Abstract
This paper presents a multiplierless image-cipher, with extendable 2048-bit key-space, based on a 4-dimensional (4D) quantized piece-wise linear cat map (PWLCM). The quantized PWLCM exhibits limit-cycles of 4-bit encoded integers with periods greater than 107. The synthesis of the PWLCM in a finite state space allows to eliminate the undesirable finite precision effect due to the hardware realization. The proposed image-cipher combines chaos, modular arithmetic, and lattice-based cryptography to encrypt a color image by performing pixel permutation and diffusion in a single operation. Further, an image-dependent confusion operation based on an 8-bit 2D-PWLCM is performed on the whole image to enhance security. In order to increase the key-space without key duplication, 16 × 16 sub-images are modified using sub-keys of different lattice length vectors generated from the external key. Both simulations and security analyses confirm that the proposed algorithm can resist common cipher attacks, in addition to its advantages such as simplicity, ease of implementation on low-end processors and extensibility of key-space that allows it to easily adapt even for future post-quantum computing attacks.
Similar content being viewed by others
1 Introduction
The rapid development of digital image transmission over wireless communication media has increased the concern of data security, leading to the demand for image cipher. There exist several techniques for securing data, including steganography, watermarking, and data encryption [2, 25]. The steganography technique conceals the message data; hence it requires more communication bandwidth over a computer network, whereas the cryptography technique transforms the message data, needing approximately the same bandwidth as message data. Thus, encryption is the preferable and mature technology used in applications involving message transmission over a network [19]. In encryption, the message is scrambled using a secret key. The encryption’s strength depends on the secret key’s randomness strength. Different techniques such as linear congruential, additive congruentional, linear feedback shift register, multiple recursive generators and chaos based generators are used to generate the random sequences using the seed as the initial condition of the dynamical system that constitutes the secret key [18, 24, 37].
There exist different methods such as linear feedback shift register (LFSR), linear congruential generator (LCG), Multiple Recursive Generators (MRGs) for generating Pseudo-random Numbers (PRN). The disadvantages of these methods are the limited periodicity of the random number sequence, which can be mitigated using a suitable chaotic system.
Chaotic systems have intrinsic properties such as sensitivity to initial conditions, ergodicity, random-like dynamics behaviors, and unpredictability that are desired characteristics for designing secure ciphers. Hence, chaos-based encryption methods have emerged besides traditional ciphers such as Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), Data Encryption Standard (DES), and RSA to enhance data security. However, complex chaotic systems are required to make ciphers more secure. Broadly, there are two types of dynamical chaotic systems: continuous-time and discrete-time. The latter is suitable for data encryption as it is feasible to implement on digital hardware. Among the basic discrete-time systems, 2D logistic map, 2D standard map, 2D Henon map, and the 3D Baker map are used in cryptography [26, 34, 38, 39]. During the last decade, the performance of such systems has been improved to increase their complexity, leading to more randomness for secure data encryption. A combination of the piece-wise-linear chaotic map and linear Diophantine Equation (LDE) enhances the cipher’s security and was used for image encryption [14]. Although the ciphered image was obtained after only one round, it has the drawback that the encryption process is independent of the plain-image characteristics. The authors mitigated the drawbacks by proposing another one-round encryption scheme in which large permutation and diffusion keys were generated by sorting the solutions of the LDE [13]. Multiple chaotic maps were used to derive the control parameters and initial values to increase the security level of the cipher [31]. It enhances the key-space; however, the short-length encryption key makes the cipher vulnerable against brute force attacks. Other ciphers based on the combination of chaotic systems were also proposed to increase the key-space and are still under investigation [22, 29, 30, 33, 36].
In all the above chaos-based ciphers, chaotic maps need to be quantized during the hardware implementation of the algorithm. Such a quantization reduces the randomness of the chaotic orbits; hence the security level of the cipher [41]. In order to overcome such a drawback, it is necessary to either evaluate the complexity of the chaotic system under limited precision conditions or to increase the computational precision. Most of the work reported in the literature implements chaotic systems with 32-bit floating-point arithmetic, which is hardware costly and requires high-end processors for execution [5, 15]. Hence, it is necessary to design quantized chaotic systems with a large period of limit-cycles to implement chaos-based ciphers on a low-end processor [12].
Arnold’s cat map (ACM) preserves the mixing property even after quantization among the different chaotic maps. It has the advantage of (i) being easily defined both in the continuous phase space and the discrete phase space (quantized version) and (ii) a computationally simple 2D system that can be easily extended into a multi-dimensional system. It has been used in data encryption in the confusion step. Apart from the ACM, the combination of the Henon and Arnold cat maps was used in designing an image cipher [11]. Although the algorithm performed well, it has nevertheless been observed that the periodicity of restoring the original image is too short, leading to security issues. More recently, an encryption scheme based on continuous phase space of a generalized Arnold cat map was reported [20]. In [43], the 2D ACM was combined with an affine cipher to enhance the security level of the cipher. In all of these algorithms, the ACM is used in its continuous phase space version, and the precision of the generated obits is chosen as large as possible (32-bit, for example) to avoid short limit-cycles due to the quantization process. The quantized ACM (QACM) has been widely studied in the literature, and the relationship between its period and the number of encoding bits has been determined [6, 7, 27].
