# Cryptanalysis and Improvement on an Image Encryption Algorithm Design Using a Novel Chaos Based S-Box

^{1}

^{2}

^{3}

^{4}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. Description of the Original Encryption Algorithm

**A**= [a(i, j)], a(i, j) $\in $ {0, 1, ..., 255}, i = 1, 2, …, M, j = 1, 2, …, N. Before encryption, the two-dimensional matrix

**A**is transformed into a 1D (one-dimensional) pixel vector

**P**= [p(1), p(2), ..., p(L)], where L = MN. In this paper, an integer i in the bracket “(i)” denotes the subscript of an element in an array. The main steps of IESB can be described briefly below.

#### 2.1. The Secret Keys and Flow Chart of IESB

_{0}, y

_{0}, z

_{0}) and parameters (a, b, c, d) are utilized as secret keys in IESB. The flow chart of IESB can be shown in Figure 1.

#### 2.2. Generating Chaotic Pseudo Random Number Sequences and S-Box

**x**,

**y**,

**z**are generated. Then, the three floating-point number sequences

**x**,

**y**,

**z**are converted to three integer sequences

**X**,

**Y**,

**Z**by chaos based pseudo random number generator (PRNG). Each element in

**X**,

**Y**,

**Z**is a binary number of 8 bits and the three bit series have passed NIST tests. The S-box is created by using sequences

**X**,

**Z**and a novel S-box generation algorithm [15]. The S-box is a 16 × 16 sized matrix, and each number in the S-box is a unique decimal integer value between 0 and 255. The sequence

**Y**= [y(1), y(2), …, y(L)] and the S-box will be used for image encryption, where L = M × N.

#### 2.3. The Encryption Procedure

**Y**:

**P**′ = [p′(1), p′(2), …, p′(L)] is generated.

**SB**= [sb(j, k)], j = 1, 2, …, 16, k = 1, 2, …, 16. In fact,

**SB**is a collection of all elements on the finite field GF (2

^{8}), namely, each value of sb(j, k) is a specific integer in the set {0, 1, 2, ..., 255}. The sub-byte operation process is actually mapping each pixel value p′(i) of the intermediate ciphertext image into an element sb(j, k) in

**S**. The mapping rules from p′(i) to sb(j, k) can be explained in detail below. Firstly, a pixel value p′(i) is represented as binary form (b

_{8}b

_{7}…b

_{2}b

_{1})

_{2}. Then, let j = (b

_{8}b

_{7}b

_{6}b

_{5})

_{2}+ 1, k = (b

_{4}b

_{3}b

_{2}b

_{1})

_{2}+ 1, and j = 1, 2, …, 16, k = 1, 2, …, 16. Finally, one can obtain the i-th cipher pixel value c(i) = sb(j, k). After all cipher pixel values are determined, the encrypted image array

**C**= [c(1), c(2), …, c(L)] is obtained. In a general way, the effect of the S-box is equivalent to an abstract function fs: p’(i) ∊ GF(2

^{8}) → c(i) ∊ GF(2

^{8}), which is a one-to-one mapping function fs[•]. Namely, if fs[x] = fs[y] holds, then x = y must hold. The mapping from p′(i) to c(i) can be expressed as:

## 3. The Cryptanalysis and Chosen-Plaintext Attacks

#### 3.1. The Algorithm of Cryptanalysis and Chosen-Plaintext Attacks

_{0}, y

_{0}, z

_{0}, a, b, c, and d). It is worth noting that the chaotic sequence

**Y**and the S-box can act as an equivalent to the secret keys. The sequence

**Y**and S-box are not related to the image to be encrypted. In other words, different encrypted images have the same keys

**Y**and S-box. Assuming such a premise, the pixel array of the target cipher image to be recovered is

**C**= [c(1), c(2), …, c(L)]. We use

**P**= [p(1), p(2), …, p(L)] to represent the pixel array of the plaintext image corresponding to

**C**.

**P**is unknown and is to be deciphered. Our scheme of chosen-plaintext attack can be described in detail as follows.

**Step 1**. Constructing the first chosen-plaintext image

**P0**= [0, 0, …, 0] and the output corresponds to the cipher image

**C0**= [c0(1), c0(2), …, c0(L)] by the encryption machinery, where L ≥ 65,536. According to Equation (2), elements in the intermediate image vector

