Elsevier

Information Sciences

Volume 181, Issue 6, 15 March 2011, Pages 1171-1186
Information Sciences

A chaos-based symmetric image encryption scheme using a bit-level permutation

https://doi.org/10.1016/j.ins.2010.11.009Get rights and content

Abstract

In recent years, a variety of chaos-based digital image encryption algorithms have been suggested. Most of these algorithms implement permutations and diffusions at the pixel level by considering the pixel as the smallest (atomic) element of an image. In fact, a permutation at the bit level not only changes the position of the pixel but also alters its value. Here we propose an image cryptosystem employing the Arnold cat map for bit-level permutation and the logistic map for diffusion. Simulations have been carried out and analyzed in detail, demonstrating the superior security and high efficiency of our cryptosystem.

Introduction

Information security plays a significant role in all fields, especially those related to confidential business or military affairs. This topic is not new and can be traced back to Shannon’s classic paper [18]. In recent years, this has attracted increasing research attention [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [19], [23]. Due to some interesting intrinsic features such as ergodicity, sensitivity to initial conditions and system parameters, the use of chaotic systems for data encryption has been studied extensively [3], [6], [7], [8], [9], [10], [15], [16], [17], [20], [21], [22], [24], [26]. Chaos-based algorithms have shown exceptionally superior properties in aspects such as security and complexity [3].

The existing chaos-based image cryptosystems can be classified into two categories. In the first category, a pixel is considered as the smallest element, and a digital image is considered as a collection of pixels. However, in the second class, a pixel can be further divided into a number of bits, on which bit-level operations are performed. For example, a pixel in a grey-scale image usually consists of 8 bits, but these bits carry different amount of information. In [22], Xiang et al. proposed a selective image encryption algorithm that only encrypts the four higher bits of each pixel and leaves the lower four bits unchanged. This algorithm has a reduced execution time because it only encrypts half of the bits.

In [25], a typical bit-level cipher called Bit Recirculation Image Encryption (BRIE) was suggested. Its two-dimensional version, Two-Dimension Circulation Encryption Algorithm (TDCEA), was studied in [4]. In TDCEA, eight consecutive pixels are treated as a group and the corresponding 64 bits form a matrix M of size 8 × 8. There are two kinds of bit rotation operating on M. They are defined as follows:

  • 1.

    In the horizontal direction, Xip,r denotes the cyclic shift of the ith row of the matrix to the left (when p = 1) or the right (when p = 0) by r bits.

  • 2.

    In the vertical direction, Yjq,s denotes the cyclic shift of the jth column of the matrix upwards (when q = 1) or downwards (when q = 0) by s bits.

The coefficients p, q, r, and s of the two rotation operations are governed by a logistic map. These operations are applied to each binary matrix, which contains 8 consecutive pixels. The encryption is complete when all the pixels have been processed.

Because cyclic bit shift is the only encryption operation in both BRIE and TDCEA, these two ciphers belong to the class of permutation-only ciphers which are insecure under a known/chosen-plaintext attack [13]. In fact, BRIE and TDCEA are cryptanalyzed in [14] and [12], respectively. Some of the natural defects of these two ciphers include the following [12]. First of all, the values of some pixels remain unchanged or have a similar value after bit rotation, which results in some subregions emerging in the cipher-image. For example, when the bits in a plain-image pixel are all 1 or 0, the TDCEA cryptosystem does not work. Second, due to the high correlation property of a meaningful image, adjacent pixels in a subregion usually have the same or similar values. This results in similar pixels in the cipher-image, even after bit rotation. As a result, the boundary of such a subregion remains visible.

