Breaking an Image Encryption Algorithm Based on DNA Encoding and Spatiotemporal Chaos

Recently, an image encryption algorithm based on DNA encoding and spatiotemporal chaos (IEA-DESC) was proposed. In IEA-DESC, pixel diffusion, DNA encoding, DNA-base permutation and DNA decoding are performed successively to generate cipher-images from the plain-images. Some security analyses and simulation results are given to prove that it can withstand various common attacks. However, in this paper, it is found that IEA-DESC has some inherent security defects as follows: (1) the pixel diffusion is invalid for attackers from the perspective of cryptanalysis; (2) the combination of DNA encoding and DNA decoding is equivalent to bitwise complement; (3) the DNA-base permutation is actually a fixed position shuffling operation for quaternary elements, which has been proved to be insecure. In summary, IEA-DESC is essentially a combination of a fixed DNA-base position permutation and bitwise complement. Therefore, IEA-DESC can be equivalently represented as simplified form, and its security solely depends on the equivalent secret key. So the equivalent secret key of IEA-DESC can be recovered using chosen-plaintext attack and chosen-ciphertext attack, respectively. Theoretical analysis and experimental results show that the two attack methods are both effective and efficient.


Introduction
With the rapid development of information technologies such as mobile Internet, cloud computing, social networking, and Big Data, the security of multimedia data such as image and video has attracted more and more attention [1][2][3]. Image is an important part of multimedia data, and its encryption protection techniques are particularly interesting [4,5]. In the past three decades, many novel image encryption schemes based on various methodologies were proposed, such as chaos theory [6], DNA computing [7], cellular automaton [8,9], and quantum information [9,10]. Among them, chaos is the most popular one because it has the unique characteristics of sensitivity to initial values and parameters, ergodicity, and deterministic inherent randomness [11][12][13][14][15][16], which correspond to the confusion and diffusion properties of encryption [17]. Moreover, DNA computing has the characteristics of high parallelism, large storage capacity, and low energy consumption [7]. Hence, researches on image encryption schemes combined with chaos theory and DNA computing have become a hot topic in recent years [18][19][20]. Nevertheless, many encryption schemes are actually insecure as a result of their various security defects [21,22]. Therefore, performing cryptanalysis on these existing encryption algorithms is indispensable [21,23,24].
In recent years, with the security analysis and breaking of some existing chaotic image algorithms combining DNA computing and chaos theory [25][26][27][28][29][30], research interest in cryptanalysis has become increasingly stimulated [31][32][33][34]. In 2010, Zhang et al. [25] created an image encryption method using DNA addition combined with chaotic maps. However, in 2014, Hermassi et al. [26] pointed out that the algorithm in Reference [25] was irreversible and was vulnerable to the chosen-plaintext attack and the known-plaintext attack. In 2015, Zhen et al. [27] proposed an image encryption scheme combining DNA coding and entropy. Nonetheless, in 2016, Su et al. [28] pointed out that the algorithm of Reference [27] was insecure and could be broken using the chosen-plaintext attack. In 2016, Jain et al. [29] proposed a robust DNA chaotic image encryption scheme based on Reference [25] and Reference [26]. Whereas, in 2017, Dou et al. [30] used the chosen-plaintext attack method to break the algorithm proposed in Reference [29]. In addition, Özkaynak et al. [33] and Zhang et al. [34] further concluded that an encryption algorithm may lead to the existence of an equivalent secret key if only a single DNA encoding and operation rule is employed.
Generally speaking, cryptanalysis becomes more difficult as the level of encryption design increases [35]. However, there are still some existing algorithms that can be broken owing to their inherent defects [36]. Moreover, since each encryption algorithm has natural features, the corresponding attack method may also be different. Therefore, it makes sense, even if a similar attack method is used, to reveal the intrinsic characteristics of the different encryption algorithms.
In 2015, an image encryption algorithm based on DNA encoding and spatiotemporal chaos (IEA-DESC) was proposed [37]. In IEA-DESC, pixel diffusion, DNA encoding, DNA-base permutation, and DNA decoding are adopted successively to obtain cipher-images from plain-images. Some security analyses and simulation results are given to prove that it can withstand various common attacks. Despite this, according to the basic criteria of cryptanalysis, some findings in IEA-DESC can be given as follows: (1) Its pixel diffusion is invalid for attackers.
In IEA-DESC, there is no external secret key during the pixel diffusion phase. According to the cryptographic principle proposed by Kerckhoffs [38], the algorithm is public for attackers. Therefore, its pixel diffusion is essentially useless.
(2) The combination of DNA encoding and DNA decoding can be equivalently simplified.
Although the DNA encoding rule is related to the plain-image, there is a certain relationship between its decoding rule and its encoding rule. This leads to the fact that for any binary bit, the output is the complement of the input after DNA encoding and DNA decoding. Hence, DNA encoding and DNA decoding are a complementary process on the whole.
(3) The sequences for DNA-base permutation are fixed for different plain-images.
During IEA-DESC's DNA-base permutation, the chaos-based sequences for encryption are neither associated with plain-image nor cipher-image. Thus, on the basis of the basic rules of cryptanalysis, under the condition of a given secret key, the encryption sequences are fixed for different plain-images. Once the attackers obtain these sequences, i.e., an equivalent secret key, the DNA-base permutation is deciphered.
On the basis of the above properties, IEA-DESC's pixel diffusion is invalid, and therefore, its security depends only on the DNA domain encryption. Unfortunately, an equivalent secret key exists in the overall DNA domain encryption phase. More specifically, the DNA-based encryption algorithm is essentially a permutation-only process of a quaternary element. Yet, permutation-only encryption algorithms have been analyzed to be insecure [39,40]. Therefore, in this paper, two attack methods for breaking IEA-DESC using the chosen-plaintext attack and chosen-ciphertext attack are proposed, respectively.
The rest of the paper is organized as follows. Section 2 concisely describes IEA-DESC. Section 3 proposes two different attack methods on IEA-DESC. Section 4 presents the experimental simulation results. Section 5 gives some improvement suggestions for the security of chaos-based encryption algorithms. The last section concludes the paper.

