A Colour Image Encryption Scheme Using Permutation-Substitution Based on Chaos

An encryption scheme for colour images using a spatiotemporal chaotic system is proposed. Initially, we use the R, G and B components of a colour plain-image to form a matrix. Then the matrix is permutated by using zigzag path scrambling. The resultant matrix is then passed through a substitution process. Finally, the ciphered colour image is obtained from the confused matrix. Theoretical analysis and experimental results indicate that the proposed scheme is both secure and practical, which make it suitable for encrypting colour images of any size.


Introduction
Nowadays the number of colour images which are transmitted over the Internet keeps increasing.Therefore, the security of transmitted colour images has attracted the interest of scholars in both science and engineering [1].The encryption of images is different from text encryption due to some inherent features of images such as the bulk data capacity and the high correlation among pixels.Therefore, traditional encryption schemes such as Data Encryption Algorithm (DEA) and Rivest Shamir Adleman (RSA) are not suitable for encryption of images.Chaos contains some superior features, such as OPEN ACCESS sensitivity to initial conditions, ergodicity and random series [2].For the design of encryption schemes for images, such features are of great importance for developing good diffusions and confusions.
As for colour images, each pixel's value of a colour image consists of R, G and B colour components, and each colour component directly determines the intensity of the red, green or blue colour.Because the colour images provide more information than grey-level images, they have attracted more and more attention [12][13][14], but most of the previous algorithms for colour images used the same method to encrypt their R, G and B components, which is to encrypt the image three times independently.This neglects the correlations between R, G and B components and is more vulnerable to attacks [8][9][10][11][12][13][14].To overcome this problem, this paper proposes a novel colour image encryption algorithm based on chaos.We use CML to encrypt the colour image and make the three components affect each other.The permutation and substitution stages effectively reduce the correlations between R, G and B components and enhance the encryption performance.
The remainder of the paper is organized as follows: in Section 2, CML and the permutation method used in the proposed algorithm are introduced.In Section 3, the encryption algorithm is described.Section 4 provides simulation results.Security analysis is given in Section 5. Finally, this paper is concluded in Section 6.

The CML System
The CML system is a nonlinear dynamical system with both time and space features.The space refers to the lattices.The local maps are nonlinear maps in a lattice.The coupling rules between lattices are the spatial neighborhood.Because of the intrinsic nonlinear nature of each local map, the CML system exhibits spatiotemporal chaos behavior [16] by the effect of spatial coupling among the local maps.The CML system [37] is described as follows: where n is the time index, j is the lattice index, (0, 1) ε ∈ is a coupling parameter and L is the lattice size.The periodic boundary condition, i.e., for any valid j , is used in the CML system.( ) x τ is a logistic map given by: which is chaotic when 3.57 μ > .In the proposed scheme, L is assigned to 7. 0 (1) x , 0 (2) ε serve as secret keys.

Zigzag Path Scrambling
The height of blocks in the encryption process is 3, and the width ranges from 1 to 10.In the permutation process, pixels of each block are reshuffled within the block by a zigzag path scrambling process as shown in Figure 1.

Colour Image Encryption Algorithm Based on Chaos
Without loss of generality, we assume that the size of the colour plain-image F ; the size of each colour's (R, G or B) matrix is M N × , and the pixels' values range from 0 to 255.
ε in Equation ( 1) is decided by the colour plain-image F: For different colour plain-image, our scheme has different secret key ε , so it could resist plaintext attack effectively.In more details, the encryption process may be summarized in the following steps: Step 1: Use the R, G and B components r F , g F , b F to form a matrix B with size of ( ) The first row of B is composed of pixels of r F by arranging them from the first one to the last; the second is composed of pixels of g F by swapping the first half and the latter part; the third is composed of pixels of b F by arranging them from the last one to the first.
t are used in the permutation process and 1 m , 2 m , 3 m are used in the substitution process.
Step 4: Initially, randomly select three integers, assigned as r, g and b, serving as secret keys.Compare the value of r, g and b: if r is the maximum, set t = t1 + 1; if g is the maximum, set t = t2 + 1; if b is the maximum, set t = t3 + 1.
Step 5: We assume w represents the width of B processed; w1 represents the width of B not processed.Case 1: w1 ≥ t.Select t columns from B after the w-th column, as shown in Figure 2.
(1) Permute the selected block of width t for r times using the zigzag path scrambling.
(2) Confuse the permutated block: implement exclusive OR operation bit-by-bit on the first row of the permutated block using 1 m ; implement exclusive OR operation bit-by-bit on the second row of the permutated block using 2 m ; implement exclusive OR operation bit-by-bit on the third row of the permutated block using 3 m .Then set: If w M N = × , encryption algorithm finishes.Finally, obtain the ciphered colour image from the resultant matrix B.
(2) Confuse the permutated block: implement exclusive OR operation bit-by-bit on the first row of the permutated block using 1 m ; implement exclusive OR operation bit-by-bit on the second row of the permutated block using 2 m ; implement exclusive OR operation bit-by-bit on the third row of the permutated block using 3 m .
Encryption algorithm finishes.Finally, obtain the ciphered colour image from the resultant matrix B.
Step 6: Set i=i+1 and then go to Step 2.

