Next Article in Journal
An Efficient CRT-Base Power-of-Two Scaling in Minimally Redundant Residue Number System
Previous Article in Journal
Improved Gravitational Search Algorithm Based on Adaptive Strategies
Previous Article in Special Issue
Cryptanalysis of an Image Encryption Algorithm Based on a 2D Hyperchaotic Map
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

An Image Encryption Algorithm Using Cascade Chaotic Map and S-Box

1
College of Computer Science and Technology, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
2
Key Laboratory of Intelligent Analysis and Decision on Complex Systems, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
*
Author to whom correspondence should be addressed.
Entropy 2022, 24(12), 1827; https://doi.org/10.3390/e24121827
Submission received: 8 November 2022 / Revised: 5 December 2022 / Accepted: 12 December 2022 / Published: 14 December 2022
(This article belongs to the Special Issue Computational Imaging and Image Encryption with Entropy)

Abstract

:
This paper proposed an image algorithm based on a cascaded chaotic system to improve the performance of the encryption algorithm. Firstly, this paper proposed an improved cascaded two-dimensional map 2D-Cosine-Logistic-Sine map (2D-CLSM). Cascade chaotic system offers good advantages in terms of key space, complexity and sensitivity to initial conditions. By using the control parameters and initial values associated with the plaintext, the system generates two chaotic sequences associated with the plaintext image. Then, an S-box construction method is proposed, and an encryption method is designed based on the S-box. Encryption is divided into bit-level encryption and pixel-level encryption, and a diffusion method was devised to improve security and efficiency in bit-level encryption. Performance analysis shows that the encryption algorithm has good security and is easily resistant to various attacks.

1. Introduction

After decades of development, digital information has grown extensively in capacity, and various electronic devices are changing gradually, accompanied by a large amount of data for transmission and communication [1], which brings various kinds of security risks in this background, especially image data and video. While traditional encryption techniques such as DES and AES have achieved good results in text encryption, they are not ideal for encrypting large amounts of modern image data [2,3].
Due to chaotic sensitivity to initial state and control value, good pseudo-randomness, ergodicity and unpredictable trajectory [4], the combination of chaos and encryption technology has produced many different chaos and applications: The chaotic system that has the property crosses a pre-define cylinder repeatedly and proposes the XOR approach for diffusion encryption of images. Despite receiving good encryption performance, this scheme lacks the appropriate scrambling operations, and the encryption scheme is independent of the plaintext image, making it difficult to resist chosen-plaintext attacks [5]. The encryption algorithm uses 3Dchua’s system with a combination of DWT transform and compressed sensing [6], and its experiments have shown its good encryption effect. The method NCCS, which generates new maps by combining methods, is able to overcome the shortcomings of a traditional one-dimensional chaotic map and gives a bit-level confusion and diffusion scheme while incorporating plaintexts in the keys used, which are shown to be well secured. However, when operating on the bit level, a large number of chaotic sequences are required, which creates some time consumption [7]. In addition, a cascaded chaotic system, as a form of chaos, is also a research hotspot; different chaos and encryption schemes are proposed: Zheng et al. [8] used an encryption scheme based on cascaded chaos, which generates new chaos through a cascaded one-dimensional chaotic map, so as to improve the performance of chaos and be used in encryption. Encryption methods based on DNA and dual chaotic systems are also proposed, but the overall encryption is not associated with the plaintext and lacks an efficient scrambling process. Lan et al. [9] proposed a composite integrated chaotic system, which integrated cascading, nonlinear combination and other operations, and then proposed an encryption scheme ICST with bit-level substitution and transform, but the overall lack of an effective diffusion process. Wang et al. [10] proposed a cascaded chaos model for CMCS to generate new chaos maps by using two-dimensional chaos mappings and one-dimensional chaos mappings, and demonstrated the good performance of the new chaos map through relevant experiments, an encryption method for chunking images and performing different operations on different blocks is also given, including bit-level transformations, shuffling algorithms, DNA encoding and V-shaped diffusion, etc. At the same time, in order to improve the security of the algorithm, people started to introduce some other techniques into chaotic encryption, and S-boxes is one of them.
Two types of cryptosystems can be classified: stream ciphers, which are converted bit-by-bit, and packet ciphers, which convert n-bit inputs into m-bit outputs. At the core of this conversion is the static S-box, which gives the cryptosystem the obfuscation properties described by Shannon [11]. An S-box is considered to be a well-performing S-box if it satisfies some of the following conditions [12]: bijection, nonlinearity, strict avalanche criterion (SAC) and output bit independence criterion (BIC). According to the way the S-box is generated, we can also classify it into static S-boxes and dynamic S-boxes. The security of the ciphertext is not guaranteed [13]. Dynamic S-boxes are based on key generation, and different keys can generate different S-boxes; all of these can improve the security of the encryption system [14]. Currently, S-boxes are the only nonlinear component of many packet ciphers, and the performance of S-boxes largely determines the security strength of encryption algorithms. In [15], Zhou et al. proposed a randomized approach to S-box generation by using DNA encoding and showed that the S-boxes generated by this method are resistant to different types of attacks. In addition, many researchers have applied knowledge from other fields to the generation of S-boxes, but some of these methods are still not efficient enough to meet today’s cryptographic efficiency requirements, so most of them cannot be practically applied in the encryption process. With the development of chaotic applications, many research results have been achieved in chaos-based S-box generation. Wang et al. [16] used LDCML to construct new S-boxes by dividing the interval of [0, 1] into 256 equal intervals, iterating LDCML to generate chaotic sequences, and generating non-repeating numbers between 0 and 255 according to the interval in which the generated values fall, and verifying that this method can generate S-boxes that satisfy the S-box criteria. Belazi et al. [17] used a map method to generate values between 0 and 255 and randomly place the mapped values through the sinusoidal map. In [18], Beg et al. finished S-box construction by expanding the remaining random values, generating chaotic sequences by iterating a chaotic map and expanding the remainder to continuously generate non-repeating values between 0 and 255 to add to the array.
As the security strength of the entire encryption algorithm is determined by the cryptographic strength of the S-box, the researcher has proposed many methods to enhance the S-box’s performance, such as using the high-dimensional chaotic system, and multiple chaotic systems to generate S-boxes have become solutions. Liu et al. [19] used a high-performance S-box construction using 3D chaotic systems and gave the corresponding encryption algorithm, iterating the high-dimensional chaotic systems to complete the S-box construction; however, the high-dimensional chaotic system then takes much time in computation, and although the security is improved, it becomes less efficient in terms of efficiency. Zheng et al. [20] proposed a multi-chaotic method for constructing dynamic S-boxes with improved efficiency and security and gave a corresponding encryption algorithm, which was shown to be feasible in experimental results. Özkaynak [21] proposed to use two S-boxes from the Henon map and Chen system, which are chosen at random to increase the encryption’s security. Wang et al. proposed to generate three S-boxes by the 3D chaotic map and perform one round of permutation for encryption [22], but the generation process generates a large number of useless chaotic sequences, which perform slightly worse in terms of real-time performance, and the key of the encryption algorithm is fixed, which means that the S-boxes generated by each encryption iteration are the same. Wang et al. proposed a cascade chaotic map and used it to generate S-box [23], followed by a diffusion operation after substituting with S-boxes, and this algorithm has good advantages in terms of security and complexity.
Based on the above analysis, a cascade chaotic map 2D-Cosine-Logistic-Sine map (2D-CLSM) is proposed in this paper. The initial values and parameters of the chaotic map are combined with the original image to resist known plaintext attacks. Then, an S-box construction method is proposed, and an S-box-based encryption method is designed. The encryption method is divided into four stages: key generation, S-box generation, bit-level encryption and pixel-level encryption. In bit-level encryption, a bit-level operation is performed on the plaintext pixel values, converting the original decimal plaintext image pixels to eight-bit binary, then permuting the lower four bits and using a proposed new diagonal diffusion method for the higher four bits. In the pixel-level encryption part, one diffusion is completed by a three-number XOR (by using the chaotic sequence value, the current pixel value to be encrypted and the previously encrypted pixel value), and the resulting value calculates the row and column index of the S-box for pixel value replacement. Through experimental analysis, the encryption algorithm in this paper has good security performance.
The remainder of this essay is structured as follows: Section 2 introduces the chaotic map; Section 3 describes the design of the encryption algorithm; Section 4 gives the simulation experiments and analysis of the results of the method titled in this paper; Finally, Section 5 gives conclusion remarks and further research work.

