A Novel and Fast Encryption System Based on Improved Josephus Scrambling and Chaotic Mapping

To address the shortcomings of weak confusion and high time complexity of the existing permutation algorithms, including the traditional Josephus ring permutation (TJRP), an improved Josephus ring-based permutation (IJRBP) algorithm is developed. The proposed IJRBP replaces the remove operation used in TJRP with the position exchange operation and employs random permutation steps instead of fixed steps, which can offer a better scrambling effect and a higher permutation efficiency, compared with various scrambling methods. Then, a new encryption algorithm based on the IJRBP and chaotic system is developed. In our scheme, the plaintext feature parameter, which is related to the plaintext and a random sequence generated by a chaotic system, is used as the shift step of the circular shift operation to generate the diffusion matrix, which means that a minor change in the source image will generate a totally different encrypted image. Such a strategy strikes a balance between plaintext sensitivity and ciphertext sensitivity to obtain the ability to resist chosen-plaintext attacks (CPAs) and the high robustness of resisting noise attacks and data loss. Simulation results demonstrate that the proposed image cryptosystem has the advantages of great encryption efficiency and the ability to resist various common attacks.


Research Background
With the development of communication technology, some new transmission media such as image and video are widely used to disseminate information. Digital images containing private information without special processing can be easily intercepted and exploited by hackers when they are transmitted on various public channels. Encryption is an effective means commonly used to keep information confidential. However, traditional text encryption standards such as the data encryption standard (DES), advanced encryption standard (AES) and Rivest-Shamir-Adleman (RSA) algorithm cannot efficiently encrypt the images with huge data volumes, high temporal redundancy, and spatial redundancy [1]. The high sensitivity to initial values and the uncertain behavior of chaotic systems renders them more suitable for image encryption [2]. Therefore, the chaotic-based encryption scheme draws more and more attention. In 1998, Fridrich proposed a new cryptographic framework that includes permutation and diffusion using a two-dimensional chaotic map. Such a method not only disrupts the position of the pixels, but also changes the statistical characteristic of the plaintext image [3]. Inspired by Fridrich's research, many encryption algorithms using similar encryption frameworks have been proposed in recent years [1,.
In the first category, some researchers utilized the extended Arnold map to permute the plaintext image [6,9]. Specifically, the pixel coordinates are set as the initial values of the chaotic map and the new positions of the pixels are obtained by iterating the chaotic system. To improve the plaintext sensitivity of a cryptosystem, in [6], the plaintext information is employed to generate the parameters of the extended Arnold map and influence the diffusion operation. Kang et al. [7] presented a novel plaintext-related mechanism, in which the numbers of A, T, C, and G of plaintext DNA coding are used to control the permutation process. In addition, SHA algorithms have been applied in cryptographic frameworks to pursue high plaintext sensitivity [8,11,12,14,23]. For instance, in [8], the hash values of the plaintext image calculated by the SHA256 algorithm are used as the initial values of the non-coupled map lattice function. However, these schemes suffer from some drawbacks, such as the weak scrambling effect [6,9], a long permutation time [7], or a low application value because of its one-time-pad-like property [8,11,12,14,23]. For the characteristic of easy implementation, permutations based on index matrices which are derived from sorting and matching random sequences has been used in many encryption schemes [4,5,28,29]. In 2020, Cao et al. [5] employed the index matrix and the specific diffusion formula to permute and diffuse the plaintext image separately, which can avoid the need of using one-time encryption techniques to reach high plaintext sensitivity. In many works, circular shift is exploited to scramble the source image matrix to achieve faster permutation speeds [1,10,13]. In [1], a novel cryptosystem is developed based on a circular shift operation in which step size is controlled by the pseudo-random sequence. Although this scheme has excellent encryption efficiency, its scrambling effect needs to be further improved.
In the second category, the permutation operation in many cryptographic systems is performed on a one-dimensional plaintext matrix transformed from the original image [16,17,20,24,26]. For instance, in [17], the plain image is converted into a onedimensional matrix, which is scrambled by an index matrix in the permutation stage. Since a pixel can be represented by an eight-bit binary, some works transform the original image into a binary array which is downscaled to a one-dimensional matrix for further scrambling [20,24]. Although bit-level permutation can change the positions and values of pixels simultaneously, the amount of data that needs to be processed has increased by 8 times, which reduces the efficiency of the cryptographic system. Furthermore, since the generation of a index matrix used in permutation stage by sorting and comparing the random sequences is very time-consuming, and when the size of the original image is doubled, the execution time will increase exponentially, some algorithms transformed the plain image into a 3D matrix for further processing [15,25,27]. In 2016, Zhang et al. proposed a novel cryptosystem in which the plaintext image is transformed into a 3D bit matrix, and then the permutation operation is performed using three index sequences whose lengths are equal to the length, width, and height of the 3D bit matrix [15], respectively. In 2014, a Josephus ring has been used to scramble images [32]. However, this exposed some problems, such as a fixed step length and a too-long scrambling time. In recent years, many improved Josephus rings have been developed and used to pursue higher confusion effects [18,21,22]. In [18], Niu et al. developed an improved Josephus ring scrambling algorithm with a dynamic step size, related to the pixel value of the plaintext. This scheme greatly improves the scrambling effect and plaintext sensitivity, but possesses poor robustness against noise attacks and a slow encryption speed. In addition to the permutation-diffusion architecture, some scholars apply quantum mechanics theory to developed image encryption schemes which only contain some diffusion operations, such as C-Not gate [33,34]. Other studies introduced additional perturbations to the chaotic maps to avoid chaos degradation [35] when implementing in hardware with limited precision [36,37].

