1 Introduction

In the present world, the information technologies rapidly grow. That reality enforces one to apply new methodologies on the image security in many fields from companies to the public services [1, 2]. Today, secure communication becomes very important issue for industrial production departments, defense industry and private usage [3, 4]. Especially, the image ciphering concept has become a vital task to prevent the information theft for important industrial projects and military applications.

For any secret communication issue, the techniques of the cryptography have taken attention of the community. However, traditional encryption methods such as DES, AES, and IDEA have some security flaws, because there are many tools to decrypt the images, which have been ciphered with conventional techniques [4,5,6]. Among them, some tools can be mentioned as correlation, histogram and bulky data [7, 8]. In order to avoid this insecure situation, improving innovative encryption techniques is a vital task [5, 6].

Among the secure communication issues, the encryption of color images stays in a special stage. In principle, there exist two main processes [9, 10] (i.e. permutation and diffusion). These processes can be used for image encryption, but the implementation of only one of these stages at a bit or pixel level will not provide required security. Thus, the encryption procedures should be improved further than any decryption techniques to avoid from the insecure image communication. For instance, applying only the exchange procedure in the bit level can give satisfactory results in both permutation and diffusion stages [6, 11]. According to the literature, [11, 12] those characteristics meet the basic requirements of any kind of image encryption system. Many scientists and researchers used chaos-based encryption systems to design and implement novel image encryption schemes [11,12,13,14,15]. Indeed, the random numbers received from any chaotic system have a great advantage for the encryption procedure. Therefore, it is not astonishing that many chaos-based random number generators exist in literature. The main characteristics for a chaos-based system is that the output data (i.e. functions) never repeat, thereby any external source cannot have the information to decrypt the random data. Strictly speaking, the chaotic circuits transmit the related data to encrypt the image to only a well-synchronized slave system. A slave circuit system can only decrypt the image for the desired aim [16].

The progress of the technology has enabled the transmission of large data over the network. Presently, multimedia data have become an important element for the use of the network communication. Especially, the spread of color image transmission has revealed security requirements [17,18,19], but the encryption algorithms designed for gray images generally remain bulky in the color images and also traditional encryption algorithms are poor for color images. In addition to that, in some algorithms developed for the color image encryption, RGB components of the image are encrypted independently of each fact which affects the system negatively in terms of [20, 21]. Color image encryption is usually realized at pixel level [22, 23]. In recent years, there are many bit level color image cipher schemes in the literature [24,25,26]. It is clear for many systems that only the permutation operation at a bit level gives quite satisfactory results for a ciphering process [6, 11, 27], whereas, since the data size in the color image is high, the design algorithm for a bit level encryption should be as optimized as possible so that it does not give any bad results in terms of speed.

In the present work, a new chaos-based algorithm is proposed for ciphering the color images. The novel feature of the paper comes from two parts, namely the algorithm itself and the modified Chua’s circuit (MCC) in the processes of ciphering and deciphering. The proposed algorithm combines diffusion and permutation features for a bit level color image encryption. It has also been proven that the suggested system is resistant to any plain text attacks, since the key is built using the SHA-256 [28, 29] algorithm and plain image. The new system also reduces the correlation because of the mixture of three-color image components.

This paper is organized as follows: in Sect. 2, some related studies on the secure communication literature have been stated. In Sect. 3, the MCC system is described with the relevant system parameters. Some samples on the hyperchaotic results and Lyapunov exponents are also presented in this section. In Sect. 4, the proposed secure communication algorithm is discussed. The experimental findings are given in Sect. 5. The security tests and performance analyses are reported in Sect. 6. Consequently, the paper is closed with a brief conclusion section.

2 Related Work

In any chaotic image encryption system, there are two main issues: First is the chaotic system, which is used as a random number generator. Second is an encryption algorithm, which has an importance in terms of efficiency and speed [7]. In the literature, many chaotic systems have been used for image encryption [30,31,32,33]. The dynamic properties of these chaotic systems affect the quality of the encryption process [34]. Conditions such as the width of the parameter space, the strength of randomness, simple and usefulness play effective roles in the selection of the chaotic generator [35]. On the one hand, the optimal adjustment of color image encryption algorithm is very important in terms of efficiency and speed [36].

In this work, an electronic circuit, namely MCC having a hyperchaotic character is used for color image encryption for the first time to our knowledge. In addition, bit-level scrambling and a new diffusion algorithm are examined as the second innovative part. The safety and performance tests prove that the system works effectively and fast enough to apply the encryption scheme.