In TDCEA, all the elements are relocated in the binary matrix, but the value of each element is not modified. As a consequence, the statistical information of the binary matrix is unchanged after encryption. Furthermore, the mapping between an element in the plain-image matrix and the corresponding element in the cipher-image matrix can be considered as a bijection, which can be easily identified by a known/chosen plaintext attack. Given a sufficient number of pairs of a known plain-image and the corresponding cipher-image, the original and the new locations of each element can be traced to recover the permutation matrix. The cryptosystem is effectively broken once this matrix is constructed. In [12], only 7 plain-image and corresponding cipher-image pairs are required to break TDCEA via a known plaintext attack. The computational complexity is O(16(n + 15)MN), where n is the number of known plain-images, and M and N are the width and height of the image, respectively.M0,k=1111111100000000000000000000000000000000000000000000000000000000.M1,k=1000000010000000100000001000000010000000100000001000000010000000.A chosen plaintext attack on TDCEA is also proposed in [12]. The bit rotation operation in each binary matrix is divided into 8 column rotations in the vertical direction and 8 row rotations in the horizontal direction. The two chosen plain-images are given by Eqs. (1), (2). By comparing M0,k and its corresponding cipher-image M0,k, the vertical permutation matrix can be worked out. Similarly, the horizontal permutation matrix can be recovered by comparing M1,k and its corresponding cipher-image M1,k. The final permutation matrix, which is considered as an equivalent key, is constructed by combining the two permutation matrices. The computational complexity of this attack is O(17MN).

Due to the vulnerability of permutation-only ciphers to known/chosen plaintext attacks, an architecture for a chaos-based image cryptosystem was suggested by Fridrich [7]. Under this architecture, permutations and diffusions are performed several times in alternation to achieve a satisfactory security level. As an image can be considered as a 2-D array of pixels, 2-D or 3-D chaotic maps are naturally employed in the permutation stage, where all the plain-image pixels are relocated using the chaotic map [3], [6], [17]. In the diffusion stage, the value of each pixel is modified sequentially so as to spread its information to other pixels [7]. In [24], Xiao et al. used an Arnold cat map to permute the pixels and the Chen system to change the value of each pixel in a sequential manner. Lian et al. employed the 2-D standard map in the permutation stage and the logistic map for diffusion [16].

This paper is organized as follows. In the next section, the idea of a bit-level permutation is introduced with a simple example. The proposed image cryptosystem is described in Section 3. Simulation results and performance analyses are reported in Section 4. In the last section, a conclusion is drawn.

Section snippets

Bit-level permutation

A classical architecture using chaotic maps for image encryption is shown in Fig. 1.

A grey-level image consists of a group of pixels. Each pixel can be considered as a vector p. For example, an image with size N × N corresponds to the set of vectors {pi},0iN×N-1,pi=(xi,yi,valuei), where xi and yi represent the x and y coordinates of the pixel, respectively, and valuei is the grey level of the pixel. According to Fig. 1, all the pixels are permuted in the confusion stage. As the pixels at

The proposed cryptosystem

The classical confusion-diffusion architecture is adopted in the proposed image cryptosystem shown in Fig. 4, but with one modification is made in the confusion phase.

In the confusion stage, each pixel is separated into 8 parts according to the bit positions. The new position of each bit is calculated. Each permuted pixel is composed of the rearranged 8 bits. It carries the 8-bit information previously belonging to other plain-image pixels. The superiority of this approach is that each bit

Experimental results

In this section, the simulation results and performance analyses of the proposed cryptosystem are provided. Furthermore, three comparable cryptosystems are also investigated, and the performance of these four image encryption schemes is compared. All the tests are performed on a personal computer with an Intel Core 1.8 G CPU, 2 GB memory and 250 GB hard disk with a Windows XP Professional operating system. The compilation platform is Visual C++ 6.0, and some graphs are plotted using MATLAB

Conclusions

A chaos-based image cryptosystem with a well-studied confusion-diffusion architecture has been proposed. In our cryptosystem, the pixel-level permutation is replaced by a bit-level permutation. When a bit in one pixel is exchanged with a bit in another pixel, the information in the two pixels is exchanged and their values are modified. As a result, the bit-level permutation has the effects of both confusion and diffusion. The new cryptosystem employs the Arnold cat map for permutation and the

Acknowledgements

The work described in this paper was supported by the National Natural Science Foundation of China (Grant No. 60872040), the Program for Liaoning Excellent Talents in University and the Natural Science Foundation of Liaoning Province, China (Grant No. 20082037).

Cited by (605)

View all citing articles on Scopus
View full text