1 Introduction

1.1 Background

Currently, the image encryption technology is a hot area and a challenging task. There are lots of image information received by illegal users, which brings many negative impacts on personal privacy. In order to protect personal information, various image encryption algorithms are designed and proposed such as one-time keys [1], bit-level permutation [2, 3], compression techniques [4], DNA computing [57], Arnold transform [813] and so on. Chaotic systems have many good characteristics such as sensitivity to initial parameters, mixing property, high efficiency and ergodicity. In general, a chaotic system has a high speed with low cost, which is better than many conditional ciphers for multimedia data encryption [14]. Inspired by the subtle similarity between chaotic systems and cryptosystem, various encryption algorithms based on chaotic map [15, 16] are proposed in the literature. Herein, quantum chaotic system is applied to generate pseudo-random sequence to encrypt color images in the proposed cryptosystem.

An international standard of encryption algorithm is not only suitable for a partial compression algorithm but also permutation and diffusion properties. The diffusion–permutation-based algorithm should have a large key space and the long periodicity of permutation to increase the security. For this purpose, many researchers turn to find some improved chaos-based algorithms with large key spaces and good permutation and diffusion techniques. Ping [1] proposed a novel CA-based multiple image encryption by using a kind of two-dimensional reversible CA, and by using a circular chaining mode of operation. The proposed method allows images to be processed in a 2-D way and makes the statistical information of each plain image in the group hidden in all cipher images.

In order to disturb the high correlation among pixels, the Arnold cat map [813] is a good scrambling tool which has been used widely in various cryptographic and steganographic applications. Guo et al. [9] proposed a novel color image encryption method using discrete fractional random transform (DFRNT) and Arnold transform (AT) in the intensity–hue–saturation (IHS) color space. Chen et al. [12] reported a new image encryption algorithm based on singular value decomposition and Arnold transform. However, in all of these algorithms have a weaknesses [17]: the iteration times are very limited. Here we propose perfect methods to solve these problems.

Chaos-based cryptographic scheme has many brilliant advantages different from other algorithms such as sensitivity to initial conditions and parameters, mixing property, high efficiency non-periodicity and control parameters [18, 19]. In recent years various encryption algorithms based on chaotic map are proposed [2022]. Wang and Guo [20] utilized a logistic map for generating a matrix to diffuse the left block of the plain image and then the diffused image was used as the right block of the cipher image. In [23] quantum chaos theory becomes a tool that can be used to improve the quality of pseudo-random number generators. The randomness and non-periodicity of quantum chaotic map are successfully verified by statistical complexity and the normalized Shannon entropy. In order to obtain high diffusivity, folding algorithm is proposed to modify the value of permuted pixels with quantum chaos sequence from eight directions.

1.2 Contribution and Organization

Due to the color image that is composed of three color components, we convert three components into three matrices, namely R, G, B. General Arnold transform with keys means that parameters of the matrix A is a set of secret values. We add the matrix (ku, kv)T as secret values during the process that Arnold transform is iterated n times. The experiment proves that the chaos character is better when n = 6. So we get three different matrices (ku i , kv i )T (i = 1, 2, 3) as keys to improve the high randomness and enlarge the key space. And then quantum chaotic map [2426] is applied to generate three matrices X, Y, Z of size N × N to encrypt three matrices R, G and B. In this process, the initial condition of quantum chaotic map is a pseudo-random number, which is altered with the time of iteration. For the high complexity and the high randomness, in this paper chaotic maps are coupled with nearest-neighboring coupled-map (NCML), which extremely increases the security and sensitivity of the proposed algorithm.

The major contributions of the proposed algorithm are as follows:

  1. (1)

    Add matrices (ku i , kv i )T (i = 1, 2, 3) as keys into general Arnold transform to enlarge the key space and improve the randomness.

  2. (2)

    Key generator is an address mapping table, which is generated by two-dimensional logistic map. According to session keys we obtain initial conditions and parameters so that improve the sensitivity of the key generator.

  3. (3)

    Putting forward a new algorithm, the folding algorithm, to encrypt the image from eight directions and attaining remarkable results.

The rest of this paper is organized in the following manners: Sect. 2 introduce the basic theory of the proposed cryptosystem. Section 3 the proposed cryptosystem is explained. Simulation results and security analysis are proposed in Sect. 4. Finally the conclusions are drawn in Sect. 5.

