A Simple Chaotic Map-Based Image Encryption System Using Both Plaintext Related Permutation and Diffusion

Recently, to conquer most non-plain related chaos-based image cryptosystems’ security flaws that cannot resist the powerful chosen/knownn plain-text attacks or differential attacks efficiently for less plaintext sensitivity, many plain related chaos-based image cryptosystems have been developed. Most cryptosystems that have adopted the traditional permutation–diffusion structure still have some drawbacks and security flaws: (1) most plaintext related image encryption schemes using only plaintext related confusion operation or only plaintext related diffusion operation relate to plaintext inadequately that cannot achieve high plaintext sensitivity; (2) in some algorithms, the generation of security key that needs to be sent to the receiver is determined by the original image, so these algorithms may not applicable to real-time image encryption; (3) most plaintext related image encryption schemes have less efficiency because more than one round permutation–diffusion operation is required to achieve high security. To obtain high security and efficiency, a simple chaotic based color image encryption system by using both plaintext related permutation and diffusion is presented in this paper. In our cryptosystem, the values of the parameters of cat map used in permutation stage are related to plain image and the parameters of cat map are also influenced by the diffusion operation. Thus, both the permutation stage and diffusion stage are related to plain images, which can obtain high key sensitivity and plaintext sensitivity to resist chosen/known plaintext attacks or differential attacks efficiently. Furthermore, only one round of plaintext related permutation and diffusion operation is performed to process the original image to obtain cipher image. Thus, the proposed scheme has high efficiency. Complete simulations are given and the simulation results prove the excellent security and efficiency of the proposed scheme.