**P0**′ and the keystream

**Y**satisfies the following relation:

**C0**and

**Y**:

**Step 2**. Consider such a fact that, pixel values of the encrypted image have only 256 levels over the set {0, 1, ..., 255}. Hence, each level has an average of L/256 times appearing in

**C0**, which is bigger than or equal to 256 due to L ≥ 65,536. Find a pixel value with at least of 256 times appearing in

**C0**. Let us say that m is one of the values that satisfies the condition. That is to say, there are at least 256 elements in

**C0**equal to m.

**Step 3**. Constructing the second chosen-plaintext image vector

**P1**= [p1(1), p1(2), …, p1(L)], such that

**P1**is shown in Algorithm 1:

Algorithm 1: The Matlab code of constructing P1 |

1. p1 = zeros(1, L); 2. j = 0; 3. for i = 1: L4. if c0(i) = = m5. p1(i) = j; 6. j = j + 1; 7. end8. if j = = 2569. break;10. end11. end |

**C1**= [c1(1), c1(2), …, c1(L)] by using the encryption machinery.

**Step 4**. Constructing an array

**S**= [s(1), s(2), …, s(256)] that is equivalent to the S-box. The Matlab code of constructing

**S**is shown in Algorithm 2:

Algorithm 2: The Matlab code of constructing S |

1. s = zeros(1, 256); 2. j = 1; 3. for i = 1: L4. if c0(i) = = m5. s(j) = c1(i); 6. j = j + 1; 7. end8. if j > 2569. break;10. end11. end |

_{0}, in all places, i satisfies condition c0(i) = m, i = i1, i2, …, i256. According to Equations (2) and (3), we have the following relations: s(1) = c1(i1) = fs[y

_{0}⨁ 0], s(2) = c1(i2) = fs[y

_{0}⨁ 1], ..., s(256) = c1(i256) = fs[y

_{0}⨁ 255]. Then, we obtain the following general expression:

_{0}⨁ (i − 1)], i = 1, 2, …, 256.

_{0}⨁ 0), (y

_{0}⨁ 1), (y

_{0}⨁ 2), …, (y

_{0}⨁ 255) are 256 numbers different from each other. It leads to s(1), s(2), …, and s(256) are different from each other.

**Step 5**. For each element c0(i), find out where it is in

**S**and obtain a position index array

**u**.

**u**=

**[**u(i)

**]**and u(i) = 0, i = 1, 2, …, L. For each i = 1, 2, …, L, find out where c0(i) in

**S**. If c0(i) = s(j), then record the number j corresponding to c0(i). Therefore, let u(i) = j. Due to the following map relations: s(j) = fs[y

_{0}⨁ (j − 1)], and c0(i) = fs[y(i)], hence, the following results are obtained by c0(i) = s(j) and j = u(i):

_{0}⨁ [u(i) − 1],

**Step 6**. For each element c(i), find out where it is in

**S**and obtain a position index array

**v.**

**v**=

**[**v(i)

**]**and v(i) = 0, i = 1, 2, …, L. For each i = 1, 2, …, L, find out where c(i) in

**S**. If c(i) = s(k), then record the number k corresponding to c(i). Therefore, let v(i) = k. Because of the following map relations: s(k) = fs[y

_{0}⨁ (k − 1)], and c(i) = fs[y(i) ⨁ p(i)], hence, the following results are obtained by c(i) = s(k) and k = v(i):

_{0}⨁ [v(i) − 1],

**Step 7**. Utilize

**u**and

**v**to recover the plaintext image.

**Step 8**. Execute Equation (10) repeatedly for each i = 1, 2, …, L, then we can recover the plaintext image vector

**P**= [p(1), p(2), …, p(L)]

^{T}. Transform

**P**into M × N matrix

**A**, the plaintext image is finally obtained.

#### 3.2. Examples of Chosen-Plaintext Attacks

#### 3.2.1. The Secret Keys and S-Box

_{0}= 1.0, y

_{0}= −1.0, and z

_{0}= 0.01. Chaotic system (1) is solved by the ode45 solver of Matlab, and the time step is set to 0.01.

