A fast chaos-based image encryption scheme with a ...

Multimed Tools Appl (2017) 76:15561–15585 DOI 10.1007/s11042-016-3858-4

A fast chaos-based image encryption scheme with a novel plain image-related swapping block permutation and block diffusion Xiuli Chai 1,2 & Zhihua Gan 3 & Miaohui Zhang 1

Received: 28 December 2015 / Revised: 2 June 2016 / Accepted: 10 August 2016 / Published online: 1 September 2016 # Springer Science+Business Media New York 2016

Abstract In the paper, a fast image encryption scheme with block permutation and block diffusion is introduced. Considering the increasing size of the image, encryption process is manipulated by block, and the encryption of every block image consists of block permutation and block diffusion. A novel plain image-related swapping block permutation strategy is presented, the swapping operation of the block image is controlled by the random chaotic sequences, and the initial value and parameter of the chaotic system are produced by SHA 256 hash value of the plain image, thus our algorithm is highly sensitive to changes of the plain image. Diffusion method within the block image (DMWBI) and diffusion method between two block images (DMBTBI) are presented to effectively eliminate the correlation of adjacent pixels in the plain image. The correlated chaos is employed to enhance the relationship of chaos, and take fully use of chaotic maps. One-dimensional Logistic-Sine System (LSS) is used to generate pseudo-random sequences during the whole encryption process. Experiment results and security analysis have proved the proposed image encryption algorithm is secure and effective. Keywords Diffusion method within theblock image(DMWBI) . Diffusion method between two block images (DMBTBI) . Image encryption . Block permutation . Block diffusion . Chaos

1 Introduction With the fast development of network and communication technology, more and more multimedia contents such as image and video have been transmitted and stored over the * Xiuli Chai [email protected]

1

School of Computer and Information Engineering, Henan University, Kaifeng 475004, China

2

Department of Electrical and Computer Engineering, University of Pittsburgh, Pittsburgh, PA 15261, USA

3

School of Software, Henan University, Kaifeng 475004, China

15562

Multimed Tools Appl (2017) 76:15561–15585

Internet. Information safety becomes a hot issue. Image encryption is an important method to ensure information security. Consequently, various image encryption schemes have been introduced based on chaotic systems [8, 38, 51], optical transformation [15, 25, 29], DNA computing [3, 19, 44], cellular automata [1, 11, 32], wave perturbations [48] and others. In 1989, the British mathematician Matthews introduced the first chaos-based encryption algorithm, and the logistic map was used as a key generator [28]. Intrinsic properties of chaotic systems (Such as ergodicity, sensitive dependence on initial conditions, random-like behavior and mixing effect) lead to natural relationship and structural similarity between chaos and cryptography. Since then, many digital image encryption schemes have been presented based on chaotic systems [2–10, 12–14, 16–24, 26, 27, 30, 31, 33–47, 49–59]. In 1998, Fridrich introduced the first general architecture for chaos-based image cipher [13]. It is made up of permutation and diffusion. In the first stage, pixels are permutated by a twodimensional area-preserving chaotic map. Then, pixel values are modified using a discretized chaotic map in the diffusion procedure. This architecture has become the most popular structure, and been adopted in many chaos-based image encryption algorithms. For example, Gao et al. [16] gave a chaos-based image encryption method and used logistic map and hyperchaotic system for shuffling and diffusion respectively. In [6], Chen et al. used a 3D Arnold’s cat map for substitution and employed Chen’s chaotic system for the diffusion. An image encryption algorithm with permutation-diffusion structure was introduced in [37], and tent map is used to shuffle the positions of image pixels and then delayed coupled map lattices (DCML) is employed to confuse the relationship between the plain image and the cipher image. Moreover, some researchers improved the two-stage structure, and presented one-stage structure [40, 42, 45]. Wang et al. [42] proposed an image encryption algorithm that combines the permutation and diffusion stages into one stage. The scheme used the nearest-neighboring coupled-map lattices, tent map and S-box, the plain image was divided into blocks that may be permutated as a unit, and another algorithm also doing confusion and diffusion simultaneously was proposed in Ref. [45], but the pixel of the image was as the unit in confusion. In [40], a fast image encryption algorithm based on multiple chaotic systems was proposed, shuffling stage and diffusion stage may be combined into one stage, the cipher image was divided into blocks while the plain image was scanned from left to right and from top to bottom, and a group of logistic maps were used to generate the encryption key for each plain image pixel. Besides, some scholars introduced three-stage image encryption structure [9, 35, 36]. Seyedzadeh et al. [35] proposed three-stage image encryption algorithm made up of forward encryption, reverse encryption and masking. In 2015, Seyedzadeh et al. [36] presented a new image encryption scheme, she used the quantum logistic map to diffuse the relationship of pixels, employed two-dimensional logistic map to modify the values of diffused pixels, and exploited the random circular shift operation to rearrange bits of each encrypted pixel. Recently, Zhu et al. [9] introduced an improved permutation-diffusion architecture, which included three stages: plain pixel-related swapping confusion (some rounds), diffusion and plain pixel-related swapping confusion (one round). Chaotic logistic map was employed for pixel swapping confusion and diffusion, the pixel is used as the confusion unit, with the increasing of the image size, more pixels need to be implemented, and this may affect the speed of the approach and limit its application in real time atmosphere. Many chaos-based image encryption algorithms have been put forward and employed in the multimedia information security field, however, some of them have been found unsafe and broken [2, 7, 12, 20–22, 31, 34, 39, 52, 53]. For example, Yen et al. [52] gave an efficient hierarchical chaotic image encryption scheme, and it divided the plain image into many blocks

Multimed Tools Appl (2017) 76:15561–15585

15563

of the same size, and then manipulated intra-block and inter-block position permutation. Recently, this algorithm has been cracked by ciphertext-only attack and it should be combined with confusion to provide high security [20]. Sirma et al. [31] attacked an encryption method based on the Chen chaotic systems, and found it is vulnerable for brute force attack. Li et al. [21] introduced a novel double-image encryption scheme using chaos-based local pixel scrambling technique in GT domains, and Chen et al. [7] found this algorithm is vulnerable for noise perturbation and occlusion attack. Liu et al. [22] evaluated the security of the encryption algorithms in Ref. [34], broke it with only two pairs of known plain images and corresponding cipher images, and found it was insensitive to the change of the plain image and secret keys. Recently, Wang et al. [39] found the method [53] had two flaws including the key was fix regardless of the plain image, and the permutation vector was constant for different plain images, and it was vulnerable to chosen plaintext attack, subsequently Eslami et al. [12] put forward an improved method based on Ref. [53], and recently Akhavan et al. [2] cryptanalyzed this improved algorithm using differential attack and found it was insensitive to the plain image. Except for security, speed for running the encryption algorithm is also an important factor for real-time communications [26], which reflects the time complexity. If an encryption method has high security level, but it needs long time to run, and obviously it is unsuitable for real-time encryption in practice. Therefore, novel fast image encryption schemes with high security level need to be presented to satisfy the requirements of real-time transmission and communication. Based on the above analyses, we propose a fast chaotic image encryption scheme with block permutation and block diffusion in this paper. The main novelty can be summarized as follows: (1) The image encryption scheme is manipulated by block, and this can save much time compared with pixel-by-pixel encryption method. Encryption of every block image is made up of block permutation and block diffusion. A novel plain image-related swapping block permutation strategy is presented, the highly random chaotic sequences produced by the chaotic system determine the permutation position of the block image, the initial values and parameters of chaotic system are produced by the plain image, and the permutation method has no limit of square plain images. (2) In block diffusion process, diffusion method within the block image (DMWBI) and diffusion method between two block images (DMBTBI) are introduced. These methods can not only diminish the correlation of adjacent pixels within the block image, but also remove that of adjacent pixels between two block images. (3) Encryption method has close relationship with the plain image. The initial values and parameters of chaotic system are generated by the SHA256 Hash values of the plain image, and after a block image has been confused and diffused, the cipher image of the current block image is used to modify the parameters and initial values of chaotic system for the permutation of the following block image. Thus, the effect of Bone plain image, one key^ may be attained, a slight change in the plain image may get a completely different cipher, and this can improve the resistance of the scheme against chosen-plaintext and known-plaintext attacks. (4) Correlated chaos is employed. In permutation and diffusion, a 1D Logistic-Sine System (LSS) is used. The chaotic sequences of permutation process are employed as the initial value and parameter of the chaotic map for the diffusion process, the chaotic system for permutation has relationship with that for diffusion, and this is correlated chaos. Thus, the chaotic map is fully used. The rest of the paper is organized as follows. In Section 2, the proposed image encryption scheme is described in detail. Simulation results are reported in Section 3, Section 4 is the security analyses, while conclusions are drawn in the last section.

