0 оценок0% нашли этот документ полезным (0 голосов)

1 просмотров9 страницauthenticated image encryption scheme based on chaotic mapsªnd memory cellular automataa

© © All Rights Reserved

0 оценок0% нашли этот документ полезным (0 голосов)

1 просмотров9 страницauthenticated image encryption scheme based on chaotic mapsªnd memory cellular automataa

Вы находитесь на странице: 1из 9

journal homepage: www.elsevier.com/locate/optlaseng

and memory cellular automata

Atieh Bakhshandeh, Ziba Eslami n,1

Department of Computer Science, Shahid Beheshti University, G.C., Tehran, Iran

a r t i c l e i n f o abstract

Article history: This paper introduces a new image encryption scheme based on chaotic maps, cellular automata and

Received 21 August 2012 permutation–diffusion architecture. In the permutation phase, a piecewise linear chaotic map is

Received in revised form utilized to confuse the plain-image and in the diffusion phase, we employ the Logistic map as well as

21 November 2012

a reversible memory cellular automata to obtain an efﬁcient and secure cryptosystem. The proposed

Accepted 3 January 2013

Available online 8 February 2013

method admits advantages such as highly secure diffusion mechanism, computational efﬁciency and

ease of implementation. A novel property of the proposed scheme is its authentication ability which

Keywords: can detect whether the image is tampered during the transmission or not. This is particularly important

Image encryption in applications where image data or part of it contains highly sensitive information. Results of various

Chaotic map

analyses manifest high security of this new method and its capability for practical image encryption.

Memory cellular automata

& 2013 Elsevier Ltd. All rights reserved.

Diffusion

Chen [12] analyze the diffusion function of the schemes of [4,13–15]

Increasing demand for the use of computer networks, such as altogether and found some problems including a serious ﬂaw of the

the Internet, has raised the signiﬁcance of digital data protection diffusion function. It is therefore required to ﬁnd a chaos-based

against illegal use. To overcome the security issue in storage and cryptosystem with secure diffusion mechanism. To name a few, [16]

transmission of conﬁdential data, cryptography has suggested can be mentioned in which Zhang et al. use the theory of DNA

many encryption algorithms. However, visual data have certain sequence operation to encrypt image information and the combined

properties (such as bulky data capacity and strong correlation chaotic maps and DNA sequence addition operation to implement

among pixels) so that the traditional encryption schemes like DES image encryption. In [17], a pseudorandom sequence S1 generated

fail to achieve efﬁciency. Fortunately, various image encryption from chaotic map is combinatorially extended to a relatively long

methods are applicable among which chaos-based approaches pseudorandom sequence S2 to provide sufﬁcient security of the

have shown superior performance [1–4]. Chaos-based image encrypted image by constructing permutation matrix with sequence

encryption methods are mainly composed of two major steps: S1. In [18], in the encryption (diffusion) phase, the pixels are

confusion and diffusion. In the confusion process, the pixels of the encrypted using an iterative cipher module based feedback and

image are permuted by some chaotic map while in the diffusion data-dependent inputs mechanism for mixing the current encryption

phase, the pixel values are altered in a way that a minute change parameters with previously encrypted information.

in one pixel of the plain-image causes the corresponding cipher- It is also important for an image ctyptosystem to be fast

image to be considerably different. enough to encrypt the huge amount of image data. In this regard,

In chaos-based techniques, designing the diffusion function a good candidate that fulﬁls the need for speed can be Cellular

can be quite challenging. This should be done in such a way that Automata (CA) invented by Von Neumann [19] in 1996. Due to

resistance to known-plaintext and chosen-plaintext attacks are easy hardware implementation and its pseudorandom behavior,

achieved [5–8]. In [8] a preprocessed signal of Chen’s chaotic system CA has been also used in image cryptography [20–22]. In this

is used as diffusion function which is later shown to suffer from paper, we introduce the concept of using a special kind of CA

serious security ﬂaws under known-plaintext and chosen-plaintext called reversible memory cellular automata together with chaotic

attacks in [9] so that all the secret parameters can be revealed. In [10] maps in the context of image encryption. The proposed image

the security of [11] is analyzed and some weaknesses are found encryption technique differs from other existing CA based meth-

ods since we employ reversible linear memory CA for changing the

pixel values. As a result, we obtain a powerful cryptosystem

n

Corresponding author. Tel.: þ98 2129903005; fax: þ 98 2122431655. which successfully conquers the aforementioned shortcomings.