2. Introduction of Chaotic Map

In nonlinear dynamic systems, chaos is a stochastic process that is frequently employed in cryptography research [24]. One-dimensional Logistic and Sine map is classical chaotic map with a simple structure. They are defined as follows.
t n + 1 = 4 μ t n 1 t n
t n + 1 = k s i n π t n
with the control parameters μ , k [ 0 , 1 ] .
The chaotic behavior of a chaotic system can be measured by the bifurcation diagram and the Lyapunov exponent. Figure 1a,b shows that the chaotic range of the one-dimensional Logistic chaotic map is restricted. From Figure 1b, we are able to find that μ is in the range of [0.89, 1], and its Lyapunov exponent is greater than 0. Figure 1c,d show that the chaotic range of the one-dimensional Sine map is similarly constrained, with k in Figure 1d in the range [0.87, 1] before its Lyapunov exponent is greater than 0 to be chaotic. Hence the classical Logistic and Sine maps are limited in terms of key space and are not resistant to brute force cracking.

2.1. Cascade Chaotic Map

A cascade map is a form of a chaotic map; the use of cascades can effectively improve the performance of chaotic systems. In order to solve the problem of small chaotic intervals and uneven distribution, we designed a two-dimensional cascade chaotic map, which has a more complex chaotic behavior than one-dimensional chaos and a faster iteration speed than two-dimensional chaos. The cascade system is shown in Figure 2, where f 1 x n , f 2 x n are two different subsystems.
The essence of cascading is that the output of a certain initial value after the iteration of system 1 is taken as the iterative output of system 2, and the iterative output of system 2 is taken as the iterative output of system 1, thus forming a circular iteration between two subsystems. Chaotic systems are generated by the cascade method, where the Lyapunov value of the system is the sum of the Lyapunov exponents of the cascaded subsystems, and the sequential trajectory of the system output deviates sharply as the number of iterations increases [25].
Using cosine functions is proposed and demonstrated in [26], where existing chaotic maps are cascaded by using cosine functions to improve their chaotic performance and extend the chaotic space, the expression as shown in Equation (3):
x i + 1 = G 2 h + F ( x i )
where G · is the subsystem 2 and F · is the subsystem 1. In order to extend it to two dimensions, the general form expression is shown in Equation (4):
S x i , y i = G 2 h + F ( x i , y i )
where x i , y i are two variables and G is the cosine that it can be represented as Equation (5):
x i + 1 = G 2 h + A x i , y i = c o s 2 h + A x i , y i y i + 1 = G 2 h + B x i , y i = c o s 2 h + B x i , y i
In Equation (3), to increase the chaotic complexity of the cosine function-based system, a new control parameter h is introduced as part of the exponential function. When the angle of the cosine function is large enough that even small differences can lead to large output differences such as c o s 2 10 = 0.0001557636 and c o s 2 10.00001 = 0.987355203504 , also reducing the complexity of the calculation to make h [ 10 , 24 ] .
f 1 x i = 4 k 1 x i 1 x i and f 2 x i = k 2 sin π x i are Logistic map and Sine map, respectively, and A x i , y i = f 1 x i + f 2 y i , B x i , y i = f 1 y i + f 2 x i . We made them as subsystem 1 of Equation (4) and used it as the argument of subsystem 2, and then we derived Equation (6):
x i + 1 = c o s 2 h + f 1 x i + f 2 y i = c o s 2 h + 4 k 1 x i 1 x i + k 2 sin π y i y i + 1 = c o s 2 h + f 1 y i + f 2 x i + 1 = c o s 2 h + 4 k 1 y i 1 y i + k 2 sin π x i + 1
Further, controlling the value of the parameter θ enables Logistic and Sine to be in chaos, which, according to Figure 1, makes k 1 = k 2 = 1 1 9 θ [27], and when using mod1 to control the iteration value between (0, 1), the chaotic map 2D-CLSM expression is shown in Equation (7):
x i + 1 = c o s 2 h + ( 1 1 9 θ ) 4 x i 1 x i + sin π y i mod 1 y i + 1 = c o s 2 h + ( 1 1 9 θ ) 4 y i 1 y i + sin π x i + 1 mod 1
where x i ( 0 , 1 ) , y i ( 0 , 1 ) are the control parameters h [ 10 , 24 ] , θ [ 0 , 1 ] .

2.2. Performance Evaluation

In order to analyze the 2D-CLSM’s performance, we compared it with another existing 2D chaotic map for image encryption, i.e., the 2D Logistic-Sine-Coupling Map (2D-LSCM) [28].
x i + 1 = sin π θ 4 x i 1 x i + ( 1 θ ) sin π y i y i + 1 = sin π θ 4 y i 1 y i + ( 1 θ ) sin π x i + 1

2.2.1. Chaotic Trajectory

The trajectory of a 2D-CLSM shows how motion increases over time from a specific initial state. In the case of periodic motion, the trajectory would be a closed curve, whereas the trajectory of chaotic behavior would theoretically never close or repeat. Therefore, chaotic trajectories usually occupy a part of the phase space and can reflect the randomness of the chaotic system output. If a chaotic trajectory can occupy a larger portion of the phase space, the chaotic system has a better stochastic output.
From Figure 3a–f, we can see that the 2D-CLSM is able to occupy the full phase plane for all trajectories within the parameter range, and the ability to occupy the full phase plane with both different θ and h indicates that the improved chaotic system has a better random output. On the contrary, 2D-LSCM is influenced by control parameters, which are not able to occupy full space.

2.2.2. Bifurcation Diagram

We set initial value as x 0 = 0.4 , y 0 = 0.3 and the 2D-CLSM h = 15 . As shown in Figure 4a–d, 2D-CLSM is in a chaotic state in the whole parameter domain, and it is more uniform. On the contrary, the 2D-LSCM does not occupy the entire plane, where the control parameters are at [0.3, 0.43], and values between [0, 0.1] cannot be generated iteratively.

2.2.3. Lyapunov Exponent

The LE (Lyapunov exponent) describes the sensitivity of a chaotic mapping to initial values. In general, a chaotic map is in a chaotic state when λ > 0 indicates that two adjacent phase points are about to separate and the chaotic map is in a chaotic state. For a two-dimensional map, the system of difference equations is assumed to be:
x i + 1 = f 1 x i , y i y i + 1 = f 2 x i , y i
Its Jacobian matrix at the point x ( i ) = ( x i , y i ) is as follows:
f x ( i ) = f 1 x f 1 y f 2 x f 2 y ( x i , y i )
Let J i = f x 0 f x 1 f x i 1 , then the eigenvalue of J i may be expressed as λ 1 i , λ 2 i . The Lyapunov exponents of system (9) can be expressed as Equation (11):
λ k = lim i 1 i l n λ k i
The larger the value of λ , the faster the separation of point phase points in the phase space and the greater the sensitivity of chaos to initial values. Figure 5 shows the Lyapunov exponent of 2D-CLSM and 2D-LSCM; it is clear that the 2D-CLSM has a better chaotic behavior than 2D-LSCM.

2.2.4. NIST Test

In this paper, 15 NIST tests were used to test the randomness of the generated sequences, and 15 correspond to p-values to show the test result. The sequence is considered random when the p-value is over 0.01. Table 1 contains the NIST test results for the 2D-LSCM map and the 2D-CLSM map. The NIST test results for the 2D-CLSM map are all “Success”, as shown in Table 1, and 11 of the 2D-CLSM test results are higher than 2D-LSCM, demonstrating 2D-CLSM map can generate pseudo-random sequences with good random performance.

2.2.5. Information Entropy

In information theory, information entropy is used to quantify the uncertainty of the information content. It can be used to evaluate how random a set of data is. We transformed the chaotic sequence obtained by iteration into values between 0 and 255 and obtain the information entropy according to Equation (12):
H X = i = 0 2 N 1 P r x i log 2 P r x i
where X is a data sequence, x i is the i th possible value in X and P r x i is the probability of x i . A bigger information entropy value means better randomness; for a set with 256 states, its maximum expected value is log 2 256 = 8 .
Better randomness is correlated with larger information entropy values, and Figure 6 shows the information entropy of the output sequences generated by 2D-CLSM for different parameter settings. From Figure 6, the mean information entropy value of 2D-CLSM is bigger than 2D-LSCM, and it is close to 8, which means good randomness.