15564

Multimed Tools Appl (2017) 76:15561–15585

2 Image encryption scheme 2.1 The logistic-sine system (LSS) In the proposed algorithm, the Logistic-Sine System (LSS) [57] is used to generate the needed parameters. LSS can be presented as Eq. (1) unþ1 ¼ LSS ðr; un Þ ¼ ðrun ð1−un Þ þ ð4−rÞsinðπun Þ=4Þmod1

ð1Þ

Where parameter r ∈ (0, 4]. The bifurcation diagram of LSS is shown in Fig. 1. From Fig. 1, it can be illustrated that LSS has a wider chaotic range and chaotic behaviors, is more suitable for image encryption than Logistic and Sine chaotic map, and the pseudorandom sequences between 0 and 1 can be obtained.

2.2 Generation of the initial values and parameters SHA 256 is a widely used cryptographic hash function with 256 bit hash value and it can be expressed as a 64 digit hexadecimal number [23]. If there is one bit difference between two images, their hash values will be completely different. In the method, SHA 256 hash is used to generate the initial values and control parameters of the chaotic system. Before encrypting the original image, we firstly compute its hash value as the secret key, and it can be denotes as
 ð2Þ K ¼ k 1 ; k 2 ; ⋯; k 32 ; subject to : k i ¼ k i;0 ; k i;1 ; ⋯; k i;7 Where in ki,j, i denotes the character number and j shows the bit number in ki. The initial values and parameters for LSS generating two confusion sequences can be derived as   u10 ¼ mod ðk 1 ⊕k 2 ⊕k 3 ⊕k 4 ⊕k 5 þ k 6 ⊕k 7 ⊕k 8 Þ; 28 =256 ð3Þ   r10 ¼ mod ðk 9 ⊕k 10 ⊕k 11 ⊕k 12 ⊕k 13 ⊕k 14 ⊕k 15 ⊕k 16 Þ; 28 =256 ð4Þ   u20 ¼ mod ðk 17 ⊕k 18 ⊕k 19 ⊕k 20 ⊕k 21 ⊕k 22 ⊕k 23 ⊕k 24 Þ; 28 =256 ð5Þ

Fig. 1 The bifurcation diagram of LSS

Multimed Tools Appl (2017) 76:15561–15585

15565

  r20 ¼ mod ðk 25 ⊕k 26 ⊕k 27 ⊕k 28 ⊕k 29 ⊕k 30 ⊕k 31 ⊕k 32 Þ; 28 =256

ð6Þ

Where, x ⊕ y denotes the XOR operation.

2.3 Block permutation based on the plain image-related swapping approach Without loss of generality, suppose that the plain image is denoted as P, which has size of M × N, and is decomposed into (M/m) × (N/n) sub-blocks. The size of each block image is m × n. In general, M should be divisible by m, and N should be divisible by n. If this is not satisfied, we can change the values of m and n. Here, m and n are considered as control parameters. Block permutation is used to change the position of the block image. Each block image in the plain image will be swapped with another block image located after it, whose position is determined by the chaotic sequences generated from LSS. Suppose (p, q) is the position of the block image, (p’, q’) is the position of the corresponding swapping block image, and it can be derived according to 



0

p ¼ p þ k 1 ðpÞ 0 q ¼ q þ k 2 ðqÞ

ð7Þ

  k 1 ðpÞ ¼ mod ðabsðu1 ðpÞÞ−floorðu1 ðpÞÞÞ  1014 ; M =m−p þ 1; p ¼ 1; 2; ⋯; M=m   ð8Þ k 2 ðqÞ ¼ mod ðabsðu2 ðqÞÞ−floorðu2 ðqÞÞÞ  1014 ; N =n−q þ 1; q ¼ 1; 2; ⋯; N =n

Where u1(p) and u2(q) are random sequence values generated by the LSS, abs(x) means the absolute value of x, and floor(x) gives the largest integer less than or equal to x. Then, the swapping operation will be implemented by 0

Pp;q ði; jÞ ¼ Pp0 ;q0 ði; jÞ; Pp0 ;q0 ði; jÞ ¼ Pp;q ði; jÞ

ð9Þ

Where P′p,q(i, j) is the block image positioned at (p, q) after the permutation, Pp0 ;q0 ði; jÞ and Pp,q(i, j) are the block image positioned at (p’, q’) and (p, q), respectively, i = 1, 2, ⋯, m; j = 1, 2, ⋯, n. After the confusion process of the block image placed at (p, q) is finished, P′p,q(i, j) may not ′ (i, j) is the resultant block image of the confused image. However, be changed again, so Pp,q after Pp,q(i, j) is swapped to (p’, q’) and serves as the new value of Pp0 ;q0 ði; jÞ, it will be swapped again with another block image in the subsequent block permutation operations. The chaotic sequences produced by the chaotic system affect the swapping position of the block image, the initial values and parameter of the chaotic system are decided by the plain image, and so the method has close relationship with the plain image. By using the new plain image-related swapping confusion approach, the fixed point and image size restriction troubles of traditional permutation strategies were obviously removed, and it can be used for all kinds of images. Moreover, a slight change in the plain image will thereby affect the subsequent pixel and spread to the remainder of the confusion image, therefore this can enhance the performance of resisting known-plaintext and chosen-plaintext attack. Besides, the confusion process are directly manipulated in the space of the original image, no extra space may be needed for storing confused image. In addition, the permutation method has no limit of square plain images

15566

Multimed Tools Appl (2017) 76:15561–15585

2.4 Block diffusion In block diffusion process, diffusion method within the block image (DMWBI) and diffusion method between two block images (DMBTBI) are presented to remove the correlation of adjacent pixels in the plain image. The steps of block diffusion are as follows: Firstly, Pp,q(i, j) is the block image located at (p, q) (p = 1, 2, ⋯, M/m, q = 1, 2, ⋯, N/n), and it is arranged into vector pq with size 1 × mn. Then, DMWBI will be manipulated on pq(i) by Eq. (10): cðiÞ ¼ pqðiÞ⊕kk ðiÞ⊕cði−1Þ; i ¼ 1; 2; ⋯; mn