**x**= [x(1), x(2), …, x(L)],

**y**= [y(1), y(2), …, y(L)],

**z**= [z(1), z(2), …, z(L)], and L = 65,536. Without loss of generality, we convert each float value of the original chaotic sequences to an 8-bits binary number by using the chaos based PRNG, which is expressed by Equations (11)–(13):

^{6}− floor(|x(i)| × 10

^{6})) × 10

^{3}), 256); i = 1, 2, …, L

^{6}− floor(|y(i)| × 10

^{6})) × 10

^{3}), 256); i = 1, 2, …, L

^{6}− floor(|z(i)| × 10

^{6})) × 10

^{3}), 256); i = 1, 2, …, L

**T**by using the sequence

**X**and

**Z**, namely, T(i) = X(i) ⨁ Z(i), i = 1, 2, …, L. For simplicity, we select 256 different values from the sequence

**T**and use these values to form the S-box matrix, which is shown in Table 1. The first 16 numbers in the sequence

**Y**are also given here for reference, which are shown in Equation (14).

#### 3.2.2. Breaking the Encrypted Test Image

#### 3.2.3. A Simple Numerical Example

**P**= [10, 0, 255, 128].

**C**= [195, 217, 254, 145].

**P**is unknown, we use

**PP**= [pp(1), pp(2), pp(3), pp(4)] to represent the plaintext version recovered from

**C**.

**P0**= [0, 0, ..., 0], whose size is 256 × 256. Then the corresponding cipher image

**C0**is obtained by using the IESB, whose first four pixel values are

**C0**= [125, 217, 251, 228, ...].

**C0**, and let m = 1. Then the second chosen-plaintext image

**P**

**1**is constructed according to the method mentioned in Section 3.1, and the first four non-zero elements of

**P1**are listed for the readers’ reference: p1(752) = 1, p1(1342) = 2, p1(1796) = 3, p1(2117) = 4. Then, the corresponding cipher image

**C1**is obtained, and the first four elements of the image

**C1**are [125, 217, 251, 228, ...]. Then, the array

**S**is obtained by using

**C0**and

**C1**and the method mentioned in Section 3.1, and all the 256 elements of the array

**S**are listed below, among them, seven important figures worthy of attention are underlined. That is:

**S**= [1, 76, 169, 174, 50, 248, 132, 168, 61, 46, 180, 78, 31, 226, 33, 88, 51, 14, 206, 101, 152, 64, 39, 8, 11, 182, 37, 210, 48, 229, 29, 129, 121, 47, 22, 214, 222, 181, 172, 223, 236, 12, 109, 201, 0, 89, 114, 73, 6, 233, 104, 225, 157, 189,

**251**, 250, 203, 177, 122, 219, 9, 173,

**228**, 55, 167, 24, 170, 142, 249, 224, 185, 238, 58, 45, 118, 20, 91, 188, 123, 44, 148, 213, 165, 227, 30, 240, 94, 221, 186, 77, 127, 204, 96, 151, 84, 146, 63, 230, 49, 43, 199, 191, 3, 93, 235, 243, 166, 65, 23, 143, 196, 18, 69, 56, 124, 59, 92, 34, 183, 25, 98, 218, 211, 241, 178, 179, 79, 200, 136, 137, 40, 193, 99, 16, 103, 41, 207, 102, 234, 253, 72, 116, 246, 81, 21, 107, 80, 147, 239, 138, 111, 237,

**217**, 38, 70, 141, 171, 87, 115, 220, 202, 135, 57, 112, 108, 198, 62, 158, 197, 32, 192, 60, 68, 140, 66, 150, 26, 209, 232, 19, 110, 161, 4, 247, 162, 134, 144, 117, 156, 54,

**145**, 155,

**195**, 176, 100, 27, 36, 212, 205, 154, 133,

**254**,

**125**, 131, 120, 85, 194, 215, 15, 71, 5, 245, 187, 130, 128, 52, 159, 10, 83, 74, 17, 153, 35, 164, 67, 231, 175, 82, 160, 106, 53, 216, 163, 255, 13, 86, 105, 242, 113, 90, 2, 97, 95, 139, 42, 208, 126, 244, 184, 28, 119, 149, 252, 7, 190, 75].