3. New Encryption Algorithm Design

There are four main stages in our encryption algorithm: key generation, S-box generation, bit-level encryption and pixel-level encryption. The size of the plaintext image P is M × N , and t , μ , θ , x , y , Δ m are the initial keys. The overall process is shown in Figure 7.
Two different chaotic maps are used in our algorithm: Logistic and 2D-CLSM, which are used in different stages of encryption. In the S-box generation stage, a Logistic map is used to generate the chaotic sequence needed to generate the S-box; a 2D-CLSM map is used in the bit-level operation and pixel-level operation phases. By using the different chaotic maps in different stages to expand the key space, a more complex encryption algorithm is generated.

3.1. Keys Generation

If the key stream used for encryption is only related to the key and not related to the plaintext image, the designed algorithm is not safe for chosen/known plaintext attack. In order to ensure the security of encryption, the encryption key is generated from the initial key and the plaintext image.
Initial encryption keys contain six decimal numbers, t , μ , θ , x , y , Δ m . Six decimal encryption keys, t 0 , μ ^ , θ ^ , x 0 , y 0 , h ^ , are generated by combining the plaintext images, which are used as initial values and control parameters of the chaotic system. Using Δ m > 0 as a scrambling value prevents an attacker from attacking the key with a black or white image. The encryption key is generated by Algorithm 1, where t 0 , μ ^ is used as the initial value and control parameter of the Logistic map; x 0 , y 0 , h ^ , θ ^ is set as the initial value, control parameter and variables h of 2D-CLSM.
Algorithm 1 Generation of the encryption keys
Input: Plain image P , initial keys t , μ , θ , x , y , Δ m
Output: The encryption keys t 0 , μ ^ , θ ^ , x 0 , y 0 , h ^
   1: Read the size: [ M , N ] = size ( P )
   2: Obtain the sum of all pixels and add scramble number
     s u m = i = 0 M 1 j = 0 N 1 P i , j + Δ m
   3: Calculate the mean of the all pixels m ¯ = s u m / M × N
   4: t 0 = c o s m ¯ × 2 t + 15 mod 1
   5: μ ^ = 1 c o s m ¯ × 2 μ + 15 mod 0.1
   6: θ ^ = c o s m ¯ × 2 θ + 20 mod 1
   7: x 0 = c o s m ¯ × 2 x + 20 mod 1
   8: y 0 = c o s m ¯ × 2 y + 20 mod 1
   9: h ^ = c o s m ¯ × 2 x 0 × y 0 + 20 mod 1 × 14 + 10

3.2. S-Box Generation

3.2.1. S-Box Generation Algorithm

In the construction method of a chaotic S-box, there is the problem of generating useless chaotic sequences that affect efficiency. Wang et al. proposed in [15] to use a three-dimensional chaotic map to iterate chaotic sequences and expand the modulo operation to generate values between 0 and 255 to generate S-boxes, and the algorithm only ends when all 256 values are generated, this method generates a large number of useless chaotic sequences, and if a value cannot be generated all the time, the efficiency of the algorithm is affected, and the real-time performance becomes poor. In some methods, there are immobile points in the generated S-boxes [29], which can become attackable points. Table 2 gives the generation times of existing S-box generation methods, the presence of fixed points and the number of fixed points before and after the Fisher–Yates shuffling algorithm is applied to the S-box.
The Fisher–Yates shuffling algorithm is an algorithm proposed by R. Fisher and F. Yates for generating random permutations of finite linear arrays [30]. The most important feature of this approach is that it generates an unbiased result so that the probability of each value being at any position is equally likely, essentially generating a finite set of random permutations. Thus, by using the Fisher–Yates random shuffle algorithm, we are able to make the encryption scheme more complex and secure by enabling us to quickly generate different S-boxes and reduce the presence of fixed points during each encryption. The steps are as follows:
Step 1:
Obtain the length m of the sequence P that needs to be shuffled;
Step 2:
Generate a random number n with a value between [ 0 , m 1 ] ;
Step 3:
Shuffle the values of the two positions according to n and m , then exchange the values of P ( n ) and P ( m ) ;
Step 4:
Subtract 1 from m to obtain the new position;
Step 5:
Repeat step1~step4 until m = 1 .
Algorithm 2 describes the generation process of the S-box. t 0 , μ ^ , generated by algorithm 1, is taken as the initial value and control parameter of Logistic, iteratively generating a chaotic sequence Q with a length of 512 bits, and then divided into two sequences Q 1 , Q 2 with a length of 256 bits, respectively, calculating and obtaining the ascending index q 1 [ 0 , 255 ] , q 2 [ 0 , 255 ] of Q 1 and Q 2 . Then q 2 is taken as the random number sequence of the shuffling algorithm, shuffling q 1 and finally, q 1 is converted into a 16 bits × 16 matrix to obtain the S-box s .
Algorithm 2 Generation of S-box
Input: encryption keys t 0 , μ ^
Output: S-box s
   1: for i from 1 to 1512:
       Substituting t 0 , μ ^ into Equation (1)
       if i >1000:
          obtain the 512-length chaotic sequences Q
   2: Divide Q into two subsequences of length 256 Q 1 ,   Q 2 ; obtain the ascending
    sort index of the Q 1 ,   Q 2 ; and assign it to q 1 = arg s o r t Q 1 and q 2 = arg s o r t Q 2
   3: Read the size: m = s i z e ( q 1 )
   4: while m > 1 :
       Obtain a random number q 2 m
       Swap the value of q 1 ( q 2 m ) , q 1 ( m )
       Set m = m 1
   5: If m = 1 transform q 1 into 16 × 16 matrix and assign it to s
   6: Obtain S-box s

3.2.2. Performance Test of the Proposed S-Box

In order to verify the performance and strength of the generated S-boxes, we used the general criteria for S-box performance evaluation to be able to test them [31]. In this thesis, the nonlinearity of the S-box, the strict avalanche criterion SAC, the output bit independence criterion BIC and the differential approximate probability DP are verified, respectively. Table 3 displays the S-box matrix that we produced.
(I) Nonlinearity In the process of encryption, if the given S-box makes a linear mapping between the input (plaintext) and the output (ciphertext) [32], then a decipherer can easily deduce and break the ciphertext when the cryptographic strength of the S-box is very small, but if the S-box can map the input to the output in a nonlinear way, then it is considered a reliable S-box that can protect the plaintext data and can help us resist the attacks of linear cryptanalysis, and we can calculate the nonlinear value of the 8-bit Boolean function S by using Equation (13).
N L f = 128 1 2 max ω G F ( 2 n ) W H f ( ω )
where NLf is the 8-bit Boolean function, W H f ω is the Walsh–Hadamard transform of the eight-bit Boolean function S. The values of the S-box nonlinearity obtained according to the above are shown in Table 4, where the maximum value is 110, the minimum value is 106 and the average value is 107.5
(II) Strict Avalanche Criterion (SAC) Webster and Tavares used the strict avalanche criterion as an important feature of the performance of an S-box [33]. The strict avalanche criterion ensures that if one bit is changed in the input, it causes at least 50% of the output to change, and an S-box is considered to be a strong S-box if the value of SAC is approximately equal to 0.5. We propose that the S box has a SAC value that satisfies the strict avalanche criterion. The SAC dependency matrix of our generated S-boxes is shown in Table 5. The table shows the average SAC of the generated S-boxes is 0.4996, which is very close to the desired value of 0.5, and shows that the generated S-boxes satisfy the SAC criteria.
(III) Output Bits Independence Criterion (BIC) This criterion was introduced by Webster et al. as one of the important properties of S-box evaluation, a property that ensures that there is no dependence on the change of any two output bits when a single input bit is changed, a property that makes any Boolean function must be independent and highly nonlinear. For two output bit Boolean functions f i and f j in an S-box, if f i f j is highly nonlinear and satisfies the SAC as close as possible, then it is guaranteed that when one input bit is inverted, the correlation coefficient of each output bit is close to 0, i.e., the BIC is satisfied.
Through experimental tests, the average BIC nonlinearity value of the proposed S-box is 104.5, and the BIC-SAC test result is 0.5009, which satisfies the BIC criterion.
(IV) Difference Approximation Probability (DP) differential cryptanalysis, introduced by Biham and Shamir [34], is able to obtain the input differential from the output differential while being able to attempt to obtain from it modifications to the plaintext and changes to the ciphertext data, combined with the difference between the two changes an attacker is able to use the resulting small differences to identify complete or partial plaintexts and keys, and in the process of designing the S-box, there is a need to minimize both changes The difference between the two needs to be minimized in the design of the S-box. The designer calculates the difference by differential uniformity, which is checked right by the differential approximation probability, as shown in Equation (14):
D P ( f ) = max Δ x 0 , Δ y # { x G F ( 2 n ) | f ( x ) f ( x + Δ x ) = Δ y } 2 n
where Δ x and Δ y are the input difference and output difference, and D P denotes the maximum probability that the output of each given difference Δ x is equal to Δ y . The maximum D P value of our proposed generated S-box is 10, indicating that our S-box can resist differential.
In comparison with the other four methods, the results show in Table 6 that the S-box nonlinearity produced by the algorithm in this paper is higher than the other four solutions. The S A C value of S box 0.4996 is closest to the ideal value of 0.5 in five methods, and the B I C value also meets the test requirements. The B I C of the S-box also meets the test requirements based on the D P value of the test and has a good ability to resist the differential password attack based on the D P value of the test. In terms of S-box generation time, the algorithm in this paper has a good advantage. Although our nonlinear value is still some distance from the ideal value, we believe that the performance of the generated S-box needs to meet the performance requirements, and the efficiency and space cost of S-box generation also need to be considered.