ð10Þ

Where, pq(i) and kk(i) denote the ith element of plain image vector and quantized chaotic key stream sequences produced by the LSS, respectively; c(i) is the ith cipher element of cipher vector C, c(i − 1) is the previous cipher element, and c(0) is used as a key. Thus DMWBI of the current block image is finished. We continue to manipulate DMBTBI to the diffused block image located at (p, q). Cipher vector C is changed to two dimensional matrix Cp,q(i, j), then DMBTBI of the current block image will be done as follows: 0

C p;q ði; jÞ ¼ C p;q ði; jÞ⊕C −1 ði; jÞ⊕KK ði; jÞ; i ¼ 1; 2; ⋯; m; j ¼ 1; 2; ⋯; n;

ð11Þ

Where, C′p,q(i, j) is the cipher block image of current block image Cp,q(i, j), C− 1(i, j) is the previous cipher block image, and KK(i, j) denotes the resized matrix of chaotic sequences generated by LSS. DMBTBI of the current block image is over, and simultaneously the diffused block image appears. There are two special circumstances: When q = 1 (p > 1), that is to say, the block image is located at the first column of the whole block image except P1,1(i, j), and Eq. (11) is changed to 0

C p;q ði; jÞ ¼ C p;q ði; jÞ⊕C p−1;N =n ði; jÞ⊕KK ði; jÞ; i ¼ 1; 2; ⋯; m; j ¼ 1; 2; ⋯; n;

ð12Þ

Where C− 1(i, j) is substituted for Cp − 1,N/n(i, j) and it is the last diffused block image located at N/n column of the previous row (p-1) in the whole block image. When p = 1, q = 1, DMWBI of the block image P1,1(i, j) is done, and the DMBTBI of this block image is omitted. In DMWBI and DMBTBI, the same chaotic sequences are employed, and this can not only make the chaotic sequences fully used, but also avoid the time waste of solving the chaotic system.

2.5 Encryption steps Figure 2 illustrates the flowchart of encryption method. The encryption process can be shown using the following steps. Step 1: The plain image is denoted as P(M × N), is decomposed into (M/m) × (N/n) subblocks, and the size of each block image is m × n. Step 2: Calculate the external key K and initial values and parameters u10, r10, u20, r20 by Eqs. (3)–(6). Step 3: when p = 1, q = 1, iterating the LSS with the initial values and parameters u10, r10, u20, r20 to get the chaotic sequence value u1(p) and u2(q), and implement block permutation to the block image Pp,q(i, j) in P, get P′p,q(i, j).

Multimed Tools Appl (2017) 76:15561–15585

15567

Block- by- block maniputation M N × blocks m n

Plain image

Block permutation

Confusion sequences

Block diffusion (DMWBI,DMBTBI)

Diffusion sequences

LSS chaotic system

SHA256 Hash

Cipher image

Modified initial values and parameters

Initial values and parameters

Fig. 2 The flowchart of the encryption method

Step 4: According to the chaotic confusion sequence value u1(p) and u2(q) produced by Step 3, set the initial values and parameters of LSS used for generating the diffusion sequences as: u30 = u1(p), r30 = u2(q) + 3. Step 5: Initiate the LSS with u30 and r30 for mn times, get chaotic sequences u3(i), then chaotic confusion sequences kk(i) can be gotten by quantifying u3(i) according to     kk ðiÞ ¼ mod floor u3 ðiÞ  1014 ; 256 ; i ¼ 1; 2; ⋯; mn ð13Þ Step 6: Perform block diffusion to the permutated block image P′p,q(i, j) located at (p, q) and get cipher block image C′p,q(i, j). The encryption of block image Pp,q(i, j) is finished. Step 7: Compute the sum and average value of all the pixels of C′p,q(i, j) and denoted as ′ (i, j)), respectively. Renew the initial values and sum(C′p,q(i, j)) and average(Cp,q parameters u10, r10, u20, r20 by Eqs. (14)–(17).



0

ð14Þ u10 ¼ mod sum C p;q ði; jÞ =10000 þ u10 ; 1



0

r10 ¼ mod sum C p;q ði; jÞ =10000 þ ur0 ; 1 þ 3 u20 ¼ mod

0



u20 þ average C p;q ði; jÞ =255 ; 1

0



r20 ¼ mod r20 þ average C p;q ði; jÞ =255 ; 1 þ 3

ð15Þ ð16Þ ð17Þ

Step 8: Set q = q + 1, do Steps 3–7 in a loop, until q > (N/n), and the encryption of the block images located at the first row ends. Then, p = p + 1, q = 1, perform Steps 3–7 in a loop, finish the encryption of the block images at the second row. Repeat these manipulations until all the block images has been encrypted, thus cipher image C is gotten.

2.6 Decryption steps Decryption algorithm is the reverse process of the encryption. The external key K computed in Step 2 of encryption steps and c(0) in the block diffusion are the decryption key, the key must

15568

Multimed Tools Appl (2017) 76:15561–15585

be safely stored and transmitted to the receivers, and then the authorized users can recover the original image directly from the cipher image by using them. The concrete decryption steps can be presented as follows: Step 1: The cipher image is C1(M × N), divided into (M/m) × (N/n) sub-blocks, and the size of each block image is m × n. In order to store the recovered block image, we define a matrix P1 with all elements 0, and it has the same size and partitioning method with C1. Step 2: Compute initial values and parameters u10, r10, u20, r20 similar to Step 2 in encryption steps. Step 3: when p = 1, q = 1, iterate the LSS and get corresponding swapping position (p’, q’) according to the reverse block permutation process, and obtain the key stream kk(i) similar to Steps 3–5 in encryption steps. Step 4: Perform consecutively the reverse DMBTBI and DMWBI to the block image C1p,q(i, j) located at (p, q), obtain the block image Pp,q(i, j), and then put it to position (p’, q’) of matrix P1. The reverse DMBTBI is as follows: C p;q ði; jÞ ¼ C1p;q ði; jÞ⊕C1−1 ði; jÞ⊕KK ði; jÞ; i ¼ 1; 2; ⋯; m; j ¼ 1; 2; ⋯; n;

ð18Þ

When q = 1 (p > 1), the reverse DMBTBI is as follows: C p;q ði; jÞ ¼ C1p;q ði; jÞ⊕C1p−1;N =n ði; jÞ⊕KK ði; jÞ; i ¼ 1; 2; ⋯; m; j ¼ 1; 2; ⋯; n; ð19Þ The reverse DMWBI is as Eq. (20), and the resized block image Pp,q(i, j) may be gotten after the reverse DMWBI is manipulated. pqðiÞ ¼ cðiÞ⊕kk ðiÞ⊕cði−1Þ; i ¼ 1; 2; ⋯; mn

ð20Þ

Where, KK(i, j) is the resized matrix of chaotic sequences kk(i), C1− 1(i, j) is the previous block image of C1p,q(i, j), Cp,q(i, j) is a intermediate matrix, pq(i) and kk(i) denote the ith element of vector of matrix Pp,q(i, j) and key streams, respectively; c(i) is the ith element of vector of Cp,q(i, j), c(i − 1) is the previous element, and c(0) is a key. When p = 1, q = 1, the reverse diffusion of the block image C11,1(i, j) is the reverse DMWBI, and here, c(i) is the ith element of vector of C11,1(i, j). Step 5: As described in Step 5 in encryption steps, we renew the initial values and parameters u10, r10, u20, r20, and here C′p,q(i, j) is C1p,q(i, j). Step 6: Set q = q + 1, manipulate Steps 3–5 in a loop, until q > (N/n), and then the decryption of the block images in the first row is done. Then, p = p + 1, q = 1, perform Steps 3–5 in a loop, complete the decryption of the block images at the second row. Repeat these processes until all the block images has been decrypted, thus the plain image P1 is obtained.