2 Basic Theory of the Cryptosystem

2.1 Two-Dimensional Logistic Map

As a classical algorithm logistic has a perfect chaotic property. The 2D coupled logistic map reported in [27] has three quadratic coupling terms to strengthen its complexity. In order to enlarge key space and obtain the high complexity, in this paper two-dimensional logistic map is chosen to be a key generator. The two-dimensional logistic map is described as [27, 28]:

$$\begin{aligned} \varphi_{1} (x_{n} ) & = \mu_{1} x_{n} (1 - x_{n} ) + \gamma_{1} y_{n}^{2} \\ \varphi_{1} \, (y_{n} ) & = \mu_{2} y_{n} (1 - y_{n} ) + \gamma_{2} (x_{n}^{2} + x_{n} y_{n} ) ,\\ \end{aligned}$$
(1)

when 2.75 < μ1 ≤ 3.4, 2.75 < μ2 ≤ 3.45, 0.15 < γ1 ≤ 0.21 and 0.13 < γ2 ≤ 0.15, the system can generate pseudo-numbers in the region (0,1]. All parameters are generated by key generator.

2.2 General Arnold Transform with Keys

In order to disturb the high correlation among pixels, the Arnold cat map [8] is image pixel scrambling tool which has been used in many literatures. The definition of general Arnold transform is given in [29]:

$$\left[ {\begin{array}{*{20}c} {x^{\prime}} \\ {y^{\prime}} \\ \end{array} } \right] = A\left[ {\begin{array}{*{20}c} x \\ y \\ \end{array} } \right](\bmod \;N),\quad A = \left[ {\begin{array}{*{20}c} 1 & a \\ b & {ab + 1} \\ \end{array} } \right],$$
(2)

where the location of the plain-image pixel is (x, y), the location of the cipher-image pixel is (x′, y′). We set N = 256. When a = b = 1, Eq. (2) is a classical two-dimensional Arnold map. In order to improve security of the cryptosystem, the control parameters a and b are generated by the key generator. Because Arnold transform is a bijection transform, the result of iterating Eq. (2) k times still is a bijection transform. In other words, after the process of iteration for k times, point (x′, y′) is new position of coordinate (x, y). Due to the fact that result of orthogonal transformation is a limited discrete set, we can add a matrix (ku, kv)T as a set of secret keys to reduce the correlation among pixels. So we get general Arnold transform with keys as follows:

$$\left[ {\begin{array}{*{20}c} {x^{\prime}} \\ {y^{\prime}} \\ \end{array} } \right] = A^{n} \left[ {\begin{array}{*{20}c} x \\ y \\ \end{array} } \right] + \left[ {\begin{array}{*{20}c} {ku} \\ {kv} \\ \end{array} } \right](\bmod \;N),\quad A = \left[ {\begin{array}{*{20}c} 1 & a \\ b & {ab + 1} \\ \end{array} } \right],$$
(3)

where n is iteration times of the matrix A. According to the inverse transformation of Eq. (3), the corresponding decryption algorithm is shown as follows:

$$\left[ {\begin{array}{*{20}c} x \\ y \\ \end{array} } \right] = A^{ - n} \left[ {\begin{array}{*{20}c} {x^{\prime} - ku} \\ {y^{\prime} - kv} \\ \end{array} } \right](\bmod \;N), \, A^{ - 1} = \left[ {\begin{array}{*{20}c} {ab + 1} & { - a} \\ { - b} & 1 \\ \end{array} } \right].$$
(4)

2.3 Quantum Chaotic Map

Dissipative quantum systems are often described in where the system is coupled to a path of harmonic oscillators to construct a quantum logistic map [2426] with quantum corrections. In [24], authors analyze the effects of quantum corrections and state α = 〈α〉 + δα, where δα shows a quantum fluctuation about 〈α〉. Furthermore, they prove that the very lowest-order quantum corrections can yield the chaotic map as follows:

$$\begin{aligned} \varphi_{2} (x^{\prime}_{n} ) & = \, r \, (x^{\prime}_{n} - |x^{\prime}_{n} |^{2} ) - r \, y^{\prime}_{n} \\ \varphi_{2} (y^{\prime}_{n} ) & = \, - y^{\prime}_{n} e^{ - 2\beta } + \, e^{ - \beta } r \, [(2 - x^{\prime}_{n} - x_{n}^{\prime *} )y^{\prime}_{n} - x^{\prime}_{n} z_{n}^{\prime *} - x_{n}^{\prime *} z^{\prime}_{n} ] \\ \varphi_{2} (z^{\prime}_{n} ) & = \, - z^{\prime}_{n} e^{ - 2\beta } + \, e^{ - \beta } r \, [2(1 - x_{n}^{\prime *} ) \, z^{\prime}_{n} - 2x^{\prime}_{n} y^{\prime}_{n} - x^{\prime}_{n} ] \\ \end{aligned}$$
(5)