3.3. Bit-Level Encryption

Traditional image encryption generally falls into one of three categories: permutation-only, diffusion-only, or combined forms. Due to its simpler computational complexity, the permutation-only type of these is more efficient, but the security is not very strong. Due to the substantial computational load required for real arithmetic operations, the diffusion type is a time-consuming process. The pixel values and random numbers are used to perform an XOR operation, and the calculated numbers are used to determine the ranks of the S-boxes and substitute the original pixels with the values in the S-boxes, but the overall encryption efficiency is low due to the lack of permutation and diffusion operations on the plaintext image and the low efficiency of S-box generation [15].
In this stage, by separating the eight-bit pixel values into upper four bits and lower four bits, different operations are performed on the two parts, respectively, and a new diagonal diffusion method for irregular matrices is proposed to be applied to the high four-bit matrix. The bit-level encryption process is shown in Figure 8.

3.3.1. Pixel Value Split

We converted the original pixel value of the plaintext image into a binary representation and extracted it into two parts for different operations. The upper four bits P1 of the pixel value and the lower four bits P2 of the pixel value are shown in Figure 9.

3.3.2. Improved Diagonal Diffusion

In order to make the information of pixel points have a good diffusion effect, many diffusion methods, such as V-diffusion, zigzag diffusion and chunk diffusion, were proposed. A zigzag algorithm was used in [35] and improved to rearrange the pixel values, but the transformation law of zigzag is relatively single, traversing from the upper left foot to the lower right corner in a Z-shaped order, as shown in Figure 10.
However, the security of the zigzag is not guaranteed due to the fact that it is extremely easy to be broken by a single variation.
In order to obtain faster diffusion speed and diffusion effect, this paper proposes a new diagonal diffusion method by randomly and irregularly rearranging the image matrix through a chaotic sequence. The number of pixel values in each row is controlled by the random sequence, there may be no pixel values at some positions of the diagonal, and the matrix presents an irregular arrangement. Through the proposed new diagonal diffusion, it can complete the diagonal of diffusion. Through the comparative analysis of the relevant experiments in Section 4, this scheme has good performance.
In this paper, after obtaining the upper four-bit matrix, we changed its alignment through a random sequence to generate different irregular matrices, performed diagonal diffusion on the matrix according to the changed alignment and changed its alignment, as shown in Figure 11. Algorithm 3 describes the transformation process.
Algorithm 3 Matrix rearrange
Input: upper 4-bits sequence P 1 , random sequence X ( i )
Output: irregular matrices P 1
   1: Obtain the size of P 1 , m = size ( P 1 )
   2: Set an empty list P 1 and i = 0 , j = 0
   3: While ( m X ( i ) > 0 ) :
           P 1 ( i ) = P 1 ( j : j + X ( i ) )
           i = i + 1
       j = j + X i
       m = m X i
   4: P 1 j = P 1 j :
Where P 1 i : j denotes from the i th to the j th digit of P 1 , and P 1 i : denotes from the i th to the last digit of P 1 .
Based on the rearranged matrices, we proposed a diagonal diffusion to perform diffusion operations on upper 4-bit matrices capable of new diagonal diffusion operations based on different irregular matrices, as shown in Figure 12, where the arrows represent the order and direction.
According to the irregular matrix obtained by Algorithm 3, we need to diffuse according to the diagonal, but the shape of the matrix is irregular, so given Algorithm 4 used to obtain the order of the pixel values of the diagonal of the irregular matrix, sequentially traversing the diagonal to obtain its diffusion order matrix for diffusion, according to different irregular matrices for the order of diagonal diffusions, such as the first: (1- > 3- > 2- > 7- > 4- > 8- > 5- > 9- > 6), the second: (1- > 2- > 4- > 3- > 5- > 6- > 7- > 8- > 9) and the third: (1- > 5- > 2- > 6- > 3- > 9- > 7- > 4- > 8), if we use the normal zigzag, then the order of each diffusion is fixed in a 3 × 3 matrix, and the result is (1- > 2- > 4- > 7- > 5- > 3- > 6- > 8- > 9) each time, which is not guaranteed in terms of security.
Algorithm 4 Diagonal diffusion order
Input: irregular matrices P 1
Output: order sequence D
   1: Obtain the size of P 1   m = size ( P 1 )
   2: Set tow empty list D , s u b
   3: for i from 1 to m :
       Obtain the size of P 1   n = s i z e ( P 1 ( i ) )
       for i from 1 to n :
           s u b ( i + j ) . i n s e r t 0 , P 1 i , j
   4: Obtain the size of s u b   m = s i z e ( s u b )
   5: for i from 1 to m :
       Obtain the size of s u b i   n = size   ( s u b i ) )
       for i from 1 to n :
            D .   i n s e r t s u b i , j
Where s u b ( i + j ) . i n s e r t 0 , P 1 i , j means adding P 1 i , j to the head of the array s u b i + j and D .   i n s e r t s u b i , j means adding s u b ( i , j ) to the end of the array D .

3.3.3. Permutation and Diffusion Process

Step 1:
Generate S-boxes s according to the S-box generation method proposed in Section 3.2.;
Step 2:
Generate the encryption key θ ^ , x 0 , y 0 , h ^ and process the image to obtain P 1 , P 2 according to Algorithm 1 and θ , x , y ;
Step 3:
Iterate over θ ^ , x 0 , y 0 , h ^ as the control parameter and initial value of the 2D-CLSM chaos map to generate two chaotic sequences X = { x 1 , x 2 , , x M × N } , Y = { y 1 , y 2 , , y M × N } of length M × N ;
Step 4:
Process the chaotic sequence to obtain the random numbers for array rearrangement;
X i = f l o o r X i × 10 13 mod N + 1 ,   i = 1 , 2 , , M × N
Step 5:
Based on the resulting upper 4-bit matrix P 1 and the random sequence X i , the upper 4-bit matrix is rearranged by Algorithm 3 to obtain a new irregular matrix P 1 ;
Step 6:
Perform a diffusion operation on the irregular matrix P 1 obtained in step 4. For computational convenience, we first transform the irregular matrix into a one-dimensional matrix D by means of Algorithm 4;
Step 7:
Diffusion operation based on the 1D matrix D obtained in step 6 to obtain D ;
D i = X 1 mod 16 D i ,   i = 1 D i = D i 1 D i ,   i = 2 , 3 , , M × N
Step 8:
Process the chaotic sequence to obtain chaotic values for the lower four positions;
Y i = f l o o r Y i × 10 13 mod 65536   i = 1 , 2 , , M × N
Step 9:
Based on the resulting Y i the lower four bits of the matrix are permutated.
t e m p = P 2 Y i P 2 Y i = P 2 i P 2 i = t e m p ,   i = 1 , 2 , , M × N

3.3.4. Pixel-Level Encryption

At the end of the bit-level encryption, pixel-level encryption is performed by the resulting pixel values using the S-box. It mainly includes pixel value diffusion and substitution. The main process is shown in Figure 13.
Generate an empty matrix C of size M × N . Based on the matrix D , P 2 after completing the diffusion and permutation, reorganize D , P 2 by replacing the original upper four bits as lower four bits and the original lower four bits as upper four bits to obtain 8-bit values between 0 and 255, calculate the row index r and column index c of the S-box and complete the pixel value substitution using the S-box s generated in the second stage.
t e m p = dec P 2 i + D i X i C ( i 1 ) c = t e m p % 16 r = t e m p c / 16 C ( i ) = s ( r , c ) ,   i = 1 , 2 , , M × N
where i = 1 ,   C ( i 1 ) = 0 ; i = M × N ,   C ( i 1 ) = C 1 . dec a + b is the reconfiguration of two four-bit binary numbers a , b into an eight-bit binary number, and s ( r , c ) represent obtaining the value at row r and column c from the S-box s .
Finally, C is converted to an M × N ciphertext image.