**S**, we get the following results:

**PP**= [10, 0, 255, 128], which means

**PP**=

**P**. Through the above examples, our chosen-plaintext attack scheme has been verified.

## 4. The Improved Image Encryption Scheme

#### 4.1. Algorithm Description of the Improved Scheme

**Step 1**. Set the initial conditions x_{0}, y_{0}, z_{0}system parameters a, b, c, d of system (1). Read the plain image**I**of size M × N and transform its 2D matrix into a 1D pixel sequence**P**= [p(1), p(2), ..., p(L)], where L = MN.**Step 2**. Iterate the chaotic system (1) with initial state values and system parameters for L_{0}times and obtain three chaotic pseudorandom sequences**x**= [x(i)],**y**= [y(i)],**z**= [z(i)], where i = 1, 2, ..., L_{0}, L_{0}≥ 65,536.**Step 3**. Convert the original chaotic sequences to 8-bit integer sequences {**X**,**Y**,**Z**} by using Equations (11)–(13).**Step 4**. Get sequence**T**by using**X**and**Z**:**T**=**X**⨁**Z**.**Step 5**. From the elements of**T**, select 256 different numbers to generate the S-box with size of 16 × 16, and transform the 2D matrix of S-box into an equivalent 1D sequence**S**= [s(1), s(2), ..., s(256)].**Step 6**. Perform the first round diffusion encryption with chaotic key sequence**Y**, and obtain the intermediate ciphertext image pixel sequence**P**′ = [p′(i)]. The operations are represented by the following formulas:p′(1) = mod(p(1) + y(1) + seed, 256);p′(i) = mod(p(i) + y(i) + p’(i − 1), 256); i = 2, 3, ..., L.**Step 7**. Perform the second round diffusion encryption with the equivalent of chaotic S-box, and obtain the final ciphertext image pixel sequence**C**= [c(i)]. The operations are represented by the following formulas:j = double(p′(L)) + 1; c(L) = mod(p’(L) + s(j) + seed, 256);J = double(p(i)) + 1; c(i) = mod(p’(i) + s(j) + c(i + 1), 256); i = L − 1, L − 2, ...,1.**Step 8**. Transform the 1D ciphertext image pixel sequence**C**into a 2D matrix**CI**, then the cipher image is obtained.

#### 4.2. Performance Test and Analysis of the Improved Scheme

_{0}= 1.0, y

_{0}= −1.0, z

_{0}= 0.01, and seed = 35. The encryption results of the gray-scale Lena image is exhibited in Figure 3. From the results, one can see that the cipher image has nothing to do with the corresponding original plaintext image, and it becomes unrecognizable.

#### 4.2.1. Histogram Analysis

#### 4.2.2. Pixels Correlation Analysis

_{xy}is the correlation coefficient of two adjacent pixels x and y. To compute correlation coefficients of the original plain image and its corresponding cipher image, we sampled all horizontally adjacent pairs of pixels. The results for the Lena image is listed in Table 2. Evidently, the encrypted image using our improved encryption scheme has smaller absolute values of correlation coefficient than the schemes in [2,15,23,24].