The period of the QACM is an important parameter that can induce security issues when using it in cryptography. It is known that the period of the QACM does not exceed 3m, \(m\in \mathbb {N}_{>1}\) being the modulo value. This limitation justifies the use of continuous phase space ACM (m = 1) compared to QACM in many cryptographic applications. As a solution, some researchers investigated the impact of the dimensionality and the control parameters on the period of the system. The investigation showed that the period does not significantly increase with the increase in dimension [16], where the conventional 2D Arnold’s cat map was altered to a 3D map by introducing six control parameters. The obtained map allows for improvement, but the period distribution and its impact on the system dynamics are not evaluated. Due to the finite computer precision, chaotic sequences are transformed into periodic ones. Further, the output of the 3D map was perturbed to mitigate such degradation of chaotic sequences without investigating the impact of the perturbation on randomness.
The present paper proposes a multiplierless 2048-bit key secure cipher based on the quantized piece-wise linear cat map (PWLCM) obtained by perturbing the conventional QACM [11]. We aim to directly generate randomly distributed integers with the desired precision using the PWLCM. The proposed algorithm combines chaos, modular arithmetic, and lattice-based cryptography [3, 8, 35]. The latter allows to easily extend the external key length without duplication. Such a property is required as lattice-based ciphers are assumed to resist future attacks in the era of post-quantum computing [3, 17, 28, 35]. For the algorithm to be implemented even with low-end processors, we consider only 4-bit precision random numbers generated from a 4D PWLCM for performing the confusion and diffusion operations. We investigate the period of the generated random integers and their randomness to prove the high-security level of our cipher. In the proposed scheme, pixel positions and values are modified in a single operation within blocks of size 16 × 16 pixels with a 2D PWLCM before confusing the whole image. It helps to enhance the speed performance. During the confusion-diffusion operation, each 16 × 16 sub-image is modified using a different subkey corresponding to a combination of κ-length vectors (κ-dimensional lattice), \(\kappa \in \mathbb {N}_{\geq 1}\) [28].
The key contributions of the current work are as follows:
-
1.
A novel integer arithmetic multiplierless 2048-bit key image cipher combining chaos, modular arithmetic and lattice-based cryptography is proposed that uses a combination of 4-bit and 8-bit modular addition and subtraction operations only;
-
2.
An extensible key management technique combining modular arithmetic and lattices is presented;
-
3.
A 4-bit 2D and 4D PWLCM is proposed to generate large period pseudorandom sequences;
-
4.
A performance analysis for different attacks is presented.
The rest of the paper is organized as follows: Section 2 presents a brief recalling of ACM and the definition of the PWLCM; Section 3 presents the proposed cipher; Section 4 presents the security analysis of the proposed encryption scheme, and conclusions are given in Section 5.
2 The 4D piece-wise linear cat map (PWLCM)
2.1 Brief recall on 2D PWLCM
Arnold’s cat map is basically a 2D chaotic map of repeated folding and stretching in a limited area. It has been popularly used in multimedia chaotic encryption [5]. The 2D ACM is modeled as [23]:
which can be rewritten using matrix representation as
where
\((\alpha ,\beta )\in \mathbb {N}_{\geq 1}^{2}\), and x = (x,y)T; (⋅)T is the transpose of (⋅). The above map is a discrete time system and is continuous in the phase space for (x,y) ∈ [0,1)2 and m = 1. The QACM is obtained for (x,y) ∈ [0,m)2 with \(m\in \mathbb {N}_{>1}\). The QACM is periodic and its period depends on m and the parity of both α and β. It is shown that for α = β = 1 and m = 2n, the period πn behaves like [4, 10]
with π1 = π2 = 3 for the minimal period.