4. Simulation Experiments

The simulation results of the proposed method are presented in this section by running PyCharm software under Windows 10 64-bit system. By using the method in this paper, 10 images were both encrypted and decrypted. The results of encrypting and decrypting several grey-scale images such as Baboon.png, House.png, Cameraman.png and Peppers.png pixels are shown here, respectively. The initial keys used for encryption/decryption are shown in Table 7, and generated keys are shown in Table 8, where t 0 , μ ^ are used as initial values and control parameters for the Logistic. x 0 , y 0 , h ^ , θ ^ are used as control parameters, initial values and variables h for the 2D-CLSM.
From Table 8, we can clearly see that the encryption keys generated by the algorithm in this paper have good plaintext correlation, can generate completely different encryption keys depending on the plaintext, have good plaintext sensitivity and can effectively resist selective plaintext/known plaintext attacks.
Figure 14a–c shows the experimental results of Baboon, Figure 14d–f shows the experimental results of House, Figure 14g–i shows the experimental results of Cameraman and Figure 14j–l shows the experimental results of Peppers. It is clear from the Figure 14 that the encrypted image can still be fully restored, which verifies the effectiveness of the algorithm in this paper, which can obtain good encryption and decryption results.

4.1. Security Analysis

4.1.1. Key Space Analysis

Assuming that the accuracy of the computer is 10 16 , in order to make the key sufficiently resistant to brute-force attacks, the key space of the encryption system must be more than 2 100 , and the parameters of the encryption system are t 0 , μ ^ , θ ^ , x 0 , y 0 , h ^ , t 0 [ 0 , 1 ] , μ ^ [ 0.89 , 1 ] , θ ^ [ 0 , 1 ] , x 0 [ 0 , 1 ] , y 0 [ 0 , 1 ] , h ^ [ 10.24 ] , so the key space is calculated as in Equation (20). The key space is larger than 2 100 , so the algorithm in this paper has sufficient key space to resist brute-force cracking attacks.
0.11 × 10 16 × 10 16 × 10 16 × 10 16 × 10 16 × 14 × 10 16 > 2 100

4.1.2. Key Sensitivity Analysis

In a secure encryption system, a mirror change in the key can cause a complete change in the ciphertext obtained from the encryption. Through testing, the encryption key t , μ of the Peppers graph was increased by 10 16 to the original one, respectively, and the rest of the keys were left unchanged, and the Peppers were encrypted with the modified key and the original key, respectively, and the results obtained are shown in Figure 15a–f.
As shown in Figure 15, when the initial key is slightly changed, the resulting encrypted image is completely changed, which shows that the algorithm has good key sensitivity and only the correct key can decrypt the ciphertext.

4.1.3. Histogram Analysis

The distribution of the image’s pixel values can be directly described by the histogram. A secure encryption system should ensure that pixel values of the obtained ciphertext image are uniformly distributed in order to reduce readability, improve security and provide effective protection against statistical attacks.
Figure 16 shows the histogram of plaintext and ciphertext pixel frequencies for Baboon, House, Cameraman and Peppers, from which we can see that the pixel of ciphertext images is uniformly distributed. The statistical properties of the images were altered so that they are well resistant to statistical analysis attacks.
The variance of the histogram can be used to specifically describe the distribution of pixel values. The calculation equation is shown in (21), and the result shows in Table 9.
v a r ( z ) = 1 N 2 i = 0 N 1 j = 0 N 1 1 z ( z i z j ) 2
Where z represents histogram values; N represents the total number of samples ( N for an image with a grey level of 8 is 256); z i , z j are number of pixels with grey values at i , j . The smaller the histogram’s variance, the more evenly distributed the histogram.
Table 9 compares the variance of histograms with methods in Refs. [18,19,20,21,22], from which we can see that our encrypted Baboon, House, and Cameraman have the lowest variance of all the schemes, and Peppers is slightly higher than the others. The average variance of the four images is 236.26, which is the lowest of the four methods, so it performs better in resisting statistical attacks.

4.1.4. Plaintext Sensitivity Analysis

A differential attack is a common form of attack in cryptography, in which an attacker usually selects to encrypt the plaintext and a slightly altered plaintext and analyses them to find a specific relationship. In order to be effective against differential attacks, the encryption algorithm should be sensitive enough to the plaintext that a diffusion operation during encryption can cause small changes in the plaintext to affect all pixels, and we usually evaluate the sensitivity of the algorithm using the pixel change rate NPCR and the normalized pixel average change intensity UACI, their ideal expectations are 99.6094% and 33.4635%, respectively. We obtained NPCR and UACI values by randomly modifying two pixel points of the plaintext image. In this paper, we choose to modify pixel points (2, 2) and (236, 207). In Table 10, we give the corresponding experimental results as well as the corresponding results for the other four scenarios. The calculation expressions are shown in Equations (22)–(24).
N P C R = 1 M × N i = 0 M 1 j = 0 N 1 D ( i , j ) × 100 %
D ( i , j ) = 0 , C ( i , j ) = C ( i , j ) 1 , C ( i , j ) C ( i , j )
U A C I = 1 M × N i = 0 M 1 j = 0 N 1 | C 1 ( i , j ) C 2 ( i , j ) | 255 × 100 %
where i = 0 , 1 , , M 1 , j = 0 , 1 , , N 1 , C , C are original encrypted image and the encrypted image with the plaintext modified, respectively; M and N make the height and length of the image, respectively; and C i , j denotes the pixel values at coordinates i , j of the encrypted image C .
Table 10 compares the NPCR and UACI values of our scheme with the methods in Refs. [18,19,20,21,22]. In our method, the NPCR and UACI values of Baboon, House and Cameraman images exceed the expected values, and the NPCR values of Peppers are close to the expected values. Of the other methods, only the Cameraman plot of Ref. [20] achieved the desired values for both NPCR and UACI values. In contrast, our encryption algorithm has better sensitivity to plaintext.

4.1.5. Correlation Analysis

When the image is not encrypted, there is a strong correlation between the pixel values of the images; the encryption operation on the plaintext allows us to break this correlation. We calculated the correlation coefficient by randomly selecting n pair of adjacent pixels ( a i , b i ) from the image for which the correlation is to be calculated using the following Equation (25). Table 11 shows the experimental results for a random selection of 3000 pairs of pixel values.
r a b = i = 1 n ( a i a ¯ ) ( b i b ¯ ) i = 1 n ( a i a ¯ ) 2 i = 1 n ( b i b ¯ ) 2
where r a b represents the correlation coefficients, a ¯ , b ¯ is the mean value.
The closer the calculated correlation coefficient is to 1, the stronger the correlation is, and the closer it is to 0, the weaker the correlation is. As shown in Table 11, take baboon as an example; we are able to see in Table 11 that it has a horizontal correlation of 0.0007, a vertical correlation of −0.003 and a diagonal correlation of 0.008, with a correlation index very close to 0 in three directions, indicating that the high correlation between pixels is broken.
In addition, from Figure 17, we can clearly see that for the plaintext image, most of the points are close to the diagonal of the axes, whereas, for the encrypted image, these points are randomly distributed throughout the space, with significantly lower inter-pixel correlation. Both illustrate the effectiveness of our algorithm in removing intra-pixel correlations.

4.1.6. Information Entropy Analysis

Information entropy is another metric for evaluating the security of a ciphertext and represents the strength of the uncertainty of the image information, which is expressed in Equation (12).
For a grey-scale image with 256 states, it has a maximum expectation value of 8, Table 12 shows the test results we obtained and the comparison of the other four schemes, where the result of the three encrypted images of House, Baboon and Peppers are higher than the other schemes, and the results of all four images are close to the ideal value of 8. It can be said that the image results processed by our encryption scheme are close to the random images, with good uncertainty, and can effectively resist statistical analysis attacks.