3 Simulation results The proposed encryption algorithm is able to encrypt different types of images such as grayscale image, color image, satellite image and medical image. This section provides simulation results to show its encryption performance. The 512 × 512 Lena image, satellite

Multimed Tools Appl (2017) 76:15561–15585

15569

image, Peppers image and medical image are used as the plain images. All experiments are made by Matlab 2014a to run the encryption and decryption process in computer with 3GHz CPU, 4GB memory and Windows 7 operating system. c(0) = 250 and 16 × 16 blocks are divided. The results are shown in Fig. 3. For color image encryption, we encrypt each color component individually and combine them to obtain the cipher images. As can be seen, all cipher images are noise-like and unrecognizable. The recovered images are visually the same as their original ones. This means that the information of the plain image can be fully recovered in the decryption process.

4 Security analyses This section addressed the security of the proposed method. We analyze its key space and key sensitivity, and then evaluate the encryption algorithm using histogram analysis, correlation analysis, information entropy, resisting differential attack analysis, resisting known-plaintext and chosen-plaintext attack analysis, resisting noise attack analysis, resisting occlusion attack analysis and speed analysis.

4.1 key space A good encryption algorithm should have an enough large key space, so that it can resist the brute-force attack for information eavesdroppers. In the proposed algorithm, the secret keys include the 256 bit external key K generated by the hash function of the plain image, and positive integer c(0), 0 ≤ c(0) ≤ 255.Thus, the key space of our encryption method can reach to 256 × 2256 ≈ 1090 and the comparison results with other algorithms are shown in Table 1.

4.2 Key sensitivity analysis A good image encryption algorithm must have high sensitivity to its security key change. Here, we test the key sensitivity of our method in both the encryption and decryption process. The grayscale image Lena is used as the test image.

4.2.1 Key sensitivity of encryption process In the paper, the generation of hash values is based on the plain image, so when there is a little change between two images, the hash values will be different, such that the initial values and parameters of the LSS will change accordingly. The encryption results for image Lena with only one pixel difference in the plain image are shown in Fig. 4 and Table 2. In the test, we changes the pixel located at (1,1) to 227, the changed image is shown in Fig. 4a, the corresponding encryption result is illustrated in Fig. 4b, Fig. 4c is the subtraction of Fig. 4b and the cipher image Fig. 3b. Figure 4d, g, j are the changed image with P (20, 35) = 120, P (120, 225) = 255 and P (360, 400) = 60, respectively. Figure 4e, h, k are the corresponding cipher images, and Fig. 4f, i, l are the subtraction of cipher images with Fig. 3b. Table 2 shows the differences of the hash values and between cipher images, when the plain image has a pixel changed. From these results, it can be seen that when one pixel of the plain image changes, a completely different hash value arises, and the corresponding cipher images are different, about 99.6 % of the pixels modified.

15570

Multimed Tools Appl (2017) 76:15561–15585

(a) plain image of Lena

(b) corresponding cipher image

(c) decrypted image

(d) plain image of satellite image

(e) corresponding cipher image

(f) decrypted image

(g) plain image of Peppers

(h) corresponding cipher image

(i) decrypted image

(j) plain image of medical image Fig. 3 Simulation results

(k) corresponding cipher image

(l) decrypted image

Multimed Tools Appl (2017) 76:15561–15585

15571

Table 1 Key space comparison results with other methods Methods

Ref. [33]

Ref. [54]

Ref. [49]

Ref. [10]

Ours

Key space

1.2 × 1024

1084

1056

1060

1090

4.2.2 Key sensitivity of decryption process In decryption process, the cipher image should be also sensitive to the secure key. Figure 5 is the decryption results for cipher image Fig. 3b of image Lena with slightly modified key K1, K2 and K3. Table 3 shows differences between decipher images generated with slightly different keys. From them, we can find that when the secure key has a small change, the decrypted image is something like noise, and the original image cannot be decrypted successfully. Only using the right secure key K0, the plain image can be recovered. Therefore, the proposed method is very sensitive to the secure key.

4.3 Histogram analysis A histogram is used to show the distribution of pixel values of an image. In image encryption, modifying the distribution feature is very important. A flat distribution is desirable, for it can mask the original information and resist the statistical attack effectively. Figure 6 illustrates the histograms of plain image, cipher image and decrypted images for grayscale image Lena and color image Peppers. In Fig. 6a and d, the histograms are steep and not flat enough, while those of cipher images are flat, which are shown in Fig. 6b and e. The histogram of decrypted images (Fig. 6c and f) are the same as those of plain images (Fig. 6a and d), and that means the plain images can be recovered successfully. In addition, variances of histograms are used to quantitatively evaluate the uniformity of the cipher images. The lower the variances, and the higher the uniformity of the cipher images. The variance of histograms can be calculated by the following equation [55], varðZ Þ ¼

n n 2 1 X X 1 zi −z j 2 n i¼1 j¼1 2

ð21Þ

Here Z denotes the vector of the histogram values and Z = {z1, z2, ⋯, z256}, zi and zj are the numbers of pixels which gray values are equal to i and j, respectively. Table 4 gives the variances of the histograms of the plain image and cipher image for Lena (512 × 512). As described in Table 4, we can conclude that first, the variance of the cipher image generated by our algorithm is 1067.4, that of the original image is 632100, and that of the cipher image is greatly reduced compared with the corresponding values of the plain image; second, the variance of the cipher image in our algorithm is less than variances in Ref. [5, 55, 59] and nearly same with that in Ref. [4]. Our algorithm is more effective and efficient.

4.4 Correlation analysis Correlation analysis is used to test the relationships of adjacent pixels in the plain image and cipher image. 5000 pairs of adjacent pixels from the plain image and

15572

Multimed Tools Appl (2017) 76:15561–15585

(a) Lena with P(1,1)=227

(d) Lena with P(20, 35)=120

(g) Lena P (120, 225)=255

(j) Lena P(360, 400)=60

(b) correspongding encryption result (c) difference between Fig.4(b)and Fig. 3(b)

(e) correspongding encryption result

(f) difference between Fig.4(e)and 3(b)

(h) correspongding encryption result

(i) difference between Fig.4(h)and 3(b)

(k) correspongding encryption result (l) difference between Fig.4(k)and Fig.3(b)

Fig. 4 The encryption results for image Lena with only one pixel difference

Multimed Tools Appl (2017) 76:15561–15585

15573

Table 2 Differences between cipher images generated with plain image one pixel changed Pixel change