#### 4.2.3. Information Entropy Analysis

_{i}) denotes the occurrence probability of symbol s

_{i}, 2

^{n}is the total states of the information source. If P(s

_{i}) = 1/2

^{n}, then the information source is completely random. For an image with 256 gray-scale, the pixel values have 2

^{8}levels, so the ideal value of information entropy is 8. The information entropy of an encrypted image should be as close as possible to 8. The information entropy results of encrypted images by our improved scheme and schemes in References [9,15,23] are listed in Table 3. The results show that all entropy values are significantly closer to the ideal value eight, so the randomness is satisfactory. Besides, our improved scheme has better results than References [9,15,23]. Hence, our improved encryption scheme is more capable of resisting entropy-based attacks.

#### 4.2.4. Sensitivity Analysis

_{1}(i, j) and c

_{2}(i, j) represent pixel values of two cipher images at the same position (i, j). D(i, j) represents the difference between c

_{1}(i, j) and c

_{2}(i, j). If c

_{1}(i, j) = c

_{2}(i, j) then D(i, j) = 0, otherwise D(i, j) = 1. For an 8-bit gray image, the optimal value of NPCR is NPCR

_{E}= 99.61%, the optimal value of UACI is UACI

_{E}= 33.46%.

_{0}= 1.0, y

_{0}= −1.0, z

_{0}= 0.01, a = 1.0, b = 1.0, c = 2.0, d = −3.0, and seed = 35). Then, we added 10

^{−14}to one of the floating-point key values, and +1 to the integer seed of the key, while all others stayed unchanged, and we encrypt the same plain image Lena again. Then, NPCR and UACI values are calculated from two ciphertext images. Table 5 shows the experimental results. From Table 5, one can see that our improved encryption scheme is sensitive to all secret keys.

#### 4.2.5. Key Space Analysis

_{0}, y

_{0}, z

_{0}), four parameters (a, b, c, d), and one integer seed. The first seven parameters are all floating-point numbers, and the seed ∊ [0, 255]. Hence, for the working precision of 10

^{14}with a floating-point number, our key space is found to be more than 256 × 10

^{14 × 7}≈ 2

^{334}. Key space in our improved encryption scheme is larger than the key space of 2

^{199}in Reference [2], 2

^{226}in Reference [15], 10

^{45}in Reference [23]. Because the key space is large enough, our improved algorithm can resist brute-force attack.

#### 4.2.6. Computation Efficiency

## 5. Conclusions

**Y**of the system are the equivalent keys of the cryptosystem. The equivalent keys are not related to the image to be encrypted. For the above reasons, the original algorithm (IESB) can not resist chosen-plaintext attacks. We ascertained that the encrypted image can be deciphered with only two chosen plain-images. An ingenious method of constructing explicit chosen-plaintext is found, and an equivalent array of S-box is constructed. We just need the equivalent sequence of S-box without knowing the S-box and the secret key stream

**Y**itself to decipher the target ciphertext. The attacking scheme has been proved by theoretical analysis and supported by experimental results. As an optimization method, a new and improved image encryption scheme is developed to conquer these flaws of the original algorithm. In the improved scheme, a feedback mechanism is introduced, a bidirectional diffusion scheme is designed, and values of the ciphertext are associated with more parameters in each diffusion process. Experimental results and security analysis certify that the improved encryption scheme can achieve a higher security level and has a better performance than some recently proposed encryption algorithms.