4.1.7. Anti-Cropping Attack Analysis

During the transmission of information, information may be lost due to humans or some uncontrollable factors. If the encryption algorithm is able to restore the plaintext image in this case, then the encryption algorithm is valid. In Figure 18, we add a 5% loss of pixel values to the Peppers. From the perspective of the decrypted image, even though the image has lost some data, it is still possible to decrypt the basic information and be able to recover it basically, so the algorithm is resistant to basic cropping attacks.

4.1.8. Speed Analysis

Running speed is an important index to evaluate the encryption algorithm; we simulated it in Python 3.7 environment on a PC with a 2.2 GHz CPU and 8 G RAM. As can be seen from Table 13, this paper’s encryption efficiency is superior to that of Refs. [11,12,13] while being slightly slower than that of Ref. [15]. This shows that our proposed encryption algorithm performs well in terms of efficiency and is capable of being applied in practical applications. Because we used a round of bitrate encryption and a round of pixel-level encryption, the efficiency is reduced, but the security is improved.

5. Conclusions

In this paper, we propose an improved cascaded chaotic map 2D-CLSM and design a novel encryption scheme based on it and S-box. By generating a key associated with the plaintext, the whole encryption process is associated with the plaintext, effectively resisting the chosen/known plaintext attack. An S-box encryption scheme is designed and applied to our encryption, increasing the overall security of the algorithm. Dividing the encryption into bit-level encryption and pixel-level encryption improves the complexity and security of the encryption to a certain extent but reduces its efficiency. The encryption method in this paper can be applied to different image types, such as grey-scale images, grey-scale medical images, etc., while the algorithm is able to meet everyday encryption requirements, both in terms of efficiency and security. The experimental results show that the algorithm has sufficient key space, is resistant to brute force attacks and performs well against statistical analysis attacks, clipping attacks and differential attacks. However, although we improved the efficiency of S-box generation, we used two rounds of encryption, one at the bit level and one at the pixel level, which makes us less efficient overall, so the next step is to improve the efficiency of encryption in both rounds.

Author Contributions

Investigation, J.Z. and T.B.; Writing—original draft, T.B. All authors have read and agreed to the published version of the manuscript.

Funding

This work was partly supported by the National Natural Science Foundation of China (Grant No. 62272077).

Institutional Review Board Statement

Not applicable.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Acknowledgments

The authors are thankful to the reviewers for their comments and suggestions to improve the quality of the manuscript.

Conflicts of Interest

The authors declare that they have no conflict of interest.