Key

Comparison with Fig. 3b

P(1, 1) = 227

1f8704e2c7d2bc634dce3dcca0e63a682e9fec4b8eeb6bbef51f07322290d8ed

0.9964

P(20, 35) = 120

33abfcca2f8db27e4a8d00a05cd2002d799f44eabbbb177409cbe6dc6ad02da3

0.9959

P(120, 225) = 255

eb6da0a3b03108f83db18326d6269127a13e404026638fc4bfb1dd625400d1c9

0.9960

P(360, 400) = 60

4bf1d712b238df28be054a1928f4a6e0013f400e6cb586810aee6bd64c4169d9

0.9960

cipher image are selected randomly in the horizontal, vertical and diagonal directions to perform this analysis. Figure 7 plots the correlations of two adjacent pixels in three directions for Lena. Moreover, the correlation coefficients rx,y of each pair are calculated by the following equations: rx;y ¼

Eððx−E ðxÞÞðy−E ðyÞÞÞ pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi DðxÞDðyÞ

E ðxÞ ¼

N 1X xi N i¼1

N 1X D ð xÞ ¼ ðxi −E ðxÞÞ2 N i¼1

ð22Þ

ð23Þ

ð24Þ

Where E(x) and D(x) are the expectation and variance of variable x, respectively. The correlation coefficients of the plain image and cipher images are shown in Table 5. From the figure and table, it can be displayed that the correlation between adjacent pixels of the original image is very high, which may cause some information leakage, while that of the cipher image is very low, the vales are all smaller than 0.03 after using the proposed algorithm, which indicate the negligible correlation.

(a) decrypted image with K1

(b) decrypted image with K2

Fig. 5 The decryption results for image Lena with different keys

(c) decrypted image with K3

15574

Multimed Tools Appl (2017) 76:15561–15585

Table 3 Differences between decipher images generated with slightly different keys and the plain image Decryption image

Decryption key

Comparison with Fig. 3a

Fig. 3c

K0 = b32171537de519d7c1c83ff25989a559532 c6b269a303ac19d3d0a906bb5e250

0

Fig. 5a

K1 = a32171537de519d7c1c83ff25989a559532 c6b269a303ac19d3d0a906bb5e250

0.9962

Fig. 5b

K2 = b32171537de519d7c1c83ff25989a559533 c6b269a303ac19d3d0a906bb5e250

0.9964

Fig. 5c

K3 = b32171537de519d7c1c83ff25989a559532 c6b269a303ac19e3d0a906bb5e250

0.9961

4.5 Information entropy The information entropy can be calculated by 2 −1 X n

H ð mÞ ¼

pðmi Þlog

i¼0

1 pðmi Þ

ð25Þ

In which H(m) represents the information entropy of an information source m, p(mi) denotes the probability of symbol mi and the entropy is expressed in bits. For a random image with 256 grey levels, the entropy should ideally be 8 [30]. Table 6 shows the information entropy of plain image and cipher image. It is obvious that the information entropies produced by our method are nearly the same with those in Ref. [51] and Ref. [43], and closer to the theoretical value of 8 than other algorithm Ref. [58], which means information leakage in the encryption procedure is negligible, thus the algorithm proposed has a good property of information entropy.

2500

3000

3000

2000 2000

2000

1500 1000

1000

1000

500 0

0 0

50

(a)

100

150

200

250

0

0

50

100

150

200

250

(b) Histogram of cipher image

Histogram of Lena

0

50

100

150

200

250

(c) Histogram of decrypted image

2500

4000

4000 2000

3000

3000 1500

2000

2000 1000

1000

0

0 0

1000

500

50

(d)

100

150

200

Histogram of Peppers

250

0

0

(e)

50

100

150

200

250

Histogram of cipher image

Fig. 6 Histograms of the plain image, cipher image and decrypted image

0

50

100

150

200

250

(f) Histogram of decrypted image

Multimed Tools Appl (2017) 76:15561–15585

15575

Table 4 Variances of the histograms of the plain image, cipher image of Lena (512 × 512) Image

Variance

Ours Plain image

Cipher image

632100

1067.4

Ref. [55]

Ref. [59]

Ref. [5]

Ref. [4]

5554.82

5335.83

1209.4e

1015.3

4.6 Resisting differential attack analysis Differential attack is a chosen-plaintext attack in which the attacker wants to get the secure key by changing the plain images and then analyzing the difference of the corresponding cipher images. In order to resist differential attacks, a slightly change in the plain image should bring completely different cipher image. Number of pixels change rate (NPCR) and unified average changing intensity (UACI) are used to measure the resisting differential attack performance of the encryption method. C1and C2 represent the cipher images before and after one pixel of the plain image is changed, and W and H denotes the width and height of the image respectively, and the values of NPCR and UACI can be calculated by the following formula: X Dði; jÞ i; j

NPCR ¼

1 UACI ¼ W H

"

W H

 100%

X jC 1 ði; jÞ−C 2 ði; jÞj 255 i; j

ð26Þ

#  100%

ð27Þ

Where D(i, j) is defined as  Dði; jÞ ¼

1; C 1 ði; jÞ≠C 2 ði; jÞ 0; otherwise

ð28Þ

First, we modify the pixel values of different positions for Lena, the results of NPCR and UACI are shown in Table 7. The average value of NPCR is 0.9961, and that of UACI is 0.3346. Next, we choose six test images, and a pixel from the original image is randomly chosen and the pixel value is added 1, then we get a new plain image. The new cipher image and the old cipher image are used to calculate the values of NPCR and UACI. For each sample image, 100 random pixels are selected. The average, minimum, maximum value of NPCR and UACI are illustrated in Table 8. From the results, we can see that the proposed algorithm has good property in resisting differential attacks.

4.7 Resisting known-plaintext and chosen-plaintext attack analysis In the paper, SHA256 hash value of the plain image is used for calculating the initial values and parameters of LSS to generate the chaotic sequences to encrypt the plain image. And when the current block image is permutated and confused, the cipher block image is employed to reset the initial values and parameters of LSS for the following block image permutated. Therefore, our encryption method has a highly relationship with the plain image.

15576

Multimed Tools Appl (2017) 76:15561–15585

(a) Horizontal direction in plain image

(b) Horizontal direction in cipher image 250 pixel gray value on location(x+1,y)

pixel gray value on location(x+1,y)

250

200

150

100

50

0

0

50 100 150 200 pixel gray value on location(x,y)

200

150

100

50

0

250

0

(c) Vertical direction in plain image pixel gray value on location(x,y+1)

pixel gray value on location(x,y+1)

250

200

150

100

50

0

50 100 150 200 pixel gray value on location(x,y)

200

150

100

50

0

250

0

(e) Diagonal direction in plain image

250

pixel gray value on location(x+1,y+1)

250

200

150

100

50

0

50 100 150 200 pixel gray value on location(x,y)

(f) Diagonal direction in cipher image

250 pixel gray value on location(x+1,y+1)

250

(d) Vertical direction in cipher image

250

0

50 100 150 200 pixel gray value on location(x,y)

0

50 100 150 200 pixel gray value on location(x,y)

250

Fig. 7 Correlations of two adjacent pixels for Lena

200

150

100

50

0

0

50 100 150 200 pixel gray value on location(x,y)

250

Multimed Tools Appl (2017) 76:15561–15585

15577

Table 5 Correlation coefficients of two adjacent pixels in the plain and cipher images Name

Plain image

Cipher image

Horizontal

Vertical

Diagonal

Horizontal

Vertical

Diagonal

Lena (512 × 512)

0.9757

0.9640

0.9421

0.0044

0.0151

0.0012

Satellite (1024 × 1024)

0.8643

0.8206

0.7243

0.0059

0.0199

−0.0122

Baboon (512 × 512)

0.7325

0.8447

0.7096

−0.0058

0.0131

0.0030

Cameraman (256 × 256)

0.9577

0.9370

0.9123

−0.0251

0.0123

−0.0236

Barbara (512 × 512)

0.9692

0.9342

0.9040

−0.0224

−0.0053

−0.0163

Goldhill (512 × 512)

0.9721

0.9845

0.9639

−0.0232

−0.0026

−0.0198

Fig. 3j (512 × 512)

0.9946

0.9966

0.9898

0.0324

−0.0023

−0.0056

Sometimes, the adversary employs all black or white images as special plain images to attack the encryption algorithms, for the special images can make the permutation process invalid, and they can make the encryption method known and unsafe. Figure 8 shows the cipher image of the all white image, and it is something like noise. The adversary cannot find useful information to break the encryption scheme. Therefore, our encryption algorithm can resist the known-plaintext attacks and chosen-plaintext attacks effectively.