3 Modified Chua’s Circuit and Its Hyperchaotic Feature

In this section, the formulation of the proposed modified Chua Circuit (MCC) and its hyperchaotic behavior are presented. The MCC is used as a random number generator for the encryption process in the present work. Therefore it is vital to encrypt any kind of image with a high efficiency. Initially the state equations of the MCC are shown as follows [37]:

$$ \left\{ \begin{aligned} \dot{x} & = y - bx - \tfrac{1}{2} (a - b ) { }\left[ { \, \left| {x + \sin \left( z \right) \, } \right| - \left| { \, x - \sin \left( z \right) \, } \right| \, } \right] \, , \hfill \\ \dot{y} &= - \beta (y + x) + f\sin (v), \hfill \\ \dot{z} & = \phi , \hfill \\ \dot{v} & = \omega \hfill \\ \end{aligned} \right. $$
(1)

In Eq. (1), \( a,{\text{ b, }}\phi , { }\beta , { }\omega ,f \) are the control parameters, which define the system dynamics and enable the system to produce different output data for the encryption.

The phase spaces from Eq. (1) are shown in Figs. 1 and 2 after applying the time integration by using the Runge–Kutta method in MatLab. These phase spaces prove that the MCC system can produce strange attractors with chaotic (see in Fig. 1a–d) and hyperchaotic (see in Fig. 2a–d) ones in 2D and 3D representations.

Fig. 1
figure 1

2-D and 3-D representations of sample chaotic attractors with parameters: a, b\( a = - 1.17 \), \( b = - 0.49 \), \( \beta = 0.55 \), \( f = 1.99 \), \( \phi = 0.2 \) and \( \omega = 6.4 \), c, d\( a = - 1.17 \), \( b = - 0.49 \), \( \beta = 0.55 \), \( f = 13.92 \), \( \phi = 0.2 \) and \( \omega = 6.4 \), respectively

Full size image
Fig. 2
figure 2

2-D and 3-D representations of sample hyperchaotic attractors with parameters: a, b\( a = - 2.91 \), \( b = - 0.56 \), \( \beta = 0.55 \), \( f = 12.99 \), \( \phi = - 15.1 \) and \( \omega = 2.91 \), c, d\( a = - 2.91 \), \( b = - 0.56 \), \( \beta = 0.55 \), \( f = 9.01 \), \( \phi = - 0.13 \) and \( \omega = 1.29 \), respectively

Full size image

Lyapunov exponents are very important for the identification of the characteristics of a dynamic system. Indeed, one can be assure on the chaotic behavior of any dynamics system after applying the Lyapunov calculation scheme [37, 38]. The formulation of the Lyapunov exponent is given in Ref. [37]. For instance, there must be one positive exponent for a chaotic system [39]. If there would be two positive exponents, the system exhibits a hyperchaotic character, which means that the system diverges in two dimensions. The Lyapunov exponents of Fig. 1a–d are shown in Fig. 3a, b. The signs of the plots are (0, 0, −, +), which yields a chaotic nature. However, the exponents in Fig. 3c, d give two positive exponents for Fig. 2a–d with the signs of (0, 0, +, +), which denotes a hyperchaotic behavior form the relevant parameter set.

Fig. 3
figure 3

Lyapunov exponents with the parameters, a\( a = - 1.17 \), \( b = - 0.49 \), \( \beta = 0.55 \), \( f = 1.99 \), \( \phi = 0.2 \) and \( \omega = 6.4 \), b\( a = - 1.17 \), \( b = - 0.49 \), \( \beta = 0.55 \), \( f = 13.92 \), \( \phi = 0.2 \) and \( \omega = 6.4 \), c\( a = - 2.91 \), \( b = - 0.56 \), \( \beta = 0.55 \), \( f = 12.99 \), \( \phi = - 15.1 \) and \( \omega = 2.91 \), and d\( a = - 2.91 \), \( b = - 0.56 \), \( \beta = 0.55 \), \( f = 9.01 \), \( \phi = - 0.13 \) and \( \omega = 1.29 \), respectively

Full size image

In order to show the dependence on the input parameter f, the maximal Lyapunov exponents are depicted in Fig. 4. It is obvious that the system reaches to a hyperchaotic regime beyond \( f \) = 9. By using another parameter of the system i.e. \( \beta \), a bifurcation diagram has been produced in Fig. 5. It is obvious that the chaotic nature appears for larger \( \beta \) values (i.e. 0.49). A periodic regime exists for low \( \beta \) values.