The Encryption Algorithm under Study
In this section, the DNA coding rules and spatiotemporal chaos used in Reference [37] are introduced, and then the specific steps of IEA-DESC are detailed.

DNA Coding Rules
A DNA sequence includes four kinds of nucleic acid bases: A, T, C, and G. With respect to these four bases, the total number of coding combinations is 4! = 24. However, there are only eight kinds of coding combinations because these four bases satisfy the principle of complementary base pairs. More precisely, A and T are complementary to each other, as are C and G. Table 1 shows the eight DNA coding rules. A 00 00 01 01 10 10 11 11 T 11 11 10 10 01 01 00 00 G 01 10 00 11 00 11 01 10 C 10 01 11 00 11 00 10 01

Spatiotemporal Chaos
Two discrete chaotic maps are used in IEA-DESC [37], one is the logistic map and the other is a spatiotemporal chaos map based on the so-called new chaotic algorithm (NCA) given in Reference [41]. The iterative equation of the Logistic map is represented as where the state variable x ∈ (0, 1) and the control parameter µ ∈ (3.57, 4). The structure of the functional graph of the Logistic map in a digital computer is quantitatively analyzed in Reference [16]. The spatiotemporal chaos is a dynamic system using discrete time and space, in which the coupled map lattice (CML) is its most common model. The iterative equation of NCA-based CML is modeled by where the spatial lattice index i = 1, 2, · · · , L, the time grid index n = 1, 2, · · · , the coupling strength ε ∈ (0, 1), the state variable x n (i) ∈ (0, 1), and the periodic boundary condition is x n (0) = x n (L). The second equation of Equation (2) is the so-called NCA, which is actually an improved logistic map. Given the parameters α = 1.57, β = 3.5, ε = 0.3, and L = 1024, the system is chaotic, and its attractor is shown in Figure 1.

Secret Key
The secret key of IEA-DESC consists of x 0 , µ, K 0 , N 0 , α, β, ε, and L, where x 0 , µ, K 0 , and N 0 are the parameters of the logistic map, α, β, ε, and L are the parameters of NCA-based CML, and N 0 is the length of discarded sequence for eliminating harmful transient effects.