4.8 Resisting noise attack analysis In real communication channels, the cipher images will be inevitably disturbed by all kinds of noises. The noise gives much difficulty in recovering the original images. Therefore, the robustness against noise is also an important issue to evaluate the performance of encryption methods. The Peak Signal-to-Noise Ratio (PSNR) is used to calculate the quality of the decrypted image after attack. For a grayscale image, the PSNR is computed as

255  255 PSNR ¼ 10  log10 ðdBÞ ð29Þ MSE

MSE ¼

m n 1 XX kI 1 ði; jÞ−I 2 ði; jÞk2 mn i¼1 i¼1

ð30Þ

Table 6 Information entropies of the plain and cipher images Name

Plain image

Ours

Ref. [51]

Ref. [43]

Ref. [58]

Lena (512 × 512)

7.4456

7.9993

7.9993

7.9993

7.9984

Satellite (1024 × 1024)

6.7327

7.9998

7.9998

7.9997

7.9986

Baboon (512 × 512)

7.3579

7.9993

7.9992

7.9992

7.9984

Cameraman (256 × 256)

7.0097

7.9973

7.9969

7.9968

7.9970

Barbara (512 × 512)

7.4664

7.9993

7.9991

7.9992

7.9973

Goldhill (512 × 512)

7.4778

7.9993

7.9993

7.9992

7.9981

Fig. 3j (512 × 512)

3.9111

7.9992

7.9991

7.9992

7.9971

15578

Multimed Tools Appl (2017) 76:15561–15585

Table 7 The Lena image for different positions Position (1, 1)

(20, 35)

(120, 225)

(360, 400)

UACI

0.9964

0.9959

0.9960

0.9960

NPCR

0.3342

0.3345

0.3347

0.3348

Where MSE is the mean square error between the decrypted image I2(i, j) and the original image I1(i, j), and m and n denote the width and height of the image, respectively. Figure 9 illustrates the encrypted Lena image that is affected by Gaussian noise with different variances and their decrypted ones. The mean value of the correlation coefficients, NPCR and UACI of the noisy decrypted and the plain Lena image are shown in Table 9. From the figure and the table, when the variance changes from 0.0001 to 0.0005, we find that the original Lena image is recovered and it can be recognized, the PSNR is about 30 dB, the decrypted image has high correlation, and the values of NPCR and UACI is less than those of Ref. [24], which means our decrypted images are closer to the original images. Thus, our encryption algorithm has a robustness property on resisting noise attack to some degree.

4.9 Resisting occlusion attack analysis In the transmission of cipher images, some data may be lost caused by the packet loss in congestion network or the malicious destruction of the opponents. Occlusion attack is used to test the capacity of recovering original image from cipher image that have lost some data. PSNR is also employed to evaluate the performance of the proposed encryption algorithm. Figure 10a–d is the cipher image of Fig. 3b with 1/16, 1/8, 1/4, 1/2 occlusion respectively, and Fig. 10e–h shows the corresponding recovered images. Table 10 shows the quantitative results of resisting occlusion attack of our algorithm. It is obvious that our scheme is immune against occlusion attack. If less than 25 % of the cipher data are lost, the recovered image is with satisfactory resolution and the decrypted image is also recognizable even when 50 % of the cipher data are lost. Table 8 NPCRs and UACIs between ciphers while plain images only have one different pixel Name

Average NPCR

Minimum UACI

NPCR

Maximum UACI

NPCR

UACI

Lena (512 × 512)

0.9962

0.3345

0.9954

0.3338

0.9973

0.3355

Satellite (1024 × 1024)

0.9962

0.3346

0.9955

0.3337

0.9975

0.3360

Baboon (512 × 512)

0.9963

0.3341

0.9955

0.3334

0.9975

0.3359

Cameraman (256 × 256)

0.9959

0.3340

0.9945

0.3327

0.9968

0.3362

Barbara (512 × 512)

0.9961

0.3341

0.9950

0.3331

0.9970

0.3354

Goldhill (512 × 512)

0.9960

0.3347

0.9951

0.3332

0.9976

0.3359

Multimed Tools Appl (2017) 76:15561–15585

15579

Fig. 8 The cipher image of all white plain image

4.10 Speed analysis In the encryption process, the real number arithmetic operation and the quantization operation cost much time, thus the average required chaotic variables and quantization operations for encrypting one pixel may be used to evaluate the efficiency of an image encryption method [46]. As for our method, for every block image of Lena (512 × 512), the LSS is iterated for 2

(a) Mean=0,Variance=0.0001

(b) Mean=0,Variance=0.0003

(c) Mean=0,Variance=0.0005

(d)

(e) Mean=0,Variance=0.0003

(f)

Mean=0,Variance=0.0001

Mean=0,Variance=0.0005

Fig. 9 Cipher and decrypted image under Gaussian noise with different level of noise

15580

Multimed Tools Appl (2017) 76:15561–15585

Table 9 Quantitative results of resisting noise attack Variance

Ours

Ref. [24]

MSE

PSNR

Correlation

NPCR

UACI

NPCR

UACI

0.0001

48.1323

31.3064

0.6271

0.9471

0.0598

0.9920

0.2844

0.0003

66.4563

29.9054

0.5392

0.9691

0.0855

0.9961

0.2864

0.0005

74.8654

29.3880

0.4910

0.9759

0.0993

0.9974

0.2880

times in the permutation process, 256 times in the confusion process, and the generation of the initial values and parameters of the LSS needs 4 times computation. So a total number of

(a) cipher image(1/16 occlusion)

(d) cipher image(1/2 occlusion)

(b) cipher image(1/8 occlusion)

(e) recovered image(1/16 occlusion)

(g) recovered image(1/4 occlusion) Fig. 10 Occlusion attack analysis results

(c) cipher image(1/4 occlusion)

(f) recovered image(1/8 occlusion)

(h) recovered image(1/2 occlusion)

Multimed Tools Appl (2017) 76:15561–15585

15581

Table 10 Quantitative results of resisting occlusion attack Occlusion

Ours

Ref. [17]

MSE

PSNR

Correlation

NPCR

UACI

PSNR

1/16

8.05

39.18

0.69

0.07

0.02

39.23

1/8

15.79

36.16

0.62

0.13

0.04

–

1/4

30.95

33.29

0.35

0.26

0.08

33.37

1/2

59.71

30.38

0.20

0.50

0.15

30.40

262 × 1024 = 268288 state variables have been generated during the iterations, and hence about 1.02 chaotic variables are used for one pixel encryption in average. Table 11 illustrates the results of our method and comparable algorithms. Compared with other algorithms, our scheme has higher efficiency. Moreover, in the proposed scheme, the plain image is divided into some blocks, it is encrypted block by block, and therefore the encryption method is easy to be applied in parallel. Besides, A one-dimensional LSS is used to generate the confusion sequence and diffusion sequences, the confusion sequence is used as the initial value and parameter of LSS to generate diffusion sequences, and the same chaotic sequence is employed in DMWBI and DMBTBI, and these can not only make the chaotic sequence fully used, but also avoid the time waste of solving the chaotic system. And these can save the time and increase the working speed of our encryption algorithm. The encryption speed comparison results are illustrated in Table 12, it is known that our method has better property in speed, especially for the larger size image.