where x´ = 〈α〉, y´ = 〈δα δα〉, z´ = 〈δα δα〉 and β is dissipation parameter. Generally, \(x^{\prime}_{n}\), \(y^{\prime}_{n}\) and \(z^{\prime}_{n}\) are complex numbers with \(x_{n}^{\prime *}\) being the complex conjugate of \(x^{\prime}_{n}\) and similarly for \(z^{\prime}_{n}\). However, if we set the initial value to be real number, then all successive value will also be real. According to [23], the range of the parameters as follows: 0 ≤ \(x^{\prime}_{n}\) ≤ 1, 0 ≤ \(y^{\prime}_{n}\) ≤ 0.1, 0 ≤ \(z^{\prime}_{n}\) ≤ 0.2, \(x_{n}^{\prime *}\) = \(x^{\prime}_{n}\), \(z_{n}^{\prime *}\) = \(z^{\prime}_{n}\), \(\beta \in [ 6 , { + }\infty ]\) and \(r \in [ 0 , { 4]}\). They conclude that the best value of the control parameter r and dissipation parameter β are r = 3.99 and β ≥ 6. So we set r = 3.99, β = 6. Iterate Eq. (5) with real initial parameters \(x^{\prime}_{0}\), \(y^{\prime}_{0}\), \(z^{\prime}_{0}\), \(x_{0}^{\prime *}\) and \(z_{0}^{\prime *}\), all the successive values \(x^{\prime}_{n}\), \(y^{\prime}_{n}\) and \(z^{\prime}_{n}\) will be real.

2.4 Nearest-Neighboring Coupled-Map Lattices

In order to achieve the high complexity and the high randomness among these generated keystreams, the two-dimensional logistic map and the quantum chaotic map proposed in Sects. 2.1 and 2.3 are independently coupled with NCML [30, 31] as follows:

$$z_{n + 1} (j) \, = \, (1 - \varepsilon )\varphi (z_{n} (j)) + \varepsilon \varphi (z_{n} (j + 1)),$$
(6)

where n = 0, 1,…, L − 1 is the time index; j = 1, 2,…, T is the lattice state index; function φ represents a chaotic map such as φ1, φ2; \(\varepsilon \in ( 0 , { 1)}\) is a coupling constant; L is the length of the plain-text; and T is maximum value of lattice state index. Here, T is chosen as 2 and 3 for the two-dimensional logistic map and the quantum chaotic map, while the other parameter is selected as \(\varepsilon\) = 0.001 to have good chaotic properties [30, 31]. Moreover, the periodic boundary condition, i.e., zn(j + T) = zn(j) is imposed into this system.

Applying Eqs. (1) to (6), the coupling of two-dimensional logistic map is defined as follows:

$$\begin{aligned} x_{n + 1} & = (1 - \varepsilon )\varphi (x_{n} ) + \varepsilon \varphi (y_{n} ) \\ y_{n + 1} & = (1 - \varepsilon )\varphi (y_{n} ) + \varepsilon \varphi (x_{n} ) \\ \end{aligned}$$
(7)

and by applying Eqs. (5) to (6), the coupling of quantum chaotic map is defined as follows:

$$\begin{aligned} x^{\prime}_{n + 1} & = (1 - \varepsilon )\varphi (x^{\prime}_{n} ) + \varphi (y^{\prime}_{n} ) \\ y^{\prime}_{n + 1} & = (1 - \varepsilon )\varphi (y^{\prime}_{n} ) + \varphi (z^{\prime}_{n} ) \\ z^{\prime}_{n + 1} & = (1 - \varepsilon )\varphi (z^{\prime}_{n} ) + \varphi (x^{\prime}_{n} ) \, \\ \end{aligned}$$
(8)

Iterating Eqs. (7) and (8), the required keystreams for the proposed cryptosystem are produced.

3 Cryptosystem

In what follows, we combine the generation process with the image processing, the permutation process and the diffusion process.