The period of the QACM can be computed using (3) and it is too short. As an example, for an 8-bit encoded phase space values, the period is π8 = 192. In order to increase the period of QACM, we proposed the PWLCM by introducing a nonlinear perturbation term to the conventional QACM, as shown below [9]:
where the perturbation xc(t) is defined as
with \((i,j)\in \mathbb {N}\). In (4), ci and dj are two natural numbers such that 0 ≤ ci < m + ai and 0 ≤ dj < m + bj, 0 ≤ ai,bj < m if (ci,dj) = (0,0); 0 ≤ ai < ci if ci≠ 0 and, 0 ≤ bj < dj if dj≠ 0. The parameters ai, bj, ci and dj are defined as perturbation parameters that can also be used as control parameters, while a = (ai), b = (bj), c = (ci) and d = (dj) are control vectors. We showed in [9] that the system in (5) can be put in the form
where
with \(\alpha ^{\prime }=M+\alpha \), \(\beta ^{\prime }=N+\beta \) and C(t) = (C1(t),C2(t))T such that
where \(\varepsilon _{i}=\left \lfloor \frac {a_{i}+y(t)}{c_{i}}\right \rfloor \) and \(\varepsilon _{j}=\left \lfloor \frac {b_{j}+x(t+1)}{d_{j}}\right \rfloor \). u(t) is the Heaviside function defined as
We verified that the PWLCM is a conservative system that exhibit large periods [9]. In order to use it both for image scrambling and diffusion, we suggest its 4D modelling.
2.2 The proposed 4D PWLCM
The above 2D PWLCM can be easily extended to a 4D PWLCM by coupling two 2D PWLCM x = (x,y)T and z = (q,r)T such that:
where \((\alpha , \beta , \gamma , \zeta )\in \mathbb {N}^{4}\). F1(y,t), F2(y,t), F3(y,t) and F4(y,t) are the coupling nonlinear terms, defined as
The 4D PWLCM defined in (10) is invertible and the corresponding inverse system is
2.3 Stability analysis
In order to investigate the stability of the 4D PWLCM, we evaluated its Jacobian matrix. By using the same expansion as in (5)–(9), the system can be rewritten as in (6) with
and C(t) = (C1(t),C2(t),C3(t),C4(t))T such that
From the above equations, we deduce the Jacobian matrix as
where
and \(\alpha ^{\prime } = \alpha + M\), \(\beta ^{\prime } = \beta + N\), \(\gamma ^{\prime } = \gamma +P\), \(\zeta ^{\prime } = \zeta +W\). The 4D PWLCM thus defined is conservative as \(\det (J)=1\), which implies that the sum of the four corresponding Lyapunov exponents is equal to 0. While computing the eigenvalues of J, we found Λ1 = Λ2 = 1, the other eigenvalues are
and
The Lyapunov exponents corresponding to Λ1,2 are equal to zero. The sum of the Lyapunov exponents being zero implies that Λ3 > 1 (corresponding to a positive Lyapunov exponent) and 0 < Λ4 < 1 (corresponding to a positive Lyapunov exponent). The steady state of the system depends on the perturbing parameter and remains difficult to formally determine. Figure 1 presents the behavior of the largest Lyapunov exponent for arbitrary parameter setting and various initial conditions (x0,y0,q0,r0). We fixed q0 = r0 = 1 and set z0 = 2nx0 + y0, where 0 ≤ x,y ≤ 2n − 1, \(a_{r}={\sum }_{i=1}^{^{N}}2^{n(i-1)}a_{N}\), and n = 4 is the number of bits or precision. Figure 1(a) shows the Lyapunov exponent as a function of initial conditions z0, where control vectors are set as a = e = (1,1,0,0), b = f = (0,2,0,0), c = g = (0,3,1,1), d = h = (3,5,1,1). Figure 1(b) depicts the Lyapunov exponent in terms of the control vector a represented as parameter ar, with N = 3 where x0 = y0 = 2, b = (0,2,1), c = (15,15,15), d = (3,5,1), e = (1,1,0), f = (0,2,0), g = (0,3,1), and h = (3,5,1). These plots show that the largest Lyapunov exponent remains positive for the chosen initial conditions and control parameters.
2.4 Period and randomness evaluation of the PWLCM
Similar to the QACM, the proposed 4D PWLCM is chaotic while used in a continuous phase space (m = 1). As we are interested in using it in a finite state phase space (m = 4 and m = 8), it is no longer chaotic but preserves the mixing properties of the corresponding chaotic systems. For it to be efficient for security applications, its period should be very large. In this subsection, we estimate the period πn of the proposed 4D PWLCM for different values of the precision n and some arbitrary values of the perturbation parameters. The periods of PWLCM are compared with the QACM and tabulated in Tables 1 and 2. From the Table 1, we can observe that for any value of n, the period of the proposed PWLCM is significantly higher than that of the corresponding QACM.
Table 2 shows the comparison of the 4D PWLCM and 4D QACM. It confirms that the periods of the proposed map are significantly higher than those of the QACM for any arbitrary parameter values, α = β = γ = ζ = 1, M = N = 1:
In order to testify the mixing property of the 4D PWLCM, we propose to shuffle a 213 × 213 periodic image obtained by repeating sequences of 8-bit encoded unsigned integers. The image was shuffled with x and y coordinates of the 4D PWLCM. We set as initial conditions, q0 = 1, r0 = 2; \(x_{0},y_{0}\in \left [ 0,2^{13}-1\right ]^{2}\) and controls parameters a1 = 1,b1 = 2,e1 = 0,f1 = 1,c1 = 3,d1 = 3,g1 = 3 and h1 = 3; the corresponding period is 148740480. The NIST800-22 statistical test was performed after 30 iterations of image scrambling with the PWLCM and the QACM. The data set was divided into 100 sets of 1000000 bits and the results obtained are summarized in Table 3. The comparison of the two results confirms that the 4D PWLCM is suitable for the image scrambling as it passes all the tests.