Encryption Process
The encryption objects of IEA-DESC are 8-bit grayscale images of size H × W (height × width). For convenience, the symbolic representation is different without changing the original algorithm. A block diagram of IEA-DESC is shown in Figure 2, where P, P , and C are the plain-image, the diffused image, and the cipher-image, respectively. As can be seen from Figure 2, the encryption process of IEA-DESC includes four phases: pixel diffusion, DNA encoding, DNA-base permutation, and DNA decoding. The specific descriptions of IEA-DESC are given as follows: • Phase 1. Pixel Diffusion: By converting the plain-image P into the corresponding sequence {p 1 , p 2 , . . . , p H×W } in raster scanning order, the pixel diffusion equation is defined as where i = 1, 2, . . . , H × W − 1, and ⊕ represents the bitwise XOR operation. Thus, the diffused image P of size H × W is obtained from the diffused sequence p 1 , p 2 , . . . , p H×W . • Phase 2. DNA Encoding: Calculating the sum of the plain-image pixels, the K 0 -th iteration value x K 0 is obtained by Equation (1) under the initial value x 0 and the control parameter µ. The DNA encoding rule r E , as in Table 1, is further determined by where r E ∈ [1,8], and a rounds the element a to the nearest integer toward minus infinity. Then, by the r E -th encoding rule in Table 1, the diffused image P of size H × W is firstly converted into the corresponding binary matrix of size H × 8W, and then encoded as the DNA matrix D 1 of size H × 4W.
• Phase 3. DNA-Base Permutation: First, by iterating Equation (1) N 0 + 4W times and then discarding the front N 0 elements under the initial value x 0 and the control parameter µ, a sequence {a 1 , a 2 , . . . , a 4W } of length 4W is obtained.
Here, the sequence {a 1 , a 2 , . . . , a 4W } is taken as an initial value of the spatiotemporal chaos called NCA-based CML. Thus, by iterating Equation (2) H times under the parameters α, β, ε, and L, a real matrix X of size H × 4W is achieved.
Then, by sorting each row's elements of X in ascending order, the corresponding H row position index sequences are obtained as RI i . Using RI i to perform permutation for each row on the DNA matrix D 1 , the corresponding row permuted DNA matrix D 1 is obtained, given by where i = 1, 2, . . . , H, k = 1, 2, . . . , 4W, RI i (k) indicates a position index of the k-th element in the i-th row, and RI i (k) ∈ {1, 2, . . . , 4W}. Similarly, by sorting each column's elements of X in ascending order, the corresponding 4W column position index sequences are obtained as CI j .
• Phase 4. DNA Decoding: Corresponding to Equation (4), the DNA decoding rule r D is determined as where r D ∈ [1,8]. Thus, by the r D -th decoding rule in Table 1, the DNA matrix D 2 of size H × 4W is firstly decoded as the corresponding binary matrix of size H × 8W, and then converted into the cipher-image C of size H × W.

Decryption Process
Decryption is the inverse of encryption. First, the cipher-image C is converted into the DNA matrix D 2 by the r D -th encoding rule. Then, the DNA matrix D 1 is exacted from the DNA matrix D 2 after the anti-permutation. Next, the DNA matrix D 1 is decoded as the diffused image P with the r E -th decoding rule. Finally, the plain-image P is recovered by anti-diffusion decryption from Equation (3).

Preliminary Analysis of IEA-DESC
According to modern cryptography principles, encryption algorithms are public and only the secret keys are unknown to attackers [42,43]. More precisely, the security of an algorithm solely depends on its secret key. Four common attack methods for cryptanalysis are shown in Table 2. A secure cryptosystem should be able to resist all types of attacks in Table 2. If a cryptosystem cannot resist anyone of these attacks, one can conclude that the cryptosystem is insecure.
By observing Figure 2, one can divide the encryption process of IEA-DESC into two parts, one is pixel diffusion, and the other is DNA domain encryption. For the pixel diffusion part, there is no secret key involved. Since the algorithm is open from the perspective of cryptanalysis, the diffusion phase of IEA-DESC is essentially invalid for the attacker.