3.1 Generation of the Initial Conditions and Parameters

Proposed cryptosystem utilizes a 128-bit external secret key, K, which is divided into 8-bit blocks, ki, referred to as session keys. The 128-bit external secret key is given by:

$$K = \, k_{1} ,k_{2} , \ldots ,k_{16}$$
(9)

In order to increase the security of the proposed algorithm, we apply the two-dimensional logistic map Eq. (1) and nearest-neighboring coupled-map lattices Eq. (6) so that the initial conditions and parameters of the system are extremely sensitive to the changes in even a single bit in the 128-bit secret key. The detailed process of key generator is described as follows:

Step 1 Apply k1, k2, k3, k4 to generate μ1, μ2, γ1, γ2 respectively. We have known that when 2.75 < μ1 ≤ 3.4, 2.75 < μ2 ≤ 3.45, 0.15 < γ1 ≤ 0.21 and 0.13 < γ2 ≤ 0.15 the two-dimensional logistic map generates chaos. We set a < ti ≤ b, the initial conditions and parameters of system are derived as follows:

$$t_{i} { = }\left\{ {\left( {\frac{{k_{i} }}{256} \times 100} \right)mod\left[ {(b - a) \times 100} \right]} \right\}/100 + a,$$
(10)

where we set μ1 = t1, μ2 = t2, γ1 = t3, γ2 = t4. So for the different ki we can get different ti and make sure that μ1, μ2, γ1, γ2 are in the region that the system generate chaos.

Step 2 Apply k5, k6,…, k16 as initial condition to generate other key values. tmax = max([k5, k6,…, k16]). tmin = min([k5, k6,…, k16]). tssv = min([k5, k6,…, k16] − tmin). We set x0 = tmin/256, y0 = tssv/256 and iterate Eq. (7) for ceil (tmax/2) times with μ1, μ2, γ1, γ2, x0, y0 and then save their output in a new vector E whose size is 2 × ceil (tmax/2). Apply the following Eq. (11):

$$t_{\text{i}} { = }E_{{k_{i} }}$$
(11)

where i = 5, 6,…, 16 and ti are in the region (0, 1].

Step 3 In order to improve randomness and complexity of the encryption algorithm and broaden the key space, According to Eq. (4) three sets of secret keys, ai, bi and (kui, kvi)T, are required to encrypt three component of the color image R, G, B respectively. Without loss of generality, we assume that the size of the color plain-image P is W × H. Apply the transformation as following equations to t5, t6, t7:

$$\begin{aligned} a_{i - 4} & = [{\text{floor}}(t_{i} \times W \times H)\bmod 256]/16 \\ b_{i - 4} & = [{\text{floor}}(t_{i} \times W \times H)\bmod 256]\bmod 16 \\ \end{aligned}$$
(12)

where ai, bi (i = 1, 2, 3) are the first four digits and the last four digits of eight-digit binary number respectively.

Apply the transformation as following equations to t8, t9, t10:

$$ku_{i - 7} = {\text{floor}}(t_{i} \times W \times H)\bmod 256.$$
(13)

Apply the transformation as following equations to t11, t12, t13:

$$kv_{i - 10} = {\text{floor}}(t_{i} \times W \times H)\bmod 256.$$
(14)

Step 4 Recalling as mention in Sects. 2.3, \(y^{\prime}_{n}\) ϵ [0, 0.1], \(z^{\prime}_{n}\) ϵ [0, 0.2]. Applying Eq. (10) analogously initial parameters \(x^{\prime}_{0}\), \(y^{\prime}_{0}\), \(z^{\prime}_{0}\) are derived as follows:

$$\begin{aligned} x^{\prime}_{0} & = t_{14} \\ y^{\prime}_{0} & = \, [(t_{15} \times 10)\bmod 1]/10 \\ z^{\prime}_{0} & = [(t_{16} \times 10)\bmod 2]/10 \\ \end{aligned}$$
(15)

To this end, all initial conditions and parameters are generated. The above key generator shows that we can not find different keys which make the same effect on initial parameters. And the proposed chaotic algorithm is greatly sensitive to secret key so that even a change in the secret key causes completely different results; as a result, the proposed algorithm with total complexity of 2128 can resist against any key sensitivity attack and any bruteforce attack.

3.2 Encryption Algorithm

In this process we convert the matrix P with red, green and blue components into three matrices R, G and B. Taking an example of the matrix R, the detailed encryption algorithm is described as follows:

3.2.1 Permutation Process

The process applies pseudo-random keystreams generated by Eqs. (12), (13) and (14) according to Sect. 3.1 to permute pixels of the color image. Substituting a1, b1 and (ku1, kv1)T into Eq. (3) and iterate it for n times. According to the experiment we find that when n = 6 the proposed cryptosystem performs better. Apply the same permutation process into G and B respectively, the plain-image becomes a cipher-image after n times iteration, namely, Matrices R, G and B all becomes R’, G’ and B’.