References

  1. Wang, M.; Liu, H.; Zhao, M. Bit-level image encryption algorithm based on random-time S-Box substitution. Eur. Phys. J. Spec. Top. 2022, 24, 3225–3237. [Google Scholar] [CrossRef]
  2. Xiang, H.; Liu, L. An improved digital logistic map and its application in image encryption. Multimed. Tools Appl. 2020, 79, 30329–30355. [Google Scholar] [CrossRef]
  3. Ratan, R.; Yadav, A. Security analysis of bit-plane level image encryption schemes. Def. Sci. J. 2021, 71, 209–221. [Google Scholar] [CrossRef]
  4. Pareek, N.K.; Patidar, V.; Sud, K.K. Image encryption using chaotic logistic map. Image Vis. Comput. 2006, 24, 926–934. [Google Scholar] [CrossRef]
  5. Farhan, A.K.; Al-Saidi, N.M.G.; Maolood, A.T. Entropy analysis and image encryption application based on a new chaotic system crossing a cylinder. Entropy 2019, 21, 958. [Google Scholar] [CrossRef] [Green Version]
  6. Luo, Y.; Lin, J.; Liu, J. A robust image encryption algorithm based on Chua’s circuit and compressive sensing. Signal Process. 2019, 161, 227–247. [Google Scholar] [CrossRef] [Green Version]
  7. Zhou, W.; Wang, X.; Wang, M. A new combination chaotic system and its application in a new Bit-level image encryption scheme. Opt. Lasers Eng. 2022, 149, 106782. [Google Scholar] [CrossRef]
  8. Zheng, J.; Liu, L.F. Novel image encryption by combining dynamic DNA sequence encryption and the improved 2D logistic sine map. IET Image Process. 2020, 14, 2310–2320. [Google Scholar] [CrossRef]
  9. Lan, R.; He, J.; Wang, S. Integrated chaotic systems for image encryption. Signal Process. 2018, 147, 133–145. [Google Scholar] [CrossRef]
  10. Wang, T.; Ge, B.; Xia, C. Multi-Image Encryption Algorithm Based on Cascaded Modulation Chaotic System and Block-Scrambling-Diffusion. Entropy 2022, 24, 1053. [Google Scholar] [CrossRef]
  11. Adams, C.; Tavares, S. The structured design of cryptographically good s-boxes. J. Cryptol. 1990, 3, 27–41. [Google Scholar] [CrossRef]
  12. Arslan, S.; Fawad, A. Image encryption using dynamic S-box substitution in the wavelet domain. Wirel. Pers. Commun. 2020, 115, 2243–2268. [Google Scholar]
  13. Yang, C.; Wei, X.; Wang, C. S-Box design based on 2D multiple collapse chaotic map and their application in image encryption. Entropy 2021, 23, 1312. [Google Scholar] [CrossRef] [PubMed]
  14. Li, Y.; Ge, G.; Xia, D. Chaotic hash function based on the dynamic s-box with variable parameters. Nonlinear Dyn. 2016, 84, 2387–2402. [Google Scholar] [CrossRef]
  15. Zhou, S.; He, P.; Kasabov, N. A dynamic DNA color image encryption method based on SHA-512. Entropy 2020, 22, 1091. [Google Scholar] [CrossRef]
  16. Wang, X.; Yang, J. A novel image encryption scheme of dynamic s-boxes and random blocks based on spatiotemporal chaotic system. Optik 2020, 217, 164884. [Google Scholar] [CrossRef]
  17. Belazi, A.; El-Latif, A. A simple yet efficient S-box method based on chaotic sine map. Optik 2017, 130, 1438–1444. [Google Scholar] [CrossRef]
  18. Beg, S.; Baig, F.; Hameed, Y. Thermal image encryption based on laser diode feedback and 2D logistic chaotic map. Multimed. Tools Appl. 2022, 81, 26403–26423. [Google Scholar] [CrossRef]
  19. Liu, H.; Liu, J.; Ma, C. Constructing dynamic strong S-Box using 3D chaotic map and application to image encryption. Multimed. Tools Appl. 2022, 81, 12069. [Google Scholar] [CrossRef]
  20. Zheng, J.M.; Zeng, Q.X. An image encryption algorithm using a dynamic s-box and chaotic maps. Appl. Intell. 2022, 52, 15703–15717. [Google Scholar] [CrossRef]
  21. Özkaynak, F. Construction of robust substitution boxes based on chaotic systems. Neural Comput. Appl. 2019, 31, 3317–3326. [Google Scholar] [CrossRef]
  22. Wang, X.; Çavuşoğlu, Ü.; Kacar, S. S-Box based image encryption application using a chaotic system without equilibrium. Appl. Sci. 2019, 9, 781. [Google Scholar] [CrossRef] [Green Version]
  23. Wang, J.; Zhu, Y.; Zhou, C. Construction method and performance analysis of chaotic s-box based on a memorable simulated annealing algorithm. Symmetry 2020, 12, 2115. [Google Scholar] [CrossRef]
  24. Zhou, G.; Zhang, D.; Liu, Y. A novel image encryption algorithm based on chaos and Line map. Neurocomputing 2015, 169, 150–157. [Google Scholar] [CrossRef]
  25. Zhou, Y.; Hua, Z.; Pun, C.M. Cascade chaotic system with applications. IEEE Trans. Cybern. 2014, 45, 2001–2012. [Google Scholar] [CrossRef]
  26. Alawida, M.; Samsudin, A.; Teh, J.S. Digital cosine chaotic map for cryptographic applications. IEEE Access 2019, 7, 150609–150622. [Google Scholar] [CrossRef]
  27. Lu, Q.; Zhu, C.; Deng, X. An efficient image encryption scheme based on the LSS chaotic map and single s-box. IEEE Access 2020, 8, 25664–25678. [Google Scholar] [CrossRef]
  28. Hua, Z.Y. 2D Logistic-Sine-Coupling map for image encryption. Signal Process. 2018, 149, 148–161. [Google Scholar] [CrossRef]
  29. Zhang, Y. The unified image encryption algorithm based on chaos and cubic s-box. Inf. Sci. 2018, 450, 361–377. [Google Scholar] [CrossRef]
  30. Wang, X.; Su, Y.; Liu, L. Color image encryption algorithm based on Fisher-Yates scrambling and DNA subsequence operation. Vis. Comput. 2021, 37, 2311. [Google Scholar] [CrossRef]
  31. Liu, H.; Kadir, A.; Xu, C. Cryptanalysis and constructing S-box based on chaotic map and backtracking. Appl. Math. Comput. 2020, 376, 125153. [Google Scholar] [CrossRef]
  32. Farwa, S.; Muhammad, N. A Novel Image Encryption Based on Algebraic s-box and Arnold Transform. 3D Res. 2017, 8, 26. [Google Scholar] [CrossRef]
  33. Lu, Q.; Zhu, C.; Wang, G. A novel s-box design algorithm based on a new compound chaotic system. Entropy 2019, 21, 1004. [Google Scholar] [CrossRef] [Green Version]
  34. Biham, E.; Shamir, A. Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 1991, 4, 3–72. [Google Scholar] [CrossRef]
  35. Wang, X.; Du, X. Chaotic image encryption method based on improved zigzag permutation and DNA rules. Multimed. Tools Appl. 2022, 81, 13012. [Google Scholar] [CrossRef]
Figure 1. Chaotic bifurcation diagrams and Lyapunov exponents: (a) bifurcation diagram of Logistic map; (b) Lyapunov exponent of Logistic map; (c) bifurcation diagram of Sine map; (d) Lyapunov exponent of Sine map.
Figure 1. Chaotic bifurcation diagrams and Lyapunov exponents: (a) bifurcation diagram of Logistic map; (b) Lyapunov exponent of Logistic map; (c) bifurcation diagram of Sine map; (d) Lyapunov exponent of Sine map.
Entropy 24 01827 g001
Figure 2. Cascade system.
Figure 2. Cascade system.
Entropy 24 01827 g002
Figure 3. The trajectory of chaotic systems: (a) the trajectory of 2D-CLSM with θ = 0.71 , h = 15 ; (b) the trajectory of 2D-CLSM with θ = 0.3 , h = 15 ; (c) the trajectory of 2D-CLSM with θ = 0.71 , h = 20 ; (d) the trajectory of 2D-CLSM with θ = 0.3 , h = 20 ; (e) the trajectory of 2D-LSCM with θ = 0.3 ; (f) 2D-LSCM with θ = 0.71 .
Figure 3. The trajectory of chaotic systems: (a) the trajectory of 2D-CLSM with θ = 0.71 , h = 15 ; (b) the trajectory of 2D-CLSM with θ = 0.3 , h = 15 ; (c) the trajectory of 2D-CLSM with θ = 0.71 , h = 20 ; (d) the trajectory of 2D-CLSM with θ = 0.3 , h = 20 ; (e) the trajectory of 2D-LSCM with θ = 0.3 ; (f) 2D-LSCM with θ = 0.71 .
Entropy 24 01827 g003
Figure 4. Bifurcation diagram of chaotic system: (a) bifurcation diagram of 2D-CLSM θ x ; (b) bifurcation diagram of 2D-CLSM θ y ; (c) bifurcation diagram of 2D-LSCM θ x ; (d) bifurcation diagram of 2D-LSCM θ y .
Figure 4. Bifurcation diagram of chaotic system: (a) bifurcation diagram of 2D-CLSM θ x ; (b) bifurcation diagram of 2D-CLSM θ y ; (c) bifurcation diagram of 2D-LSCM θ x ; (d) bifurcation diagram of 2D-LSCM θ y .
Entropy 24 01827 g004
Figure 5. Lyapunov exponents for chaotic systems: (a) Lyapunov exponent of 2D-CLSM; (b) Lyapunov exponent of 2D-LSCM.
Figure 5. Lyapunov exponents for chaotic systems: (a) Lyapunov exponent of 2D-CLSM; (b) Lyapunov exponent of 2D-LSCM.
Entropy 24 01827 g005
Figure 6. The information entropy of the sequences: (a) information entropy of 2D-CLSM; (b) information entropy of 2D-LSCM.
Figure 6. The information entropy of the sequences: (a) information entropy of 2D-CLSM; (b) information entropy of 2D-LSCM.
Entropy 24 01827 g006
Figure 7. Overall process.
Figure 7. Overall process.
Entropy 24 01827 g007
Figure 8. Bit-level encryption process.
Figure 8. Bit-level encryption process.
Entropy 24 01827 g008
Figure 9. Plaintext image processing.
Figure 9. Plaintext image processing.
Entropy 24 01827 g009
Figure 10. Zigzag transform.
Figure 10. Zigzag transform.
Entropy 24 01827 g010
Figure 11. Matrix rearrangement.
Figure 11. Matrix rearrangement.
Entropy 24 01827 g011
Figure 12. Diagonal diffusion of different matrices.
Figure 12. Diagonal diffusion of different matrices.
Entropy 24 01827 g012
Figure 13. Pixel-level encryption process.
Figure 13. Pixel-level encryption process.
Entropy 24 01827 g013
Figure 14. Encryption and decryption results: (a) plaintext image Baboon; (b) encrypted image Baboon; (c) decrypted image Baboon; (d) plaintext image House; (e) encrypted image House; (f) decrypted image House; (g) plaintext image Cameraman; (h) encrypted image Cameraman; (i) decrypted image Cameraman; (j) plaintext image Peppers; (k) encrypted image Peppers; (l) decrypted image Peppers.