3 Proposed encryption algorithm
The proposed encryption algorithm has two stages, namely diffusion-confusion and confusion only. In the pixel diffusion-confusion stage, the pixel value of each sub-block is diffused and confused using the 4D PWLCM, whereas in the subsequent block confusion stage, each diffusion-confusion sub-block is split into sub-images that are confused using the 2D PWLCM.
The proposed scheme generates the initial values and the control parameter values of 4D PWLCM from the external key, whereas the control parameters of the 2D PWLCM is derived from the external key along with the diffusion-confusion image. Thus, it is image-dependent. The detailed procedure for generating these parameters is described in Section 3.1.
The algorithmic steps of the proposed cipher are mentioned below:
The block diagram of the proposed image cipher is shown in Fig. 2. The minimum number of rounds for the algorithm to be secure is R = 2. Indeed, once the image-dependent step is applied in the first round, we need to go for a second round for the image-dependent shuffling to take effect in the diffusion process, thus increasing the algorithm’s sensitivity to the plain-image.
3.1 External key management
The external key is defined by using NK ASCII characters, {Ck},0 ≤ k ≤ NK − 1, to derive κ-length (\(\kappa =2\lfloor \frac {N_{K}}{8}\rfloor \)) control vectors a, b, c, d, e, f, g, h whose coordinates are 4-bit encoded unsigned integers. As ASCII characters are 8-bit encoded, each character is divided into two blocks of 4 bits that are used as coordinates of each control vector. Therefore, \(\theta =\frac {\kappa }{2}\) ASCII characters are required to determine the coordinates of each control vector. In the case of 256-bit key for example, 𝜃 = 4 and characters C0 to C3 are used to determine coordinates of the control vector a, C4 to C7 are used for b, C8 to C11 for c, C12 to C15 for d, C16 to C19 for e, C20 to C23 for f, C24 to C27 for g and C28 to C31 are used for h. In the case of a 2048-bit key, 𝜃 = 64 ASCII characters are required to determine each control vector. Therefore, a for example is defined as:
where 1 ≤ ξ ≤ 𝜃. The other vectors b, e and f are defined using the same principle, from the corresponding ASCII symbols. Similarly, c is defined as:
where 1 ≤ ξ ≤ 𝜃. The coordinates of the other control vectors d, g and h can be defined using the same approach. Thus, control vectors can be considered as belonging to an κ-D lattice.
3.2 Pixel decomposition
In step 5, individual pixel, i of sub-image Sj, \(j\in \mathbb {N}\) are decomposed into two 4-bit encoded integers qi and ri. For an 8-bit encoded pixel Pi, qi and ri are obtained as
and
3.3 Pixel confusion-diffusion process
In step 6, the confusion and diffusion operations are combined in a single operation (confusion-diffusion). Indeed, the coordinates xi and yi, as well as the intensity coordinates qi and ri of the pixel Pi are used as initial conditions of the 4D PWLCM to output new coordinates \(x_{i^{\prime }}\), \(y_{i^{\prime }}\), \(q_{i^{\prime }}\) and \(r_{i^{\prime }}\) using (20). As Sj is a vector, there is a relationship between xi,yi and i such that
and
For each sub-image Sj, only a single coordinate a(k), b(k), c(k), d(k), e(k), f(k), g(k), and h(k), k > 0, is used as control parameter to 4D PWLCM as given below:
where k = 1 + j mod κ. The new position of the diffused pixel \(i^{\prime }\) is obtained after three iterations of the PWLCM as
The corresponding intensity value is obtained as
3.4 Image-dependent confusion
In order to enhance the security level of the cipher and prevent chosen-plaintext attacks, an additional image-dependent confusion step is performed using the 2D PWLCM, described as
where a1, b1, c1 and d1 are 16-length control vectors whose coordinates are 4-bit encoded values derived from the image of step 8 and the external key as:
where
Ic is the intermediate ciphered image obtained in step 8. m1 and m2 are defined such that
with \((T_{1},T_{2})\in \mathbb {N}_{\geq 1}^2\). T1 × T2 is the size of sub-images to be shuffled, m1 × m2 is the number of sub-images and NL × NC is the size of the image.