E-mail addresses: atieh.bakhshandeh@gmail.com (A. Bakhshandeh),

z_eslami@sbu.ac.ir (Z. Eslami).

Furthermore, we provide authentication by means of hash func-

1

This paper was prepared while the second author was on a sabbatical leave tions in our scheme. The rest of the paper is organized as follows:

at Ryerson University, Canada. In Section 2, we provide a brief introduction to the kind of cellular

0143-8166/$ - see front matter & 2013 Elsevier Ltd. All rights reserved.

http://dx.doi.org/10.1016/j.optlaseng.2013.01.001

666 A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673

þ 1Þ þ 1Þ

automata used in this paper. Section 3 is devoted to our proposed Proposition 1. If f t ðNðTt

i Þ ¼ aðTt

i , then the LMCA given by (5)

method. In Section 4, the security analysis is provided. Finally, is reversible and its inverse is another LMCA with the following local

Section 5 concludes the paper. transition function:

þ 1Þ

X

t2

2. One-dimensional linear memory cellular automata aðT

i

¼ f tm1 ðNTm

i Þ þ aTt

i

þ1

ðmod 2Þ, 0 r ir N1: ð6Þ

m¼0

We also need the following proposition from [23] which states

discrete dynamical systems composed of a ﬁnite array of N identical

that to invert an LMCA of order t, we require exactly t conﬁgurations.

objects called cells, where each cell can hold a state s A f0,1g,

updated synchronously in discrete time steps according to a local Proposition 2. Let M denotes a tth order LMCA. Then, in order to

transition function. The updated state of each cell depends on the compute C j þ 1 for some j Z t, exactly t conﬁgurations C j ,C j1 , . . . ,C jt þ 1

inputs of this function which are the previous states of a set of cells, are needed.

including the cell itself, and some of its adjacent cells that are

altogether called the neighborhood. For the ith cell, denoted by /iS, 3. The proposed scheme

we consider the symmetric neighborhood of radius r which is

deﬁned as N i ¼ f/irS, . . . ,/iS, . . . ,/iþ rSg. Let aðTÞ

i

denotes the In this section, we propose a new image encryption scheme based

state of /iS at time T. Then, the local transition function of the on chaotic maps and one dimensional LMCA. The secret keys are the

cellular automata with radius r has the following form: initial conditions of the chaotic maps used in the scheme. The rule

aðT þ 1Þ

¼ f ðaðTÞ ðTÞ ðTÞ

0 r i rN1, numbers of the LMCA can be announced publicly or can be reckoned

i ðirÞ , . . . ,ai , . . . ,ai þ r Þ, ð1Þ

as part of the secret key. The scheme consists of four phases: (1) the

or equivalently, permutation phase in which the pixels of the plain-image are

þ 1Þ

shufﬂed using a chaotic map, (2) the encryption phase which

aðT

i ¼ f ðN ðTÞ

i Þ, 0 r ir N1, ð2Þ employs an LMCA for diffusing the pixels of the shufﬂed image, (3)

where NðTÞ ðZ2 Þ 2r þ 1

stands for the states of the neighbor cells of the decryption phase in which the plain-image is recovered from the

i

/iS at time T. Furthermore, if i jðmod NÞ, then it is assumed that cipher-image and (4) the data integrity validation phase intended to

aðTÞ ¼ aðTÞ to ensure well-deﬁned dynamics of the CA. detect any interference during the transmission.

i j

The vector C T ¼ ðaT0 , . . . ,aðTÞ

N1 Þ is called the conﬁguration of CA at

time T and C ð0Þ is the initial conﬁguration. Moreover, the sequence 3.1. The permutation phase

fC ðTÞ g0 r T r k is called the evolution of order k of the CA and the set

of all possible conﬁgurations of the CA is denoted by C. Input: The plain-image P.

The global function of the CA is a linear transformation, Output: The shufﬂed image P 0 .