Introduction
Nowadays, the security of confidential image or video has become increasingly important when the sensitive information is transmitted over public channels or stored in a third party. However, for the intrinsic features of digital images, such as bulky data capacity, high time redundancy and space redundancy, chaotic maps are suitable for image encryption because of their high complexity, sensitivity to initial conditions, infinite key space and random-like behavior, etc. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19]. For example, Ye et al. developed a simple image scrambling encryption algorithm based on a pixel bit that can change the position and gray value of pixel simultaneously [1]. In [2], the two-stage bit-level permutation algorithm is used to shuffle plain image, which can obtain a diffusion effect in the permutation stage. However, Li et al. pointed out that any encryption schemes using only permutation operation can be efficiently broken with O( log L MN ) plaintexts and O( log L MN × MN 2 ) computational time. Thus, diffusion operation is necessary for security image encryption [20]. As early as 1998, Fridrich proposed a new symmetric block encryption using architecture which includes pixel-level permutation-diffusion structure that has drawn much attention [3]. Since then, many permutation-diffusion structure based image cryptosystems have been developed [4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19]. Because bit level permutation can achieve a confusion effect, bit level permutation is often used in some cryptosystems [4][5][6][7][8]. For example, a cryptosystem using expand-and-shrink scheme to permute the bit matrix decomposed from original image was proposed in [4], which has high efficiency. For a color plain image, the correlations between different channels are very high. Zhou et al. developed an image cryptosystem by using a skew tent map [6], whose three channels are transformed into a binary image and encrypted at the same time. Later in 2017, Chai et al. used Brownian motion to confuse the 8 bit planes decomposed from the original image, and then all permutated bit planes are converted into the permutated image. After a two-directional diffusion stage is performed to the permutated image, an encrypted image is obtained [8]. However, for the algorithm based on bit level permutation, in the permutation stage, the amount of data that needs to be processed is eight times as large as in pixel-level permutation based algorithms. Thus, most image encryption algorithms still adopt pixel-level permutation [9][10][11][12][13][14][15][16][17][18][19]. For instance, Chen et al. proposed an efficiency image cryptosystem using a lookup table constructed by chaotic systems in both pixel-level permutation and diffusion operation [10]. In [12], Chebyshev map and rotation equation are used in the encryption system's confusion stage and diffusion stage, respectively, and detailed security analysis has been provided. Later in 2017, a new chaotic map based on Beta function is proposed and used in the generation of chaotic sequences that are used in an encryption process and the encryption scheme including permutation, diffusion and substitution operation has high security [17]. Furthermore, to obtain a high efficiency image encryption scheme, a confusion stage and diffusion stage are performed simultaneously using a chaotic map and DNA technique [19].
However, the permutation stage and diffusion stage are independent of the original image in most chaotic-based image encryption schemes mentioned above. Such schemes have the security flaws that the cryptosystem is insensitive to original images and secret keys and cannot resist chosen/known plaintext attacks or differential attacks, etc. Table 1 shows some typical approaches that have been used to attack some cryptosystems based on permutation-diffusion structure [21][22][23][24][25][26][27]. In order to conquer the issue of low key sensitivity and plaintext sensitivity, researchers have proposed some plaintext related image encryption schemes in recent years [28][29][30][31][32][33][34][35][36][37][38]. For some algorithms in [28][29][30][31][32], the confusion process is related to plain image in some ways. For instance, Liu et al. developed a half-pixel-level interchange permutation strategy in the permutation stage and the permutation stage is plain-image dependent, which can obtain high plaintext sensitivity [30]. In [32], Chai et al. developed a new permutation operation using random access bit-permutation mechanism, in which, the generation of key streams used in the permutation stage is related to plain image. For some algorithms in [33][34][35][36][37], the diffusion process is related to plain image. For example, in [36], combined with the characteristics of the original image and the chaotic sequences generated by the chaotic map, the key streams used in the diffusion stage are generated and related to plain image, which can achieve high sensitivity to the plain image. In [37], Li et al. developed a selective chaotic maps and DNA coding based image encryption system in which only four bits of each image pixel are encrypted using plain related diffusion. However, for other image encryption algorithms in [28,38], the generation of security keys that need to be sent to the receiver is determined by the original image, so these algorithms can achieve high plaintext sensitivity and excellent security performance. Based the fact that the security keys are changed, however, when encrypting different plain images, the encryption system may not be applicable to real-time image encryption, especially to real-time video encryption. Furthermore, for some algorithms based on plaintext-related mentioned above, there are some security drawbacks, such as high encryption time, low security key space, or not enough security to resist powerful chosen-plaintext. For instance, image cryptosystems developed in [33][34][35] have been analysed and broken with chosen plaintext attack in [39][40][41], respectively.
According to the analysis above, we propose a simple chaotic based color image encryption system using both plaintext related permutation and diffusion. The main novelties and contributions of the scheme are as follows: (1) The proposed encryption system can be used to encrypt color images or gray images of any size.
Some algorithms [5,[8][9][10]15,29,31,33,35] mentioned above are developed to encrypt gray images. If these algorithms are used to encrypt R, G and B channels of original color image and then transform three encrypted gray imges into encrypted color image, the encryption system has less plaintext sensitivity because three channels of original color image are encrypted separately and do not have interaction in the encryption process. Furthermore, some other algorithms [7,10,11] are suitable for encrypting the original square image. (2) As mentioned above, most plaintext related image encryption schemes used only plaintext related confusion operation [28][29][30][31][32] or only plaintext related diffusion operation [33][34][35][36][37] related to plaintext inadequately. For security purposes, in our scheme, both permutation operation and diffusion operation are related to plain images, which can achieve high plaintext sensitivity to chosen/known plaintext attack efficiently. (3) Different from most chaotic based image cryptosystems in [4][5][6][7]9,10,12,16,19,28,29,31,36], in which the permutation-diffusion operation is performed several times to obtain the desired security level, the plaintext related permutation and diffusion in our scheme is only performed a single time in the entire encryption process. (4) Complete simulations are given and the simulation results prove an excellent performance in security and efficiency.
The rest of this paper is organized as follows: two chaotic maps used in our image cryptosystem will be reviewed briefly in Section 2; Section 3 details the new encryption scheme; Section 4 gives detailed simulation to evaluate the performance of the new system; Section 5 provides conclusions.

Related Work
In our new chaotic encryption scheme, two chaotic maps are used and briefly discussed: extended Arnold map and Chebyshev map.