4 Results and security analysis
The performance of the proposed encryption algorithm is analyzed by encrypting standard images like “Lena”, “Baboon”, “Airplane”, “Peppers”, of size 512 × 512 and 256 gray levels. Figure 3 respectively represents the plain-text “Lena” image, its encrypted image, and the decrypted image with the same key. All simulations are performed using MATLAB 2018b on a CPU with an Intel(R) Core (TM) i5-8250u CPU @ 1.60 GHz and 8 GB RAM with the Windows 10 operating system. In the current simulation, a 256-bit external encryption key is set as K1 = azertyuiopqsdfgjazertyuiopqsdfg0. We also set α = β = γ = ζ = 1 to make the algorithm multiplierless.
4.1 Evaluation metrics
This subsection presents the definition of evaluation metrics used to measure the proposed cipher’s strength.
4.1.1 Entropy measure
The Shannon entropy of the ciphered image is the primary indicator to confirm that the cipher is secure against permutation of pixels. It measures the disorder or randomness of pixels. For an 8-bit encoded image, it is determined as
where 0 ≤ vi ≤ 255 are pixel values and p(vi) the probability of vi. It is to be noted that for an 8-bit encoded image, the maximum value of the entropy is H = 8.
4.1.2 Correlation coefficient
The correlation coefficient is used to measure the similarity between two images A and B, and is defined as
where E(⋅) is the expectation value; A and B are images between which the correlation coefficient needs to be evaluated. \({\overline {A}}\) and \({\overline {B}}\) represent the mean value of images A and B respectively. Similarly, σA and σB represent the standard deviation of image A and B respectively. In general, for any plain-text image there exists high correlation between adjacent pixels, whereas in the ciphered image it should be close to 0.
4.1.3 NPCR and UACI measures
The number of changing pixel rate (NPCR) and unified averaged changed intensity (UACI) of an image are the commonly used parameters to measure the change in encrypted pixels by modifying the value of a single-pixel in the original image. These metrics are commonly used to evaluate the strength of ciphers for differential attacks. For a 256-gray level image, the NPCR and UACI between two images are defined as
where
and
where \({\mathscr{F}}=255\) is the largest supported value of 256 gray level images. A high NPCR (NPCR > 99.5810) and UACI (33.3445 ≤ UACI ≤ 33.5826) [21] imply a high resistance of the cipher to differential attacks.
4.2 Key-space analysis
The key-space analysis is performed by evaluating the key-space and key sensitivity.
4.2.1 Key-space
Key-space is an ensemble of all possible combinations of keys that are used for encryption. A 256-bit key is known to be sufficiently large to prevent brute force attacks. One of the proposed cipher’s main advantages is its key-space’s extensibility. To simulate a post-quantum computing attack, we extended the key to 2048 bits. Indeed, most chaos-based ciphers exhibit a large key-space with keys that cannot easily be proven to be different. However, the sensitivity of the key is verified by changing its least significant bit (LSB). However, by our approach, the key-space can be extended as desired without sacrificing the independence of the keys. This approach consists of affecting to each sub-image j a sub-key (a(k), b(k), c(k), d(k), e(k), f(k), g(k), h(k)) corresponding to a map QACMk, with k = 1 + j mod κ. Each sub-image j is encrypted with a different map QACMk, such that any permutation in the set {QACMk}1≤k≤κ affects the behaviour of the cryptogram, thus giving the possibility to extend the key-space.
4.2.2 Sensitivity of the key
Key sensitivity measures the sensitivity of the encryption algorithm to a small change in the key value. A high sensitivity of the key is required to prevent adaptive chosen-plaintext attacks and linear cryptanalysis. To evaluate the sensitivity of our cipher to the external key, we have encrypted the same image with two slightly different keys K1 as mentioned above and K2 = azertyuiopqsdfghazertyuiopqsdfg1. The key K2 has only one-bit change from key K1. The plain-text image is encrypted with keys K1 and K2; UACI, NPCR, and correlation coefficients between the two encrypted images are tabulated in Table 4. The NPCR and UACI values are more than the reference values, and correlation coefficients close to zero suggest that the algorithm is highly sensitive to the key. In addition, the entropy of the image encrypted with key K1 and decrypted with key K2 is computed and tabulated in the same table. The entropy close to eight demonstrates that the decryption is unsuccessful; hence, the proposed algorithm is extremely sensitive to the key. We repeated the same experiment with a 2048-bit key. We set the 2048-bit as \(K^{\prime }1=K1K1K1K1K1K1K1K1\) and a one-bit different key \(K^{\prime }2\) as \(K^{\prime }2=K1K1K1K1K1K1K1K2\). The sensitivity of the key was evaluated under the same conditions as for the 256-bit key and the results are tabulated in Table 4. It demonstrates that the sensitivity of the key analysis is the same as in the case of the 256-bit key. Therefore, we can conclude that the proposed cipher presents an extensible key space than can be adapted depending on the desired security level.