3.2.2 Diffusion Process

Step 1 Set L = N × N and generate the initial condition (\(x^{\prime}_{0}\), \(y^{\prime}_{0}\), \(z^{\prime}_{0}\)) according to Sect. 3.1 and iterate Eq. (8) m + L times and discard the former m values to avoid harmful effects. Where m also can be as a secret key, we set m = 13 for convenience. Discarding the first m result and Sorting these L values as |X> = {xm+1, xm+2,…, xm+L}, |Y> = {ym+1, ym+2,…, ym+L} and |Z> = {zm+1, zm+2,…, zm+L}.

Step 2 Transforming three vectors |X>, |Y> and |Z> into matrices X, Y and Z respectively, whose size are N × N.

Step 3 In order to describe the problem clearly, Red channel is used to be an example to explain “the process of folding the picture”. We fold the matrix R (Fig. 2a) from eight directions to encrypt it. Eight directions include eight rounds encryption ways.

Round 1 (Fig. 1):

Fig. 1
figure 1

Fold from top to bottom. a The matrix R’. b The matrix X

Full size image
$$\begin{aligned} Th^{\prime}(i,j) & = Th(i,j) \oplus Xth(i,j) \\ Bh^{\prime}(N - i + 1,j) & = Bh(N - i + 1,j) \oplus Th^{\prime}(i,j) \\ \end{aligned}$$
(16)

where i = 1, 2,…, N/2 and j = 1, 2,…, N. The matrix R’ is divided into two equal horizontal parts: Th and Bh.

Round 2 (Fig. 2):

Fig. 2
figure 2

Fold from top right to bottom left. a The matrix R1 after round 1. b The matrix X

Full size image
$$\begin{aligned} Tr^{\prime}(i,j) & = Tr(i,j) \oplus Xtr(i,j) \\ Bl^{\prime}(j,i) & = Bl(j,i) \oplus Tr^{\prime}(i,j) \\ \end{aligned}$$
(17)

where i = 1, 2,…, N and j = i, i + 1,…, N. The matrix R1 is divided into two equal horizontal parts: Tr and Bl.

Round 3 (Fig. 3):

Fig. 3
figure 3

Fold from right to left. a The matrix R2 after round 2. b The matrix X

Full size image
$$\begin{aligned} Rh^{\prime}(i,j) & = Rh(i,j) \oplus Xrh(i,j) \\ Lh^{\prime}(i,N - j + 1) & = Lh(i,j) \oplus Rh^{\prime}(i,N - j + 1) \\ \end{aligned}$$
(18)

where i = 1, 2,…, N and j = N/2 + 1, N/2 + 2,…, N. The matrix R2 is divided into two equal horizontal parts: Lh and Rh.

Round 4 (Fig. 4):

Fig. 4
figure 4

Fold from bottom right to top left. a The matrix R3 after round 3. b The matrix X

Full size image
$$\begin{aligned} Rb^{\prime}(i,j) & = Rb(i,j) \oplus Xrb(i,j) \\ Lt^{\prime}(i,j) & = Rb^{\prime}(i,j) \oplus Lt(i,j) \\ \end{aligned}$$
(19)

where i = 1, 2,…, N and j = N − i + 1, N − i + 2,…, N. The matrix R3 is divided into two equal horizontal parts: Lt and Rb.

Round 5 (Fig. 5):

Fig. 5
figure 5

Fold from bottom to top. a The matrix R4 after round 4. b The matrix X

Full size image
$$\begin{aligned} Bh^{\prime}(i,j) & = Bh(i,j) \oplus Xbh(i,j) \\ Th^{\prime}(N - i + 1,j) & = Th(N - i + 1,j) \oplus Bh^{\prime}(i,j) \\ \end{aligned}$$
(20)

where i = N/2 + 1, N/2 + 2,…, N and j = 1, 2,…, N. The matrix R4 is divided into two equal horizontal parts: Th and Bh.