Fig. 4
figure 4

The variation of maximal Lyapunov exponents with respect to parameter f. Other parameters are \( a = - 2.91 \), \( b = - 0.56 \), \( \beta = 0.55 \), \( \phi = - 0.13 \), and \( \omega = 1.29 \), respectively

Full size image
Fig. 5
figure 5

The bifurcation diagram for parameter \( \beta \). The other parameters are \( a = - 1.17 \), \( b = - 0.49 \), \( f = 13.92 \), \( \phi = 0.2 \) and \( f = 4.1 \), respectively

Full size image

4 Chaos Based Image Encryption Scheme

4.1 Secret Key Generation

SHA-256, which is a traditionally used cryptographic hash algorithm, produces a 256-bit hash value. And this value changes completely when there is a slight change in the input of the algorithm. The function is used to generate the keys of this cryptosystem. Indeed, first of all, a 48-bit digest output which is described as PK is obtained from the plain image for input to the SHA-256 function. On the other hand, random noise RN is generated at the beginning of each encryption process using randi function of the MatLab. Subsequently, a 256-bit digest hash value SK is generated by executing SHA-256 with the PK and RN input. Thus, the secret key produced is completely unique thanks to SHA-256, even if there is a slight change in the plain image, or even no changes at all. As a result, all of this indicates that our encryption system can be resistant to against chosen-plaintext, chosen-ciphertext and known-plaintext attacks. The secret key generation is explained in detail below by pseudocodes written in MatLab.

ImgA plain color image is presented as input to the following algorithms:

figure a
figure b

Supposing that a hexadecimal number as \( h_{i} \), secret key SK can be defined as the hexadecimal number array as follows:

$$ SK = \left[ {h_{1} ,h_{2} , \ldots , { }h_{64} } \right], \, \exists i \in \left[ {1,2, \ldots ,64} \right] \quad \forall h_{i} \in \left[ {0 - 9} \right],\left[ {A - F} \right] $$
(2)

4.2 Obtaining the Initial Values of the Chaotic Equation from the Secret Key

The fact that chaotic systems are sensitive to initial values makes these systems very important for encryption systems. In this study, we have tried to reflect the slightest change in the secret key to the initial values. So, we get the values \( a_{1} ,a_{2} ,b_{1} \) and \( b_{2} \) to make sure that the slightest change in secret key causes changes in all initial values.

The initial values \( x_{1} ,y_{1} ,z_{1} ,v_{1} \) and the initial parameter \( f \) for Eq. (1) can be derived as follows:

$$ \left\{ \begin{aligned} x^{\prime}_{1} & = \left( {hex2de\left( {subset\left( {1, \, 10,SK} \right)} \right)10^{ - 11} } \right) \\ & \quad + \left( {hex2de\left( {subset\left( {11, \, 16,SK} \right)} \right)10^{ - 14} } \right) \\ y^{\prime}_{1} & = \left( {hex2de\left( {subset\left( {17, \, 26,SK} \right)} \right)10^{ - 11} } \right) \\ & \quad + \left( {hex2de\left( {subset\left( {27, \, 32,SK} \right)} \right)10^{ - 14} } \right) \\ z^{\prime}_{1} & = \left( {hex2de\left( {subset\left( {33, \, 42,SK} \right)} \right)10^{ - 11} } \right) \\ & \quad + \left( {hex2de\left( {subset\left( {43, \, 48,SK} \right)} \right)10^{ - 14} } \right) \\ v^{\prime}_{1} & = \left( {hex2de\left( {subset\left( {49, \, 58,SK} \right)} \right)10^{ - 11} } \right) \\ & \quad + \left( {hex2de\left( {subset\left( {59, \, 64,SK} \right)} \right)10^{ - 14} } \right) \\ \end{aligned} \right. $$
(3)

Here \( hex2de\left( . \right) \) function converts the secret key from hexadecimal number to a decimal number, \( subset\left( {i,j,K} \right) \) returns elements between the ith index and jth index of the K 1-D array.

In Eq. (3), we determine the multiplications \( 10^{11} \) and \( 10^{14} \) in order to adjust the relevant decimals of the \( x_{1} ,y_{1} ,z_{1} \) and \( v_{1} \).