In Fig. 4, an example of ciphering/deciphering realized with two (R = 2) rounds is presented. The plain-image is encrypted with \(K^{\prime }1\). After that, the ciphered image is successfully decrypted with \(K^{\prime }1\). However, the decryption fails with \(K^{\prime }2\), which attests to the high sensitivity of the cipher to the encryption key.
Security of the proposed cipher, although we set T1 = T2 = 2. Figure 5 shows the behavior of the entropy values of the RED component of the image of Lena encrypted with K1 and those of the corresponding attempt for decryption using K2. The entropy is evaluated by varying T1 and T2 and plotted in terms of \(\mu _{1}=\log _{2}(T_{1})\) and \(\mu _{2}=\log _{2}(T_{2})\) in Fig. 5.
From this figure, we observed that the sensitivity of the key depends on the choice of (T1,T2). We verified that the system is secure to one-bit change in the external key as (μ1,μ2) < (4,4). The upper limit μm = 4 of μ1 and μ2 corresponds to the binary logarithm of the block length of the confusion-diffusion step. We observe that the entropy decreases with an increase in T1 or T2, leading to a decrease in the key sensitivity. Further, in some cases, entropy values are close to those of the plain-image entropy (HR = 7.2531). It attests to the vulnerability of the proposed scheme for these values of μ1 and μ2. In the proposed method, such a sensitivity decrease is compensated by increasing the number of rounds of the algorithm.
4.3 Statistical analysis
The histogram, the correlation of adjacent pixels (ρh: correlation coefficient between horizontal adjacent pixels; ρv: correlation coefficient between vertical adjacent pixels; ρd: correlation coefficient between diagonal adjacent pixels) and the information entropy of the ciphered image are evaluated for several 256 gray-scale images. Figure 6 shows the results obtained for the color image of Lena (Fig. 4(a)) by varying number of rounds R between 1 and 10. Figure 6 suggests that the entropy is independent of the number of rounds R for R > 1, thereby attests that the minimum number of rounds required for the cipher to be secure is R = 2. Similarly, it also shows a satisfactory analysis result for the correlation of horizontally (ρh), vertically (ρv), and diagonally (ρd) adjacent pixels. Indeed, it can be concluded that the correlation coefficients of the three image components, i.e., RED, GREEN, and BLUE, are close to zero, independently of the number of rounds R. Thus, the proposed cipher satisfies the zero-correlation property necessary to resist statistical attacks.
Figure 7 shows the histograms of two round ciphered images of Lena for the RED, GREEN, and BLUE components. It appears that the histogram of each encrypted component is fairly uniform and significantly different from that of the corresponding plain-image component. It demonstrates that deducing the secret key from the ciphertext during the known/chosen plaintext attacks is hard.
4.4 Differential attack
For the cipher to resist differential attacks, it must be sensitive to a small change (single-pixel change) in the plain-image. We evaluated the robustness of our cipher against the differential attacks by comparing the NPCR and UACI values of a two-round ciphered image of Lena to their reference values. We diagonally varied the position (x,y) of changed pixels as (k,k), with 1 ≤ k ≤ 512 by the step size of 2, and computed the corresponding NPCR and UACI for the RED, GREEN and BLUE components of the color image of Lena, and plotted in Fig. 8.
A cipher is secure as NPCR > 99.5810 and 33.3445 ≤ UACI ≤ 33.5826 (ν = 0.01 significance level) for gray images of size 512 × 512 [21]. The result in Fig. 8 shows that our cipher is sensitive to one-pixel change for R > 1. From this figure, it appears that the proposed cipher can resist differential attacks as the NPCR and UACI remain in the good range independently of the coordinate of the pixel change. We also observed that the values of the NPCR and UACI depend on the input image. Indeed, for two different components, the NPCR values obtained from the same pixel change coordinate are different; the same observation is made for the UACI. Table 5 shows comparative values of the proposed cipher’s NPCR and UACI and other recent cipher (R = 3). This comparison also confirms the effectiveness of our algorithm.