Round 6 (Fig. 6):

Fig. 6
figure 6

Fold from bottom left to top right. a The matrix R5 after round 5. b The matrix X

Full size image
$$\begin{aligned} Bl^{\prime}(i,j) = Bl(i,j) \oplus Xbl(i,j) \hfill \\ Tr^{\prime}(j,i) = Tr(j,i) \oplus Bl^{\prime}(i,j) \hfill \\ \end{aligned}$$
(21)

where i = 1, 2,…, N and j = 1, 2,…, i–1. The matrix R5 is divided into two equal horizontal parts: Tr and Bl.

Round 7 (Fig. 7):

Fig. 7
figure 7

Fold from left to right. a The matrix R6 after round 6. b The matrix X

Full size image
$$\begin{aligned} Lh^{\prime}(i,j) & = Lh(i,j) \oplus Xlh(i,j) \\ Rh^{\prime}(i,N - j + 1) & = Rh(i,j) \oplus Lh^{\prime}(i,N - j + 1) \\ \end{aligned}$$
(22)

where i = 1, 2,…, N and j = 1, 2,…, N/2. The matrix R6 is divided into two equal horizontal parts: Lh and Rh.

Round 8 (Fig. 8):

Fig. 8
figure 8

Fold from top left to bottom right. a The matrix R7 after round 7. b The matrix X

Full size image
$$\begin{aligned} Lt^{\prime}(i,j) & = Lt(i,j) \oplus Xlt(i,j) \\ Rb^{\prime}(i,j) & = Rb(i,j) \oplus Lt^{\prime}(i,j) \\ \end{aligned}$$
(23)

where i = 1, 2,…, N and j = 1, 2,…, N–i. The matrix R7 is divided into two equal horizontal parts: Lt and Rb.

Step 4 After Step 3 the matrix R′ becomes a matrix R8. At last R8 XOR X and we get the encrypted matrix Cr.

After four steps, the matrix R′ becomes an encrypted matrix Cr. The process of R component encryption is finished. In a similar way, we replace the matrix X with Y or Z and replace the matrix R′ with G′ or B′ respectively. After four steps the matrices G′ and B′ encrypted matrices Cg and Cb.

It is noted that M mod N involves modulo operation giving an integer result between 0 and N. Function ceil (a) returns the smallest integer value that is bigger than or equal to the value of a. Function max (k1, k2,…, kn) returns the biggest value among all of them. And function min (k1, k2,…, kn) returns the smallest value among all of them.

Obviously the generation of the keystream depends on the 128-bit external secret key, K, and the size N of plain-image. The generation of initial conditions and parameters are derived by the two-dimensional logistic map and the nearest-neighboring coupled-map lattices. And the keystream is chosen from an array of chaotic sequence, which makes sure that cryptosystem has a high complexity, sensitivity and randomness. In the encryption process, the Arnold transform with keys is applied to permute the pixels of color components. And the quantum chaotic map is exploited to generate the keystreams to modify the value of diffused pixels by “the process of folding the picture”.

3.3 Decryption Algorithm

The decryption process is similar to the encryption one, achieved in the reverse order. In decryption process opening folded matrices Cr, Cg and Cb is the first steps. Second by applying the Eq. (4) we can accomplish encryption of Arnold transform. The detail decryption algorithm is described as follows:

Step 1 According to Sect. 3.1 applying the same external 128-bit secret key to generate the initial conditions and parameters.

Step 2 Substituting the initial condition (\(x^{\prime}_{0}\), \(y^{\prime}_{0}\), \(z^{\prime}_{0}\)) and iterating Eq. (8) m + L times, discarding the former m values to avoid harmful effects, where m = 13.

Step 3 Sorting these values {xm+1, xm+2,…, xm+L}, {ym+1, ym+2,…, ym+L} and {zm+1, zm+2,…, zm+L} and transforming them to three matrices X, Y and Z.

Step 4 Executing these operations of Cr XOR X, Cg XOR Y and Cb XOR Z.

Step 5 In order to describe the process of decryption clearly, Round 1 is taken an example to explain the process of “opening folded matrices”.

$$\begin{aligned} Dh(N - i + 1,j) & = Dh^{\prime}(N - i + 1,j) \oplus Uh^{\prime}(i,j) \\ Uh(i,j) & = Uh^{\prime}(i,j) \oplus Xuh(i,j) \\ \end{aligned}$$
(24)

where i = 1, 2,…, N/2 and j = 1, 2,…, N. Uh′, Dh′ and Xuh are all known quantity. As the same way, after eight rounds the process of “opening folded matrices” finished and we get three matrices Rr, Gg and Bb whose size are all N × N.