## Author Contributions

## Funding

## Acknowledgments

## Conflicts of Interest

## References

- Zhang, Y.; Xiao, D.; Shu, Y.; Li, J. A novel image encryption scheme based on a linear hyperbolic chaotic system of partial differential equations. Signal Process. Image Commun.
**2013**, 28, 292–300. [Google Scholar] [CrossRef] - Bashir, Z.; Watrobski, J.; Rashid, T.; Zafar, S.; Salabun, W. Chaotic dynamical state variables selection procedure based image encryption scheme. Symmetry
**2017**, 9, 312. [Google Scholar] [CrossRef] - Wang, X.; Liu, C.; Zhang, H. An effective and fast image encryption algorithm based on chaos and interweaving of ranks. Nonlinear Dyn.
**2016**, 84, 1595–1607. [Google Scholar] [CrossRef] - Ye, G.; Zhao, H.; Chai, H. Chaotic image encryption algorithm using wave-line permutation and block diffusion. Nonlinear Dyn.
**2016**, 83, 2067–2077. [Google Scholar] [CrossRef] - Zhang, Y.; Xiao, D. Double optical image encryption using discrete chirikov standard map and chaos-based fractional random transform. Opt. Lasers Eng.
**2013**, 51, 472–480. [Google Scholar] [CrossRef] - Liu, H.; Kadir, A.; Sun, X.; Li, Y. Chaos based adaptive double-image encryption scheme using hash function and s-boxes. Multimed. Tools Appl.
**2018**, 77, 1391–1407. [Google Scholar] [CrossRef] - Zhu, C. A novel image encryption scheme based on improved hyperchaotic sequences. Opt. Commun.
**2012**, 285, 29–37. [Google Scholar] [CrossRef] - Wang, X.; Wang, Q. A novel image encryption algorithm based on dynamic s-boxes constructed by chaos. Nonlinear Dyn.
**2014**, 75, 567–576. [Google Scholar] [CrossRef] - Liu, Y.; Tong, X.; Ma, J. Image encryption algorithm based on hyper-chaotic system and dynamic s-box. Multimed. Tools Appl.
**2016**, 75, 7739–7759. [Google Scholar] [CrossRef] - Khan, M.; Shah, T.; Batool, S.I. Construction of s-box based on chaotic boolean functions and its application in image encryption. Neural Comput. Appl.
**2016**, 27, 677–685. [Google Scholar] [CrossRef] - Cavusoglu, U.; Zengin, A.; Pehlivan, I.; Kacar, S. A novel approach for strong s-box generation algorithm design based on chaotic scaled zhongtang system. Nonlinear Dyn.
**2017**, 87, 1081–1094. [Google Scholar] [CrossRef] - Belazi, A.; Khan, M.; Abd El-Latif, A.A.; Belghith, S. Efficient cryptosystem approaches: S-boxes and permutation-substitution-based encryption. Nonlinear Dyn.
**2017**, 87, 337–361. [Google Scholar] [CrossRef] - Liu, Y.; Wang, J.; Fan, J.; Gong, L. Image encryption algorithm based on chaotic system and dynamic s-boxes composed of DNA sequences. Multimed. Tools Appl.
**2016**, 75, 4363–4382. [Google Scholar] [CrossRef] - Devaraj, P.; Kavitha, C. An image encryption scheme using dynamic s-boxes. Nonlinear Dyn.
**2016**, 86, 927–940. [Google Scholar] [CrossRef] - Cavusoglu, U.; Kacar, S.; Pehlivan, I.; Zengin, A. Secure image encryption algorithm design using a novel chaos based s-box. Chaos Solitons Fractals
**2017**, 95, 92–101. [Google Scholar] [CrossRef] - Li, C.; Lin, D.; Lu, J. Cryptanalyzing an image-scrambling encryption algorithm of pixel bits. IEEE Multimed.
