attack.

3.6 Key sensitivity

To prove the key sensitivity to the encryption process, for double numbers, we will change the last number of its fraction, and for the integer numbers, will plus 1. And then calculate the correlation between the ciphered image before changing and the ciphered images after changing (Fig. 16).

Fig. 16
figure 16

a Encrypted Image with a 10\(^{-15 }\)change of \(x_1^*\). b Decrypted Image of (a) with origin key

Full size image

The origin encryption keys are

$$\begin{aligned} x_1^*= & {} \hbox {3.05152212424679},\\ x_2^*= & {} \hbox {1.58254212245123},\\ x_3^*= & {} \hbox {15.6238853231785},\\ x_4^*= & {} \hbox {4.78999921123234},\\ x_5^*= & {} \hbox {1.98243221252248},\\ x_6^*= & {} \hbox {14.2532112455785},\\ xcl10= & {} \hbox {0.589756425683531},\\ xcl20= & {} \hbox {0.286245832183542},\\ xpie10= & {} \hbox {0.963211588683553},\\ xpie20= & {} \hbox {0.732108327953574},\\ M_0= & {} 20, N_0 =30, pre1=40, \\ pre2= & {} 50, \quad pre3=55, pre4=45 \end{aligned}$$

The results of correlation test for encryption key sensitivity show as below (Table 14),

Table 14 Correlation test for encryption key sensitivity
Full size table

To prove the key sensitivity to the decryption process, for double numbers, we will change the last number of its fraction, and for the integer numbers, we will plus 1. And then use them as keys to decrypt the image encrypted by origin keys. After that, we calculate the correlation of the novel decrypted images and the origin decrypted image (Fig. 17).

Fig. 17
figure 17

a Encrypted Image with origin keys. b Decrypted Image of (a) with a \(10^{-15 }\) change of \(x_1^*\)

Full size image

The origin decryption keys are

$$\begin{aligned} x_1^*= & {} \hbox {3.05152212424679},\\ x_2^*= & {} \hbox {1.58254212245123},\\ x_3^*= & {} \hbox {15.6238853231785},\\ x_4^*= & {} \hbox {4.78999921123234},\\ x_5^*= & {} \hbox {1.98243221252248},\\ x_6^*= & {} \hbox {14.2532112455785},\\ xcl10= & {} \hbox {0.589756425683531},\\ xcl20= & {} \hbox {0.286245832183542},\\ xpie10= & {} \hbox {0.963211588683553},\\ xpie20= & {} \hbox {0.732108327953574},\\ M_0= & {} 20, N_0 =30, pre1=40,\\ pre2= & {} 50, \quad pre3=55, \quad pre4=45 \end{aligned}$$

The results of correlation test for encryption key sensitivity show as below (Table 15),

Table 15 Correlation test for decryption key sensitivity
Full size table

So, it can be concluded that the new chaotic algorithm is sensitive to the key such that a small change of the key will generate a completely different decryption result and cannot get the correct plain image.

3.7 Key space analysis

As is declared in [12] and other papers [13, 16, 25], as the fact that operations on computers is with finite accuracy is taken into account, size of key space could be roughly estimated of all possible combinations of control parameters and initial values.

As having been said in Sect. 2.3, we have a large key space composed of 10 double numbers and six integer numbers. By the results of sensitivity, the precision of all 10 double numbers is \(10^{-15}\). Thus, one can obtain that the key space can be larger than \(10^{15*10}>2^{498}\) for the keys used in this scheme. Thus, the algorithm can resist the brute-force attack.

3.8 Speed analysis

The encryption speed is also an important factor. Because it is a responsibility of the practicability of the scheme. The proposed scheme also focus on the speed. The computation of 4 pixels at same time is for not only increasing the interaction of pixels, but also making the scheme more efficient. The use of 4-Pixel Feistel structure also provides the possibility of speeding-up using the parallel computing on multi-core computers.

We have used Visual studio 2012 with OpenCV3.0.0 to run the encryption algorithm in a computer with an Intel Core i5 1.70 GHz, 4.00 GB Memory, and Windows 8.1 operating system. The result is shown in the following table.

But due to the difference of computer configurations and code optimization ways, running speed can hardly be compared exactly (Table 16).

Table 16 Speed analysis result (in Second)
Full size table

Considering the CPU frequency, our scheme is roughly faster than other recent schemes and as the speed scale as Faraoun’s scheme which is focusing on the encryption performance while our scheme is better in the aspect of information entropy (in Sect. 3.5).

4 Conclusions

With the rapid development in digital image processing and widespread dissemination of digital multimedia data, the security problem of image information has been more and more important. For this purpose, the algorithm in this paper is proposed. Three characters of the algorithm determine its good performance. Firstly, two 3D chaotic systems are used as key generators for three colours of colour images’ pixels. Secondly, 4-Pixel Feistel structure and functions based on multiple chaotic maps are used to improve the statistic and diffusion properties of cipher image. Thirdly, dependent encryption progress is used to resist certain cryptanalysis methods, such as known-/chosen plaintext attack and chosen cipher attack. The simulation experiments, including histogram analysis, correlation of two adjacent pixels, NPCR and UACI, sensitivity to cipher image, information entropy, key sensitivity, key space analysis and speed analysis, show that the proposed algorithm has good statistic and diffusion properties and can resist many kinds of attacks, while performing well in speed.