F : C-C, which determines the conﬁguration at the next time step

during the evolution of the CA, that is, C ðT þ 1Þ ¼ FðC ðTÞ Þ. For a CA In the permutation process, we use a piecewise linear chaotic

with bijective F, there exists another cellular automaton, called map which is deﬁned as follows:

its inverse, with global function F1 , and the CA itself is called 8

reversible. In such CAs the evolution backward is possible [23]. < x=p

> if x A ½0,pÞ

The local transition function of a linear cellular automaton f ðxÞ ¼ ðxpÞ=ð0:5pÞ if x A ½p,0:5Þ , ð7Þ

>

: f ð1x,pÞ

(LCA) with radius r is of the following form: if x A ½0:5,1Þ

þ 1Þ

X

r where x A ½0,1 and p A ½0,0:5 are considered as secret keys. The

aðT

i

¼ aj aðTÞ

iþj

ðmod 2Þ, 0 ri rN1, ð3Þ permutation process based on this map is composed of the

j ¼ r

following steps (see Fig. 1):

where aj A Z2 for every j. Since there are 2r þ 1 neighbor cells for

/iS, there exist 22r þ 1 LCAs and each of them can be speciﬁed by Step 1 Iterate the piecewise linear map M N times to get the

an integer w called rule number which is deﬁned as follows: values fx1 , . . . ,xMN g, where M and N are the number of

X

r the rows and columns of the plain-image P, respectively.

w¼ aj 2r þ j , ð4Þ Step 2 Sort the above values increasingly and take out the

j ¼ r values fx 1 , . . . ,x MN g.

Step 3 Find the position of values fx 1 , . . . ,x MN g in fx1 , . . . ,xMN g

where 0 rw r 22r þ 1 1.

and form the position set S ¼ fs1 ,s2 , . . . ,sMN g, where x i is

The CAs considered so far are memoryless, i.e., the updated state

the value of xsi .

of a cell depends on its neighborhood conﬁguration only at the

Step 4 Shufﬂe the pixels of the plain-image P using the set S to

preceding time step. Nevertheless, one can consider cellular auto-

get the shufﬂed image P 0 .

mata for which the states of neighboring cells at time T as well as

T1,T2,y contribute to determine the state at time T þ 1. This is

the concept of the memory cellular automata (MCA). Hereafter, by a

3.2. Image encrypting phase

CA, we mean a particular type of MCA called the tth order linear MCA

(LMCA) whose local transition function takes the following form:

aðT

i

þ 1Þ

¼ f 1 ðN iðTÞ Þ þf 2 ðN ðT1Þ

i

Þ þ . . . þ f t ðN ðTt

i

þ 1Þ

Þðmod 2Þ, 0 r i rN1, Input: The shufﬂed image P0 .

ð5Þ Output: The encrypted image c.

This phase is intended to provide security against statistical

r, for 1 r ir t. In this case, we require t initial conﬁgurations

attacks and the differential attack. The keystream in this phase

C ð0Þ , . . . ,C ðt1Þ to start the evolution of LMCA. Furthermore, in order

for this cellular automaton to be reversible, we have the following is not only related to the secret key, but also to the plain-image,

proposition [23]. making the known-plaintext and chosen-plaintext attacks

A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673 667

Plain-image P

P’ i ←1

the piecewise linear pixel blocks

map

blocks together and No

form the cipher i<=nb

image

Yes

Cipher-image ψ

Yes

is i=1?

D ← rand (0,255)

No

H i = f h ( Bi (1),..., Bi (m))

Encrypt A m+1 {A 1,…,A m,A m+1,A m+2} Construct LMCA of order (m+2) with

i ← i +1 using the logistic initial configurations {Bi(1),…,Bi(m),Hi,D}

chaotic map and evolve it.

difﬁcult tasks. In this phase, the key is the initial condition of the where fh is a collision-resistant hash function and

logistic chaotic map, deﬁned according to the following formula: Bi(k) denotes the kth pixel of the ith block. Note that

the collision resistance of fh makes it hard to ﬁnd

yn þ 1 ¼ 4yn ð1yn Þ yn A ½0,1: ð8Þ

two distinct values x and x0 such that f h ðxÞ ¼ f h ðx0 Þ.