**2017**, 24, 64–71. [Google Scholar] [CrossRef] - Li, C.; Liu, Y.; Xie, T.; Chen, M.Z.Q. Breaking a novel image encryption scheme based on improved hyperchaotic sequences. Nonlinear Dyn.
**2013**, 73, 2083–2089. [Google Scholar] [CrossRef] [Green Version] - Yap, W.-S.; Phan, R.C.W.; Yau, W.C.; Heng, S.H. Cryptanalysis of a new image alternate encryption algorithm based on chaotic map. Nonlinear Dyn.
**2015**, 80, 1483–1491. [Google Scholar] [CrossRef] - Zhu, C.X.; Sun, K.H. Cryptanalysis and improvement of a class of hyperchaos based image encryption algorithms. Acta Phys. Sin.
**2012**, 61, 120503. [Google Scholar] - Zhang, X.; Nie, W.; Ma, Y.; Tian, Q. Cryptanalysis and improvement of an image encryption algorithm based on hyper-chaotic system and dynamic s-box. Multimed. Tools Appl.
**2017**, 76, 15641–15659. [Google Scholar] [CrossRef] - Wu, X.; Zhu, B.; Hu, Y.; Ran, Y. A novel color image encryption scheme using rectangular transform-enhanced chaotic tent maps. IEEE Access
**2017**, 5, 6429–6436. [Google Scholar] - Zhu, C.; Sun, K. Cryptanalyzing and improving a novel color image encryption algorithm using rt-enhanced chaotic tent maps. IEEE Access
**2018**, 6, 18759–18770. [Google Scholar] [CrossRef] - Wang, W.; Si, M.; Pang, Y.; Ran, P.; Wang, H.; Jiang, X.; Liu, Y.; Wu, J.; Wu, W.; Chilamkurti, N.; et al. An encryption algorithm based on combined chaos in body area networks. Comput. Electr. Eng.
**2018**, 65, 282–291. [Google Scholar] [CrossRef] - Ahmad, M.; Al Solami, E.; Wang, X.Y.; Doja, M.; Beg, M.; Alzaidi, A. Cryptanalysis of an Image Encryption Algorithm Based on Combined Chaos for a Ban System, and Improved Scheme using SHA-512 and Hyperchaos. Symmetry
**2018**, 10, 266. [Google Scholar] [CrossRef] - Li, S.; Chen, G.; Mou, X. On the dynamical degradation of digital piecewise linear chaotic maps. Int. J. Bifurc. Chaos
**2005**, 15, 3119–3151. [Google Scholar] [CrossRef] - Curiac, D.I.; Volosencu, C. Chaotic trajectory design for monitoring an arbitrary number of specified locations using points of interest. Math. Probl. Eng.
**2012**, 2012, 940276. [Google Scholar] [CrossRef] - Li, S.; Chen, G.; Wong, K.-W.; Mou, X.; Cai, Y. Baptista-type chaotic cryptosystems: Problems and countermeasures. Phys. Lett. A
**2004**, 332, 368–375. [Google Scholar] [CrossRef] - Curiac, D.I.; Iercan, D.; Dranga, O.; Dragan, F.; Banias, O. Chaos-Based Cryptography: End of the Road? In Proceedings of the International Conference on Emerging Security Information, System and Technologies, Valencia, Spain, 14–20 October 2007; pp. 71–76. [Google Scholar]
- Zhang, S.; Wang, G.; Liu, Q.; Abawajy, J.H. A trajectory privacy-preserving scheme based on query exchange in mobile social networks. Soft Comput.
**2018**, 22, 6121–6133. [Google Scholar] [CrossRef] - Bhuiyan, M.Z.A.; Wang, G.; Wu, J.; Cao, J.; Liu, X.; Wang, T. Dependable structural health monitoring using wireless sensor networks. IEEE Trans. Depend. Secur. Comput.
**2017**, 14, 363–376. [Google Scholar] [CrossRef] - Zhang, Q.; Liu, Q.; Wang, G. PRMS: A personalized mobile search over encrypted outsourced data. IEEE Access
**2018**, 6, 31541–31552. [Google Scholar] [CrossRef]