Attack Methods Available Resources for Cryptanalysis
Ciphertext-only attack The attacker only knows the ciphertext. Known-plaintext attack The attacker knows any given plaintext, and also knows the corresponding ciphertext. Chosen-plaintext attack The attacker can choose the plaintext that would be useful for deciphering, and also knows the corresponding ciphertext. Chosen-ciphertext attack The attacker can choose the ciphertext that is useful for deciphering, and also knows the corresponding plaintext.
For this reason, only the DNA domain encryption part is worthy of further discussion here. Following Equations (4) and (7), one knows that there is a definite one-to-one correspondence between DNA encoding rule r E and DNA decoding rule r D . Hence, one can list all possible pairs of DNA codec rules, given as Accordingly, given the eight pairs of DNA codec rules, within the binary bits before and after DNA coding, there appears a certain regularity [34]. Table 3 shows any 2-bit input and its 2-bit output with the eight pairs of DNA codec rules. As can be seen from Table 3, given any 2-bit input, no matter which DNA encoding rule is taken, the corresponding 2-bit output is the same because r E + r D = 9 holds. Put explicitly, the 2-bit input and the corresponding 2-bit output are complementary.
Furthermore, one can see that the chaos-based sequences for DNA-base permutation are fixed for different plain-images under the premise of a given secret key. Indeed, it means that an equivalent secret key exists in IEA-DESC.
On this basis, it is found that IEA-DESC is essentially a combination process of a fixed DNA-base position permutation and bitwise complement. Therefore, a simplified block diagram of IEA-DESC can be illustrated, as is shown in Figure 3, where EK P is the equivalent secret key. Once EK P is obtained, IEA-DESC will be broken. Note that the eight different pairs of DNA encoding and decoding, as in Table 3, are equivalent. For simplicity, one sets r E = 1 and r D = 8, i.e., the first DNA encoding rule and the eighth DNA decoding rule are adopted below.

Analysis of DNA-Base Permutation
To obtain the equivalent secret key EK P , performing analysis on the DNA-base permutation is significant. Since DNA only has four different bases, the essence of DNA-base permutation is a position shuffling procedure for a quaternary matrix of size H × 4W.
Supposing that one has an input matrix PV of size H × 4W which satisfies that each element is unequal, and its corresponding one-dimensional sequence in the raster scanning order is {0, 1, 2, . . . , 4HW − 1}. Letting Z m denote a set {0, 1, · · · , m − 1}, one has PV ∈ Z 4HW . Obviously, after a position permutation, the output matrix CV corresponding to the input matrix PV also has the feature that all elements are not equal to each other. According to the assumption of the chosen-plaintext attack in Table 2, one can know both PV and CV . Thus, the equivalent secret key can be determined by comparing the elements before and after the permutation.
However, since each DNA-base only takes four values, A, G, C, and T, such an input matrix PV does not exist. To cope with the problem, an appropriate transformation is inevitable. Therefore, the specific analysis steps to determine the equivalent secret key EK P , as in Figure 3, are detailed as follows: Step 1. Decompose the virtual matrix PV of size H × 4W into some quaternary matrices of the same size.
The virtual matrix PV is firstly decomposed into the N C corresponding quaternary matrices PQ n (n = 1, 2, . . . , N C ), defined by where PV ∈ Z 4HW , PQ n ∈ Z 4 , and N C is the minimum amount required to ensure this decomposition method. Referring to Reference [39], generally one has where a rounds the element a to the nearest integer toward positive infinity.
Step 2. Transform these quaternary matrices into the 8-bit images of size H × W, respectively.
The quaternary matrices PQ n (n = 1, 2, . . . , N C ) are transformed into the corresponding decimal matrices using the method whereby every four quaternary elements are combined into a decimal one in order from low to high. For instance, given four quaternary elements are 0, 1, 2, and 3, one gets the corresponding decimal result as 228 because of its combination procedure: 0 × 1 + 1 × 4 + 2 × 4 2 + 3 × 4 3 . In fact, these decimal matrices are the resulting 8-bit images PI n (n = 1, 2, . . . , N C ) of size H × W.
Step 3. Temporarily use the encryption machine to obtain the N C corresponding cipher-images.
Following Figure 3, the diffused image P is deemed as an input plain-image. As for the chosen-plaintext attack in Table 2, the input plain-images can be arbitrarily chosen, and the encryption machine can be temporarily used. Therefore, one gets the N C cipher-images CI n (n = 1, 2, . . . , N C ) corresponding to the input plain-images PI n (n = 1, 2, . . . , N C ), respectively, after the encryption. Obviously, one has PI n ∈ Z 256 and CI n ∈ Z 256 .
As shown in Figure 3, it takes three phases from PI n to CI n : DNA encoding, DNA-base permutation, and DNA decoding. First, the N C plain-images PI n are encoded as the corresponding DNA matrices with the first DNA encoding rule of Table 1. Then, the permuted DNA matrices are further obtained after a DNA-base permutation. Finally, the N C corresponding cipher-images CI n are decoded from the permuted DNA matrices with the eighth DNA decoding rule.
Step 4. Convert these 8-bit cipher-images into the quaternary matrices of size H × 4W, respectively.
Note that the eighth DNA decoding rule corresponds to the first DNA encoding rule, and the combination process of DNA encoding and DNA decoding is bitwise complement analyzed as in Table 3. Therefore, the complement operation cannot be ignored.
Step 5. Compose the N C complementary quaternary matrices into a virtual matrix of size H × 4W.
Corresponding to Equation (9), the virtual matrix CV is composed from the N C complementary quaternary matrices CQ n (n = 1, 2, . . . , N C ), given as where CV ∈ Z 4HW , and CQ n ∈ Z 4 .
Step 6. Obtain the equivalent secret key EK P . First, following Steps 1 and 2, one gets two quaternary matrices PQ 1 and PQ 2 , the two 8-bit images PI 1 and PI 2 , and their corresponding DNA matrices as below: Then, as in Steps 3 and 4, supposing that the procedure of DNA-base permutation is given in Figure 4, one obtains the two cipher-images CI 1 and CI 2 , their corresponding DNA matrices, and the two quaternary ones CQ 1 and CQ 2 via Correspondingly, one gets the two complementary quaternary matrices CQ 1 and CQ 2 as Finally, the equivalent secret key EK P is achieved with Step 6. On the basis of the above discussion, one can conclude that the encryption algorithm given in Figure 3 can be broken just with the equivalent secret key EK P without knowing any secret key parameter.