In contrast to most image encryption techniques that are cipher 2.2 Construct L that is a reversible LMCA of order m þ 2

by computing the m þ 2 initial conﬁgurations

streams, our image encryption method is a block encryption

fC ð1Þ , . . . ,C ðm þ 2Þ g as follows:

algorithm in which the image is divided into n blocks and each Set C ð1Þ ¼ Bi ð1Þ,C ð2Þ ¼ Bi ð2Þ, . . . ,C ðmÞ ¼ Bi ðmÞ.

b

block will be handled separately. The exact procedure is as Set C ðm þ 1Þ ¼ Hi in which Hi is the hash value of

follows and a graphical representation is depicted in Fig. 1: the block, computed by (9).

If i¼1, i.e. this block is the ﬁrst block being

processed, assign C m þ 2 to an arbitrary number

Step 1 Divide the shufﬂed image P0 into nb m-pixel blocks, where between 0 and 255, otherwise assign C ðm þ 2Þ to

nb ¼ ½M N=m. The value of m is arbitrary; however, the value D ¼ Bi1 ð1Þ Bi1 ð2Þ . . . Bi1 ðmÞ that

note that choosing greater values results in less compu- is the XOR of the pixels of the previous block.

tations while choosing smaller values for m leads to more 2.3 Evolve L for w times, starting from the initial con-

precision in data integrity veriﬁcation phase. Thus, one ﬁgurations fC ð1Þ , . . . ,C ðm þ 2Þ g to obtain the new con-

should make a trade-off between two mentioned proper- ﬁgurations fAi ð1Þ,Ai ð2Þ, . . . ,Ai ðm þ 2Þg where w can be

ties while choosing the value of m. announced publicly or can be part of the key.

Step 2 For each block Bi, 1 ri rnb , perform the following steps: 2.4 Encrypt the (m þ1)th conﬁguration of the evolved

block, i.e. Ai ðm þ 1Þ as follows:

2.1 Compute the hash value for the block according to

the following formula: Compute K ¼ 1 þ modðAi ð1Þ,4Þ.

Iterate the Logistic chaotic map K times to obtain

Hi ¼ f h ðBi ð1Þ, . . . ,Bi ðmÞÞ, ð9Þ the value y.

668 A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673

Fig. 2. Histograms of plain-image Boat and its corresponding cipher-image (x ¼0.123456789, p ¼ 0.2, y¼0.5671). (a) Original Boat image. (b) Encrypted Boat image.

(c) Histogram of (a). (d) Histogram of (b).

Calculate the new value A0i ðm þ 1Þ ¼ Ai ðm þ1Þ Key-sensitivity test results, K¼ 0.123456789, Dd ¼ 1015 .

modðd þ Ai ðm þ 2Þ,256Þ.

Image Ps (K)

2.5 Set the corresponding cipher-block ci to the values

Boat 0.9966

fAi ð1Þ,Ai ð2Þ, . . . ,A0i ðm þ1Þ,Ai ðm þ 2Þg. Lake 0.9959

Lena 0.9967

The cipher-image c consists of the cipher-blocks ci , 1 r ir nb , Pepper 0.9962

computed by the above procedure.

3.3. The decrypting phase

Input: The cipher-image c. this is possible only if the receiver has the secret key.

Output: The plain-image P. Step 2 Construct L~ that is the inverse of L with initial

~ ~ ~

conﬁgurations fC ð1Þ ¼ Ai ð1Þ, C ð2Þ ¼ Ai ð2Þ, . . . , C ðm þ 1Þ ¼

The decryption algorithm is similar to that of encryption in the ðm~þ 2Þ

Ai ðm þ1Þ, C ¼ Ai ðmþ 2Þg and evolve it w times to

reverse order. Since our LMCA (L) is of order m þ2, Proposition 2 obtain the values fBi ð1Þ, . . . ,Bi ðmÞg and also the value

states that in order to evolve it backward, exactly m þ2 last Hi which will be used later to verify the image

conﬁgurations are needed. Thus, it is not possible to decrypt the integrity.

cipher-image without the key and that is because in every

encrypted block ci ¼ fAi ð1Þ,Ai ð2Þ, . . . ,A0i ðmþ 1Þ,Ai ðm þ2Þg, one con-

ﬁguration (A0i ðm þ 1Þ) is encrypted using the key. The exact After recovering all the blocks, the receiver obtains the shufﬂed

procedure is as follows: image P 0 . Now the reverse operation of the permutation should be

At the receiver side, for each encrypted block ci ¼ fAi ð1Þ,Ai ð2Þ, performed to get the original image P.