Step 6 Substituting the initial condition (kui, kvi)T and parameters ai, bi (i = 1, 2, 3), and then using the encryption algorithm Eq. (4) we get R, G and B. In this way the encryption process finished.

4 Performance and security analysis

A good encryption algorithm should resist all kinds of known attacks, such as exhaustive attack, statistical attack and chosen-plaintext/ciphertext attack [32]. We have done many measures to check the security and performance of the proposed cryptosystem. These measures consist of statistical analysis, key sensitivity analysis, key space analysis, speed performance. Each of these measures is shown in detail in the following subsections.

4.1 Statistical Analysis

4.1.1 Histogram of Encrypted Image

An ideal cipher-image should have a uniform frequency distribution. From Figs. 9, 10, 11 and 12, it is obvious that the histogram of cipher-image are independent of the type of plain-image such as binary, gray level and are nearly uniform and significantly different from the histogram of the original images. Hence it dose not provide any useful statistic data in the cipher-image to trigger any statistical attacks to the algorithm.

Fig. 9
figure 9

a The original white image. b The original monolithic gray-level image. c The original black image

Full size image
Fig. 10
figure 10

a Cipher of white image. b The cipher of monolithic gray-level image. c The cipher of the black image. d The histogram of the encrypted white image. e The histogram of the encrypted monolithic gray-level image. f The histogram of the encrypted black image

Full size image
Fig. 11
figure 11

a Plain-image Lena-R. b The plain-image Lena-G. c The plain-image Lena-B. d The histogram of the plain-image Lena-R. e The histogram of the plain-image Lena-G. f The histogram of the plain-image Lena-B

Full size image
Fig. 12
figure 12

a The encrypted image Lena-R. b The encrypted image Lena-G. c The encrypted image Lena-B. d The histogram of the encrypted image Lena-R. e The histogram of the encrypted image Lena-G. f The histogram of the encrypted image Lena-B

Full size image

For quantity analysis for each keys, variances of histograms is employed to evaluate the uniformity of distributions of pixels. The lower value of variances indicate the higher uniformity of cipher-image. The variances of histograms is presented as follows [33]:

$$\text{var} (Z) = \frac{1}{{256^{2} }}\sum\limits_{i = 1}^{256} {\sum\limits_{j = 1}^{256} {\frac{1}{2}} } (z_{i} - z_{j} )^{2} ,$$
(25)

where Z is the vector of the histogram values and Z = {z1, z2,…, z256}. zi and zj are the numbers of pixels which values are equal to i and j respectively. According to [31] the variance value is 625571.4908 for histogram of the plain-image Lena. And in the paper the variance value is 5258.7134 for histogram of the cipher-image Lena. Therefore, the proposed algorithm is efficient.

4.1.2 Correlation of Two Adjacent Pixels

In order to get the correlation of two adjacent pixels we have selected 3000 pairs of two adjacent pixels from plain-image and cipher-image randomly for the experiment and have calculated the correlation coefficients as follows:

$$\begin{aligned} E & = \frac{1}{N}\sum\limits_{i = 1}^{N} {x_{i} } \\ D(x) & = \frac{1}{N}\sum\limits_{i = 1}^{N} {(x_{i} - E(x))^{2} } \\ Cov(x,y) & = \frac{1}{N}\sum\limits_{i = 1}^{N} {(x_{i} - E(x))(y_{i} - E(y))} \\ r_{xy} & = \frac{Cov(x,y)}{{\sqrt {D(x)} \sqrt {D(y)} }} \\ \end{aligned}$$
(26)

The x, y represents gray-level values of two adjacent pixels. The distribution of two horizontally adjacent pixels of R, G and B components of plain-image and cipher-image “Lena” is shown in Figs. 6 and 13.

Fig. 13
figure 13

Distribution of two horizontally adjacent pixels in the plain-image of Lena, (a) in the red. (b) in the green. (c) in the blue components. The distribution of two horizontally adjacent pixels in the cipher-image of Lena, (d) in the red, (e) in the green, (f) in the blue components. (Color figure online)

Full size image

Table 1 shows that the correlation between adjacent pixels of the cipher-image is much smaller than that of plain-image, so we claim that the adjacent pixels of the plain-image are uncorrelated by the proposed cryptosystem effectively from different directions.

Table 1 The related correlation coefficient between plain-image and cipher-image
Full size table

In color images, there are the high correlations between adjacent pixels of R, G and B components. The proposed cryptosystem encrypt pixels of color components so that make them affect one another. Tables 2 and 3 show the results of the same position correlations and related adjacent position correlations between R, G and B components of plain-image and cipher-image.

Table 2 Similar position correlations between R, G and B components
Full size table
Table 3 Adjacent position correlation between R, G and B components
Full size table

4.2 Key Sensitivity Analysis

When one bit of the security key is altered, there are obviously differences between two cipher-images. The number of pixels change rate (NPCR) and the unified average changing intensity (UACI) for the two encrypted images are applied to measure the number of pixels change rate.

$${\text{NPCR = }}\frac{{\sum {_{i,j} D(i,j)} }}{W \times H} \times 100\% ,$$
$${\text{UACI = }}\frac{1}{N \times N}\left[ {\sum\limits_{i,j} {\frac{{|C(i,j) - C(i,j)^{\prime}|}}{{\text{255}}}} } \right] \times 100\% ,$$
(27)

where N is the height (width) of the encrypted image. We apply two encrypted images C and C′, whose corresponding original images are different in only one pixel. We also define a two-dimensional array D, which has the same size as C and C′. If C(i, j) = C′(i, j), then D(i, j) = 0, otherwise D(i, j) = 1. To resist against security key attack, NPCR and UACI values should be large enough for an ideal cipher system. When the secret key is altered from “207 21 42 61 122 203 97 76 101 5 7 241 139 28 98 17” to “208 21 42 61 122 203 97 76 101 5 7 241 139 28 98 17” the differences is made greatly. Table 4 shows the average NPCRR, G, B and UACIR, G, B values and compares this proposed algorithm with other schemes in terms of the key sensitivity. The proposed algorithm is sensitive dependent on initial conditions and parameters and is effective to resist differential attack.

Table 4 Comparison of the average NPCRR, G, B and UACIR, G, B values
Full size table

4.3 Key Space Analysis

An ideal encryption scheme should have an enough large key space to defend brute-force attack. The size of the key space should be bigger than 2100 to provide a high level of security from the crytography of view [38, 39]. Due to the secret key is 128-bit long, the key space is 2128. We can conclude that the proposed algorithm is large enough to resist all kinds of brute-force attacks.

4.4 Speed Performance

Apart from the security considerations, some other aspects on image cryptosystem algorithm are also important, particularly the running speed for real time Internet multimedia applications. In fact the actual execution time of a cryptosystem depends on many factors, such as CPU structure, OS, memory size, programming skill and so on. We have analyzed the speed of the proposed image encryption technique on an Intel Core I3 CPU 2.3 GHz and 3.99 GB of RAM running on Windows XP and MATLAB 7.1 programming. For accuracy each set of the timing tests was executed several times for considerable number of images and then the average obtained was reported. In Table 5, we can see the comparison results for the proposed scheme and other schemes. Table 5 shows that the proposed algorithm is fast compared to the other schemes.

Table 5 Comparison of encryption speeds for the proposed scheme and different schemes
Full size table

4.5 Information Entropy

As one of the most important features, the information entropy is often used to measure the randomness of the cipher-image. The entropy H(s) of a message source is given by:

$$H(s) = - \sum\limits_{i = 0}^{{2^{n} - 1}} {p(s_{i} )} \log_{2} p(s_{i} ),$$
(28)

where p(si) represents the probability of the symbol s. The entropy should ideally be H(s) = 8 for a cipher-image with 28–1 gray levels, which shows that the information is random. In the paper the information entropy of the cipher-image is 7.9973, close to the ideal value 8. Hence, we conclude that the proposed algorithm has high randomness.

5 Conclusions

This paper has realized the quantum image encryption and decryption. Image information is ciphered by the proposed encryption algorithm based on general Arnold transform with keys and quantum chaotic map. By improving the Arnold transform algorithm, we not only enlarge the key space to resist against any key sensitivity and any brute-force attack, but also raise the running speed of the process of the encryption. The experiment shows that only one time general Arnold transform with keys has a good result. In order to enhance the sensitivity of the cryptosystem, the key generator apply the addressing map to get initial conditions and parameters. Quantum chaotic sequence possesses perfect chaotic character, which is used to change the pixel values of the plain-image by “folding the picture”. The experimental results demonstrate that the folding algorithm can achieve sensitivity to initial values, robustness, resistance against common attacks, large key space and possesses the high encryption speed (speed > 9.16 M bit/s). Accordingly the proposed algorithm is suitable to practical uses to protect the digital image information over the Internet.