5 Conclusions In this paper, a new image encryption scheme based on a novel plain image-related swapping block permutation and block diffusion is presented. In the proposed block permutation strategy, each block image is swapped with another block image located after it, and the swapping operation is controlled by chaotic sequences depending on the plain image. The initial values and parameters of the chaotic system are generated from the plain image. As a result, a slight change in the plain image can affect the swapping positions and produce a completely different confused image. Moreover, in the block diffusion strategy, diffusion method within the block image (DMWBI) and diffusion method between two block images (DMBTBI) are proposed, which Table 11 Efficiency analysis of the image encryption scheme to achieve a satisfactory security level NPCR

UACI

Average required chaotic variables

Average required quantization operations

Ours

>0.996

>0.334

1.02

0.99

Ref. [27] Ref. [56]

>0.996 >0.996

>0.334 >0.334

9 6

3 2

Ref. [47]

>0.996

>0.334

4

2

Ref. [41]

>0.996

>0.334

7

2

15582

Multimed Tools Appl (2017) 76:15561–15585

Table 12 Encryption speed comparison Image size

Ours

Ref. [12]

Ref. [18]

Ref. [43]

Ref. [58]

256 × 256

0.46 s

0.71 s

0.35 s

4.54 s

3.48 s

512 × 512

1.26 s

2.29 s

1.59 s

15.14 s

11.42 s

1024 × 1024

3.88 s

8.68 s

6.49 s

60.15 s

47.24 s

can effectively reduce the correlation of adjacent pixel in the plain image. Besides, image encryption is manipulated by block, after a block image has been encrypted, and the cipher image is employed to modify the initial values and parameters of chaotic system for the next block image to be encrypted. Furthermore, the chaotic sequences of permutation process are used as the initial value and parameter of the chaotic map for the diffusion process, correlated chaos enhances the relationship of chaotic systems and makes the chaotic sequences fully used. Simulations and security analyses have demonstrated that the proposed method has big key space, is highly sensitive to its security key, shows excellent encryption performance for protecting different types of images, and outperforms some algorithms in terms of security and encryption performance. It has potential applications in multimedia security. In addition, due to the block method adopted in the proposed cryptosystem, it is especially suitable for encrypting big size image. Acknowledgments All the authors are deeply grateful to the editors for careful and fast handling of the manuscript. The authors would also like to thank the anonymous referees for their valuable suggestions to improve the quality of this paper. This work is supported by the National Natural Science Foundation of China (Grant No. 61203094 and 61305042), Science and Technology Foundation of Henan Province of China (Grant No. 152102210048), Foundation and Frontier Project of Henan Province of China (Grant No. 162300410196), Natural Science Foundation of Educational Committee of Henan Province of China (Grant No. 14A413015), the Research Foundation of Henan University (Grant No. xxjc20140006).

References 1. Abdo AA, Lian SG, Ismail IA, Amin M, Diab H (2013) A cryptosystem based on elementary cellular automata. Commun Nonlinear Sci Numer Simul 18:136–147 2. Akhavan A, Samsudin A, Akhshani A (2015) Cryptanalysis of Ban improvement over an image encryption method based on total shuffling^. Opt Commun 350:77–82 3. Belazi A, Hermassi H, Rhouma Rh O, Safya B (2014) Algebraic analysis of a RGB image encryption algorithm based on DNA encoding and chaotic map. Nonlinear Dyn 76:1989–2004 4. Chai XL (2015) An image encryption algorithm based on bit level Brownian motion and new chaotic systems. Multimedia Tools Appl. doi:10.1007/s11042-015-3088-1 5. Chai XL, Yang K, Gan ZH (2016) A new chaos-based image encryption algorithm with dynamic key selection mechanisms. Multimedia Tools Appl. doi:10.1007/s11042-016-3585-x 6. Chen G, Mao Y, Chui CK (2004) A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos Solitons Fractals 21:749–761 7. Chen JX, Zhu ZL, Fu C, Zhang LB, Yu H (2015) Analysis and improvement of a double-image encryption scheme using pixel scrambling technique in gyrator domains. Opt Lasers Eng 66:1–9 8. Chen JX, Zhu ZL, Fu C, Zhang LB, Zhang YS (2015) An efficient image encryption scheme using lookup table-based confusion and diffusion. Nonlinear Dyn 81:1151–1166 9. Chen JX, Zhu ZL, Fu C, Yu H (2014) A fast image encryption scheme with a novel pixel swapping-based confusion approach. Nonlinear Dyn 77:1191–1207 10. Diaconu AV (2015) Circular inter-intra pixels bit-level permutation and chaos-based image encryption. Inf Sci. doi:10.1016/j.ins.2015.10.027