. . . ,A0i ðmþ 1Þ,Ai ðm þ2Þg, 1 r ir nb , the following steps should be

performed: 3.4. Data integrity validation phase

Step 1 Calculate Ai ðm þ 1Þ using the formula Ai ðm þ 1Þ ¼ Input: The recovered shufﬂed image P0

A0i ðm þ1Þ modðd þ Ai ðmþ 2Þ,256Þ, where the value d Output: Detecting whether the image is tampered or not.

A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673 669

The algorithm to verify the image integrity (in case of a 4.1. Key analysis

required authentication) is as follows:

4.1.1. Key space

Step 1 Divide P0 (recovered according to the Section 3.3) into m A good image cryptosystem should provide a fairly large key

pixel blocks fB1 ,B2 , . . . ,Bnb g. For each block Bi, 1 r i rnb , space to resist brute-force attacks. The size of the key space is

perform the following steps: equal to the total number of different keys that can be used in the

scheme. In our scheme, the secret keys are the initial condition of

(a) Compute the value hi ¼ f h ðBi ð1Þ, . . . ,Bi ðmÞÞ where fh is the piecewise linear map ðx A ½0,1Þ, the control parameter of the

the same hash function as in (9) and Bi(k) denotes piecewise linear map ðp A ½0,0:5Þ and the initial condition of the

the kth pixel of the ith block. logistic map ðy A ½0,1Þ. To achieve more security, we recommend

(b) If the value Hi, recovered in Step 2 of the decryption to consider the rule numbers of the LMCA as part of the secret key

procedure, is equal to the value hi, then this block is too, but here, we do not take them into account. Therefore, the

not tampered. secret key includes two ﬂoating point numbers of precision 1015

in interval ½0,1 and one ﬂoating point number of precision 1015

Note that we employed a collision resistant hash function to in interval ½0,0:5 which causes the key space to be equal to 1015

compute the hash value of the blocks Bi, 1 ri rnb (see Eq. (9)). 1015 1014 5 ¼ 1044 5 that is large enough to make brute-

Therefore, to verify if the image is intact or not, we only need to force attacks infeasible [24].

check if hi equals Hi for every block.

4.1.2. Key sensitivity

A good image encryption scheme should be sensitive to the

secret key, meaning that a slight change in the secret key should

4. Security analysis cause a substantial change in the corresponding cipher-image. To

test the sensitivity of a key parameter K, the plain-image is

In this section, we ﬁrst provide key analysis of the proposed encrypted with K ¼p, K ¼ pDd and K ¼ p þ Dd, while keeping

cryptosystem. We then consider the behavior of the scheme the other key parameters unchanged. Here Dd is a very small

against statistical attacks and differential attack. Resistance to value and is called the perturbing value. The corresponding

known-plaintext and chosen-plaintext attacks are discussed as encrypted images are denoted by I1, I2 and I3, respectively. The

well. Finally, we analyze the performance of the scheme. sensitivity coefﬁcient for the parameter K is denoted by the

Fig. 3. Histograms of plain-image Lake and its corresponding cipher-image (x¼ 0.123456789, p ¼ 0.2, y¼ 0.5671). (a) Original Lake image. (b) Encrypted Lake image.

(c) Histogram of (a). (d) Histogram of (b).

670 A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673

The histograms of the two images Boat and Lake, are depicted

1 X

P s ðKÞ ¼ ½N s ðI1 ði,jÞ,I2 ði,jÞÞ þN s ðI1 ði,jÞ,I3 ði,jÞÞ, ð10Þ in Figs. 2 and 3, respectively. These ﬁgures illustrate that the

2HW i,j histograms of the encrypted images are fairly uniform. Thus, they

do not provide any useful information for the attacker.

where Ns ðx,yÞ ¼ 1 if x ay and Ns ðx,yÞ ¼ 0 otherwise. Greater values

of Ps(K) indicate more sensitivity for the parameter K.