The values of \( a_{1} ,a_{2} ,b_{1} \) and \( b_{2} \) are calculated according to the program schemes in Figs. 6 and 7 using \( subset \), \( concat \), \( roundD \), \( hex2de \) and \( sum \) functions. The \( subset \) and \( hex2de \) functions are mentioned above. The \( concat\left( {./.} \right) \) function concatenate the values given into it. The \( roundD\left( . \right) \) returns the decimal portion of the given decimal number and \( sum\left( . \right) \) is aggregate function.

Fig. 6
figure 6

Flow diagram where \( a_{1} , { }a_{2} \in \left[ {0,1} \right] \) decimal values are obtained

Full size image
Fig. 7
figure 7

Flow diagram where \( b_{1} ,b_{2} \in \left[ {0,1} \right] \) decimal values are obtained

Full size image
$$ \left\{ \begin{aligned} x_{1} &= x^{\prime}_{1} \left( {2 - a_{1} } \right) \hfill \\ y_{1} &= y^{\prime}_{1} \left( {2 - a_{2} } \right) \hfill \\ z_{1} &= z^{\prime}_{1} \left( {2 - b_{1} } \right) \hfill \\ v_{1}& = v^{\prime}_{1} \left( {2 - b_{2} } \right) \hfill \\ f &= 9.1 + a_{1} \hfill \\ \end{aligned} \right. $$
(4)

where the number 9.1 refers to the lower chaotic parameter for f. Since \( a_{1,2} \) and \( b_{1,2} \) refers to the numbers lower than 1, we make the multiplication higher by using the term \( \left( {2 - \left( {a,b} \right)_{1,2} } \right) \).

4.3 Encryption Algorithm

Figure 8 represents the overall flow chart of the encryption procedure. The steps of the flow chart are explained as the following:

Fig. 8
figure 8

The flow chart of the encryption process

Full size image

Input: Plain image P, secret key SK

Output: Cipher image C

If we assume that the horizontal and vertical magnitudes are W and H respectively, the size of the color plain image is \( W \times H \times 3 \). Then the total size of the colored image is as follows:

$$ s = W \times H \times 3 $$
(5)

Step 1. Take the initial values \( \left( {x_{1} ,y_{1} ,z_{1} ,v_{1} } \right) \) and the initial parameter f of the chaotic system using Eqs. (3, 4).

Step 2. With the help of the iteration method, generate chaotic numbers array CN whose size are \( \left( {s \times 4} \right) + 5000 \) by solving this time-continuously chaotic system. And then, remove the first thousand chaotic values that could adversely affect the encryption system.

$$ \begin{aligned} & n = s \times 4, \hfill \\ & cs = n + 4000; \hfill \\ \end{aligned} $$
(6)

Step 3. With the help of these numbers CN produced by chaotic generator, generate the key matrix KM to be applied in the diffusion and scrambling stages.

$$ \begin{aligned} & for \, i = 1:cs \hfill \\ & CN\left( i \right) = abs\left( {\left( {CN\left( i \right) - round\left( {CN\left( i \right),6} \right) \times 10^{ \wedge } 6} \right)} \right); \hfill \\ & end \hfill \\ & CN^{\prime} = unique\left( {CN} \right); \hfill \\ & CN^{\prime\prime} = subset\left( {1,s \times 4,CN^{\prime}} \right); \hfill \\ & KM = sort\left( {CN^{\prime\prime}} \right) \hfill \\ \end{aligned} $$
(7)

Here, \( CN\left( i \right) \) means that the ith element of CN, which is a 1-D array. The round function rounds the entered decimal number to the nearest number. The second parameter of the function determines the decimal point of the number to be rounded. The abs function takes the absolute value of the entered number. ‘^’ is the exponent operator that we know.

The unique function deletes repetitive elements of an array. The sort function returns the new index numbers of the array by sorting the array from small to large. The \( subset\left( {i,j,K} \right) \) returns elements between the ith index and jth index of the K. As a result, we can define the KM matrix as follows:

$$ \begin{aligned} & \forall i,j \in \left[ {1,2, \ldots ,n} \right], \hfill \\ & KM = \left[ {km_{1} ,km_{2} , \ldots km_{n} } \right],km_{i} \in \left[ {1,n} \right],Z^{ + } , \hfill \\ & \forall i \ne j \Rightarrow \forall km_{i} \ne km_{j} \hfill \\ \end{aligned} $$
(8)

Step 4. Resize the plain image P for each pixel by starting from component R sequentially from upper point to bottom point, then left to right, with components G and B. After that, convert each pixel into a 8-digit binary format. As a result, a matrix of s rows and 8 columns is obtained. The \( getBinimage \) function applies all these operations to give the PB matrix.

$$ PB = getBinimage\left( P \right) $$
(9)

The first column of the PB matrix corresponds to the first bit in the binary format of the decimal values corresponding to each row in this matrix. The same logic is used from 1th column to the 8th column.