Breaking IEA-DESC Using the Chosen-Plaintext Attack
Following Section 3.2, the diffused image P is considered as the input of the cryptosystem. However, as shown in Figure 2, the actual input of IEA-DESC is the plain-image P rather than the diffused image P . To accommodate to this change, the input chosen plain-image should be adjusted accordingly.
According to the analysis in Section 3.1, the pixel diffusion part of IEA-DESC is actually useless for attackers. Under the premise that the algorithm is known, there is a certain one-to-one correspondence between the diffused image and the plain-image. Therefore, for 8-bit grayscale images of size H × W, the specific analysis steps for the chosen-plaintext attack are given as follows: Step 1. Choose some special plain-images.
Step 2. Temporarily use the encryption machine to get the corresponding cipher-images.
On the basis of the condition of the chosen-plaintext attack, the corresponding N C cipher-images C n (n = 1, 2, . . . , N C ) are obtained from the N C plain-images P n (n = 1, 2, . . . , N C ) by temporarily using the encryption machine.
Step 3. Achieve the equivalent DNA-base permutation secret key.
Step 4. Recover the images with the equivalent secret key.
First, using the equivalent secret key EK P , the corresponding diffused image can be obtained from a cipher-image. Then, the recovered plain-image is obtained from the diffused images with Equation (12).
Therefore, the chosen-plaintext attack is effective to break IEA-DESC, and its data complexity is O(N C ) = O(1 + log 4 (HW) ).

Breaking IEA-DESC Using the Chosen-Ciphertext Attack
Since the encryption structure of Figure 3 is symmetrical, the chosen-ciphertext attack is also available. The specific analysis steps based on the chosen-ciphertext attack are detailed below: Step 1. Choose some specific cipher-images and temporarily use the decryption machine to get the corresponding plain-images.
Here, the N C images {PI n } N C n=1 in Secction 3.2 are served as the chosen cipher-images {C n } N C n=1 respectively, and then temporarily use the decryption machine to get the corresponding plain-images {P n } N C n=1 .
Step 2. Get the corresponding diffused images.
Step 3. Achieve the equivalent secret key.
The equivalent DNA-base permutation secret key is achieved by using the same method as Step 3 in Section 3.3.
Step 4. Recover images with the equivalent secret key: This step is also the same as Step 4 in Section 3.3, so it is omitted. Therefore, the chosen-ciphertext attack is also valid for breaking IEA-DESC, and its data complexity is also O(1 + log 4 (HW) ).

The Experiments for Breaking IEA-DESC
To verify the feasibility of the two proposed attack methods, some experimental simulations were performed based on a personal computer with Matlab R2016a. Similar to those in Reference [37], our experimental images are 8-bit grayscale images "Lenna" and "Peppers" of size 256 × 256.