Figure 14. Encryption and decryption results: (a) plaintext image Baboon; (b) encrypted image Baboon; (c) decrypted image Baboon; (d) plaintext image House; (e) encrypted image House; (f) decrypted image House; (g) plaintext image Cameraman; (h) encrypted image Cameraman; (i) decrypted image Cameraman; (j) plaintext image Peppers; (k) encrypted image Peppers; (l) decrypted image Peppers.
Entropy 24 01827 g014aEntropy 24 01827 g014b
Figure 15. Key sensitivity analysis: (a) image encrypted with original key t ; (b) image encrypted with original key t + 10 16 ; (c) the difference between (a,b); (d) image encrypted with original key μ ; (e) image encrypted with original key μ + 10 16 ; (f) the difference between (d,e).
Figure 15. Key sensitivity analysis: (a) image encrypted with original key t ; (b) image encrypted with original key t + 10 16 ; (c) the difference between (a,b); (d) image encrypted with original key μ ; (e) image encrypted with original key μ + 10 16 ; (f) the difference between (d,e).
Entropy 24 01827 g015aEntropy 24 01827 g015b
Figure 16. Plain text image histogram and Ciphertext image histogram analysis: (a) plaintext Baboon histogram; (b) Ciphertext Baboon histogram; (c) plaintext House histogram; (d) Ciphertext House histogram; (e) plaintext Cameraman histogram; (f) Ciphertext Cameraman histogram; (g) plaintext Peppers histogram; (h) Ciphertext Peppers histogram.
Figure 16. Plain text image histogram and Ciphertext image histogram analysis: (a) plaintext Baboon histogram; (b) Ciphertext Baboon histogram; (c) plaintext House histogram; (d) Ciphertext House histogram; (e) plaintext Cameraman histogram; (f) Ciphertext Cameraman histogram; (g) plaintext Peppers histogram; (h) Ciphertext Peppers histogram.
Entropy 24 01827 g016aEntropy 24 01827 g016b
Figure 17. Plain text image correlation and Ciphertext image correlation analysis: (a) plaintext Baboon diagonal direction; (b) Ciphertext Baboon diagonal direction; (c) plaintext House diagonal direction; (d) Ciphertext House diagonal direction; (e) plaintext Cameraman diagonal direction; (f) Ciphertext Cameraman diagonal direction; (g) plaintext Peppers diagonal direction; (h) Ciphertext Peppers diagonal direction.
Figure 17. Plain text image correlation and Ciphertext image correlation analysis: (a) plaintext Baboon diagonal direction; (b) Ciphertext Baboon diagonal direction; (c) plaintext House diagonal direction; (d) Ciphertext House diagonal direction; (e) plaintext Cameraman diagonal direction; (f) Ciphertext Cameraman diagonal direction; (g) plaintext Peppers diagonal direction; (h) Ciphertext Peppers diagonal direction.
Entropy 24 01827 g017
Figure 18. The cropped encrypted image and the corresponding decrypted image. (a) The plain image of Peppers. (b) The cipher image of Peppers with 5% loss. (c) The decrypted image of (b).
Figure 18. The cropped encrypted image and the corresponding decrypted image. (a) The plain image of Peppers. (b) The cipher image of Peppers with 5% loss. (c) The decrypted image of (b).
Entropy 24 01827 g018
Table 1. NIST test results.
Table 1. NIST test results.
Serial NumberTest Items2D-CLSM2D-LSCM
p ValueTest Resultsp ValueTest Results
1Frequency0.1422Success0.0767Success
2Block Frequency0.7165Success0.9936Success
3Cumulative Sums0.2472Success0.0692Success
4Runs0.8561Success0.7405Success
5Longest Run of Ones0.7310Success0.4477Success
6Rank0.1691Success0.1514Success
7Discrete Fourier Transform0.8330Success0.1766Success
8Nonperiodic Template Matchings0.6254Success0.4721Success
9Overlapping Template Matchings0.6886Success0.9365Success
10Universal0.9992Success0.9583Success
11Approximate Entropy0.9309Success0.7040Success
12Random Excursions0.1319Success0.2175Success
13Random Excursion Variant0.1025Success0.4166Success
14Serial0.9068Success0.1638Success
15Linear Complexity0.9250Success0.5041Success
Table 2. Generation time and fix point.
Table 2. Generation time and fix point.
S-BoxGenerate TimeFixed PointAfter Fisher–Yates
Ref. [17]0.94152, 17, C7, CBNone
Ref. [21]0.04870D, 33, 77, 95None
Ref. [22]0.7593NoneNone
Table 3. The generated S-box by proposed algorithm.
Table 3. The generated S-box by proposed algorithm.
i\j.0123456789ABCDEF
010062602032172715910377112134236216721996
12282918170113396412787901160941837125
21995455193104246146129791416213723763191174
31481151099922513202187172501854111025139177
450157623811434121072072224510224975220200
598195470151516738223018420424111735130
6362541561962271782486814531126149153543181
719157301541212318620123910118972697111937
8131111181083242151402477438152462068106
9592081641501361922559842352298821317114792
A16648972822418023144854190122111173108243
B5218821020919758182233143402616333244218211
C120892016124575323214217973172224417570
D1762123221691194492451558016123414142226198
E186135205612401232232511052195133253221252242
F6693169116811657812813813221456656168158
Table 4. S-box nonlinear values.
Table 4. S-box nonlinear values.
S1S2S3S4S5S6S7S8
NL(s)108106108106108108110106
Table 5. Generating S-box SAC values.
Table 5. Generating S-box SAC values.
0.41960.42350.41960.56470.48230.51370.54500.5294
0.45490.50190.45090.50190.54900.47050.43520.5176
0.59600.48620.49800.51370.56070.53330.56070.5176
0.49800.51370.54900.49800.43920.48620.54500.5490
0.50190.52940.52940.49800.43920.48620.54500.5490
0.50190.45090.56470.51760.51370.49800.51370.4392
0.46660.53330.48230.42350.45490.54500.52940.4235
0.47050.53330.48230.45490.54900.52940.50190.4980
Table 6. S-box performance test results.
Table 6. S-box performance test results.
S-BoxNonlinearitySACBIC-SACBIC-NonlinearityDPGenerate
Time
MinMaxAvg
ours106110107.50.49960.5009104100.0066
Ref. [18]1001061040.49880.5006104100.3071
Ref. [19]1021081040.49880.5052104100.0091
Ref. [20]1061081060.49160.5058104.14100.0160
Ref. [22]99106103.50.50650.5013103.357120.7593
Table 7. Initial key.
Table 7. Initial key.
tμθxyΔm
0.90.50.20.50.25001
Table 8. Generated encryption keys.
Table 8. Generated encryption keys.
ImageBaboonHouseCameramanPeppers
t 0 0.12026504984675740.94779099073619880.21604990062399730.0961937648047185
μ ^ 0.93496784306366380.95055747496338230.92101238506957790.9032945073229159
θ ^ 0.06640039446468140.69205087143752330.23099758361141580.977565451998436
x 0 0.02644620058802430.44909024281092650.18112797354564820.1440190683132808
y 0 0.06640039446468140.69205087143752330.23099758361141580.977565451998436
h ^ 20.51275413464105716.4973981485364622.59214420005977411.400485742889497
Table 9. Variance of histograms of encrypted images.
Table 9. Variance of histograms of encrypted images.
ImagePlain ImageOursRef. [18]Ref. [19]Ref. [20]Ref. [22]
Baboon47,065.25233.35270.33270.68271.31237.31
House28,706.41217.75255.35263.38246.16246.76
Cameraman10,5149.27247.92269.91249.93265.32259.79
Peppers35,550.14246.04234.49242.46240.74242.06
Average54,513.19236.26257.52256.61255.88246.48
Table 10. NPCR and UACI values.
Table 10. NPCR and UACI values.
Image NPCRUACI
BaboonOurs99.6246%33.4949%
Ref. [18]99.4863%32.1574%
Ref. [19]99.5616%33.0145%
Ref. [20]99.6551%33.4146%
Ref. [22]99.5256%33.3324%
HouseOurs99.6292%33.5274%
Ref. [18]99.4515%33.1501%
Ref. [19]99.5849%33.3829%
Ref. [20]99.6149%33.5051%
Ref. [22]99.5951%33.1216%
CameramanOurs99.6231%33.4488%
Ref. [18]99.5987%33.2151%
Ref. [19]99.5739%33.3015%
Ref. [20]99.6032%33.5028%
Ref. [22]99.5897%32.7981%
PeppersOurs99.5941%33.5739 %
Ref. [18]99.4782%33.4131%
Ref. [19]99.5801%33.4466%
Ref. [20]99.6337%33.5884%
Ref. [22]99.6111%33.0147%
Table 11. Correlation coefficients.
Table 11. Correlation coefficients.
ImageDirectionsOursRef. [18]Ref. [19]Ref. [20]Ref. [22]
Horizontal0.0007−0.0284−0.00270.00390.0034
BaboonVertical−0.00300.01470.00230.0103−0.0019
Diagonal0.00800.04590.0088−0.00700.0005
Horizontal−0.00200.04970.0047−0.00630.0098
HouseVertical−0.01470.03270.00300.0035−0.0342
Diagonal0.0086−0.0154−0.00390.01030.0196
Horizontal−0.00550.0120−0.00270.00470.0023
CameramanVertical−0.00080.04780.000250.00180.0044
Diagonal−0.00050.03540.0039−0.0019−0.0048
Horizontal−0.0029−0.0654−0.00080.00280.0051
PeppersVertical0.0089−0.02590.0083−0.0017−0.0049
Diagonal−0.0088−0.0351−0.0012−0.01030.0078
Table 12. Comparison of ciphertext information entropy.
Table 12. Comparison of ciphertext information entropy.
MethodsBaboonHouseCameramanPeppers
Ours7.99747.99767.99727.9972
Ref. [18]7.98657.99077.97167.9930
Ref. [19]7.96097.96117.95817.9592
Ref. [20]7.99747.99697.99747.9967
Ref. [22]7.96727.98587.97737.9668
Table 13. Comparison of encryption algorithm runtimes (seconds).
Table 13. Comparison of encryption algorithm runtimes (seconds).
Ref. [18]Ref. [19]Ref. [20]Ref. [22]Ours
1.841.691.910.831.12
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Zheng, J.; Bao, T. An Image Encryption Algorithm Using Cascade Chaotic Map and S-Box. Entropy 2022, 24, 1827. https://doi.org/10.3390/e24121827

AMA Style

Zheng J, Bao T. An Image Encryption Algorithm Using Cascade Chaotic Map and S-Box. Entropy. 2022; 24(12):1827. https://doi.org/10.3390/e24121827

Chicago/Turabian Style

Zheng, Jiming, and Tianyu Bao. 2022. "An Image Encryption Algorithm Using Cascade Chaotic Map and S-Box" Entropy 24, no. 12: 1827. https://doi.org/10.3390/e24121827

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop