Abstract
In the recent literature, many research studies have proven that Known and Chosen plaintext attacks are very efficient tools that are widely used to cryptanalyze partially or completely some chaos-based and non-chaos cryptosystems. In this paper, we addressed some weaknesses in the first Zhang et al., cryptosystem “An image encryption scheme using reverse 2-dimensional chaotic map and dependent diffusion”. First, we analyzed the encryption process of Zhang et al., and we found that the non-linear diffusion process can be removed because its argument is present in the ciphered image. Then, based on this observation we derived a partial cryptanalysis equation that removes the effect of the diffusion function and accordingly permits to recover the permuted version of the ciphered image. As a result of the previous operation, the brute-force attack became more suitable. In addition, we mounted a chosen plaintext attack based on a proposed chosen plain image. Consequently, the encryption key space is reduced or recovered for one round, also, the average values of NPCR and UCAI randomness parameters become small compared to the optimal values, and moreover, they are very low for specific pixel position attacks.
Similar content being viewed by others
References
Alsmirat MA, Al-Alem F, Al-Ayyoub M, Jararweh Y, Gupta B (2018) Impact of digital fingerprint image quality on the fingerprint recognition accuracy. Multimedia Tools Appl 1–40.https://doi.org/10.1007/s11042-017-5537-5
Alvarez G, Li S (2006) Some basic cryptographic requirements for chaos-based cryptosystems. Int J Bifurcation Chaos 16(08):2129–2151
Anderson R (2001) Security engineering: a guide to building dependable distributed systems 2001
Biham E, Shamir A (1991) Differential cryptanalysis of DES-like cryptosystems. J Cryptol 4(1):3–72
Chen G, Mao Y, Chui CK (2004) A symmetric image encryption scheme based on 3d chaotic cat maps. Chaos, Solitons & Fractals 21(3):749–761
Chen X, Huang X, Li J, Ma J, Lou W, Wong DS (2015) New algorithms for secure outsourcing of large-scale systems of linear equations. IEEE Trans Inf Forensics Secur 10(1):69–78
Cokal C, Solak E (2009) Cryptanalysis of a chaos-based image encryption algorithm. Phys Lett A 373(15):1357–1360
Eisenbarth T, Kumar S, Paar C, Poschmann A, Uhsadel L (2007) A survey of lightweight-cryptography implementations. IEEE Des Test Comput 24(6):522–533
El-Wahed MA, Mesbah S, Shoukry A (2008) Efficiency and security of some image encryption algorithms. In: Proceedings of the world congress on engineering, vol 1, London, pp 2–4
Ge X, Liu F, Lu B, Wang W (2011) Cryptanalysis of a spatiotemporal chaotic image/video cryptosystem and its improved version. Phys Lett A 375(5):908–913
Haleem M, Mathur C, Chandramouli R, Subbalakshmi K (2007) Opportunistic encryption: a trade-off between security and throughput in wireless networks. IEEE Trans Dependable Secure Comput 4(4):313–324
Healy SJ, Quiles S, Von Arx JA (2007) Cryptographic authentication for telemetry with an implantable medical device. US Patent 7,228,182
Huang Z, Liu S, Mao X, Chen K, Li J (2017) Insight of the protection for data security under selective opening attacks. Inf Sci 412:223–241
Kadir R, Shahril R, Maarof MA (2010) A modified image encryption scheme based on 2d chaotic map. In: 2010 international conference on computer and communication engineering (ICCCE). IEEE, pp 1–5
Kahn D (1996) The codebreakers: the comprehensive history of secret communication from ancient times to the internet. Simon and Schuster, New York
Karim L, Anpalagan A, Nasser N, Almhana J, Woungang I (2014) Fault tolerant, energy efficient and secure clustering scheme for mobile machine-to-machine communications. Transactions on Emerging Telecommunications Technologies 25(10):1028–1044
Katz J, Lindell Y (2008) Introduction to modern cryptography. CRC Press, Boca Raton
Kavitha T, Sridharan D (2010) Security vulnerabilities in wireless sensor networks: a survey. Journal of Information Assurance and Security 5(1):31–44
Li S, Li C, Chen G, Zhang D, Bourbakis NG (2004) A general cryptanalysis of permutation-only multimedia encryption algorithms. IACR’s Cryptology ePrint Archive: Report 374:2004