We run a test on four images Boat, Lake, Lena and Pepper 4.2.2. Correlation of adjacent pixels

where the parameter K is set to the initial condition for the There is usually a strong correlation between adjacent pixels in

piecewise linear map, the perturbing value is set to 1015 and all the image data. A secure image cryptosystem should remove this

other keys are unchanged. The results are summarized in Table 1 correlation to make statistical attacks infeasible. To test the correla-

and show the high level of key-sensitivity of the proposed tion between two adjacent pixels, we select 1000 random pair of

scheme. adjacent pixels (in horizontal, vertical and diagonal direction) and

calculate the correlation coefﬁcient of each pair before and after

encryption, using the following equations:

4.2. Statistical analysis covðx,yÞ

r xy ¼ pﬃﬃﬃﬃﬃﬃﬃﬃﬃpﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃ , ð11Þ

DðxÞ DðyÞ

Statistical analysis on our proposed scheme indicates great con-

fusion and diffusion making the cipher-image strongly robust against

1XN

related attacks. This is shown by a test on the histogram, a test on the covðx,yÞ ¼ ðx EðxÞÞðyi EðyÞÞ, ð12Þ

Ni¼1 i

correlation of adjacent pixels and a test on image entropy.

Fig. 4. Correlations of two adjacent pixels in the plain-image and in the cipher-image: (a), (c) and (e) corresponds to the plain-image Boat; (b), (d) and (f) corresponds to

the cipher-image Boat.

A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673 671

Fig. 5. Correlations of two adjacent pixels in the plain-image and in the cipher-image: (a), (c) and (e) corresponds to the plain-image Lake; (b), (d) and (f) corresponds to

the cipher-image Lake.

Table 2 Table 3

Correlation coefﬁcients of two adjacent pixels in the plain-image and the correspond- Information entropy test results.

ing cipher image.

Image H (m)

Plain-image Cipher-image Plain-image Cipher-image

‘‘boat’’ ‘‘boat’’ ‘‘lake’’ ‘‘lake’’ Boat 7.9706

Lake 7.9730

Horizontal 0.9189 0.0063 0.9283 0.0035 Lena 7.9696

Vertical 0.9028 0.0095 0.9444 0.0089 Pepper 7.9717

Diagonal 0.9266 0.0089 0.8927 0.0011

1XN

4.2.3. Information entropy attack

DðxÞ ¼ ðx EðxÞÞ2 , ð13Þ

Ni¼1 i The information entropy is the most signiﬁcant feature of

randomness. The information entropy H(m) of a message source

m can be measured by the following formula [26]:

1XN

EðxÞ ¼ x, ð14Þ

Ni¼1 i X

L1

HðmÞ ¼ pðmi Þlog2 ðpðmi ÞÞ, ð15Þ

i¼0

where x and y are gray-scale values of two adjacent pixels of the

image. The correlation coefﬁcients of the plain-images and cipher- where L is the total number of symbols in m and pðmi Þ represents

images of Boat and Lake are illustrated in Figs. 4 and 5, respectively. the probability of occurrence of symbol mi. Assuming there are

Also, Table 2 summarizes the results corresponding to these images. 256 symbols with the same probability, we get the ‘‘true random’’

672 A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673

NPCR and UACI between cipher-images with slightly different plain-images after proposed scheme against different types of attacks in previous

one round of encryption.

sections. In this section, we discuss the computational complexity

Plain-image NPCR (%) NPCR (%) UACI (%) UACI (%) as well as the speed of the proposed scheme. The operations

(Ours) (Zhang and Liu) (Ours) (Zhang and Liu) employed in different phases of the proposed scheme consist of

generating random sequences, computing evolutions of a linear

Boat 99.1025 65.2120 33.1600 21.9768 cellular automata and bitwise XORing. All of these operations

Lake 99.1220 65.3616 33.6064 22.1871

Lena 99.4602 37.6389 33.2161 12.7034

have straightforward implementations. These factors make the

Pepper 99.5643 65.5177 33.5724 22.2955 proposed cryptosystem an efﬁcient scheme in terms of computa-

tional complexity. The proposed encryption scheme is within

block encryption techniques. In general, block encryption techni-

ques are slow in comparison with stream ciphers [29]. We

source in which HðmÞ ¼ 8. Hence, the information entropy must compare the speed of our scheme with another block encryption

be close to 8 after encryption process. The entropy value for four technique proposed in [30]. We implement both schemes on a

images, encrypted by our method, are presented in Table 3 that personal computer with 2.26 GHz core 2 Duo CPU, having 4 GBs of

indicates they are close to a random source and the proposed RAM. The operating system is Windows Vista and the program-

scheme is robust against entropy attack. ming environment is MATLAB 7.12. The size of the image is