Breaking IEA-DESC by Chosen-Plaintext Attack
The experiment for breaking IEA-DESC was firstly carried out by the chosen-plaintext attack method proposed in Section 3.3. Given H = 256 and W = 256, one gets N C = 1 + log 4 (H × W) = 9 from Equation (10). Correspondingly, the nine 8-bit images PI n (n = 1, 2, . . . , 9) constructed using the method in Section 3.2 are shown in Figure 5a-r. First, following Step 1 in Section 3.3, the nine special images shown in Figure 5 are selected as the diffused images P n (n = 1, 2, . . . , 9), respectively, and then their corresponding plain-images P n (n = 1, 2, . . . , 9) are obtained, as shown in Figure 6a-r. Then, according to Step 2 in Section 3.3, the nine corresponding cipher-images C n (n = 1, 2, . . . , 9) and their histograms are obtained as shown in Figure 7a-r. Next, using the method in Step 3 in Section 3.3, the equivalent secret key EK P is obtained using the nine chosen diffused images shown in Figure 5a First, following Step 1 in Section 3.4, the nine special images shown in Figure 5 are used as the cipher-images C n (n = 1, 2, . . . , 9) respectively, and then their corresponding plain-images P n (n = 1, 2, . . . , 9) are obtained, as shown in Figure 10a-r. Then, according to Step 2 in Section 3.4, the nine corresponding diffused images P n (n = 1, 2, . . . , 9) and their histograms are obtained as shown in Figure 11a-r, respectively. Next, using the method in Step 3 in Section 3.4, the equivalent secret key EK P is obtained using the nine chosen cipher-images shown in Figure 5a-r and the nine corresponding diffused images shown in Figure 11a-r. Finally, the images are recovered using the equivalent secret key EK P . The attacking results on IEA-DESC with the 8-bit images "Lenna" and "Peppers" are also shown in Figures 8a-d and 9a-d, respectively. (r) Histogram of P 9 Figure 11. The nine corresponding diffused images under chosen-ciphertext attack.

Attack Complexity
In terms of attack complexity, the running times of the chosen-plaintext attack method and the chosen-ciphertext attack method are about 2.1165 s and 2.0785 s, respectively. Moreover, given 8-bit images of size 256 × 256, the data complexity of the two attack methods required for breaking IEA-DESC are both O(9). Therefore, the experimental results verify that the two attack methods are both effective and efficient.

Suggestions for Improvement
On the basis of the analysis above, IDE-DESC can neither resist against chosen-plaintext attacks nor chosen-ciphertext attacks because of its inherent security defects. In fact, some other chaos-based ciphers also have similar vulnerabilities as mentioned in Reference [36]. To deal with these problems, some suggestions for improvement to enhance the security are given below: (1) Checking the validity of each encryption component is significant.
The diffusion part of IEA-DESC is invalid for the attacker because it does not involve any secret key parameter. In fact, it does not contribute to security, but increases the computational complexity of the algorithm. Therefore, the designed algorithms should be scrutinized from the perspective of cryptanalysis to ensure the validity of each encryption component.
(2) Exploiting some novel permutation mechanisms to enhance the security.
Like other permutation-only encryption algorithms, DNA-base permutation only changes the position but does not change the value of each element. The only difference is that the element is quaternary. For permutation-only algorithms, many studies have proved that they are insecure [39,40,44]. To fulfil this demand, exploiting some novel permutation mechanisms is worthwhile.
(3) Avoiding the existence of an equivalent secret key in the algorithm.
The encryption process of the algorithm should be associated with the characteristics of the plain-image or cipher-image [2]. Otherwise, the encryption process for different input images is completely identical, which may lead to the existence of an equivalent secret key. Once the equivalent secret key is obtained by an attacker, the encryption algorithm is broken [36].
(4) Appropriately increasing the number of encryption rounds.
In a single-round encryption algorithm, the confusion and diffusion characteristics maybe insufficient [42]. Increasing the number of encryption rounds can effectively improve this problem. Of course, it also requires higher computational complexity [21]. Therefore, ways in which to balance safety and efficiency deserves more research.

Conclusions
In this paper, the security of a recent image encryption algorithm called IEA-DESC has been analyzed in detail. It was claimed that some merits of DNA encoding and spatiotemporal chaos are inherited in the algorithm. However, its algorithm structure has several inherent security pitfalls. It was found that IEA-DESC is actually a combined process of DNA-base permutation and bitwise complement from the perspective of cryptanalysis. Therefore, a chosen-plaintext attack and a chosen-ciphertext attack were proposed to recover the equivalent secret key of IEA-DESC, respectively. Both theoretical analysis and experimental results are provided to support effectiveness and efficiency of two attack methods for breaking IEA-DESC. The reported results would help the designers of DNA-based cryptography pay more attention to importance of the essential structure of an encryption scheme, instead of the elegance of the underlying theory.