Li C, Liu Y, Zhang LY, Chen MZ (2013) Breaking a chaotic image encryption algorithm based on modulo addition and xor operation. Int J Bifurcation Chaos 23 (04):1–12
Li C, Liu Y, Zhang LY, Wong KW (2014) Cryptanalyzing a class of image encryption schemes based on chinese remainder theorem. Signal Process Image Commun 29(8):914–920
Li J, Huang X, Li J, Chen X, Xiang Y (2014) Securely outsourcing attribute-based encryption with checkability. IEEE Trans Parallel Distrib Syst 25(8):2201–2210
Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based encryption with outsourced revocation in cloud computing. IEEE Trans Comput 64(2):425–437
Li J, Yu C, Gupta B, Ren X (2018) Color image watermarking scheme based on quaternion hadamard transform and schur decomposition. Multimedia Tools and Applications 77(4):4545–4561
Lian S, Sun J, Wang Z (2005) Security analysis of a chaos-based image encryption algorithm. Physica A: Statistical Mechanics and its Applications 351(2):645–661
Liu H, Liu Y (2014) Security assessment on block-cat-map based permutation applied to image encryption scheme. Opt Laser Technol 56:313–316
Maleki F, Mohades A, Hashemi SM, Shiri ME (2008) An image encryption system by cellular automata with memory. In: Third international conference on availability, reliability and security, 2008. ARES 08. IEEE, pp 1266–1271
Mao Y, Chen G, Lian S (2004) A novel fast image encryption scheme based on 3D chaotic Baker maps. Int J Bifurcation Chaos 14(10):3613–3624
Nadeem A, Javed MY (2005) A performance comparison of data encryption algorithms. In: 2005 international conference on information and communication technologies. IEEE, pp 84–89
Ngo HH, Wu XP, Le PD, Wilson C (2008) A method for authentication services in wireless networks. In: AMCIS 2008 Proceedings, p 177
Norouzi B, Mirzakuchaki S, Seyedzadeh SM, Mosavi MR (2014) A simple, sensitive and secure image encryption algorithm based on hyper-chaotic system with only one round diffusion process. Multimedia Tools and Applications 71(3):1469–1497
Ozkaynak F, Ozer AB, Yavuz S (2012) Cryptanalysis of a novel image encryption scheme based on improved hyperchaotic sequences. Opt Commun 285(24):4946–4948
Patidar V, Pareek N, Sud K (2009) A new substitution–diffusion based image cipher using chaotic standard and logistic maps. Commun Nonlinear Sci Numer Simul 14(7):3056–3075
Petitcolas FA (1883) La cryptographie militaire
Rhouma R, Belghith S (2008) Cryptanalysis of a new image encryption algorithm based on hyper-chaos. Phys Lett A 372(38):5973–5978
Rhouma R, Solak E, Belghith S (2010) Cryptanalysis of a new substitution–diffusion based image cipher. Commun Nonlinear Sci Numer Simul 15 (7):1887–1892
Schneier B et al (1996) Applied cryptography: protocols, algorithms and source code in C
Shannon CE (1949) Communication theory of secrecy systems. Bell Syst Tech J 28(4):656– 715
Singh S (2000) The code book: the science of secrecy from ancient Egypt to quantum cryptography. Fourth Estate, London, p 402
Solak E, Çokal C (2011) Algebraic break of image ciphers based on discretized chaotic map lattices. Inf Sci 181(1):227–233
Solak E, Çokal C, Yildiz OT, Biyikoğlu T (2010) Cryptanalysis of Fridrich’s chaotic image encryption. Int J Bifurcation Chaos 20(05):1405–1413
Wang X, He G (2011) Cryptanalysis on a novel image encryption method based on total shuffling scheme. Opt Commun 284(24):5804–5807
Wang X, Luan D, Bao X (2014) Cryptanalysis of an image encryption algorithm using chebyshev generator. Digital Signal Process 25:244–247
Wu Y, Noonan JP, Agaian S (2011) NPCR and UACI randomness tests for image encryption. Cyber Journals: Multidisciplinary Journals in Science and Technology. Journal of Selected Areas in Telecommunications (JSAT) 1(2):31–38
Xiang T, Liao X, Tang G, Chen Y, Wong K-w (2006) A novel block cryptosystem based on iterating a chaotic map. Phys Lett A 349(1–4):109–115
Xie EY, Li C, Yu S, Lü J (2017) On the cryptanalysis of fridrich’s chaotic image encryption scheme. Signal Process 132:150–154
Yaseen Q, Aldwairi M, Jararweh Y, Al-Ayyoub M, Gupta B (2017) Collusion attacks mitigation in internet of things: a fog based model. Multimedia Tools Appl 1–20. https://doi.org/10.1007/s11042-017-5288-3