Extended Arnold Map
Cat map is a well-known two-dimensional invertible chaotic map and its extended version used to permutate non-square images in the permutation stage in our new cryptosystem is defined as the following equation: where (x, y) and (x , y ) are the current accessing position and the target position respectively, a and b are the parameters, and M and N are the height and the width of the plain image, respectively. When the target position (x , y ) is obtained, two pixels located in (x, y) and (x , y ) change places. Because x, x = 1, 2, 3 · · · M, y, y = 1, 2, 3 · · · N, actually, we use the following equation to permutate the original image: (2)

Chebyshev Map
For the advantages of a simple structure, ease of implementation and good chaotic performance, Chebyshev map is suitable for fast image encryption systems and have been used in many secure encryption systems [9,12,13,32]. The Chebyshev map is given by Equation (3): where a ∈ N is the parameter and the output sequence is chaotic when a ≥ 2. Giving the initial value x 0 of the sequence that can be used as secret key at a later stage, the chaotic sequence x n ∈ [−1, 1] can be generated by the chaotic map. To measure the chaotic property of the Chebyshev Map, Bifurcation analysis and Lyapunov exponent analysis are given and the analysis results shown in Figure 1. As shown in Figure 1, the Chebyshev map has a chaotic behavior when parameter a ≥ 2.

Algorithm of Image Encryption
In this section, we detail the new encryption scheme adopting plaintext related traditional permutation-diffusion structure. The overall view of our new cryptosystem is shown in Figure 2.

Chaotic sequence generator
Diffusion key stream generator

Encryption Process
The encryption process includes only one round permutation stage and diffusion stage.

Permutation Stage
Step 1: The original color image P with size M × N × 3 is divided into RGB (Red, Green, Blue) channels denoted as P r , P g and P b , respectively.
Step 2: The parameter and initial value of Chebyshev Map are set to a = 4, and key _x0 = 0.3, respectively, and N 0 is defined as N 0 = 1000. Then, pre-iterate Equation (3) (M × N + N 0 + 9) times and discard the former N 0 elements to avoid the harmful effects to obtain random sequences x n with the size of (M × N + 9), given by The first nine elements of the sequence x n are processed using Equation (5) to obtain another sequence x nq : x where i = 1, 2, 3, ..., 9.
Step 3: Obtaining the sum of the pixels' value in P r , P g and P b , respectively, one can get Step 4: Calculation of the parameters of cat map is related to plain image. In our encryption system, R, G and B channels are shuffled by cat map with different parameters and the parameters are calculated using the following equations: where (b r , a r ), (b g , a g ) and (b b , a b ) are the parameters of cat map used to shuffle R channel, G channel and B channel, respectively. If all pixels' value in original color image P are zero, the parameters are calculated using the following equation: Step 5: Plaintext related permutation operation based on a cat map. All channels of original color image P are shuffled used Equation (2). The scanning sequence is left to right and top to bottom, which is illustrated in Figure 3a. When all pixels in R, G or B channels are permutated, the permutated image P P is obtained.
Step 3: Calculation of C R (1), C G (1), C B (1) value. Here, three 1D pixel arrays P R_p , P G_p and P B_p are diffused to obtain the corresponding diffused 1D pixel arrays C R , C G and C B , respectively. The values of the first encrypted pixel C R (1), C G (1) and C B (1) are determined by the parameter of b and secret keys K 1 , K 2 , K 3 according the following equations: Step 3: Using the diffusion matrix D and 1D pixel arrays P R_p , P G_p , P B_p , all the other encrypted pixels of 1D pixel arrays C R , C G and C B except C R (1), C G (1) and C B (1) are obtained, given by M × N, and symbol "⊗" is bitwise exclusive or an operator.
Step 4: Convert the three 1D pixel arrays C R , C G and C B into R, G and B channels gray images with the size of M × N, respectively. Then, three gray images are treated as RGB components of the last encrypted color image C with size M × N × 3.
It should be noted that, if the encryption system is used to encrypt a gray image, then the encryption process is similar to the R, G or B channels encryption except the calculation of the first encrypted pixel C(1). Here, we use

Decryption Process
As illustrated in Figure 2, when the receiver obtains the encrypted image and secret keys key _x0 , K 1 , K 2 , K 3 and N 0 , the decryption process contains the following steps: Step 1: Obtain the diffusion matrix D = {d 1 , d 2 , d 3 , · · · , d (M×N) } using the same methods in the encryption process.
Step 2: The first encrypted pixels C R (1), C G (1), C B (1) are read from encrypted color image C and used to calculate the parameters of cat map as follows: Step 3: Reconstruct R, G and B channels of the permutated image P P using the diffusion equation as Step 4: Reconstruct R, G and B channels of original color image P according to Equation (2). However, it should be noted that the scanning sequence of the accessing position is right to left and bottom to top, which is illustrated in Figure 3b.