124 124 in this test. In [30], in order to get acceptable perfor-

4.3. The differential attack mance such as NPCR 499% and UACI 4 33%, the algorithm needs

to be performed 18 times (3 rounds of permutation and 6 rounds

Differential attack is a type of attack in which the attackers of diffusion) which leads to encryption time of about 98 ms.

make a tiny change in the plain-image (e.g. modify only one pixel) In our proposed method, it sufﬁces to evolve the LMCA for once

to obtain some meaningful information between the plain-image (i.e. W¼1) to get the mentioned high performance. This results in

and the cipher-image. To test how one pixel change in the plain- time consumption of about 90 ms. Therefore, the encryption

image affects the corresponding cipher-image, two common speed of the proposed method is satisfactory.

measures are calculated: number of pixels change rate (NPCR)

and uniﬁed average changing intensity (UACI), deﬁned in the

following equations for images C1 and C2 of size ðM NÞ: 5. Conclusion

P

i,j Dði,jÞ

NPCR ¼ 100, ð16Þ In this paper, an efﬁcient image encryption method based on

W H

2 3 chaotic maps and reversible memory cellular automata is pro-

1 4X c1 ði,jÞc2 ði,jÞ5 posed. In the confusion phase, we use a piecewise linear chaotic

UACI ¼ 100, ð17Þ map and in the diffusion phase, a special kind of CA and the

W H i,j 255

logistic chaotic map are employed. A notable feature of the

where cl ði,jÞ denotes the pixel in C l ðl ¼ 1,2Þ at position (i, j). If proposed method is its ability to check data integrity at block

c1 ði,jÞ ¼ c2 ði,jÞ then Dði,jÞ ¼ 0, otherwise Dði,jÞ ¼ 1. As Table 4 level. This is particularly important in applications where image

represents, our results show superior performance in comparison data or part of it contain highly sensitive information and

with scheme proposed in [28]. authentication is required. The proposed scheme fulﬁls all the

desired properties of a secure cryptosystem including large key

space, resistance to entropy, differential, known-plaintext and

4.4. Resistance to known-plaintext and chosen-plaintext attacks

chosen-plaintext attacks. Here, we implement the scheme on

gray-scale images, but it can be applied to efﬁciently encrypt

In known-plaintext attack, the adversary knows some plain-

color images as well. These properties make the proposed scheme

text/cipher-text pairs all encrypted with the same key. The goal of

a good candidate for being used in practical image encryption.

the adversary is to determine the plain-text that was encrypted in

some other cipher-text. In chosen-plaintext attack, the adversary

has the ability to obtain the encryption of the plain-texts of its References

choice. It then attempts to determine the plain-text that was

encrypted in some other cipher text [27]. In our scheme, in the

[1] Fridrich J. Symmetric ciphers based on two-dimensional chaotic maps. Int

diffusion phase, a feedback from the cipher-image is employed to J Bifurcat Chaos 1998;8:1259–84.

change the number of iterations of the logistic map according to [2] Sun F, Liu S, Li Z, Lu Z. A novel image encryption scheme based on spatial

chaos map. Chaos Solitons Fractals 2008;38:631–40.

the formula K ¼ 1 þ modðAi ð1Þ,4Þ, where Ai ð1Þ is the feedback from

[3] Liu Z, Guo Q, Xu L, Ahmad MA, Liu S. Double image encryption by using

cipher image and K is the number of iterations of the logistic map. iterative random binary encoding in gyrator domains. Opt Exp

Since the key stream is related to the corresponding cipher- 2010;18:12033–43.

images, therefore, when different plain-images are encrypted, [4] Chen G, Mao Y, Chui CK. A symmetric image encryption scheme based on 3D

chaotic cat maps. Chaos Solitons Fractals 2004;21:749–61.

the corresponding key stream would be different. The adversary [5] Alvarez G, Montoya F, Romera M, Pastor G. Cryptanalysis of a discrete chaotic

cannot obtain useful information by encrypting some special cryptosystem using external key. Phys Lett A 2003;319:334–9.

images, since the resultant information is related to those [6] Arroyo D, Alvarez G, Li Sh, Li Ch, Nunez J. Cryptanalysis of a discrete-time

synchronous chaotic encryption system. Phys Lett A 2008;372:1034–9.

chosen-images. This indicates that our scheme is highly secure [7] Li C, Li S, Chen G, Halang WA. Cryptanalysis of an image encryption scheme

against known-plaintext and chosen-plaintext attacks. based on a compound chaotic sequence. Image Vision Comput 2009;27:1035–9.