Yu C, Li J, Li X, Ren X, Gupta B (2018) Four-image encryption scheme based on quaternion fresnel transform, chaos and computer generated hologram. Multimedia Tools and Applications 77(4):4585–4608
Zhang Y, Xiao D (2013) Cryptanalysis of s-box-only chaotic image ciphers against chosen plaintext attack. Nonlinear Dyn 72(4):751–756
Zhang LY, Li C, Wong KW, Shu S, Chen G (2012) Cryptanalyzing a chaos-based image encryption algorithm using alternate structure. J Syst Softw 85(9):2077–2085
Zhang Y, Li C, Li Q, Zhang D, Shu S (2012) Breaking a chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn 69(3):1091–1096
Zhang W, Wong K-w, Yu H, Zhu Z-l (2013) An image encryption scheme using reverse 2-dimensional chaotic map and dependent diffusion. Commun Nonlinear Sci Numer Simul 18(8):2066–2080
Zhang Y, Xiao D, Wen W, Li M (2014) Breaking an image encryption algorithm based on hyper-chaotic system with only one round diffusion process. Nonlinear Dyn 76(3):1645– 1650
Zhang Y, Xiao D, Wen W, Li M (2014) Cryptanalyzing a novel image cipher based on mixed transformed logistic maps. Multimedia Tools and Applications 73(3):1885–1896
Zhang Y, Xiao D, Wen W, Nan H (2014) Cryptanalysis of image scrambling based on chaotic sequences and vigenère cipher. Nonlinear Dyn 78(1):235–240
Zhao Q, Wang Y, Wang A (2009) Eavesdropping in chaotic optical communication using the feedback length of an external-cavity laser as a key. Appl Opt 48(18):3515–3520
Acknowledgements
This work is supported by the European Celtic-Plus project 4KREPROSYS - 4K ultraHD TV wireless REmote PROduction SYStems.
Author information
Authors and Affiliations
Corresponding author
Appendix A: Numerical example on chosen plaintext attack of the first Zhang et al., cryptosystem
Appendix A: Numerical example on chosen plaintext attack of the first Zhang et al., cryptosystem
The Justification of (15) is given as: (15) is used to decrease the number of possible column positions (i.e., the range of the encryption key q1). Using the chosen plain image P matrix, the row of the arr(3, 3q1) is 3.
Firstly, assume that arr(3, 3q1) = 0, then, this value is skipped. Secondly, assume that arr(3, 3q1) = 1, then, this value can be located in one of two column positions in row number 3 [(3, 253) or (3, 508)] (see the chosen plain P matrix for more details). Thirdly, assume that arr(3, 3q1) = 2, then, this value can be located in one of two column positions in row number 3 [(3, 254) or (3, 509)]. Fourthly, assume that arr(3, 3q1) = 3, then, this value can be located in one of three column positions in row number 3 [(3, 0), (3, 255) or (3, 510)]. Fifthly, assume that arr(3, 3q1) = 4, this value can be located in one of three column positions in row number 3 [(3, 1), (3, 256) or (3, 511)]. Finally, for all arr(1, q1) > 4, these values can be located in one of two column positions in row number 3 [(3, arr(3, 3q1) − 3) or (1, arr(1, q1) + 252)]. Now, let us take the case when the arr(3, 3q1) = 4 as an example, without loss of generality, i.e., 3q1 ∈{1, 256, 511}.
Firstly, the equality equation 3q1 = 1; to solve this equation, which contains the module operation, the encryption key value q1 is calculated as:
Secondly, the equality equation 3q1 = 256, then the encryption key q1 = the integer value of \(\left (\frac {256}{3}, \frac {256 + 512}{3}, \frac {256 + 512+ 512}{3}\right ) \implies q_{1}= 256\).
Finally, the equality equation 3q1 = 511, then the encryption key q1 = the integer value of \(\left (\frac {511}{3}, \frac {511 + 512}{3}, \frac {511 + 512+ 512}{3}\right ) \implies q_{1}= 341\).
For all other values (arr(3, 3q1) > 4), there is a general scheme to calculate the range of the encryption key q1 values (i.e., a and b parameters in (15)). Now, let us take arr(3, 3q1) = 5 as another example. i.e., 3q1 ∈{2, 257}.
Firstly, the equality equation 3q1 = 2, then: the encryption key q1 = the integer value of \(\left (\frac {2}{3}, \frac {2 + 512}{3}, \frac {2 + 512+ 512}{3}\right ) \implies q_{1}= 342\).
Secondly, the equality equation 3q1 = 257.
The encryption key q1 = the integer value of \(\left (\frac {257}{3}, \frac {257 + 512}{3}, \frac {257 + 512+ 512}{3}\right ) \implies q_{1}= 427\).
From previous developments, we can deduce the following rules for (15):
-
1.