The Weaknesses of Existing Works
After careful analysis of the above encryption schemes, we found that most of the algorithms have the following drawbacks: • Some encryption schemes are insensitive to subtle differences of the original image and insufficient to resist chosen-plaintext attacks (CPAs). Table 1 shows the papers that have been cracked in recent years; • Low robustness of noise-resistings and occlusion-resistings because of the high sensitivity of ciphertext [7,16,18,38]; • Permutation operations are time-consuming, especially the permutation techniques using long random sequences generated by sorting and comparing operations [4,5,11,12,17,19,20] or traditional Josephus rings [18,21,22]; • Poor permutation effects are present in many works, including existing chaos-based image permutation algorithms and Josephus ring-based permutations, which is discussed in Section 1 and will be further detailed in Section 3.

Contribution of Our Research
To overcome the weaknesses of existing works, we propose an improved Josephus ring-based permutation (IJRBP) and a new encryption scheme. The contributions of this paper are as follows: • The proposed IJRBP replaces the remove operation used in TJRP with the position exchange operation and employs random permutation steps instead of fixed steps, which avoids the drawbacks of TJRP to offer an excellent scrambling effect and a high permutation efficiency; • A new encryption algorithm based on the IJRBP is developed. The new scheme strikes a balance between plaintext sensitivity and ciphertext sensitivity to obtain the ability to resist CPAs, as well as a high robustness for resisting noise attacks and data loss simultaneously; • IJRBP can be used for scrambling grayscale images or color images of any size; Section 2 presents the involved chaotic systems and the generation of pseudo-random sequences required for cryptosystems. Section 3 introduces the IJRBP algorithm in detail. Section 4 provides the process of image encryption. Section 5 offers a systematic evaluation of safety performance. Section 6 concludes this article.

The Involved Chaotic Map
There are three chaotic maps used in this work, namely, a tent map, a piecewise linear map, and a Chebyshev map. The tent map is a classic one-dimensional chaotic system which is widely used in the field of image encryption, and its mathematical equation can be defined as: when the control parameter u ∈ (2, 4], the numerical simulation of the tent map demonstrates chaotic behavior.
The piecewise linear map consists of a multi-segment linear function and can be described by the following iteration: where p is the control parameter in the range (0, 0.5) and the x n+1 ∈ (0, 1) is the output.
The Chebyshev map is a one-dimensional chaotic map with the advantages of a simple structure and easy implementation. It can be expressed as: where a ≥ 2 and x n+1 ∈ [−1, 1]. Figure 1 shows the bifurcation diagrams and Lyapunov exponent diagrams of the chaotic maps used in the proposed cryptosystem. In our proposed scheme, the parameters of the three chaotic maps are set as u = 3.999998, a = 4, and p = 0.256, respectively.

Pseudo-Random Sequence Generation
In this subsection, the three involved chaotic maps are used to generate the pseudorandom sequences which will be utilized in the proposed cryptosystem.
Step 3: Generate the coordinate information. The random coordinates loc1 and loc2 are calculated by using the following equations: loc2 = f loor mod y n (N + 2) × 10 9 , N + 1.

Improved Josephus Ring-Based Permutation
The traditional Josephus ring can be implemented with only one step parameter, and its permutation process is easy to understand. The principle of traditional Josephus rings is shown in Figure 2. Here, the step size is set to three and the Josephus ring is scanned clockwise from the first element. The element located at each step is extracted from the Josephus ring, and then a new similar operation is repeated from the next position of the removed element until the last element in the Josephus ring is eliminated. We improve the traditional Josephus ring and propose IJRBP to solve the problems of the traditional Josephus ring and other existing permutation algorithms discussed in Section 1. The principle of IJRBP is shown in Figure 3. The IJRBP replaces the remove operation with the position exchange operation to achieve a further dislocation effect and reduce the time complexity. Suppose the one-dimensional image matrix and the random sequence are P = [1,2,3,4,5,6,7,8] and Seq = [2, 8, 6, 5, 3, 4, 7, 1], respectively. The detailed process of IJRBP is described in Algorithm 1.
We use the standard testing image Lena in the scrambling experiment. All permutation algorithms are tested in the same environment to ensure the correctness. The simulation results are shown in Figure 4 and Table 2, and we can see that IJRBP shows significant advantages over other solutions in terms of the confusion effect and the running speed.

The Proposed Encryption System
In this section, the new encryption system based on IJRBP is detailed. Figure 5 describes the diagram of the encryption and decryption system. After the IJRBP, the scrambled matrix S is obtained. It is worth noting that when the plaintext image I is all black, matrix S is obtained by Equation (11): Chaotic mapping The encryption process

Diffusion Stage
Here, we detail the diffusion stage as follows.
Step 1: Generate a pseudo-random sequence Xn 2 through Equation (12). Then, the IJRBP and Xn 2 are used to confuse the sequence Zn to obtain sequence Zn 1 .
Step 2: Apply the circular shift operation on the sequence Zn 1 to gain another sequence Zn 2 . Technically, if the parameter f is an odd number, the direction of the cyclic shift is to the left, with a step size of f loor(1.1 f ); inversely, the direction is to the right with the same step size.
Step 3: Convert the sequence Zn 2 into a two-dimensional matrix Zn 3 with height M and length N.
Step 4: Perform the XOR operation of matrix Zn 3 and matrix S to obtain matrix B.
Step 5: Replace the pixel value of B(loc1, loc2) with f ; then, an encrypted image C is obtained. In particular, for encrypting a color image I, we can perform encryption on the R, G, and B channel images separately in the same way.

Decryption Algorithm
Referring to Figure 5, the decryption process is the inverse process of encryption. Firstly, the four keys are used to generate the sequences Xn and Zn, and then the parameter f is obtained through loc1 and loc2. Secondly, after the IJRBP, circular shift, and XOR operation, the matrix Zn 3 and matrix S are derived. Finally, the original image I is produced by performing the inverse IJRBP on the matrix S using the sequence Xn.

Simulation Results and Security Analysis
To verify the security and efficiency of the proposed encryption scheme, some standard images with different sizes are used in multiple simulation and security analyses. The initial values of the three chaotic maps, which are denoted as K 1 , K 2 , and K 3 , and the iteration parameter N 0 are used as secret keys in this work. The simulation test is performed on a computer with an Intel Core i5-4200HCPU@ 2.80 GHz, 8.0G RAM, Windows 10 OS, and MATLAB R2016b. The simulation results are shown in Figure 6. (i-l) cipher images of (a-d); (m-p) histograms of (i-l); (q-t) decrypted images of (i-l).
The peak signal to noise ratio (PSNR) is often used to measure the degree of signal distortion. A smaller PSNR means that the encrypted image possesses higher distortion relative to the original image. The PSNR is defined by: where (I(i, j) − C(i, j)) 2 , M, and N are the height and width of the image, and I and C are the plaintext image and the encrypted image, respectively. Table 3 shows the PSNR analysis results of different algorithms, which proves the excellent encryption effect of our algorithm.

Security Key Space
The key space is an important factor of a reliable encryption system and it must be greater than 2 100 for resisting brute-force attacks. The ranges of the four secret keys in our approach are K 1 ∈ (0, 1), K 2 ∈ (0, 1), K 3 ∈ (−1, 1), and N 0 ∈ [1000, 2500], respectively. The key space comparison results of different algorithms are shown in Table 4. If the computational precision of the computer reaches 10 16 , the key space of the proposed algorithm will be 10 16 × 10 16 × 10 16 × 1500 ≈ 2 170 . Obviously, the cryptosystem can effectively resist brute-force attacks.

Histogram Analysis
Statistical analysis can disclose the distribution characteristics of the image and be used in the work of cracking cryptographic systems. An excellent encryption system must guarantee the uniform distribution of the pixel values of ciphertext image to mask the pixels' distribution characteristics. As illustrated in Figure 6, the unique pixel intensity distribution characteristic of each plaintext image is concealed after the encryption operation. Furthermore, we use the variance of image histogram (VIH) to evaluate the flat level of the histogram of the ciphered image, which is defined as: where h i are the components of the histogram of the encrypted image and e= M×N 256 (M and N are the size of image). Table 5 shows the VIH analysis results. Combining Figure 6 and Table 5, one can conclude that the VIH performance of the proposed scheme is better than that of other algorithms, and it is difficult for attackers to crack the encryption system through statistical analysis.

Correlation Analysis
There is a high correlation between the adjacent pixels in the image without special processing. The strong correlation of the adjacent pixels in cipher images will increase the risk of being attacked. Here, we calculate the correlation coefficient of all adjacent pixels at vertical, horizontal, and diagonal directions. The expressions of the correlation coefficient are defined as follows: cov where x and y are the two adjacent pixel values, and N is the number of image pixels. Figure 7 shows the correlation plots of the Lena and Baboon images and the corresponding cipher images. Tables 6-8 present the correlation coefficient results, and one can see that the correlation coefficient of the image encrypted by the proposed algorithm is close to zero. Further, the average analysis results of our scheme is lower than that of other techniques.

Secret Key Sensitivity Analysis
The high key sensitivity of a secure cryptosystem represents the excellent performance against exhaustive attacks. In this subsection, the NPCR (number of pixels change rate) and UACI (unified average changing intensity) are introduced to evaluate the key sensitivity and plaintext sensitivity. NPCR and UACI are defined by the following equation: where C1, C2 are two cipher images, and Here, a simulation example is given, and its detailed steps are as follows: Step 1: A secret key K1(0.2, 0.4, 0.3, 2000) is selected from the key space and used to encrypt the original image of Lena to obtain the cipher image denoted by C1.
Step 2: Add 10 −14 to the first initial value of K1 to obtain another secret key K2(0.2 + 10 − 14 , 0.4, 0.3, 2000). Then, the modified key K2 is used to encrypt the same original image to obtained another cipher image, denoted as C2.
Step 3: Finally, we calculate the NPCR and UACI of C1 and C2, according to Equation (17).
We randomly select 200 sets of keys from the key space to repeat the above steps 200 times and the average results of NPCR and UACI are shown in Table 9. The numerical results of NPCR and UACI in Table 9 are the approximate theoretical values, which demonstrate that the encryption mechanism is extremely sensitive to the encryption keys. Differential attacks are the common methods used in cryptanalysis by attackers. By changing the pixel value of the plaintext image and recording the change of the corresponding ciphertext image, attackers may deduce the correspondence between the original image and the encrypted image or the equivalent keys. High plaintext sensitivity can ensure the ability of the encryption algorithm to resist differential attacks effectively. Here, we use NPCR and UACI again to test the plaintext sensitivity of the proposed scheme. In this experiment, we use 100 sets of keys to encrypt the original images and the same images with one pixel at a random position, slightly modified by Equation (18).
The simulation results of NPCR and UACI are shown in Table 10, and are all close to the ideal values, which proves that our cryptosystem is sensitive to slight differences of the image and can resist differential attacks.

Resistance to Chosen Plaintext Attack Analysis
Furthermore, in a CPA, specially processed images, such as all black and all white images, are used to access the cryptosystem to obtain corresponding encrypted images for further cryptanalysis. In our scheme, to resist the CPA, the plaintext feature parameter f , which is calculated by Equation (10), is used to determine the shift step of the circular shift operation to generate the diffusion matrix, which guarantees the high plaintext sensitivity of the proposed algorithm. Here, four special images (P1, P2, P3, P4) were designed for this trial. P1 and P2 are all white and all black images, respectively. P3 is an image with only one pixel value of 1; the other pixel values are 0. P4 is an image with only one pixel value of 0, and the other pixel values are 255. The simulation results of the NPCR and UACI analyses and the encryption are shown in Table 11 and Figure 8, respectively. Based on the experimental results, the proposed encryption scheme has high plaintext sensitivity.

Information Entropy Analysis
Information entropy analysis can be used to reflect the degree of randomness of an encrypted image. The mathematical expression of information entropy is given by: where p(i), i = 1, 2 · · · , 2 N is the probability of different gray-level values. According to Equation (19), the entropy value of a completely random grayscale image is 8. Table 12 shows the information entropy analysis results of original images and the cipher images encrypted with different schemes, which shows the better performance of our scheme than similar algorithms.

Noise Attack and Data Loss Analysis
During the transmission to the receiver, the cipher image is easily affected by the harsh environment and the ability to recover the original image is lost. A reliable encryption scheme must minimize the impact of noise attacks and data loss. Here, a grayscale image of Lena with the size of 512 × 512 is selected to test the robustness of the proposed encryption algorithm to resist the noise attacks and data-loss attacks. The detailed analysis results are shown in Figures 9 and 10. One can see that, even if the ciphertext images are polluted by salt-and-pepper noise with a noise intensity level of 0.4, most of the important information in the original images can still be obtained from the decrypted images. Therefore, our algorithm possess strong robustness in resisting noise attacks or data loss. Furthermore, we use the PSNR again to quantify the robustness analysis of our cryptosystem. The analysis results are presented in Table 13 and attest that the encryption system has better recovery capability for the polluted information.

Encrypted Time Analysis
For the purpose of real-time encryption, the cryptosystem must have low computational complexity. The encryption speed simulation of our scheme and of similar recently proposed algorithms is performed in the same environment. Here, the works of Zhang et al. [44], Kang et al. [7], Huang et al. [6], Aceng et al. [28] and Li et al. [33] are used in the analysis of encryption speed. The simulation results are shown in Table 14 and Figure 11, from which we can conclude that the proposed encryption scheme has a faster encryption speed than similar ones. The execution speed bar chart of different encryption systems 128×128 256×256 512×512 Figure 11. The execution speed bar chart of different encryption systems.

Conclusions
Firstly, a novel, improved Josephus ring-based permutation algorithm is proposed in this paper. Different from the traditional Josephus ring scrambling algorithm, IJRBP combines the advantages of the Josephus ring and chaotic mapping and replaces the remove operation with the position exchange operation, which overcomes the shortcomings of poor confusion and the long scrambling time of the existing permutation algorithms, including the TJRP. Then, based on the IJRBP, a new encryption scheme was suggested. In the developed cryptosystem, to ensure high plaintext sensitivity, a plain image is used to determine the shift step of the circular shift operation to generate the diffusion matrix. Finally, thorough experiments, including key space analyses, histogram analyses, correlation analyses, plaintext sensitivity analyses, information entropy analyses, robustness against noise analyses, data loss analyses, and encrypted time analyses are conducted, and their results prove that the proposed encryption scheme has high security and computational efficiency. In our future work, we will exploit the potential of IJRBP to expand its application scenarios while exploring other possibilities to optimize the encryption approach for better robustness.