Separate the first 4 columns and the last 4 columns of the binary matrix. Indeed, vertically divide the matrix PB in half. The matrix containing the first four columns of PB is \( PB_{1} \), the other matrix is called \( PB_{2} \).

Step 5. Perform the mapping method to the matrix \( PB_{2} \) by using the KM key matrix.

$$ \begin{aligned} & PB_{2}^{\prime } = reshape\left( {PB_{2} ,n,1} \right) \hfill \\ & PB_{2}^{\prime \prime } = PB_{2}^{\prime } \left( {KM} \right) \hfill \\ & PB_{2} = reshape\left( {PB_{2}^{\prime \prime } ,s,4} \right) \hfill \\ \end{aligned} $$
(10)

Here, reshape resizes any matrix according to the values given. The \( PB_{2}^{\prime } \left( {KM} \right) \) operation scrambles the values in \( PB_{2}^{\prime } \) to different positions according to KM. Indeed, the operation can be explained as follows:

Let’s assume A is an array. In that case, when I is a subset of the positive integers,\( A\left( I \right) \) is a subset of the \( A \). We define it as follows:

$$ \begin{aligned} & A = \left\{ {a_{1} ,a_{2} , \ldots ,a_{n} } \right\} \, , \, I = \left\{ {i_{1} ,i_{2} , \ldots i_{m} } \right\}: \hfill \\ & A\left( I \right) = \left\{ {a_{{i_{1} }} ,a_{{i_{2} }} , \ldots ,a_{{i_{m} }} } \right\} = \left\{ {A\left( {i_{1} } \right),A\left( {i_{2} } \right), \ldots ,A\left( {i_{m} } \right)} \right\} \, , \hfill \\ & i \in I \Rightarrow A\left( i \right) = a_{i} \hfill \\ \end{aligned} $$
(11)

Step 6. Perform diffusion method to matrices \( PB_{1} \) and \( PB_{2} \) by using the key matrix KM.

$$ \begin{aligned} & KM^{\prime} = reshape\left( {KM,s,4} \right); \hfill \\ & PD_{1} = bi2de\left( {PB_{1} } \right); \hfill \\ & PD_{2} = bi2de\left( {PB_{2} } \right); \hfill \\ & for \, i = 1:s \hfill \\ & sm1 = \bmod \left( {PD_{1} \left( i \right),4} \right); \, \hfill \\ & if \, sm1 = = 0 \, sm1 = 4; \, end \hfill \\ & PD_{2} \left( {i,:} \right) = bitxor\left( \begin{aligned} PD_{2} \left( i \right), \hfill \\ \bmod \left( {KM^{\prime}\left( {i,sm1} \right),15} \right) \hfill \\ \end{aligned} \right); \hfill \\ & sm2 = \bmod \left( {PD_{2} \left( i \right),4} \right); \hfill \\ & if \, sm2 = = 0 \, sm2 = 4; \, end \hfill \\ & PD_{1} \left( {i,:} \right) = bitxor\left( \begin{aligned} PD_{1} \left( i \right), \hfill \\ \bmod \left( {KM^{\prime}\left( {i,sm2} \right),15} \right) \hfill \\ \end{aligned} \right); \hfill \\ & end \hfill \\ & CB_{1} = de2bi\left( {PD_{1} } \right); \hfill \\ & CB_{2} = de2bi\left( {PD_{2} } \right); \hfill \\ \end{aligned} $$
(12)

Here, while the function \( bitxor \) applies bitwise xor logical operation, the \( bi2de \) function converts the number from the binary format to decimal one. The \( de2bi \) is the opposite \( bi2de \) and the mod function is the standard modulus operator. \( KM^{\prime}\left( {i,j} \right) \) denotes the element of ith row and jth column in the \( KM^{\prime} \) matrix.

Step 7. In contrast to the separation in step 4, combine the matrices \( CB_{1} \) and \( \, CB_{2} \). Convert binary matrix to decimal matrix. Finally, get the encrypted image by converting this matrix to the original dimensions of the image.

$$ \begin{aligned} & CD = bi2de\left( {CB} \right); \hfill \\ & C = reshape\left( {CD,W,H,3} \right); \hfill \\ \end{aligned} $$
(13)

It will be shown that the algorithm above has certain superiorities on the other algorithms in the literature. Initially, the present algorithm gives good results for all security tests. It is not time-consuming and complicated. Indeed, it uses the image in 2 half parts, which are regarded as important and unimportant parts as in Fig. 8.

4.4 Decryption Algorithm

The cipher image C is the input data for this process and the deciphered P is denoted as “output”, as the inverse of the encryption process.

Step 1. Obtain the key matrix KM by applying steps 1, 2 and 3 of the above encryption process exactly.

Step 2. Similar to step 5 in the encryption scheme, obtain the \( CB_{1} \) and \( CB_{2} \) matrices using the encrypted image instead of the plain image this time.

Step 3. Perform diffusion method to \( CB_{1} \) and \( CB_{2} \) matrices using KM matrix.

$$ \begin{aligned} & KM^{\prime} = reshape\left( {KM,s,4} \right); \hfill \\ & CD_{1} = bi2de\left( {CB_{1} } \right); \hfill \\ & CD_{2} = bi2de\left( {CB_{2} } \right); \hfill \\ & for \, i = 1:s \hfill \\ & sm2 = \bmod \left( {CD_{2} \left( i \right),4} \right); \, \hfill \\ & if \, sm2 = = 0 \, sm2 = 4; \, end \hfill \\ & CD_{1} \left( {i,:} \right) = bitxor\left( \begin{aligned} CD_{1} \left( i \right), \hfill \\ \bmod \left( {KM^{\prime}\left( {i,sm2} \right),15} \right) \hfill \\ \end{aligned} \right); \hfill \\ & sm1 = \bmod \left( {CD_{1} \left( i \right),4} \right); \hfill \\ & if \, sm1 = = 0 \, sm1 = 4; \, end \hfill \\ & CD_{2} \left( {i,:} \right) = bitxor\left( \begin{aligned} CD_{2} \left( i \right), \hfill \\ \bmod \left( {KM^{\prime}\left( {i,sm1} \right),15} \right) \hfill \\ \end{aligned} \right); \hfill \\ & end \hfill \\ & PB_{1} = de2bi\left( {CD_{1} } \right); \hfill \\ & PB_{2} = de2bi\left( {CD_{2} } \right); \hfill \\ \end{aligned} $$
(14)

The functions used here are defined in the encryption process in the previous section.

Step 4. Perform mapping method to the \( CB_{2} \) matrix using the KM key matrix.

$$ \begin{aligned} & PB_{2}^{\prime } = reshape\left( {PB_{2} ,n,1} \right) \hfill \\ & PB_{2}^{\prime \prime } \left( {CK} \right) = PB_{2}^{\prime } \hfill \\ & PB_{2} = reshape\left( {PB_{2}^{\prime \prime } ,s,4} \right) \hfill \\ \end{aligned} $$
(15)

Step 5. Obtain the decoded P matrix from the \( PB_{1} \) and \( PB_{2} \) matrices, similar to step 7 in the encryption algorithm.

5 Experimental Results

For the experiments, many parameter sets can be used. As a sample parameter set, we have considered the parameters of the chaotic circuit as \( a = - 2.91 \),\( b = - 0.56 \),\( \beta = 0.55 \),\( \phi = - 0.13 \) and \( \omega = 1.29 \). Because, the dynamic system exhibits a hyperchaotic behavior with these first parameters for \( f \ge 9.1 \). Along with plain image and random noise, the secret key produced with the help of the SHA-256 function is 2A8649DDF54B044DC1A50329C54B4960010066BA8FD005D4392B536545B04ECE. Then, the initial state variables and driving amplitude \( f \) of MCC are obtained from this secret key.

The sizes of plain images are \( 456 \times 408 \), \( 512 \times 512 \), \( 512 \times 512 \), and \( 256 \times 256 \) for the Vikings, Baboon, Airplane and Lena plain images, respectively (Fig. 9a–d). The encrypted versions of these images are given in Fig. 9e–h, respectively.