Experimental Results and Security Analysis
To test the performance of the proposed image cryptosystem, we choose two standard color plain images as the testing images. The initial value of Chebyshev map is chosen as key _x0 = 0.3 while the other four keys K 1 , K 2 , K 3 and N 0 are chosen as 65,536, 65,535, 65,534 and 1000, respectively. The comparison results of plain-images, encryption-decryption images and their corresponding histograms are shown in Figure 4.

Histogram Analysis
Image histogram, which can provide attackers with the statistical information of the image, reflects the distribution of pixels' value. For a security image cryptosystem, the cipher image's histogram should be flat to resist statistic attacks. As can seen in Figure 4, completely different from the plain image's histogram, the histogram of encrypted image is uniformly distributed.
For quantity analysis of the uniformity of image histogram, we use a variance of an image histogram that is presented as follows to evaluate the uniformity of image histogram: where image histogram H = {h 1 , h 2 , · · · , h 256 } is a vector, and h i is the value of histograms. The smaller the value of variance, the flatter the image histogram. Table 2 lists the variances of histograms of some ciphered test images. As shown in Table 2, the value of variance is very small, which means that the histogram of cipher image has very small average fluctuation.

Correlation Analysis
Adjacent pixels in original images often have high correlation, which can be used in statistical analysis attacks. Thus, after an original image is encrypted, its correlation coefficients of adjacent pixels should be greatly reduced. As a test, the correlation coefficients of all adjacent pixels in the four directions, including the vertical, horizontal, diagonal and anti-diagonal directions are calculated using Equation (23): where cov(x, y) = 1 x i . x, y are two adjacent pixel values, and N is the number of image pixel. As Table 3 shows, all correlation coefficients of cipher-images including four directions, namely, vertical (V), horizontal (H), diagonal (D) and anti-diagonal (A), are almost equal to 0. Thus, the proposed scheme has excellent performance in terms of resisting statistical attack. Furthermore, Table 4 gives detailed results compared with similar schemes. Furthermore, 2000 pairs adjacent pixels in different directions are selected randomly from the R channel of a standard image of Lena and its corresponding encrypted image and Figure 5 shows the correlation diagram. As Figure 5 shows, adjacent pixels in cipher-images have less correlation.