[8] Guan Z, Huang F, Guan W. Chaos-based image encryption algorithm. Phys

Lett A 2005;346:153–7.

4.5. Performance analysis [9] Cokal C, Solak E. Cryptanalysis of a chaos-based image encryption algorithm.

Phys Lett A 2009;373:1357–60.

The performance of a cryptographic system is measured based [10] Li C, Li S, Asim M, Nunez J, Alvarez G, Chen G. On the security defects of an

image encryption scheme. Image Vision Comput 2009;27:1371–81.

on different factors such as reliability regarding different types of [11] Pareek N, Patidar V, Sud K. Discrete chaotic cryptography using external key.

attacks, computational complexity and encryption/decryption Phys Lett A 2003;309:75–82.

A. Bakhshandeh, Z. Eslami / Optics and Lasers in Engineering 51 (2013) 665–673 673

[12] Li C, Chen G. On the security of a class of image encryption schemes. IEEE [21] Chen RJ, Lai JL. Image security system using recursive cellular automata

Symp Circuits Syst 2008:3290–3. substitution. Pattern Recognition 2007;40:1621–31.

[13] Mao Y, Chen G, Lian S. A novel fast image encryption scheme based on 3D [22] Jin J. An image encryption based on elementary cellular automata. Opt Laser

chaotic baker maps. Int J Bifurcat Chaos 2004;14:3613–24. Eng 2012;50:1836–43.

[14] Shen J, Jin X, Zhou C. A color image encryption algorithm based on magic [23] Eslami Z, Zarepour Ahmadabadi J. A veriﬁable multi-secret sharing scheme

cube transformation and modular arithmetic operation. Lect Notes Comput based on cellular automata. Inf Sci 2010;180:2889–94.

Sci 2005;3768:270–80. [24] Stinson D. Cryptography: theory and practice. 2nd ed.CRC/C&H; 2002.

[15] He X, Zhu Q, Gu P. A new chaos-based encryption method for color image. [25] Lian S, Sun J, Wang Z. A block cipher based on a suitable use of the chaotic

Lect Notes Artif Int 2006;4062:671–8. standard map. Chaos Solitons Fractals 2005;26:117–29.

[16] Zhang Q, Guo L, Wei X. Image encryption using DNA addition combining with [26] Ye R. A novel chaos-based image encryption scheme with an efﬁcient

chaotic maps. Math Comput Model 2010;52:2028–35. permutation–diffusion mechanism. Opt Commun 2011;284:5290–8.

[17] Yoon JW, Kim H. An image encryption scheme with a pseudorandom permu- [27] Katz J, Lindell Y. Introduction to modern cryptography. CRC/C&H; 2008.

taion based on chaotic maps. Commun Nonlinear Sci 2010;15:3998–4006. [28] Zhang G, Liu Q. A novel image encryption method based on total shufﬂing

[18] Ismail IA, Amin M, Diab H. A digital image encryption algorithm based a scheme. Opt Commun 2011;284:2775–80.

composition of two chaotic Logistic maps. Int J Network Secur 2010;11:1–10. [29] Philip M, das A. Survey: image encryption using chaotic cryptography

[19] Neumann John Von, Burks AW, editors. Theory of self-reproducing automata.

schemes. In: IJCA Special Issue on Computational Science—New Dimensions

Champaign, IL, USA: University of Illinois Press; 1966.

& Perspectives, vol. 1; 2011. p. 1–4.

[20] Maleki F, Mohades A, Mehdi Hashemi S, Shiri ME. An image encryption

[30] Lian S, Sun J, Wang Z. A block cipher based on a suitable use of the chaotic

system by cellular automata with memory. In: The Third International

standard map. Chaos Solitons Fractals 2005;26:117–29.

Conference on Availability, Reliability and Security. IEEE; 2008. p. 1266–71.