Fig. 9
figure 9

The plain images and their corresponding encoded results. a Vikings, e encrypted Vikings, b Baboon, f encrypted Baboon, c Airplane, g encrypted Airplane, d Lena and h encrypted Lena, respectively

Full size image

6 Security and Performance Analyses

6.1 Key Space Analysis

All the chaotic systems have a common feature: They are very dependent on the initial values. In other words, if any slight change occurs in the initial values of the functions, the functions produce entirely different result after sufficiently large time duration. The key space should be capable of neutralizing brute-force attacks for the encryption algorithm designs with a sufficient reliability. The encryption system key includes the initial values (\( x_{1} , \, y_{1} , \, z_{1} , \, v_{1} \)) and initial parameter of \( f \). In general, for systems with chaotic features, the precision of the initial conditions should be as high as possible such as 14 or 15 digits after the comma [5], so that the key space can reach at \( 10^{70} \). The key space is \( S = 10^{70} \cong 2^{232} > 2^{100} \) [40], so that the cryptosystem can resist to brute-force attacks.

6.2 Key and Plain Image Sensitivity Analyses

It should be pointed out that any small modification at the initial values of the chaotic system would yield entirely different outputs. The key of the Modified Chua crypto system is a ‘nonce’, based on the hash value generated by the plain image and a random sequence. Thus, if the startup conditions are changed slightly, this would cause to generate different encrypted images. In the MCC system, it is observed that the algorithm is very delicate to the slightest variation in the key after applying the experiments.

Figure 10a is a one bit modified version of the Lena image and its encrypted state is given in Fig. 10b. The differences between Figs. 9h and 10b is also given in Fig. 10c. From this point of view, results of the encryptions are also divergent from each other.

Fig. 10
figure 10

a One bit-modified version of Fig. 9d, b encrypted image of a, c the difference between Fig. 9b, h

Full size image

6.3 Resistance to Known Plaintext and Chosen Plaintext Attacks

According to the proposed algorithm, the key strongly depends on the hash value of the original image. Therefore, different keys would be produced for different kind of images. Any attacker cannot decipher a particular image with a key used from another image. To conclude, the implemented software may be resistant to both the known—plaintext and chosen—plaintext attacks.

6.4 Differential Attacks

Typically, in an image encryption unit, it is considered that the encrypted media should differ from its unencrypted version. To determine such a difference between the versions, the criteria NPCR [41] and UACI [42] are generally used in the literature.

In other words, the crypto system, which is recommended here should guarantee that the encrypted versions of two images become different to each other, when one bit modification is made into one of them. Tables 1 and 2 show the NPCR and UACI test findings for 1500 randomly selected pairs. The findings are satisfactory and the software is found to be robust against differential attacks.

Table 1 Minimum, maximum and average UACI(%) values
Full size table
Table 2 Minimum, maximum and average NPCR(%) values
Full size table

6.5 Information Entropy Analysis

Information entropy is used for the measurement of an arbitrary distribution in a media file. The formulation of this operation is presented as follows [43]:

$$ H\left( m \right) = \sum\limits_{i = 0}^{{2^{n} - 1}} {p\left( {m_{i} } \right)\log_{2} \frac{1}{{p\left( {m_{i} } \right)}}} $$
(16)

The information entropy for an encrypted version should be as high as possible, indeed it should be 8 for ideal results as in Ref. [44]. That makes the information difficult to expose. Here, Table 3 gives the information entropy results of three pieces of the encrypted image by using the Eq. (16). It is found that the results are close to 8.

Table 3 Information entropies of the cipher images
Full size table

6.6 Correlation Coefficient Analysis

There exists a relationship between neighboring pixels in any original image. In order to counteract statistical attacks for this relationship, the correlation on the neighboring pixels in an encrypted image should be minimal. The following formulation can be applied to calculate this correlation value between two adjacent pixels [48].

$$ r_{xy} = \frac{{\text{cov} \left( {x,y} \right)}}{{\sqrt {D\left( x \right)} \sqrt {D\left( y \right)} }}, $$
(17)
$$ \text{cov} \left( {x,y} \right) = \frac{1}{N}\sum\limits_{i = 1}^{N} {\left( {x_{i} - E\left( x \right)} \right)\left( {y_{i} - E\left( y \right)} \right)} , $$
(18)
$$ E\left( x \right) = \frac{1}{N}\sum\limits_{i = 1}^{N} {x_{i} , \, D\left( x \right) = \frac{1}{N}\sum\limits_{i = 1}^{N} {\left( {x_{i} - E\left( x \right)} \right)^{2} .} } $$
(19)

Figure 11 shows the correlation distributions of two horizontally, vertically and diagonal adjacent pixels in the plain and ciphered Lena images. It is clear that the correlation between the neighboring pixels decreases substantially.