Sensitivity Analysis
Differential attack is a powerful typical approach to break a cryptosystem. To resist such attack effectively, a security encryption system should have high key sensitivity and plaintext sensitivity. Two indexes, namely number of pixels change rate (NPCR) and unified average changing intensity (UACI), are defined as follows and used to evaluate the sensitivity: where c 1 , c 2 are encrypted images, and . There are five secret keys key _x0 , K 1 , K 2 , K 3 and N 0 in our algorithm and we take secret key key _x0 as an example to illustrate the key sensitivity simulation. Firstly, 200 key groups k ey (i) = (key _x0 (i), K 1 (i), K 2 (i), K 3 (i), N 0 (i))(i = 1, 2, 3, · · · , 200) are selected from the security key space randomly and used to encrypt the standard plain-images to obtain 200 cipher-images denoted as C 1 (i)(i = 1, 2, 3, · · · , 200). Secondly, secret key key _x0 in each key group make a tiny change of 10 −15 and the remaining four keys K 1 (i), K 2 (i), K 3 (i)andN 0 keep unchanged to obtain 200 new key groups k ey (i) = (key _x0 (i) + 10 −15 , K 1 (i), K 2 (i), K 3 (i), N 0 (i))(i = 1, 2, 3, · · · , 200). Then, the new 200 key groups are used to encrypt the same standard plain-images to obtain another 200 cipher-images denoted as C 2 (i)(i = 1, 2, 3, · · · , 200). Finally, using C 1 (i)(i = 1, 2, 3, · · · , 200) and C 2 (i)(i = 1, 2, 3, · · · , 200), 200 pairs of NPCR and UACI are calculated according to Equation (24). Table 5 shows average values of NPCR and UACI. The key sensitivity of K 1 , K 2 , K 3 and N 0 is evaluated in the same way and it should be noted that the variation of K 1 , K 2 , K 3 and N 0 is equal to 1. As Table 5 shows, the mean values of NPCR and UACI are almost equal to the theoretical value, which represents that our scheme has high key sensitivity. Furthermore, we use a standard image of Lena as a testing image and take secret key key _x0 as an example to show the key sensitivity test result visually. Firstly, one key group k ey (1) = (0.3, 65, 536, 65, 535, 65, 534, 1000) is selected from the key space and used to encrypt the standard image in Figure 6a to obtain a cipher image denoted as E1 shown in Figure 6b. Then, the value of key _x0 is changed by 10 −16 while keeping others unchanged to obtain another key group denoted as k ey (2) = (0.3000000000000001, 65, 536, 65, 535, 65, 534, 1000). The key group k ey (2) is used to encrypt the same standard image to obtain another encrypted image denoted as E2 shown in Figure 6c. The image of pixel-to-pixel difference |E1 − E2| and its histogram are shown in Figure 6d,h, from which we can see that a slight change 10 −16 in secret key key _x0 will result in a significant change in the encrypted image. Finally, we obtain four other key sets k ey (3) = (0.3, 65, 537, 65, 535, 65, 534, 1000), k ey (4) = (0.3, 65, 536, 65, 536, 65, 534, 1000), k ey (5) = (0.3, 65, 536, 65, 535, 65, 535, 1000) and k ey (6) = (0.3, 65, 536, 65, 535, 65, 534, 1001) in the same way. After that, the decrypted image of cipher images E1 using six key sets k ey (1), k ey (2), k ey (3), k ey (4), k ey (5) and k ey (6) are shown in Figure 6i to Figure 6m. As one can see, only correct key set k ey (1) can reconstruct the original image absolutely. (j-n): decrypted image of E1 using security key set k ey (2), k ey (3), k ey (4), k ey (5) or k ey (6).
An encryption system that can resist known and chosen plaintext attacks must be sensitive to tiny differences in the original image. Firstly, we used one key set denoted as k ey = (key _x0 , K 1 , K 2 , K 3 , N 0 ), which is selected from the security key space randomly to encrypt the standard plain-image to obtain an encrypted image denoted as C 1 . Then, one pixel P ixel_1 (x, y, z) is selected from the standard plain-images randomly and modified its value slightly according to Equation (25): P ixel (x, y, z) = mod(P ixel (x, y, z) + 1, 256). (25) After that, the standard plain-image containing the modified pixel P ixel_1 (x, y, z) is encrypted using key group k ey to obtain another cipher image C 2 . Finally, using C 1 and C 2 , the values of NPCR and UACI are calculated according to Equation (24). After 200 pairs values of NPCR and UACI are obtained in the same way, the average of NPCR and UACI will be obtained, which is shown in Table 6. As one can observe from Table 6, all calculation results are close to the theoretical values. Furthermore, eight standard images with different sizes are used to perform randomness tests and all standard images pass the randomness test as Tables 7 and 8 show [42].

Known and Chosen Plaintext Analysis
Known/chosen plaintext analysis are powerful cryptanalysis approaches used by attackers. Some special plain images such as all black or all white images are chosen or constructed by attackers and used to obtain the corresponding encrypted images to deduce the key streams (even the secret key) or disclose the relation between plain image and encrypted image. In our scheme, however, the generation of the values of the parameters of cat map that not only used the permutation stage but used it to calculate the value of the first encrypted pixels C R (1), C G (1), C B (1) is related to the plain image. Thus, it means that both the permutation stage and diffusion stage are related to plain image, which can obtain high key sensitivity and plaintext sensitivity to resist chosen/known plaintext attacks effectively. The encryption results of all black and all white images are shown in Figure 7 and one can observe that all cipher images are noise-like. Furthermore, we construct two other special plain images denoted as P 1 and P 2 . P 1 is a color image with size M × N × 3 in which all pixels' values are zero except one pixel located in (250, 250) in R channel is 1. P 2 is also a color image with size M × N × 3 in which all pixels' values are 255 except for one pixel located in (250, 250) in the R channel, which is 0. Then, we use the four special plain images to do plaintext sensitivity analysis and the analysis results are shown in Table 9. As shown in Table 9, the average values of NPCR and UACI are almost equal to the theoretical value.

Robustness against Noise and Occlusion Attacks
When the encrypted images are transmitting through the public network, it is easily contaminated by noise or occlusion-attack. In this section, we use standard color image Lena with size 512 × 512 to test the robustness to resist noise and the occlusion attack. As Figure 8 shows, the decrypted images of encrypted images polluted by different densities salt-and-pepper noise can still recognized. In Figure 9, the decrypted images of color or gray cipher images destructed with different degrees can also still be recognized. Thus, our image cryptosystems have strong robustness to resist against noise attack and occlusion attack. Furthermore, PSNR (Peak Signal to Noise Ratio) is often used to evaluate the restoring ability of an image and expressed using the following equation [43,44]: where  Table 10 shows the PSNR analysis results of our scheme compared with a plain related image encryption scheme in Ref. [35]. As Table 10 shows, the performance of robustness to resist noise and the occlusion attack of the proposed encryption algorithm is better than the one in Ref. [35].
Ecryption color image

Information Entropy
In this section, we use an important index of information entropy to measure gray values of an image's unpredictability and randomness. For a 256 gray-scale image, information entropy is calculated quantitatively with where m is a 256 gray-scale image. For the digital image with 256 gray levels, the information entropy is equal to a theoretical value of 8 when different gray level pixels appear randomly. Table 11 shows the values obtained for the entropies of standard original images and its cipher-images. One can observe from Table 11 that all information entropies of cipher-images, as expected, are close to 8. Therefore, the distribution of different gray level pixels is very uniform, which means that the proposed image cryptosystem has better ability to resist statistical attacks.

Encryption Speed Analysis
In this section, speed analysis is given and some similar plaintext related algorithms in Ref. [28,32,36,38] are used to make a comparison with our scheme. Here, one standard image of Lena with size 256 × 256 or 512 × 512 is used as a test image and the running speed of different algorithms in literature are listed in in Table 12. It should be noted that our experimental environment is MATLAB R2014b (MathWorks, Natick, MA, USA) with Intel Core i7-7500U CPU@ 3.5 GHz (Intel, Santa Clara, CA, USA) and 4.0 G RAM on Windows 10 OS (Microsoft, Redmond, WA, USA) and the results of encryption time consumption include both key-stream generation and encryption operations.
Furthermore, encryption throughput (ET) in Mega Byte Per Second (MBps) and number of cycles per byte defined by Equations (28) and (29) are also given to evaluate the encryption speed of our cryptosystem: Number o f cycles per Byte = CPU Speed (Hertz) ET (Byte) .
As Tables 12 and 13 show, compared to most of other algorithms, our scheme has more efficiency.

Conclusions
To conquer the issue of low key sensitivity and plaintext sensitivity in most encryption schemes proposed recently and obtain a high security and efficient encryption system, a simple chaotic based color image encryption system using both plaintext related permutation and diffusion is presented. In the permutation stage, the values of the parameters of cat map are related to plain images. It means that different original images correspond to different parameters. Thus, the permutation stage is related to plain image. In the diffusion stage, the first encrypted pixels' value is determined by both secret keys and the parameter of cat map. Furthermore, we use previously encrypted pixels to encrypt current encrypting pixels. Thus, the diffusion stage is also related to plain image, which can achieve high key sensitivity and plaintext sensitivity to resist chosen/known plaintext attacks or differential attacks effectively. In addition, plaintext related permutation and diffusion operation is performed for only one round to process the original image to obtain the cipher image. Thus, our scheme has high efficiency. Complete simulations are given and the experimental results prove that the proposed scheme has high robustness to resist brute-force attacks, statistical analysis, differential attacks, noise attacks, occlusion attacks and the powerful chosen/known plaintext attacks. Thus, our scheme can be used to encrypt digital image efficiently.