In the case where arr(3, 3q1) ∈{1, 2}, then we have two positions given by: arr(3, 3q1) + 252 or arr(3, 3q1) + 507.
-
2.
In the case where arr(3, 3q1) ∈{3, 4}, then we have three positions given by: arr(3, 3q1) − 3, arr(3, 3q1) + 252 or arr(3, 3q1) + 507.
-
3.
In the case where arr(3, 3q1) > 4, then we have two positions given by: arr(3, 3q1) − 3 or arr(3, 3q1) + 252.
To justify (20), assume that the ciphered pixel value is one (i.e., T = 1 in (20)). From the chosen plain image P, the value 1, is located in five rows, actually in positions [0, 1, 3, 4, 511], and so: 3p1 ∈{0, 1, 3, 4}.
Firstly, the equality equation 3p1 = 0; to solve this equation, which contains the module operation, the encryption key p1 is calculated as: the encryption key p1 =the integer value of \(\left (\frac {0}{3}, \frac {0 + 512}{3}, \frac {0 + 512+ 512}{3}\right ) \implies p_{1}= 0\).
Secondly, the equality equation 3p1 = 1.
The encryption key p1 = the integer value of \(\left (\frac {1}{3}, \frac {1 + 512}{3}, \frac {1 + 512+ 512}{3}\right ) \implies p_{1}= 171\).
Thirdly, the equality equation 3p1 = 3.
The encryption key p1 =the integer value of \(\left (\frac {3}{3}, \frac {3 + 512}{3}, \frac {3 + 512+ 512}{3}\right ) \implies p_{1}= 1\). Fourthly, the equality equation 3p1 = 4, then the encryption key p1 =the integer value of \(\left (\frac {4}{3}, \frac {4 + 512}{3}, \frac {4 + 512+ 512}{3}\right ) \implies p_{1}= 172\).
Finally, the equality equation 3p1 = 511.
The encryption key p1 = the integer value of \(\left (\frac {511}{3}, \frac {511 + 512}{3}, \frac {511 + 512+ 512}{3}\right ) \implies p_{1}= 341\), p1 ∈{0, 1, 171, 172, 341}. The same analysis is used for the other values of the variable T, where for T = 2, there are only three possible rows, and for T > 2, there are four possible rows.
Example 1
Calculation of the encryption keys p1and q1.
A chosen plain image P is encrypted using 3 randomvalues of the secret key of the Logistic map, namely:[x− 1, SQ1], [x− 1, SQ2],[keyd, t− 1]. The following values are obtained from the Lena encrypted image for:[n = 1, m = 1],
For the first decrypted pixel, using (12) we obtain:
Using (14), the encryption key q1values are restricted to:
For thesecond decrypted pixel, using (12) we obtain:
Using (15), the encryption key value q1 ∈{a, b}.
To find the value of the parameter a of (15), the following conditions are met:
The last condition allows us to calculate the value of parametera:
To findthe value of the parameter b in (15), the following conditions are met:
The last condition allows us to calculate the value of parameter b:
The overlap between thefirst range {214, 469}and the second{384, 469}range gives the exact valueof the encryption key q1:q1 = 469.
To calculate the exact value of the encryption keyp1, weconsider the third decrypted pixel and (12), then:
Now by using (18), the encryption key p1valuesare restricted to:
Finally, the exact valueof the encryption key p1is obtained by using the fourth decrypted pixel and (12), as follows:
Using (19):
The overlap between thefirst range ({1, 3, 325, 326}) and the secondrange ({70, 326}) gives the exactvalue of the encryption key p1:p1 = 326.
Remark 1
The above procedure can be used to find any encryption keysp1andq1parameters.
Example 2
The original image P is encrypted using new random values ofkeydand x− 1, where x− 1 for SQ1is differed from the value for SQ2. Also, Lena image of the same size is encrypted using the same dynamic keys, The followingvalues are obtained from the encrypted image of P:
Then
The overlap of the first and the second solutions is at
To calculate the exactvalue of the dynamic key p1,for the third decrypted pixel, using (12):
For p1 = 1
So this value is rejected Forp1 = 3
also,this value is rejected
The overlap of the first and the second solutions is at
Now, the encrypted Lena image is decrypted using these dynamicvalues(q1 = 202, p1 = 503).
Rights and permissions
About this article
Cite this article
Farajallah, M., Assad, S.E. & Deforges, O. Cryptanalyzing an image encryption scheme using reverse 2-dimensional chaotic map and dependent diffusion. Multimed Tools Appl 77, 28225–28248 (2018). https://doi.org/10.1007/s11042-018-6015-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-018-6015-4