**Figure 2.**The attack result: (

**a**) The plain image Cameraman; (

**b**) The cipher image; and (

**c**) The cracked image.

**Figure 3.**Encryption result for Lena gray-scale image: (

**a**) Plain-image; (

**b**) encrypted image; (

**c**) histogram of plain image in (

**a**); and (

**d**) histogram of encrypted image in (

**b**).

110 | 108 | 239 | 99 | 42 | 160 | 187 | 36 | 157 | 222 | 152 | 50 | 92 | 199 | 30 | 249 |

161 | 198 | 138 | 16 | 208 | 106 | 130 | 212 | 189 | 181 | 64 | 248 | 34 | 191 | 240 | 224 |

4 | 62 | 111 | 103 | 126 | 53 | 128 | 205 | 251 | 172 | 39 | 132 | 183 | 3 | 94 | 185 |

247 | 158 | 237 | 41 | 244 | 216 | 52 | 154 | 250 | 223 | 8 | 168 | 25 | 93 | 221 | 238 |

26 | 202 | 21 | 136 | 2 | 67 | 15 | 195 | 6 | 121 | 51 | 1 | 69 | 63 | 148 | 167 |

209 | 135 | 107 | 137 | 97 | 231 | 71 | 176 | 233 | 47 | 14 | 76 | 56 | 230 | 213 | 24 |

232 | 57 | 80 | 40 | 95 | 175 | 5 | 100 | 104 | 22 | 206 | 169 | 124 | 49 | 165 | 170 |

19 | 112 | 147 | 193 | 139 | 82 | 245 | 27 | 225 | 214 | 101 | 174 | 59 | 43 | 227 | 142 |

156 | 68 | 171 | 72 | 252 | 105 | 17 | 120 | 9 | 0 | 48 | 31 | 178 | 23 | 96 | 91 |

54 | 140 | 87 | 116 | 7 | 242 | 153 | 85 | 173 | 89 | 229 | 226 | 179 | 143 | 151 | 188 |

145 | 66 | 115 | 246 | 190 | 113 | 35 | 194 | 228 | 114 | 29 | 33 | 79 | 196 | 84 | 123 |

155 | 150 | 220 | 81 | 75 | 90 | 164 | 215 | 55 | 73 | 129 | 88 | 200 | 18 | 146 | 44 |

162 | 197 | 217 | 207 | 184 | 163 | 159 | 133 | 203 | 236 | 11 | 61 | 98 | 235 | 186 | 58 |

134 | 32 | 38 | 102 | 28 | 255 | 10 | 254 | 177 | 12 | 182 | 46 | 218 | 243 | 77 | 45 |

144 | 192 | 70 | 234 | 119 | 13 | 83 | 125 | 122 | 109 | 37 | 180 | 211 | 166 | 127 | 118 |

117 | 60 | 141 | 253 | 149 | 86 | 74 | 131 | 219 | 201 | 210 | 78 | 241 | 65 | 204 | 20 |

Plain-Image | Cipher-Image | Cipher-Image Ref. [2] | Cipher-Image Ref. [15] | Cipher-Image Ref. [23] | Cipher-Image Ref. [24] |
---|---|---|---|---|---|

0.924879 | 0.000249 | 0.005497 | 0.5310 | −0.00114 | 0.000329 |

Proposed | Ref. [15] | Ref. [24] | Ref. [2] | |
---|---|---|---|---|

NPCR (%) | 99.63226 | nearly 0 | 99.627 | 99.6002 |

UACI (%) | 34.59600 | nearly 0 | 33.452 | 33.463 |

x_{0} + 10^{−14} | y_{0} + 10^{−14} | z_{0} + 10^{−14} | a + 10^{−14} | b + 10^{−14} | c + 10^{−14} | d + 10^{−14} | seed + 1 | |
---|---|---|---|---|---|---|---|---|

NPCR (%) | 99.61 | 99.65 | 99.63 | 99.63 | 99.62 | 99.60 | 99.58 | 99.60 |

UACI (%) | 34.20 | 33.63 | 32.93 | 32.39 | 33.93 | 34.49 | 33.11 | 33.56 |

© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Zhu, C.; Wang, G.; Sun, K.
Cryptanalysis and Improvement on an Image Encryption Algorithm Design Using a Novel Chaos Based S-Box. *Symmetry* **2018**, *10*, 399.
https://doi.org/10.3390/sym10090399

**AMA Style**

Zhu C, Wang G, Sun K.
Cryptanalysis and Improvement on an Image Encryption Algorithm Design Using a Novel Chaos Based S-Box. *Symmetry*. 2018; 10(9):399.
https://doi.org/10.3390/sym10090399

**Chicago/Turabian Style**

Zhu, Congxu, Guojun Wang, and Kehui Sun.
2018. "Cryptanalysis and Improvement on an Image Encryption Algorithm Design Using a Novel Chaos Based S-Box" *Symmetry* 10, no. 9: 399.
https://doi.org/10.3390/sym10090399