4.5 Speed performance analysis
The execution speed of the proposed cipher is evaluated using Matlab 18b in the CPU as specified above. Table 6 compares the execution speed of the proposed algorithm with other chaos-based ciphers. We used the gray-scale images of cameraman (256 × 256) and Lena (512 × 512) for this experiment. The average execution time, for R = 2, is about 0.4478s for the 512 × 512 gray-scale images. Although this speed is comparable to that of Refs. [1] and [42], it remains low as compared to the one obtained in [13]. Such a low execution speed is justified by the multiple data conversion involved in the algorithm, which is not necessary for hardware implementation. For example, the decomposition of the pixel gray-level into two 4-bit encoded integers q(t) and r(t) implies a division and a modulo operation. In the hardware implementation, these operations correspond to the four most significant bits (MSB) as the quotient q(t) and the four least significant bits (LSB) as the remainder r(t), thereby is time-saving. Similarly, the inverse of this decomposition is time costly in Matlab and corresponds to the concatenation of the two 4-bit outputs q(t + 1) and r(t + 1) in the hardware implementation. Thus, the proposed algorithm is more suitable for low-cost hardware implementation than software implementation. The overall comparison shows that the cipher in Ref. [13] is running faster in the Matlab environment than in ours; however, it requires floating-point arithmetic that is hardware costly than the 4-bit integer arithmetic used in the proposed scheme. Our algorithm offers the advantage of combining only 4-bit and 8-bit integer arithmetic operations, precisely addition and subtraction. These basic operations make simpler its hardware implementation even with low-end microprocessors without losing its security properties. Moreover, the algorithm can easily be parallelized according to its architecture shown in Fig. 2.
5 Conclusion
This paper proposed an extendable integer image cipher based on the combined 4-bit and 8-bit PWLCM. The cipher does not require any multiplication operation. The PWLCM is obtained by perturbing the convectional QACM and presents an extended period. The key space extensibility is achieved using different lattice length (κ) of the PWLCM control vectors. The extended key space helps to avoid key duplication. We evaluated the sensitivity of the key under 256-bit and 2048-bit key conditions and verified the high sensitivity of the key for both cases. Such flexibility for the extensibility of the key-space makes the proposed cipher a good candidate to resist brute-force attacks even under the post-quantum computing situation. The main advantages of the proposed cipher are the low number of bits involved in its hardware implementation and the extensibility of its key-space. Moreover, only unsigned integer addition and subtraction operations are used, contrary to other chaos-based ciphers that involve floating-point arithmetics, including time-consuming operations like multiplications and divisions. The statistical, differential, and key-space analysis demonstrate the robustness of the proposed cipher against known attacks. We further expect to reduce the block size while maintaining a high-security level of the cipher, simplifying its implementation with low-end processors under the limited memory space constraints.
Data Availability
Data sharing not applicable to this article as no datasheets were generated or analyzed during the current study.
References
Ahmed A, El-Latif A, Li L, Niu X (2014) A new image encryption scheme based on cyclic elliptic curve and chaotic system. Multimed Tools Appl 70:1559–1584
Atawneh S, Almomani A, Bazar H, Sumari P, Gupta BB (2017) Secure and imperceptible digital image steganographic algorithm based on diamond encoding in DWT domain. Multimed Tools Appl 76:18,451–18,472
Bajard JC, Eynard J, Merkiche N (2018) Montgomery reduction within the context of residue number system arithmetic. J Cryptogr Eng 8:189–200
Chen F, Wong KW, Liao X, Xiang T (2012) Period distribution of generalized discrete Arnold cat map for n = pe. IEEE Trans Inf Theory 58:445–452
Chui CK, Chen G, Mao Y (2004) A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos, Solitons Fractals 21:749–761
Crutchfield JP (1998) Spatio-temporal complexity in non linear image processing. IEEE Trans Circ Syst 35:770–780
Cui M, Tong X (2008) Image encryption with compound chaotic sequence cipher shifting dynamically. Image Vis Comput 26:843–850
Didier LS, Dosso FY, Véron P (2020) Efficient modular operations using the adapted modular number system. J Cryptogr Eng 10:111–133
Djeugoue H, Gnyamsi GG, Eyebe Fouda JSA, Koepf W (2022) On the implementation of large period piece-wise linear Arnold cat map. Multimed Tools Appl. https://doi.org/10.1007/s11042-022-13175-6
Dyson FF, Falk H (1992) Period of a discrete cat mapping. Am Math Mon 99:603–614
Elshamy AM, Hussein AI, Hamed HFA, Abdelghany MA, Kelash HM (2019) Color image encryption technique based on chaos. Procedia Comput Sci 163:49–53