Fig. 11
figure 11

Distributions of the correlations between the plain and the encoded images. a, c, e are the diagonal, vertical and horizontal of plain image, b, d, f are the diagonal, vertical and horizontal of cipher image respectively

Full size image

Table 4 gives the correlation values between the plain images and their encrypted versions. The test results prove that the correlation between the adjacent pixels of the encoded image version is very low, whereas the correlation between the plain images exists quite high. This ensures that the encryption performed here is effective.

Table 4 Correlation coefficients for adjacent pixels in the original images and their cipher images
Full size table

6.7 Histogram Analysis

The histogram of an image provides information about the distribution of its pixel values and represents this image. As seen in Fig. 12, the histogram of the original image has several peaks while the encrypted image has a nearly constant distribution.

Fig. 12
figure 12

Histogram of plain and encrypted images of Lena respectively

Full size image

6.8 Resisting Noise Attack Analysis

The encoded image version is inevitably exposed to different types of noises, when the data passes through a real communication channel. This noise can cause problems during the acquisition of the original image. Therefore, the algorithm should be noise resistant, so that the encryption scheme can be valid. The Peak Signal-to-Noise Ratio (PSNR) is used to measure the quality of the decoded image after the attacks. For the image components, PSNR can be obtained by the following formulation [49]:

$$ PSNR = 10 \times \log_{10} \left( {\frac{255 \times 255}{MSE}} \right)\left( {\text{dB}} \right) $$
(20)
$$ MSE = \frac{1}{mn}\sum\limits_{i = 1}^{m} {} \sum\limits_{i = 1}^{n} {\left\| {I_{1} \left( {i,j} \right) - I_{2} \left( {i,j} \right)} \right\|^{2} } $$
(21)

MSE is the mean square error between the original and recovered images and is represented as \( I_{1} \left( {i,j} \right) \) and \( I_{2} \left( {i,j} \right) \) respectively, with the size of mxn. Figure 13 shows the encrypted image Lena exposed to the Salt Pepper noise with different density of this and its deciphered ones. The MSE and PSNR of these decoded images are shown in Table 5. From this Table 5 and Fig. 13, we can understand that the original image is entirely obtained again, which is noticeable, the PSNR value is about 30 dB, and the decoded images are highly correlated. This means that the decoded images are very close to the original image. Thus, it can be said that the proposed algorithm is resistant to resisting noise attacks to some degree.

Table 5 Quantitative results of resisting noise attack
Full size table
Fig. 13
figure 13

The cipher images with salt and pepper noise and their deciphered forms a, d noise with d = 0.01. b, e Noise with d = 0.05. c, f Noise with d = 0.1

Full size image

6.9 Speed Analysis

The encryption speed is one of the key issues for the secure communication. Some precautions have been taken in order to speed up the encryption/decryption in the system. Initially, time-consuming operations were not used in the algorithm. For instance xor operation has been used to save computer time. Besides, the data obtained from the chaotic system is used for both diffusion and penetration process, thereby time is saved for the data production scheme, too. For instance, when Matlab R2017b is used in a PC with Intel Core i7-6700 CPU @3.4GHZ, 8 GB memory operating under Windows 10, the averaged time for the encryption of Lena image is 0.14 s, which is a sufficient value.

7 Conclusions

An original encryption/decryption algorithm has been developed for the encryption and the decryption of the images by using the modified Chua’s circuit (MCC) system, which exhibits a hyperchaotic behavior for a large parameter regime due to the double frequency dependent nature. The Lyapunov spectrum has been found to characterize the hyperchaotic regime of the data. To our knowledge, the MCC system has been used for the first time for such an encryption study. Besides, the scrambling feature, which is implemented at a bit level and novel diffusion system using the MCC has been applied in the algorithm.

Following the encryption procedure, the encrypted colored image has been tested by a variety of tests including the secret key size and secret key sensitivity, histogram analysis, correlation analysis, differential analysis and information entropy analysis. The results of the analysis prove that the proposed algorithm is quite effective and provides an efficient technique for the color image encryption/decryption in the area of secure communication. The hyperchaotic MCC data give sufficient input to the algorithm to fulfill the security requirements. In addition to the security test results, the speed analyses give sufficient results. For instance, it gives 0.14 s for the encryption of colored image Lena.