Multimed Tools Appl (2017) 76:15561–15585

15583

11. Enayatifar R, Sadaei HJ, Abdullah AH, Lee M, Isnin IF (2015) A novel chaotic based image encryption using a hybrid model of deoxyribonucleic acid and cellular automata. Opt Laser Eng 71:33–41 12. Eslami Z, Bakhshandeh A (2013) An improvement over an image encryption method based on total shuffling. Opt Commun 286:51–55 13. Fridrich J (1998) Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurcation Chaos 8: 1259–1284 14. Fu C, Meng WH, Zhan YF, Zhu ZL, Lau FCM, Tse CK, Ma HF (2013) An efficient and secure medical image protection scheme based on chaotic maps. Comput Biol Med 43:1000–1010 15. Galizzi GE, Christian C-L (2015) Joint transform correlator optical encryption system: Extensions of the recorded encrypted signal and its inverse Fourier transform. Opt Commun 353:76–82 16. Gao TG, Chen ZQ (2008) A new image encryption algorithm based on hyper-chaos. Phys Lett A 372:394–400 17. Hsiao H-I, Lee J (2015) Color image encryption using chaotic nonlinear adaptive fiter. Signal Process 117:281–309 18. Huang XL (2012) Image encryption algorithm using chaotic Chebyshev generator. Nonlinear Dyn 67:2411–2417 19. Kamarposhti MS, Mohammad D, Rahim MSM, Yaghobi M (2014) Using 3-cell chaotic map for image encryption based on biological operations. Nonlinear Dyn 75:407–416 20. Li CQ (2016) Cracking a hierarchical chaotic image encryption algorithm based on permutation. Signal Process 118:203–210 21. Li H, Wang Y, Yan H, Li L, Li Q, Zhao Z (2013) Double-image encryption by using chaos-based local pixel scrambling technique and gyrator transform. Opt Lasers Eng 51:1327–1331 22. Liu YS, Fan H, Eric XY, Cheng G, Li CQ (2015) Deciphering an image cipher based on mixed transformed logistic maps. Int J Bifurcation Chaos 25(13):1550188 23. Liu HJ, Wang XY (2013) Triple-image encryption scheme based on one-time key stream generated by chaos and plain images. J Syst Softw 86:826–834 24. Liu H, Wang X, Kadir A (2012) Image encryption using DNA complementary rule and chaotic maps. Appl Soft Comput 12:1457–1466 25. Lu P, Xu ZY, Lu X, Liu XY (2013) Digital image information encryption based on compressive sensing and double random-phase encoding technique. Optik 124:2514–2518 26. Luo YL, Du MH, Liu JX (2015) A symmetrical image encryption scheme in wavelet and time domain. Commun Nonlinear Sci Numer Simul 20:447–460 27. Mao Y, Chen G, Lian S (2014) A novel fast image encryption scheme based on 3D chaotic baker maps. Int J Bifurcation Chaos 14(10):3613–3624 28. Matthews R (1989) On the derivation of a chaotic encryption algorithm. Cryptologia 4:29–42 29. Mehra I, Nishchal NK (2015) Optical asymmetric image encryption using gyrator wavelet transform. Opt Commun 354:344–352 30. Mirzaei O, Yaghoobi M, Irani H (2012) A new image encryption method: parallel sub-image encryption with hyper chaos. Nonlinear Dyn 67:557–566 31. Ozkaynak F, Yavuz S (2013) Security problems of pseudorandom sequence generator based on Chen chaotic system. Comput Phys Commun 184:2178–2181 32. Ping P, Xu F, Wang ZJ (2014) Image encryption based on non-affine and balanced cellular automata. Signal Process 105:419–429 33. Pisarchik A, Zanin M (2008) Image encryption with chaotically coupled chaotic maps. Phys D 237(20): 2638–2648 34. Sam IS, Devaraj P, Bhuvaneswaran RS (2012) A novel image cipher based on mixed transformed logistic maps. Multimedia Tools Appl 56:315–330 35. Seyedzadeh SM, Mirzakuchaki S (2012) A fast color image encryption algorithm based on coupled twodimensional piecewise chaotic map. Signal Process 92:1202–1215 36. Seyedzadeh SM, Norouzi B, Mosavi MR, Mirzakuchaki S (2015) A novel color image encryption algorithm based on spatial permutation and quantum chaotic map. Nonlinear Dyn 81:511–529 37. Tang Y, Wang ZD, Fang JN (2010) Image encryption using chaotic coupled map lattices with time-varying delay. Commun Nonlinear Sci Numer Simul 15:2456–2468 38. Wang XY, Guo K (2014) A new image alternate encryption algorithm based on chaotic map. Nonlinear Dyn 76:1943–1950 39. Wang X, He G (2011) Cryptanalysis on a novel image encryption method based on total shuffling scheme. Opt Commun 284(24):5804–5807 40. Wang XY, Wang Q (2014) A fast image encryption algorithm based on only blocks in cipher text. Chin Phys B 23(3):030503 41. Wang Y, Wong K, Liao X, Xiang T, Chen G (2009) A chaos-based image encryption algorithm with variable control parameters. Chaos Solitons Fractals 41(4):1773–1783 42. Wang Y, Wong KW, Liao XF, Chen GR (2011) A new chaos-based fast image encryption algorithm. Appl Soft Comput 11:514–522

15584

Multimed Tools Appl (2017) 76:15561–15585

43. Wang XY, Xu DH (2014) A novel image encryption scheme based on Brownian motion and PWLCM chaotic system. Nonlinear Dyn 75(1–2):345–353 44. Wang XY, Zhang YQ, Bao XM (2015) A novel chaotic image encryption scheme using DNA sequence operations. Opt Laser Eng 73:53–61 45. Wang XY, Zhao JF, Liu HJ (2012) A new image encryption algorithm based on chaos. Opt Commun 285:562–566 46. Wong K, Kwok B, Law W (2008) A fast image encryption scheme based on chaotic standard map. Phys Lett A 372(15):2645–2652 47. Wong K, Kwok B, Yuen C (2009) An efficient diffusion approach for chaos-based image encryption. Chaos Solitons Fractals 41(5):2652–2663 48. Wu Y, Zhou YC, Sos A, Noonan Joseph P (2014) A symmetric image cipher using wave perturbations. Signal Process 102:122–131 49. Yang H, Wong KW, Liao X, Zhang W, Wei P (2010) A fast image encryption and authentication scheme based on chaotic maps. Commun Nonlinear Sci Numer Simul 15:3507–3517 50. Yao W, Zhang X, Zheng ZM, Qiu WJ (2015) A colour image encryption algorithm using 4-pixel Feistel structure and multiple chaotic systems. Nonlinear Dyn 81:151–168 51. Ye GD (2014) A block image encryption algorithm based on wave transmission and chaotic systems. Nonlinear Dyn 75:417–427 52. Yen JC, Guo JI (2000) Efficient hierarchical chaotic image encryption algorithm and its VLSI realization. IEEE Proc Vis Image Signal Process 147:167–175 53. Zhang G, Liu Q (2011) A novel image encryption method based on total shuffling scheme. Opt Commun 284(12):2775–2780 54. Zhang Q, Liu L, Wei X (2014) Improved algorithm for image encryption based on DNA encoding and multichaotic maps. Int J Electron Commun (AEÜ) 68:186–192 55. Zhang YQ, Wang XY (2014) A symmetric image encryption algorithm based on mixed linear- nonlinear coupled map lattice. Inf Sci 273:329–351 56. Zhang W, Wong Kwok-wo YH, Zhu ZL (2013) An image encryption scheme using reverse 2-dimensional chaotic map and dependent diffusion. Commun Nonlinear Sci Numer Simul 18:2066–2080 57. Zhou YC, Bao L, Philip Chen CL (2014) A new 1D chaotic system for image encryption. Signal Process 97: 172–182 58. Zhou YC, Cao WJ, Chen CL P (2014) Image encryption using binary bitplane. Signal Process 100:197–207 59. Zhu ZL, Zhang W, Wong KW, Yu H (2011) A chaos-based symmetric image encryption scheme using a bitlevel permutation. Inf Sci 181:1171–1186

Xiuli Chai received the PhD Degree from South China University of Technology in 2008. Currently, she is an associate professor at School of Computer and Information Engineering of Henan University of China, and working as a visiting scholar at Department of Electronical and Computer Engineering of University of Pittsburgh. Her areas of interests are information security, multimedia security, cryptography aspects of chaos.

Multimed Tools Appl (2017) 76:15561–15585

15585

Zhihua Gan was born in China. He received the Master degree in 2008 at School of Computer and Information Engineering of Henan University in China. Currently, he is a lecturer at School of Software of Henan University, pursuing the PhD degree at School of Computer Science & Technology of Beijing Institute of Technology, and his interesting areas include multimedia security, image processing.

Miaohui Zhang was born in China. He received the PhD degree at the Institute of Image Processing and Pattern Recognition of Shanghai Jiao Tong University in China in 2013. Now he is an associate professor at School of Computer and Information Engineering of Henan University. His current research interests include image processing, pattern analysis, and computational intelligence.