Eyebe Fouda JSA, Koepf W (2022) An 8-bit precision cipher for fast image encryption. Multimed Tools Appl. https://doi.org/10.1007/s11042-022-12368-3
Eyebe Fouda JSA, Effa JY, Ali M (2014) A fast chaotic block cipher for image encryption. Commun Nonlinear Sci Numer Simulat 19:578–588
Eyebe Fouda JSA, Effa JY, Ali M (2014) Highly secured chaotic block cipher for fast image encryption. Appl Soft Comput 25:435–444
Fridrich J (1998) Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurcat Chaos 8:1259–1284
Gu G, Linga J (2014) A fast image encryption method by using chaotic 3d cat maps. Optik 125:4700–4705
Herbert V, Biswas B, Fontaine C (2019) Design and implementation of low-depth pairing-based homomorphic encryption scheme. J Cryptogr Eng 9:185–201
Hua Z, Zhou Y, Huang H (2019) Cosine-transform-based chaotic system for image encryption. Inf Sci 480:403–419
Ilan Y (2019) Generating randomness: making the most out of disordering a false order into a real one. J Transl Med 17(49):1479–5876
Kaixin J, Ye G, Dong Y, Huang X, He J (2020) Image Encryption Scheme based on Generalized Arnold Map and RSA Algorithm. Secur Commun Netw 2020:9721,675
Kang S, Liang Y, Wang Y, VI M (2019) Color image encryption method based on 2D-variational mode decomposition. Multimed Tools Appl 78:17,719–17,738
Kaur G, Agarwal R, Patidar V (2020) Chaos based multiple order optical transform for 2d image encryption. Eng Sci Technol Int J 23:998–1014
Keating JP, Mezzadri F (2000) Pseudo-symmetries of Anosov map and spectral statistics. Nonlinearity 13:747–775
Kopparthi VR, Kali A, Sabat SL, Anumandla KK, Rangababu P, Eyebe Fouda JSA (2022) Hardware architecture of a digital piecewise linear chaotic map with perturbation for pseudorandom number generation. Int J Electron Commun (AEÜ) 147:154,138
Li D, Deng L, Gupta BB, Wang H, Choi C (2019) A novel cnn based security guaranteed image watermarking generation scenario for smart city applications. Inf Sci 479:432–447
Lian S, Sun J, Wang Z (2005) A block cipher based on a suitable use of the chaotic standard map. Chaos, Solitons Fractals 26:117–129
Liao X, Xiang T, Wong KW (2007) Selective image encryption using a spatio temporal chaotic system. Chaos 17:0231,151–0231,512
Malina L, Popelova L, Dzurenda P, Hajny J, Martinasek Z (2018) On feasibility of post-quantum cryptography on small devices. IFAC PapersOnLine 51-6:462–467
Mondal B, Behera PK, Gangopadhyay S (2021) A secure image encryption scheme based on a novel 2D sine–cosine cross-chaotic (SC3) map. J Real-Time Image Proc 18:1–18
Panwar K, Purwar R, Jain A (2018) Cryptanalysis and improvement of an image encryption scheme using combination of one-dimensional chaotic maps. J Electron Imaging 27:053,037
Pareek NK, Patidar V, Sud KK (2006) Image encryption using chaotic logistic map. Image Vis Comput 24:926–934
Patro KAK, Acharya B (2019) An efficient colour image encryption scheme based on 1-D chaotic maps. J Inf Secur Appl 46:23–41
Ping P, Fan J, Mao Y, Xu F, Gao J (2018) A chaos based image encryption sheme using digit-level permutation and block diffusion. IEEE Access 6:67,581–67,593
Ping P, Xu F, Mao Y, Wang Z (2018) Designing permutation-substitution image encryption networks with Henon map. Neurocomputing 283:53–63
Schoinianakis D (2020) Residue arithmetic systems in cryptography: a survey on modern security applications. J Cryptogr Eng 10:249–267
Wang M, Wang X, Zhang Y, Zhou S, Zhao T, Yao N (2019) A novel chaotic system and its application in a color image cryptosystem. Opt Lasers Eng 121:479–494
Wikramaratna RS (2008) The additive congruential random number generator—a special case of a multiple recursive generator. J Comput Appl Math 216:371–387
Wu Y (2012) Image encryption using the two-dimensional logistic chaotic map. J Electron Imag 21:013,014
Ye G, Huang X (2016) A secure image encryption algorithm based on chaoticmaps and SHA-3. Secur Comm Netw 9:2015–2023
Zhang Y, He Y, Li P, Wang X (2020) A new color image encryption scheme based on 2DNLCML system and genetic operations. Opt Lasers Eng 128:106,040
Zhao Y, Gao C, Liu J, Dong S (2019) A self-perturbed pseudo-random sequence generator based on hyperchaos. Chaos, Soliton Fractals: X 4:100,023
Zhu ZL, Zhang W, Wong KW, Yu H (2011) A chaos-based symmetric image encryption scheme using a bit-level permutation. Inf Sci 181:1171–1186
Zhua H, Zhao C, Zhanga X, Yanga L (2014) An image encryption scheme using generalized Arnold map and affine cipher. Optik 125:6672–6677
Acknowledgements
This work was partially supported by the Erasmus+ program under Ref KA107 Call 2019.
We thank the reviewers for their valuable comments.
Funding
Open Access funding enabled and organized by Projekt DEAL.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interests
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
About this article
Cite this article
Gnyamsi Nkuigwa, G.G., Djeugoue Nzeuga, H., Fouda, J.S.A.E. et al. An extendable key space integer image-cipher using 4-bit piece-wise linear cat map. Multimed Tools Appl 82, 14609–14631 (2023). https://doi.org/10.1007/s11042-022-13779-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-022-13779-y