Experimental Simulations
We have used MATLAB 7.6.0 to run programs that realize the proposed algorithm in a personal computer with an AMD Athlon (tm) 64 Processor 3000+ 2.00 GHz, 992 MB memory and 60 GB hard-disk capacity.The operating system is Microsoft Windows XP.Our simulation results are shown in Figures 4 and 5.The colour image "Lena" (Figure 4a) is used as the plain image.Figure 4b-d

Performance Analysis
A good encryption scheme should resist against all kinds of attacks.Security analyses are performed on the proposed algorithm in this section.

Key Space
A good encryption scheme should have a large key space size to resist against any kind of brute-force attack.In our algorithm, 0 (1) , μ , ε , r, g and b are used as the secret keys.The complexity of brute-force is great, so the key space is large enough for common applications to resist brute-force attacks.

Histogram Analysis
The distribution of the ciphered image should be uniform.A histogram as a graph used for showing the distribution of pixel values of an image.An adversary can recover the corresponding information from the characteristics of the histogram of an image, when the histogram of the image is not flat enough.However, the adversary will be unable to do so when the histogram of a ciphered image is uniform.A flat distribution is important in cryptography.
Figure 6 illustrates the histograms of the colour plain-image "Lena".Figure 6a shows the histogram of the R component; Figure 6b shows the histogram of the G component; Figure 6c shows the histogram of the B component.From Figure 6, the histograms of the plain-image are not flat.Figure 7 illustrates the histograms of the ciphered colour image of "Lena".Figure 7a shows the histogram of the R component; Figure 7b shows the histogram of the G component; Figure 7c shows the histogram of the B component.It is clear from Figure 7 that the proposed algorithm results in very flat distributions and that statistical attacks on our algorithm are not effective.
where ir v , ig v and ib v are the corresponding R, G and B components of the observed frequency of a pixel value i ( 0 ).The is the expected frequency of a pixel value i, so ν0 = (M × N)/256.The results obtained by applying the 2 χ tests on 100 encrypted images can be summarized as it follows: in 98% of the tests, the values obtained were lower than the critical value

Correlation Analysis
Correlation between two random series indicates the strength and direction of their linear relationship.Therefore, correlation between two adjacent pixels of images is usually applied in image processing.The correlation of a recognizable image is usually high because plaintext images are information redundant.In cryptography, the correlation of two adjacent pixels should have a low value to ensure the security of the ciphered images.
For evaluation of the correlations, vertically adjacent pixels, diagonally adjacent pixels and horizontally adjacent pixels are tested, respectively.Equation ( 7) calculates the correlation of two adjacent pixels: cov( , ) ( ) ( ) where: We choose 1.000 pairs of adjacent pixels randomly in each direction from the R, G and B components of the ciphered colour image.Without loss of generality, we plot the correlation distributions of the R, G and B components of "Lena" and its ciphered colour image in each direction, as illustrated in Figures 9 and 10. Figure 9a-c show the correlation distributions of the R component of "Lena" in each direction; Figure 9d-f show the correlation distributions of the G component of "Lena" in each direction; Figure 9g-i show the correlation distributions of the B component of "Lena" in each direction; Figure 10a-c show the correlation distributions of the R component of the ciphered colour image in each direction; Figures 10d-f show the correlation distributions of the G component of the ciphered colour image in each direction; Figure 10g-i show the correlation distributions of the B component of the ciphered colour image in each direction.The strong correlation between adjacent pixels of the plain image is evident as all the dots are congregated along the diagonal in Figure 9a-i.However, in Figure 10a-i, the dots are scattered over the entire plane, which indicates that the correlation is greatly reduced in the ciphered image.The corresponding correlation coefficients are calculated for ciphered Lena, Girl, House, Mandrill and Peppers and are listed in Table 4.    From Table 4, in the R, G and B components of the ciphered colour image, correlation coefficients are all smaller than 0.01, indicating a negligible correlation between adjacent pixels.

Differential Attacks
Number of Pixels Change Rate (NPCR) shows the number of changed pixels when the value of a pixel in the plain image is changed.The NPCR indicates the sensitivity of the scheme to similar plain images with a tiny difference; therefore, the NPCR can evaluate the ability of a scheme against chosen plaintext attacks.Unified Average Changing Intensity (UACI) shows the average intensity of differences between the plain image and the corresponding ciphered image.Therefore, the UACI can evaluate the ability of a scheme for resistance to differential attacks.The NPCR and UACI are as follows: where W and H are the width and height of the image, respectively; 1 C is the ciphered image for the original image; 2 C are the ciphered image that one pixel changed in its plain image.For the pixel where NPCR and UACI of R, G and B components of Lena, Girl, House, Mandrill and Peppers are listed in Table 5.The idea values of UACI and NPCR must approach 99.609375% and 33.463541% respectively [33,40].The results show that the proposed algorithm displays good NPCR and UACI performance against plaintext attacks and differential attacks.

Key Sensitivity
A good encryption scheme should be sensitive to the secret keys and the plaintext.Taking secret key 0 (1) x for instance, a sensitivity test on the R component of "Lena" is performed.Figure 11a shows the differences between two ciphered R components when 0 (1) x is changed from 0.45 to 0.45000000001 while the other keys remain the same.Figure 11b shows the differences between two ciphered R components when 1 bit of the pixel data of the R component of "Lena" is changed.Without loss of generality, the Girl and Mandrill images are also tested in the same manner.The results are shown in Figure 12.

Speed Performance
To evaluate the running speed, all the tests are implemented in Visual C++ 6.0 under the Windows XP Professional operating system, and the computer is an Intel Core 2.4 GHz CPU, 2GB RAM and 500 GB hard disk.The colour images of Lena, Grill, House, Mandrill and peppers are encrypted by each algorithm ten times.The average execution time is 267.5 ms for one round.Therefore, the mean speed of encryption of the proposed scheme is 2.87 MB/s.

Performance Comparison with Other Colour Image Encryption Schemes
Some recent excellent image encryption schemes [25,29,35,36] are employed for comparison with the proposed scheme.Table 6 lists the mean values obtained for the correlation coefficient of adjacent pixels, NPCR, UACI and speed.The results indicate that the performance of the proposed scheme is similar or better than the previous excellent schemes.

Conclusions
In this paper, we propose a colour image encryption algorithm based on the CML system.Initially, we form a matrix using the R, G and B components of a colour plain-image.The simplicity of the proposed scheme leads to an easy software implementation.Both experimental results and theoretical analysis indicate that the scheme is secure.For future work, we will design a parallel implementation of the scheme in order to reduce the execution time.

Figure 6 .
Figure 6.Histograms of the R, G and B components of the colour plain-image "Lena".(a) Histogram of the R component; (b) histogram of the G component; (c) histogram of the B component.

Figure 7 .Figure 8 .Figure 8 . 2 χof the 2 χ
Figure 7. Histograms of the R, G and B components of the ciphered colour image of "Lena".(a) Histogram of the R component; (b) histogram of the G component; (c) histogram of the B component.

Figure 9 .
Figure 9. Correlation distributions.(a-c) Correlation distributions of the R component of "Lena" in each direction; (d-f) correlation distributions of the G component of "Lena" in each direction; (g-i) correlation distributions of the B component of "Lena" in each direction.

Figure 11 .Figure 12 .
Figure 11.Sensitivity tests.(a) Differences between two ciphered R components when 0 (1) x is changed from 0.45 to 0.45000000001; (b) Differences between two ciphered R components when 1 bit of the pixel data of the R component of "Lena" is changed.

Table 1
shows the results of 2 χ tests of the five pairs of plaintext/ciphered images.

Table 4 .
Correlation coefficients of the R, G and B components of the ciphered images.

Table 5 .
NPCR and UACI of R, G and B components of ciphered images.

Table 6 .
Comparison with previous excellent encryption schemes.